This is an automated archive.
The original was posted on /r/sysadmin by /u/AdmiralPain on 2024-01-19 11:20:06+00:00.
Hi all, trying to understand the nuances of Task Scheduler conditions - specifically 'Start only if the following network connection is available'
Workflow:
- Device first connects to SSID (let's call it SSID_Temp) which has no internal network connectivity - just internet connectivity
- User logs in to device
- User connects to VPN to connect to internal network
- GPO kicks in which generates and pulls down a machine cert from internal CA, allowing connectivity to corporate wifi (SSID_Corp) (we use machine cert wifi authentication)
- Task Scheduler kicks in to delete SSID_Temp wifi profile
- Device automatically switches over to SSID_Corp as it now has the necessary cert & wifi profile
I'm struggling with step 5 - currently the scheduled task is configured to delete SSID_Temp 1 hour after the user logs in. This, in theory, should buy the machine enough time to grab the cert from the CA however in testing, this is not always the case.
In the Scheduled Task, if I tick 'Start only if the following network connection is available' and select SSID_Corp, does this mean the task will only start if the device CAN connect to SSID_Corp (i.e. if the machine cert is downloaded from the CA) or if SSID_Corp is simply broadcasting and the machine can see it? Is the task clever enough to understand that whilst SSID_Corp is available, it can't actually connect to it until it gets a cert from the CA?
I understand moving machine cert deployment to the cloud would solve all our issues but that's sadly not currently possible. Or if anyone has a smarter way we can approach this then let me know!
TIA