Thanks for the quick response, that was the 1st thread that I started : P

This problem is a little different.  I'm referring to the icon on the SysTray this time:

Granted, I can go through MSConfig and disable the AnyConnect client from that menu but I was hoping there was a cleaner solution.  Perhaps something that we could configure during installation or on the profile.xml. 

Any other ideas?

John,

There is no reason to do that since the AnyConnect is intended for this purpose.

Nevertheless, you can try to use a program like Ccleaner to disable the auto start, but I am not quite sure if indeed it will prevent it from starting at start-up.

Portu.

Please rate any helpful posts

Doesnt sound like what I want is possible, atleast not as a configurable option with the new client .  I'll have to pursue a MSConfig type solution that shuts it down.

I want the AnyConnect client to be disabled on startup because we also have the Cisco VPN Client (IPSec) on our machines.  Since we default to the IPSec client for speed reasons it would be wasteful/cluttered to have both VPN clients running at the same time.  I have heard that the new AnyConnect may one day take over the IPSec tunnel abillities or that perhaps IPSec will go away as a supported tunnel type.  For now we enjoy having the choice between the two and allow our users to make a decision on which to use for their enviornment.

Rather than use MSConfig I decided to remove AnyConnect from the registry as a part of the installation script:

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Cisco AnyConnect Secure Mobility Agent for Windows"

This accomplishes the same goal as going through MSConfig.  Thanks for the assistance.    

I just saw this thread and thouhgt I would chime in here.  I don't accept the answer that this is part of the AnyConnect evolution.  That's just a cop out.  We are experiencing this issue and it's cause extreme negative effects to our users.  I am not at liberty to go into detail in this forum as to why.  Once the application deveolpers take away control from the user/administrator to decide whether their application should run at start up and take up valueable system resources that might be needed elsewhere, the developes of said application have basically created a virus.  I'm just calling a spade a spade..

We worked around this by creating a custom batch script that is being deployed to tens of thousands of users that renames the vpnui.exe file to vpn.exe.  The effect of this is that the registry is looking for a file called vpnui.exe.  If you rename it to vpn.exe, the AnyConnect client stops loading on boot.

Taking control away from the administrator to decide whether or not to run an application is a terrible idea.

FYI: In version 8.1.02026, using the msconfig option doesn't work and neither does editing the registry.  We tried all of these options.  The only option that worked across all OS platforms was to rename the application executable.

Hi Erick,

I see you are being pestered by this feature too.  I feel your pain.

Just wanted to let you know that our registry change during the installation has been holding strong as our solution to this scenario.  Several months on several hundered Win7 laptops with no complaints.  Since we already customize the installation for our enviornment from a VBScript adding in a small regkey change was no big deal.  Sounds like you found a similar solution better fitted for your enviornment.

Thanks for sharing! 

Hi John.

Our problem is that we pushed out the client with SCCM and it's already out there.  Now we are stuck.  If this is Cisco's evolution of the AnyConnect client, we will look at what other vendors have to offer. 

When you say version 8.1 you must be referring to your ASA.  The Cisco AnyConnect Secure Mobility client is only on version 3.1.

AnyConnect Secure Mobility Client:

http://www.cisco.com/cisco/web/support/model/tsd_software_anyconnectvpn_version_secure.html#0

We were fortunate enough to have captured this problem before we deployed to everyone.  Given your situation I'm sure we would have had to do something similar.  It is concerning that whatever version you are using is not modifyable in MSConfig or the registry.  We will have to be careful before we consider upgrading the client version again.

HI John,

That was certainly a typo.  I meant version 3.1.02026.  We deployed this version to position ourselves for Windows 8 compaitbility.  Make sure you do extensive testing before you roll out this version.  Using msconfig doesn't work.  When you uncheck the Cisco AnyConnect client, it just adds a new entry and keeps starting on boot.  One othter thing we tested was modifying the registy key at HKLM\Software\Wow64Node\Microsoft\Windows\CurrentVersion\Run. 

There is a registry key with the following value.

"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -autolaunched

We figured that if we modify this above registry entry to reference vpn.exe instead of vpnui.exe, the client would not start on boot because vpn.exe doesn't exist in the file system structure.  Well, that worked until a user manully starts the client and connects to the VPN.  Once this happens and the suer reboots, the client start on logon even though the registy entry is incorrect.  Again, this is very viral in nature.

Just my 2 cents.

I agree with the virus designation.  This is also a problem for our user base and subsequentially our support team.  We are currently running version 3.1.02040.  Is there an update on the enhancment (bugfix)?

That is weird because I haven't noticed this kind of behavior- once the vpnui.exe has been renamed to vpn.exe, the client is not started at startup.

I dont want to rely on scripts for renaming the vpnui.exe. Instead I took the Anyconnect MSI installer and renamed the file in there:

Under the File table, find the Filename entry vpnui.exe and rename it to vpn.exe. Be sure to rename it under Filename- otherwise you will break the MSI installer. That way the file is copied to the anyconnect folder as vpn.exe.

I will also add a screenshot about this.

First of all I am sorry to post in such an old thread.

I too must join the nay-saying partners here.

Since the opgrade to Windows 10 have forces our users/customers from the old Cisco Systems VPN Client Version 5.0.007.0440 to the Cisco AnyConnect, we have seen this lack of option as issue.

Our customers are not advanced IT users and cannot be told how to access MSconfig or the registry to disable this option.

At the time being, we have not had any complaints, however we expect to have some in the near future.

As for our R&D team, we are still running Win7 mainly due to the lack of profiles in the AnyConnect client. Another issue we are facing.
We are currently looking into a solution for us having 100+ and counting different VPN's to access monthly without remembering the IP's for each and everyone.

My 2 cents...