Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4217
Views
5
Helpful
2
Replies

Deploying AnyConnect Secure Mobility Client Standalone via GPO with Profile

sonny.herriott
Level 1
Level 1

‎02-10-2017 07:52 AM - edited ‎02-21-2020 09:09 PM

Hi All,

We are deploying AnyConnect with a profile including the connection URLs. Has anyone achieved this using GPO and if so how?  Alternatively SCCM is another method we could potentially use however that is not yet in production.

Thanks

Labels:
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎02-10-2017 10:59 AM

I have seen SCCM installations, not GPO deployments unfortunately. For SCCM, the following script works to install and copy the profile to the right location.

msiexec /package anyconnect-win-<version>-pre-deploy-k9.msi /norestart /passive /lvx*
anyconnect-win-<version>-pre-deploy-k9-install-datetimestamp.log
XCopy /Y /F /C /E "\\<SCCM XML File Location>" "c:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\"

The MSI file is present inside the .pkg file uploaded to the ASA, you would have to unzip it using 7zip or winzip.

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Rahul Govindan

‎02-10-2017 07:52 PM

Adding to Rahul's correct response, the XML file is where the connection URLs (aka ServerList) is stored.

You create it using with the Profile Editor built into ASDM or the standalone VPN Profile Editor (available on the AnyConnect download page).

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect44/administration/guide/b_AnyConnect_Administrator_Guide_4-4/anyconnect-profile-editor.pdf

0 Helpful
Customers Also Viewed These Support Documents