AnyConnectLocalPolicy.XML is a configuration file for Anyconnect local settings.
It is located at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AnyConnectLocalPolicy.XML
Problem is that the configuration in the file is not configurable from ASA. It is located at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AnyConnectLocalPolicy.XML
The file is generated locally upon installing Anyconnect.
There are 2 methods for pushing the desired configuration file to clients (maybe 3?):
- Write a script that replaces the client's local configuration file with a modified configuration file located on a remote fileshare. The script can be pushed to the client via Anyconnect script feature. Of course Anyconnect needs to be run in administrative rights to copy/replace system files. A working snippet for the script:
copy "\\vboxsrv\temp\AnyConnectLocalPolicy.xml" "%AllUsersProfile%\Cisco\Cisco AnyConnect Secure Mobility Client\AnyConnectLocalPolicy.XML" /y
- Modify the Anyconnect .msi installer. A nice tool for editing the .msi installer is Microsoft Orca. Orca is included with the Microsoft Windows SDK for Windows 7 and .NET Framework 4 (winsdk_web.exe).
After the SDK is installed you must install Orca from C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\Orca.Msi
Once installed you can edit the anyconnect-win-3.1.05152-pre-deploy-k9.msi with Orca. The default values of AnyConnectLocalPolicy.XML can be modified when navigating Orca to the Property table and changing the value of LOCAL_POLICY_RESTRICT_PREFERENCE_CACHING, which defaults to "false".
After changing from "false" to "Thumbprints" Anyconnects installs with a modified AnyConnectLocalPolicy.XML
No comments:
Post a Comment