cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Webcast- Catalyst 9000
703
Views
20
Helpful
8
Replies
Beginner

AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

Hi all,

 

After migrating to anyconnect 4.7.00136, we noticed that it created a local user in our AD with the name ciscoacvpnmcuser.

 

Does anyone knows why and is the safe to delete?

 

Thanks,

Hugo Amaro

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

This is directly related to the new Management Tunnel Feature in 4.7

 

The 4.7  installer will also create a low-privileged user account (ciscoacvpnmcuser), to be used for running the MC (management connection)  and downloader processes with limited privileges during a management tunnel connection.
This account (along with the associated user profile directory) will be removed during uninstall

 

Feature Description:

"Management VPN Tunnel-(Requires ASDM 7.10.1) Ensures connectivity to the corporate network whenever the client system is powered up, not just when a VPN connection is established by the end user.

This feature allows patch management on systems which may not come in to the office frequently. Endpoint OS login scripts requiring corporate network connectivity will also benefit from this feature."

Source: Release notes

 

If you never plan on using this feature you can remove it although if you change your mind there may be some difficulty having this account created one again

ciscoacvpnmcuser.png

 

Best regards,

Paul

 

AC TME

8 REPLIES 8
Cisco Employee

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

See response from pcarco below.

Beginner

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

We also just started rolling out the AnyConnect Client 4.7.00.136 and it is in fact creating a local user on the workstation after installation.  Can anyone provide any documentation as to the function of this account?  I have found if I disable the user I am still able to connect to our VPN but it is very discerning to see a user account being created with no warning from Cisco.

 

It is not creating an account in Active Directory but is very much creating a Local user on the workstations.

 

Cisco Employee

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

This is directly related to the new Management Tunnel Feature in 4.7

 

The 4.7  installer will also create a low-privileged user account (ciscoacvpnmcuser), to be used for running the MC (management connection)  and downloader processes with limited privileges during a management tunnel connection.
This account (along with the associated user profile directory) will be removed during uninstall

 

Feature Description:

"Management VPN Tunnel-(Requires ASDM 7.10.1) Ensures connectivity to the corporate network whenever the client system is powered up, not just when a VPN connection is established by the end user.

This feature allows patch management on systems which may not come in to the office frequently. Endpoint OS login scripts requiring corporate network connectivity will also benefit from this feature."

Source: Release notes

 

If you never plan on using this feature you can remove it although if you change your mind there may be some difficulty having this account created one again

ciscoacvpnmcuser.png

 

Best regards,

Paul

 

AC TME

Beginner

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

Thanks Paul.

Hall of Fame Master

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

Good to know @pcarco - thanks for jumping in on this one.

Cisco Employee

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

You are welcome.  I am working with the development and documentation teams to have this information added to the release notes and guides so that its not such a surprise moving forward.

 

Best regards,

Paul

 

AC TME

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

Hi. I have iinstalled anyconnect for posture purposes. By removing this user, will it affect my posture checking for Cisco ISE?

Highlighted
Hall of Fame Master

Re: AnyConnect 4.7.00136 creates local user called ciscoacvpnmcuser

Removing the user will not affect the ability to use ISE-based posture feature with AnyConnect.