Solved: Prevent com.cisco.anyconnect.gui from starting automatically

Micke.MJ · ‎01-28-2022

Hi

We use AnyConnect on our machines (macos). Is it possible that via the profile we deploy to /opt/Cisco/anyconnect/profile, which we received from the cisco firewall, with slightly different info, it is possible to control the autostart of the com.cisco.anyconnect.gui.plist agent in /Library/launcAgents/, that it is not installed or autostarted when the user logs in? It would have been easier to just deploy this profile than to run a remove script on all our machines from time to time.

Best Regards

Micke

Mike.Cifelli · ‎01-28-2022

It sounds like what you are looking for is this configuration (xml tag) in your VPN profile:

<AutoConnectOnStart UserControllable="false">true</AutoConnectOnStart>; This controls the behavior of AnyConnect. If enabled by default will trigger AnyConnect to automatically attempt a connection to the last connected gateway. Setting 'UserControllable' to true would allow users to manage (enable/disable) the option in the VPN preferences via the AC gui. You can manually tweak the setting locally to test the thought. Then once you feel comfortable you have the ability to push the updated setting/s from the ASA upon new connections via group policy configuration.

View solution in original post

Mike.Cifelli · ‎01-28-2022

It sounds like what you are looking for is this configuration (xml tag) in your VPN profile:

<AutoConnectOnStart UserControllable="false">true</AutoConnectOnStart>; This controls the behavior of AnyConnect. If enabled by default will trigger AnyConnect to automatically attempt a connection to the last connected gateway. Setting 'UserControllable' to true would allow users to manage (enable/disable) the option in the VPN preferences via the AC gui. You can manually tweak the setting locally to test the thought. Then once you feel comfortable you have the ability to push the updated setting/s from the ASA upon new connections via group policy configuration.