Windows Autopilot Hybrid Azure AD Join: Create Intune Win32 App Cisco AnyConnect VPN + SBL
ฝัง
- เผยแพร่เมื่อ 1 ธ.ค. 2020
- This is a setup by step instructions on how to create your Win32 App for Cisco AnyConnect Secure Mobility Client v4.9.040403 + SBL.
Instructions:
1. Have the full installer for Cisco AnyConnect Secure Mobility Client v4.9.040403 (Comes in ZIP)
2. Extract it and copy the required to another folder to create the win32 package.
3. The ones that need to be copied are:
IMPORTANT:
anyconnect-win-4.9.04043-core-vpn-predeploy-k9.msi
anyconnect-win-4.9.04043-gina-predeploy-k9.msi
Optional:
anyconnect-win-4.9.04043-dart-predeploy-k9.msi
anyconnect-win-4.9.04043-umbrella-predeploy-k9.msi
4. Ideally in your folder to create your:
install-AnyConnect.cmd
CustomProfile.xml - server address
OrgInfo.json - ask your network team
preferences_global.xml - custom preferences
Uninstall-AnyConnect.cmd
5. Install the .msi manually on your device and run the following in powershell:
get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
Select All then copy and paste to Notepad, locate the Cisco AnyConnect modules.
6. Update your batch files:
For: install-AnyConnect.cmd - update using step 3 (installer names)
For: Uninstall-AnyConnect.cmd - update using the GUID from step 5.
7. Download the Win32 App package if you have done so: github.com/Microsoft/Microsof...
8. Run CMD as admin, then cd to path file and your installer or setup: install-AnyConnect.cmd then output to the same folder (your choice)
9. Navigate to: endpoint.microsoft.com - Apps - Add - Win32 - Upload the .intunewin and put your description.
Install command: install-AnyConnect.cmd
Uninstall command: Uninstall-AnyConnect.cmd
Install Behaviour: System
Device restart behavior: No specific action
Requirements:
OS architecture: x86 x64
Minimium operating system: Windows 10 1607
Detection Rules: Manually configure detection rules
Detection Rules: MSI (GUID from Cisco AnyConnect Secure Mobility Client) mentioned in Step 5.
Assignments: Your devices
10. Navigate to Devices - Enrol devices - Enrollment Status Page:
You can use default or create your own, I have created my own with: ESP - Windows Autopilot Hybrid Azure AD over VPN
In the ESP, this option must be selected:
Block device use until these required apps are installed if they are assigned to the user/device with app: Cisco AnyConnect Secure Mobility Client v4.9.040403 + SBL selected.
Then save and test. - วิทยาศาสตร์และเทคโนโลยี
Amazing Mr. Autopilot !! Really enjoyed all your Autopilot videos Today !! Great Content !! Hope to see moRe videos to come !!
Cheers mate! I will be doing some more in the near future!
Excellent video!!
Thank you :)
Well done, sir!
Cheers!
Great video man. have you made any video on how to install crowdstrike sensor?
No I haven't. I have used at my last job.
Hi Mr. B, any chance you have instructions on how to setup and deploy any connect device certificate for intune autopilot hybrid azure AD join over VPN + SBL?
Thank you.
Sorry for not replying, I don't monitor this channel - add me on www.linkedin.com/in/bernard-mah/
does any one know what that Code is before the path on the command-install file ? %~dpo something what is that ? what should be there
For install-AnyConnect.cmd:
msiexec /i "%~dp0\anyconnect-win-4.9.04043-core-vpn-predeploy-k9.msi" /qn /norestart
if not exist "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\HostnameProfile.xml" copy /y "%~dp0\HostnameProfile.xml" "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile"
if not exist "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\preferences_global.xml" copy /y "%~dp0\preferences_global.xml" "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client"
msiexec /i "%~dp0\anyconnect-win-4.9.04043-umbrella-predeploy-k9.msi" /qn /norestart
if not exist "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella\OrgInfo.json" copy /y "%~dp0\OrgInfo.json" "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella"
msiexec /i "%~dp0\anyconnect-win-4.9.04043-gina-predeploy-k9.msi" /qn /norestart
msiexec /i "%~dp0\anyconnect-win-4.9.04043-dart-predeploy-k9.msi" /qn /norestart
Sorry I don't check my channel anymore. Reach out to me via www.linkedin.com/in/bernard-mah-1832613b/
@@mrbsoeway7734 Thank you for posting/reply!
Could you please share the steps we've to do from the Cisco side?
Thanks
I don't have those steps unfortunately with me.
Hi Mr. B
Could you share the source AnnyConnect installer?
Thank you!
Hi Parker, I won't have the Cisco AnyConnect Installers unfortunately. That was dated as version 4.9 (back in 2020).
Hi Mr B , how can i get in touch with you ? need your assistance with cisco AnyConnect BFL for my auto pilot ? I am stuck. :(
Sorry for not replying, I don't monitor this channel - add me on www.linkedin.com/in/bernard-mah/
What does your install.cmd code look like
I got it. Thanks for the video
@@cccn714 where did you find the .cmd syntax? It's hard to see it in the video.
@@azh1229
For install-AnyConnect.cmd:
msiexec /i "%~dp0\anyconnect-win-4.9.04043-core-vpn-predeploy-k9.msi" /qn /norestart
if not exist "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\HostnameProfile.xml" copy /y "%~dp0\HostnameProfile.xml" "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile"
if not exist "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\preferences_global.xml" copy /y "%~dp0\preferences_global.xml" "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client"
msiexec /i "%~dp0\anyconnect-win-4.9.04043-umbrella-predeploy-k9.msi" /qn /norestart
if not exist "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella\OrgInfo.json" copy /y "%~dp0\OrgInfo.json" "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella"
msiexec /i "%~dp0\anyconnect-win-4.9.04043-gina-predeploy-k9.msi" /qn /norestart
msiexec /i "%~dp0\anyconnect-win-4.9.04043-dart-predeploy-k9.msi" /qn /norestart
@@mrbsoeway7734 Thank you for sharing. I ended up using the blow to deploy just the core-vpn .msi and a couple .xml files.
RMDIR /S /Q "%SYSTEMDRIVE%\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client"
CD /d "%SYSTEMDRIVE%\users"
FOR /d %%a in (*) DO RMDIR /s /q "%SYSTEMDRIVE%\users\%%a\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client" >nul 2>&1
MSIEXEC /i "%~dp0\anyconnect-win-4.10.02086-core-vpn-predeploy-k9.msi" /qn /norestart
COPY /y "%~dp0\Cert-Based_ADMIN.xml" "%SYSTEMDRIVE%\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile"
COPY /y "%~dp0\AnyConnectLocalPolicy.xml" "%SYSTEMDRIVE%\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client"
TASKKILL /F /IM vpnui.exe
NET STOP vpnagent
TIMEOUT 2
NET START vpnagent
START "WindowTitle" "%SYSTEMDRIVE%\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe"
Sorry guys, since leaving my last job I haven't been checking this.
Please reach out to me www.linkedin.com/in/bernard-mah and I will be happy to give you the instructions.