Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8825
Views
5
Helpful
6
Replies

Anyconnect SCCM Deployment

Go to solution
djibril.diop
Level 1
Level 1

‎02-09-2017 02:43 AM

Hello community,

I need to deploy two packages with SCCM : one with vpn module and web security and one without vpn module and web security.

Do anyone know a detection method via WMI, registry key or filesystem to differentiate both packages. I proposed to my client to detect the file "VPNDisable_ServiceProfile.xml" but he can't manage to do it.

Thank you,


Best regards,

Djibril

1 person had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
pcarco
Cisco Employee
Cisco Employee
In response to djibril.diop

‎03-10-2017 04:59 PM

Hello Djibril,

Ok.  I am clear now. and I agree with your original idea to try to use the VPNDisable_ServiceProfile.xml file to make this happen.  Even with VPN disabled the module is still going to show installed so my idea of looking at the services is not going to work.

I am not aware any registry keys that SCCM can use. to make this determination

I am adding Pete for further comment. psd

Why not push the profile from the ASA head-end for the users with both VPN and Web Security and only use SCCM for the Web Security only users ?

If I can find anything else I will reply back again

Best regards,

Paul

View solution in original post

0 Helpful
6 Replies 6

Go to solution
pcarco
Cisco Employee
Cisco Employee

‎02-10-2017 08:58 AM

Hello,

Not sure if I completely follow you.   Are you asking for a method for SCCM to decide what AC Modules  to deploy on a particular users laptop ?

Also are you saying some users will have the Core VPN and Web Security Module with the tiles showing  but other users will not see the Core VPN tile and only the Web Security

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.4 - Deploy AnyConnect [Cisco AnyConnect Secure M…

Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.4 - Cisco

https://www.cisco.com/c/dam/en/us/products/collateral/security/cloud-web-security/cws_anyconnect.pdf

Best regards,

Paul

AC TME

0 Helpful

Go to solution
djibril.diop
Level 1
Level 1
In response to pcarco

‎02-12-2017 11:43 PM

Hello Paul,

No actually, I'm looking for a method for SCCM to detect which AC package is deployed (SCCM) on a particular user.

And yes I want to make 2 packages : one with vpn showing + web security and the other one without vpn showing like you said.

Thank you,

Best regards,

Djibril

0 Helpful

Go to solution
pcarco
Cisco Employee
Cisco Employee
In response to djibril.diop

‎02-28-2017 11:55 AM

Hello,

Apologize for the delay.  So just to be clear the use case AnyConnect would already be present on the machine and SCCM would query to understand what modules are installed in order to do an upgrade ?  I ask this because you were asking about using a registry entry as a determining factor for the install.

If its for existing the module would be listed as services and installed programs

Or is this for a new install - no AC currently residing on the device ?

I am not an expert on SCCM/SMS but are you proposing that their would be 2 packages built that reside on the SCCM server for deployment and somehow have SCCM look into your packages based on the user to push the new install?

Best regards,

Paul

0 Helpful

Go to solution
djibril.diop
Level 1
Level 1
In response to pcarco

‎03-09-2017 01:32 AM

Hello Paul,

It's a fresh install and yes their would be 2 packages deployed.


Like I said, the customer would like for the SCCM to differentiate both packages after installation if need be to push another configuration file.

Thank you.

Best regards,

Djibril

0 Helpful

Go to solution
pcarco
Cisco Employee
Cisco Employee
In response to djibril.diop

‎03-10-2017 04:59 PM

Hello Djibril,

Ok.  I am clear now. and I agree with your original idea to try to use the VPNDisable_ServiceProfile.xml file to make this happen.  Even with VPN disabled the module is still going to show installed so my idea of looking at the services is not going to work.

I am not aware any registry keys that SCCM can use. to make this determination

I am adding Pete for further comment. psd

Why not push the profile from the ASA head-end for the users with both VPN and Web Security and only use SCCM for the Web Security only users ?

If I can find anything else I will reply back again

Best regards,

Paul

0 Helpful

Go to solution
djibril.diop
Level 1
Level 1
In response to pcarco

‎03-15-2017 02:12 AM

Hello Paul,

Thank you for your help on this matter. My client finally managed to do it with the .xml.

We did not push the profile from the ASA because the customer is going to replace it so they do not want the hassle to try that.

Best regards,

Djibril

0 Helpful
Customers Also Viewed These Support Documents