+12In previous versions, you can go to /opt/cisco/anyconnect/profile and edit an xml file.
In this version, it looks like this is now controlled by a .anyconnect file in the users folder.
I'm looking for a way to automate this workflow for new hires. How are some of you guys doing this? (I'm also using DeployStudio for imaging)
Best answer by Retrac
This is the xml file I copy in to /opt/cisco/anyconnect/profile/new.xml. All users that login get the VPN address and the other settings applied.
<?xml version="1.0" encoding="UTF-8"?> <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"> <ServerList> <HostEntry> <HostName>vpn.yourdomain.co.uk</HostName> <HostAddress>vpn.yourdomain.co.uk</HostAddress> </HostEntry> </ServerList> <ClientInitialization> <UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon> <AutomaticCertSelection UserControllable="true">true</AutomaticCertSelection> <ShowPreConnectMessage>false</ShowPreConnectMessage> <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart> <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect> <AutoReconnect UserControllable="false">true <AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior> </AutoReconnect> </ClientInitialization> </AnyConnectProfile>
+11When are your user accounts created?
Script and run a policy after deployment, running it once per user.
Have a look at https://macmule.com/2014/11/19/how-to-get-the-currently-logged-in-user-in-a-more-apple-approved-way/
+7Copying an xml to /opt/cisco/anyconnect/profile/ works a treat for me with AnyConnect 4.2
The xml file has our VPN URL and a tells any connect not to launch on login and minimise once connected.
+9We are also using 4.2 with a .xml file in /opt/cisco/anyconnect/profile/ like others have described.
What I did find is that while testing, you may want to delete the .cisco and .anyconnect files/folders from /Users/username so that it doesn't just pickup the settings from your last session.
+12@lkrasno User accounts are created after imaging. Perhaps I can create a smart group that has "JSS Greater than X", where X is the JSS ID of the last computer enrolled... Then have a policy that copies the configured .anyconnect to the user folder. I think Fill user template should take care of that.
@Retrac @Marker.43 Can you provide an example of the xml file you're using? Is there a template somewhere?
+7This is the xml file I copy in to /opt/cisco/anyconnect/profile/new.xml. All users that login get the VPN address and the other settings applied.
<?xml version="1.0" encoding="UTF-8"?> <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"> <ServerList> <HostEntry> <HostName>vpn.yourdomain.co.uk</HostName> <HostAddress>vpn.yourdomain.co.uk</HostAddress> </HostEntry> </ServerList> <ClientInitialization> <UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon> <AutomaticCertSelection UserControllable="true">true</AutomaticCertSelection> <ShowPreConnectMessage>false</ShowPreConnectMessage> <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart> <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect> <AutoReconnect UserControllable="false">true <AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior> </AutoReconnect> </ClientInitialization> </AnyConnectProfile>
+12Thanks @Retrac This is perfect!
I just tested deleting the .anyconnect file in the user profile, and creating a new.xml in the /opt/cisco folder. Works like a charm!
+18Thanks @Retrac This is perfect!
I just tested deleting the .anyconnect file in the user profile, and creating a new.xml in the /opt/cisco folder. Works like a charm!
Tried to do this same thing but no love here. Again old post but would this break within Big Sur and Monterey?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.