I have been working on Trusted Network Detection and always on...works pretty good...but was playing with VPNCLI on boot to help 100% remote folks get authenticated properly for GPOs, passwords etc (I know, use SBL/PLAP) but was trying for a seamless integration similar to DirectAccess...if VPNCLI kicks off and connects (via machine certs), it gets the trusted DNS Servers and is now flagged trusted network...the problem is, when the session transfers to the user (tunnel dies after login as expected) it thinks its on the trusted net and its actually on untrusted...

is there a time period that TND redetects for trusted nets? the only thing I have seen to reset it is reset of the cisco anyconnect service...thoughts? or am I trying to make myself go crazy?