Hello, I’m looking for direction in adding an Anyconnect profile with SBL enabled to a Windows image. This would allow us to image a pc and ship directly to the end user without having to login as them, download the SBL update to Anyconnect before shipping. My company is now all working remote including our help desk due to Covid.
We have SCCM at our disposal, can anyone help with a document covering available methods in adding not just the Anyconnect client but the configured profile?
Thanks in advance and stay safe!
Let me rephrase, I already enabled and tested the SBL module and works like a charm. But my question is regarding on "no touch" windows laptop imaging solution. My colleague that takes care of our SCCM deployments, is trying to figure out how to pull the URL into the package as well as the SBL module all at once. In theory, if a newly imaged laptop has the any connect profile and the SBL module already installed, he could ship a laptop to a new user and when they open it and power on they would already see the SBL option in the lower right corner instead of having to login to windows, then connect to vpn and allowing the SBL module to download.
Right now, after he images a pc, he logs into the laptop as the user, adds the anyconnect profile manually, and would then have to download the SBL module. We are shooting for "no touch" essentially.
We are using credentials and an ASA. It will work that way and is per my test. Regardless, management is tasking us to have everything included as well as the user Anyconnect profile in the pc image without any manual input.
They want the end user experience to be as clean as possible and the user to not have to know the vpn url or see the update for the module so it’s there as soon as they open the laptop. Should just advise this isn’t exactly possible? I feel like I’ve talked with others regarding all of that being preloaded via SCCM as an example.
Have you looked into the new VPN Management tunnel feature in AnyConnect. This will eliminate the need for SBL and give you a VPN tunnel whenever the user tunnel is disconnected. This allows for managing the device at all times and allowing non-cached logon to the domain. It might be a better option for you.