We are preparing to upgrade AnyConnect (with Network Access Manager) to version 4.10 on our Windows 10 workstations.
During the last upgrade we noticed that the NAM filter driver was automatically enabled on all workstation NICs. So if a user had previously disabled the filter driver on a particular NIC it was re-enabled after the upgrade completed, rendering one of the NICs unusable until the filter was manually re-disabled.
Is this still an issue or does the upgrade leave disabled filter drivers alone now?
I happened to recently install AnyConnect 4.10 on my Windows 10 machine, and I had to manually disable the filter. I guess this could be a problem if your users are locked down and cannot do this manually. I found the thread below where TAC suggests a Powershell command to automate this...
The Client Policy window enables you to configure the client policy options. The following sections are included:
Enables you to define whether a network connection is attempted before or after the user logs on.
Default Connection Timeout—The number of seconds to use as the connection timeout for user-created networks. The default value is 40 seconds.
Before User Logon—Connect to the network before the user logs on. The user-logon types that are supported include user account (Kerberos) authentication, loading of user GPOs, and GPO-based logon script execution. If you choose Before User Logon, you can also set Time to Wait Before Allowing a User to Logon.
Time to wait before allowing user to Logon—Specifies the maximum (worst-case) number of seconds to wait for the Network Access Manager to make a complete network connection. If a network connection cannot be established within this time, the Windows logon process continues with user logon. The default is five seconds.