02-05-2012 07:47 AM - edited 02-21-2020 05:51 PM
From what I can tell, there is no way to specify in each group policy which script to run on connect for anyconnect 2.5.
Either scripting is enabled on the profile or it isn't, thats it.
Is this a bug or am I missing something?
I need to be able to run different scripts based on Anyconnect groups, but how?
Thanks.
02-10-2012 05:09 AM
Hi
you are correct, this is not possible at the moment. It's not a bug, it's just the way it was implemented. You could ask TAC, or better still: your Cisco account team, to submit an enhancement request.
BTW you could use a single script for all users, and in that script use variables like %username% to achieve different behavior for different users.
Or you could pre-deploy a (different) script to all users.
Both suggstions are user-based, not group-based, but I thought I'd mention them anyway in case you or anyone else with a similar question might find them useful.
regards
Herbert
02-10-2012 05:29 AM
Actually now I that I think of it some more, you might actually write a script that somehow extracts the groupname from \Users\%username%\AppData\Local\Cisco\Cisco Anyconnect Secure Mobility Client\preferences.xml
(this is the path on win7 - on other platforms it will be different).
And then in the script do something like
if groupname == foo
then
...
else if groupname == foo2
then
...
etc.
This would still not allow you to differentiate on group-policy, but on tunnel-group (which may or may not be equivalent, depending on how you do your group-policy assignment).
Extracting the group from the preferences file might be tricky, but I think it can be done.
hth
Herbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide