08-17-2016 05:26 AM
Dear Team
On your guide here :
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac03vpn.html#73771
You menthion that to secure the Always-On vpn its advised to restrict the users from closing the VPN UI GUI ,
"Predeploy a group policy object (GPO) for Windows users to prevent users with limited rights from terminating the GUI. Predeploy equivalent measures for Mac OS users."
can you please advise how ? as I don't think its possibale and especialy not with GPO, GPO can control system services so that couold work for the Cisco Service , but not for the VPNUI.exe . that is not a service.
for example , Can set WORD to open on startup but prevent users from closing it ?
Please advise if you know how can this be acheived .
Kind Regards
Ilan
08-24-2016 10:18 PM
– For Windows XP users: C:\Document and Settings\All Users
– For Windows Vista and Windows 7 users: C:\ProgramData
Users with limited or standard privileges may sometimes have write access to their program data folders. They could use this access to delete the AnyConnect profile file and thereby circumvent the always-on feature.
you just need to restrict the admin privileges for the users using GPO
08-24-2016 11:22 PM
Hi
Even a restricted user without admin right can terminate the Cisco GUI , by right clicking the icon in taskbar and choose "Quit" , what GPO can prevent that ? this is not the Cisco service its the VPNUI.exe , please advise how ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide