Cisco Secure Client 5.0.04032 Install with Choice XML for Umbrella and Dart portions only

Everything I'm reading states we should be able to deploy the anyconnect package with only the Umbrella and Dart portions. We don't need the VPN (if this is needed we can still deploy it) or any of the other pieces. But the xml I am trying to deploy keeps failing. I am also using a script. Any assistance would be appreciated.

Choices XML:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>childItems</key>
<array>
<dict>
<key>childItems</key>
<array/>
<key>choiceDescription</key>
<string>Installs the module that enables VPN capabilities.</string>
<key>choiceIdentifier</key>
<string>choice_anyconnect_vpn</string>
<key>choiceIsEnabled</key>
<false/>
<key>choiceIsSelected</key>
<integer>1</integer>
<key>choiceIsVisible</key>
<true/>
<key>choiceSizeInKilobytes</key>
<integer>59950</integer>
<key>choiceTitle</key>
<string>AnyConnect VPN</string>
<key>pathsOfActivePackagesInChoice</key>
<array>
<string>file://localhost/Volumes/Cisco%20Secure%20Client%205.0.04032/Cisco%20Secure%20Client.pkg#vpn_module.pkg</string>
</array>
</dict>
<dict>
<key>childItems</key>
<array/>
<key>choiceDescription</key>
<string>Installs the module that downloads and deploys AMP for Endpoints, as configured by the administrator.</string>
<key>choiceIdentifier</key>
<string>choice_fireamp</string>
<key>choiceIsEnabled</key>
<true/>
<key>choiceIsSelected</key>
<integer>0</integer>
<key>choiceIsVisible</key>
<true/>
<key>choiceSizeInKilobytes</key>
<integer>1357</integer>
<key>choiceTitle</key>
<string>AMP Enabler</string>
<key>pathsOfActivePackagesInChoice</key>
<array>
<string>file://localhost/Volumes/Cisco%20Secure%20Client%205.0.04032/Cisco%20Secure%20Client.pkg#fireamp_module.pkg</string>
</array>
</dict>
<dict>
<key>childItems</key>
<array/>
<key>choiceDescription</key>
<string>Installs the module that collects Cisco Secure Client troubleshooting information.</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
<key>choiceIsEnabled</key>
<true/>
<key>choiceIsSelected</key>
<integer>1</integer>
<key>choiceIsVisible</key>
<true/>
<key>choiceSizeInKilobytes</key>
<integer>10060</integer>
<key>choiceTitle</key>
<string>Diagnostics and Reporting Tool</string>
<key>pathsOfActivePackagesInChoice</key>
<array>
<string>file://localhost/Volumes/Cisco%20Secure%20Client%205.0.04032/Cisco%20Secure%20Client.pkg#dart_module.pkg</string>
</array>
</dict>
<dict>
<key>childItems</key>
<array/>
<key>choiceDescription</key>
<string>Installs the module that provides the Cisco Secure Client with the ability to identify the operating system, antivirus, antispyware, and firewall software installed on the host prior to creating a remote access connection to the secure gateway.</string>
<key>choiceIdentifier</key>
<string>choice_secure_firewall_posture</string>
<key>choiceIsEnabled</key>
<true/>
<key>choiceIsSelected</key>
<integer>0</integer>
<key>choiceIsVisible</key>
<true/>
<key>choiceSizeInKilobytes</key>
<integer>57974</integer>
<key>choiceTitle</key>
<string>Secure Firewall Posture</string>
<key>pathsOfActivePackagesInChoice</key>
<array>
<string>file://localhost/Volumes/Cisco%20Secure%20Client%205.0.04032/Cisco%20Secure%20Client.pkg#posture_module.pkg</string>
</array>
</dict>
<dict>
<key>childItems</key>
<array/>
<key>choiceDescription</key>
<string>Installs the module that provides the Cisco Secure Client with the functionality needed to authenticate to wired or wireless networks controlled by the Identity Services Engine, including examination and any needed remediation of the connecting host environment.</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
<key>choiceIsEnabled</key>
<true/>
<key>choiceIsSelected</key>
<integer>0</integer>
<key>choiceIsVisible</key>
<true/>
<key>choiceSizeInKilobytes</key>
<integer>8314</integer>
<key>choiceTitle</key>
<string>ISE Posture</string>
<key>pathsOfActivePackagesInChoice</key>
<array>
<string>file://localhost/Volumes/Cisco%20Secure%20Client%205.0.04032/Cisco%20Secure%20Client.pkg#iseposture_module.pkg</string>
</array>
</dict>
<dict>
<key>childItems</key>
<array/>
<key>choiceDescription</key>
<string>Installs the Network Visibility Module which collects application telemetry data.</string>
<key>choiceIdentifier</key>
<string>choice_nvm</string>
<key>choiceIsEnabled</key>
<true/>
<key>choiceIsSelected</key>
<integer>0</integer>
<key>choiceIsVisible</key>
<true/>
<key>choiceSizeInKilobytes</key>
<integer>22175</integer>
<key>choiceTitle</key>
<string>Network Visibility Module</string>
<key>pathsOfActivePackagesInChoice</key>
<array>
<string>file://localhost/Volumes/Cisco%20Secure%20Client%205.0.04032/Cisco%20Secure%20Client.pkg#nvm_module.pkg</string>
</array>
</dict>
<dict>
<key>childItems</key>
<array/>
<key>choiceDescription</key>
<string>Installs the module that enables Umbrella.</string>
<key>choiceIdentifier</key>
<string>choice_secure_umbrella</string>
<key>choiceIsEnabled</key>
<true/>
<key>choiceIsSelected</key>
<integer>1</integer>
<key>choiceIsVisible</key>
<true/>
<key>choiceSizeInKilobytes</key>
<integer>20177</integer>
<key>choiceTitle</key>
<string>Umbrella</string>
<key>pathsOfActivePackagesInChoice</key>
<array>
<string>file://localhost/Volumes/Cisco%20Secure%20Client%205.0.04032/Cisco%20Secure%20Client.pkg#umbrella_module.pkg</string>
</array>
</dict>
</array>
<key>choiceIdentifier</key>
<string>__ROOT_CHOICE_IDENT_Cisco Secure Client</string>
<key>choiceIsEnabled</key>
<true/>
<key>choiceIsSelected</key>
<integer>1</integer>
<key>choiceIsVisible</key>
<true/>
<key>choiceSizeInKilobytes</key>
<integer>0</integer>
<key>choiceTitle</key>
<string>Cisco Secure Client</string>
<key>pathsOfActivePackagesInChoice</key>
<array/>
</dict>
</array>
</plist>

/usr/sbin/installer -applyChoiceChangesXML /private/tmp/anyconnect_choices.xml -pkg /private/tmp/Cisco\\ Secure\\ Client.pkg -target /

/bin/rm -rf /private/tmp/Cisco\\ Secure\\ Client.pkg
/bin/rm -rf /private/tmp/anyconnect_choices.xml

Page 1 / 1

I think you’ve got more in your choices file than necessary. Try editing it down like this instead:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>com.example.app.choice1</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>com.example.app.choice2</string>
</dict>
</array>
</plist>

Normally its just the VPN people want, not the other stuff. You can expand the package and amend the choice file which normally works. follow the stuff in the link and you should get it working:
Installing Components of Cisco AnyConnect 4.7 - Jamf Nation Community - 173802

For years I have been messing with custom XML's and custom packages to install Cisco I recently found it's easier to install the full package and running script afterwards to uninstall the stuff you don't want.

This also makes it easier when new versions come out. No XMLs or packages to rebuild.

#!/bin/bash

/opt/cisco/secureclient/bin/amp_uninstall.sh
/opt/cisco/secureclient/bin/iseposture_uninstall.sh
# /opt/cisco/secureclient/bin/websecurity_uninstall.sh

exit 0

Not that anyone has the time, but it would be interesting to see what deploys quicker. A customized package with xml, or just deploying it all and removing it like @dmccluskey does.

I went the uninstall method as well.

Curious if you made any progress on getting the xml to work. Ive tried to get the xml to work to just install only the vpn and running into issues.

This is what worked for me as of today

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<array>



    <dict>

        <key>attributeSetting</key>

        <integer>1</integer>

        <key>choiceAttribute</key>

        <string>selected</string>

        <key>choiceIdentifier</key>

        <string>choice_vpn</string>

    </dict>

    <dict>

        <key>attributeSetting</key>

        <integer>0</integer>

        <key>choiceAttribute</key>

        <string>selected</string>

        <key>choiceIdentifier</key>

        <string>choice_websecurity</string>

    </dict>

    <dict>

        <key>attributeSetting</key>

        <integer>0</integer>

        <key>choiceAttribute</key>

        <string>selected</string>

        <key>choiceIdentifier</key>

        <string>choice_fireamp</string>

    </dict>

    <dict>

        <key>attributeSetting</key>

        <integer>0</integer>

        <key>choiceAttribute</key>

        <string>selected</string>

        <key>choiceIdentifier</key>

        <string>choice_dart</string>

    </dict>

    <dict>

        <key>attributeSetting</key>

        <integer>0</integer>

        <key>choiceAttribute</key>

        <string>selected</string>

        <key>choiceIdentifier</key>

        <string>choice_posture</string>

    </dict>

    <dict>

        <key>attributeSetting</key>

        <integer>0</integer>

        <key>choiceAttribute</key>

        <string>selected</string>

        <key>choiceIdentifier</key>

        <string>choice_iseposture</string>

    </dict>

    <dict>

        <key>attributeSetting</key>

        <integer>0</integer>

        <key>choiceAttribute</key>

        <string>selected</string>

        <key>choiceIdentifier</key>

        <string>choice_secure_umbrella</string>

    </dict>

</array>

</plist>

Hello All,

Did You know the name of "AMP Activator" attribute in the XML File ?

Thanks

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<array>

     <dict>

         <key>attributeSetting</key>

         <integer>1</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>choice_anyconnect_vpn</string>

     </dict>

     <dict>

         <key>attributeSetting</key>

         <integer>0</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>choice_fireamp</string>

     </dict>

     <dict>

         <key>attributeSetting</key>

         <integer>0</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>choice_dart</string>

     </dict>

     <dict>

         <key>attributeSetting</key>

         <integer>1</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>choice_secure_firewall_posture</string>

     </dict>

     <dict>

         <key>attributeSetting</key>

         <integer>1</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>choice_iseposture</string>

     </dict>

     <dict>

         <key>attributeSetting</key>

         <integer>1</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>choice_nvm</string>

     </dict>

     <dict>

         <key>attributeSetting</key>

         <integer>1</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>choice_secure_umbrella</string>

     </dict>

     <dict>

         <key>attributeSetting</key>

         <integer>0</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>choice_thousandeyes</string>

     </dict>

     <dict>

         <key>attributeSetting</key>

         <integer>1</integer>

         <key>choiceAttribute</key>

         <string>selected</string>

         <key>choiceIdentifier</key>

         <string>__ROOT_CHOICE_IDENT_Cisco Secure Client</string>

     </dict>

</array>

</plist>

this is mine and Works fine ( Ver 5.0.05040 )

does anyone know the installation script for jamf

This also makes it easier when new versions come out. No XMLs or packages to rebuild.

#!/bin/bash

/opt/cisco/secureclient/bin/amp_uninstall.sh
/opt/cisco/secureclient/bin/iseposture_uninstall.sh
# /opt/cisco/secureclient/bin/websecurity_uninstall.sh

exit 0

Hey thanks for this, we're switching in a panic from Ivanti and this was very helpful, looks like the best way to maintain going forward.

This also makes it easier when new versions come out. No XMLs or packages to rebuild.

#!/bin/bash

/opt/cisco/secureclient/bin/amp_uninstall.sh
/opt/cisco/secureclient/bin/iseposture_uninstall.sh
# /opt/cisco/secureclient/bin/websecurity_uninstall.sh

exit 0

I'd like to go this route but we don't need the VPN functionality and I can't figure out how to disable that once it's installed. I see it can be uninstalled, but we're using Umbrella and it needs to be in place for that. Any suggestions?

Someone asked that I update this script a few months ago, so it should still work. It'll create a package of whatever installer you give it and let you pick which choices to enabled/disable.

https://github.com/talkingmoose/Choices-Packager

Someone asked that I update this script a few months ago, so it should still work. It'll create a package of whatever installer you give it and let you pick which choices to enabled/disable.

https://github.com/talkingmoose/Choices-Packager

Thanks. I may use this. I liked the idea of being able to do future updates without having to create a package each time, but at least this would be less painful.

I'd forgotten about this script I'd made a while back.

You can add it to Jamf Pro and then add it to a policy that includes your package. It'll create the choices file for you on the computer and then call it when installing.

https://gist.github.com/talkingmoose/3926e86332e32eb7d05a161c3f7e8f69

It would eliminate the need to keep repackaging the installer.

I'd forgotten about this script I'd made a while back.

You can add it to Jamf Pro and then add it to a policy that includes your package. It'll create the choices file for you on the computer and then call it when installing.

https://gist.github.com/talkingmoose/3926e86332e32eb7d05a161c3f7e8f69

It would eliminate the need to keep repackaging the installer.

Ok that is fancy. I think I'll modify it to use Jamf parameters. Thanks.

I'd forgotten about this script I'd made a while back.

You can add it to Jamf Pro and then add it to a policy that includes your package. It'll create the choices file for you on the computer and then call it when installing.

https://gist.github.com/talkingmoose/3926e86332e32eb7d05a161c3f7e8f69

It would eliminate the need to keep repackaging the installer.

I modified it a bunch to have it generate the ACTransforms.xml file to disable the VPN and to create the OrgInfo.json file for Umbrella and it worked great. Thank you!

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded