Re: Cisco VPN Client configuration

jose_gomez · ‎06-13-2006

As an administrator I do not want my remote users to see or modify the configuration of the software client installed in their Laptops, Does anybody knows a way of making this part unavailable for a remote user?

I could just send them a preconfigured profile and make it work with that.

gfullage · ‎06-14-2006

You can certainly package the VPN client with a preconfigured profile before you send it out, see here for how to do that:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/4_6/admin/vcach2.htm

As for how you make options within that profile non-configurable, bfore you package it up open the .pcf file for that profile and put a ! at the beginning of each line (apart from the username/password related lines as these need to be changed), this makes the option within the profile non-writeable, and in the GUI it will be greyed out.

An example profile pcf file would look like this:

[main]

!Description=Test connection

!Host=2.2.2.2

!AuthType=1

!GroupName=test

!GroupPwd=

!enc_GroupPwd=ASDASDASDAS4GHRERGE$#$#ERRERY$%TWER

!EnableISPConnect=0

!ISPConnectType=0

!ISPConnect=

!ISPCommand=

Username=

!SaveUserPassword=0

UserPassword=

enc_UserPassword=

!NTDomain=

!EnableBackup=1

!BackupServer=1.1.1.1

!EnableMSLogon=1

!MSLogonType=1

!EnableNat=0

!CertStore=0

!CertName=

!CertPath=

!CertSubjectName=

!CertSerialHash=00000000000000000000000000000000

!DHGroup=2

!ForceKeepAlives=0

!PeerTimeout=0

!ISPPhonebook=D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk

!TunnelingMode=0

!TcpTunnelingPort=10000

!SendCertChain=0

!EnableLocalLAN=0

Of course a really smart user can get into this .pcf file and remove the !'s, but you'll stop most people.

jose_gomez · ‎06-14-2006

Thank you