Pre-populate server field in AnyConnect 4.2

bbot
Contributor

In previous versions, you can go to /opt/cisco/anyconnect/profile and edit an xml file.

In this version, it looks like this is now controlled by a .anyconnect file in the users folder.

I'm looking for a way to automate this workflow for new hires. How are some of you guys doing this? (I'm also using DeployStudio for imaging)

1 ACCEPTED SOLUTION

Retrac
Contributor

This is the xml file I copy in to /opt/cisco/anyconnect/profile/new.xml. All users that login get the VPN address and the other settings applied.

<?xml version="1.0" encoding="UTF-8"?> <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"> <ServerList> <HostEntry> <HostName>vpn.yourdomain.co.uk</HostName> <HostAddress>vpn.yourdomain.co.uk</HostAddress> </HostEntry> </ServerList> <ClientInitialization> <UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon> <AutomaticCertSelection UserControllable="true">true</AutomaticCertSelection> <ShowPreConnectMessage>false</ShowPreConnectMessage> <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart> <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect> <AutoReconnect UserControllable="false">true <AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior> </AutoReconnect> </ClientInitialization> </AnyConnectProfile>

View solution in original post

8 REPLIES 8

lkrasno
Contributor II

When are your user accounts created?

Script and run a policy after deployment, running it once per user.

Have a look at https://macmule.com/2014/11/19/how-to-get-the-currently-logged-in-user-in-a-more-apple-approved-way/

Retrac
Contributor

Copying an xml to /opt/cisco/anyconnect/profile/ works a treat for me with AnyConnect 4.2

The xml file has our VPN URL and a tells any connect not to launch on login and minimise once connected.

cmarker
Contributor

We are also using 4.2 with a .xml file in /opt/cisco/anyconnect/profile/ like others have described.

What I did find is that while testing, you may want to delete the .cisco and .anyconnect files/folders from /Users/username so that it doesn't just pickup the settings from your last session.

bbot
Contributor

@lkrasno User accounts are created after imaging. Perhaps I can create a smart group that has "JSS Greater than X", where X is the JSS ID of the last computer enrolled... Then have a policy that copies the configured .anyconnect to the user folder. I think Fill user template should take care of that.

@Retrac @Marker.43 Can you provide an example of the xml file you're using? Is there a template somewhere?

Retrac
Contributor

This is the xml file I copy in to /opt/cisco/anyconnect/profile/new.xml. All users that login get the VPN address and the other settings applied.

<?xml version="1.0" encoding="UTF-8"?> <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"> <ServerList> <HostEntry> <HostName>vpn.yourdomain.co.uk</HostName> <HostAddress>vpn.yourdomain.co.uk</HostAddress> </HostEntry> </ServerList> <ClientInitialization> <UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon> <AutomaticCertSelection UserControllable="true">true</AutomaticCertSelection> <ShowPreConnectMessage>false</ShowPreConnectMessage> <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart> <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect> <AutoReconnect UserControllable="false">true <AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior> </AutoReconnect> </ClientInitialization> </AnyConnectProfile>

bbot
Contributor

Thanks @Retrac This is perfect!

I just tested deleting the .anyconnect file in the user profile, and creating a new.xml in the /opt/cisco folder. Works like a charm!

Tried to do this same thing but no love here.  Again old post but would this break within Big Sur and Monterey?

Retrac
Contributor

Good stuff @bbot :)