Scribd
Upload
214 views9 pages

Automated Anyconnect Nam Installation With Profile Conversion Via Batch File Script

This document describes how to automate the installation of Cisco AnyConnect Network Access Manager (NAM) and profile conversion using a batch file script. The batch file executes commands to install the AnyConnect VPN and NAM modules, copy profile configurations, and restart the system. This allows large-scale deployment without user interaction. Benefits include automated wireless profile conversion and disabling the VPN module if not needed. The process involves downloading AnyConnect packages, creating the batch file, running commands as administrator to install modules and copy profiles, and notifying users of the upcoming restart.

Uploaded by

maumorado
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
214 views9 pages

Automated Anyconnect Nam Installation With Profile Conversion Via Batch File Script

This document describes how to automate the installation of Cisco AnyConnect Network Access Manager (NAM) and profile conversion using a batch file script. The batch file executes commands to install the AnyConnect VPN and NAM modules, copy profile configurations, and restart the system. This allows large-scale deployment without user interaction. Benefits include automated wireless profile conversion and disabling the VPN module if not needed. The process involves downloading AnyConnect packages, creating the batch file, running commands as administrator to install modules and copy profiles, and notifying users of the upcoming restart.

Uploaded by

maumorado
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Automated AnyConnect NAM Installation with

Profile Conversion via Batch File Script


Contents
Introduction
Prerequisites
Requirements
Components Used
Background Information
Configure
Creation of Batch file
Anyconnect User-End Procedure
Additional Information
Verify

Introduction
This document describes in detail the steps required to install the Cisco Anyconnect NAM agent
with the profiles conversion via batch file(.bat). The batch file can then be executed locally on the
system or remotely to all the machines through the SCCM server in a large scale deployment.
Cisco ISE can provision this software but it requires end user's interaction and installation
privileges.

Usage of Batch file script serves several benefits :

● All the wireless Profile conversion.


● VPN Module can be disabled if it is not desired.
● Reduce the manual implementation time and cost by executing the batch file and installing the
AnyConnect modules all at once.

Prerequisites
Requirements

Cisco recommends that you have knowledge of these topics:

● Windows Operating System. Network Access Manager is not supported on Mac OS X or


Linux.
● The system should have minimum storage of 50 MB for the AnyConnect packages.
● The WLAN service (WLAN AutoConfig) must be running in the systems.

Note: Conversion is not done if a Network Access Manager XML configuration file already
exists (userConfiguration.xml).
Components Used

The information in this document is based on these software and hardware versions:

● Windows 7
● AnyConnect 4.6.0.3.049
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, ensure that you understand the potential impact of any command.

Background Information
1. The entire Cisco Anyconnect package should be downloaded from the Cisco site and
extracted. The required msi files and configuration.xml file should be present in the location
from where the batch file is executed.
These files have to be copied in the location C:\cisco :

anyconnect-win-4.6.03049-core-vpn-predeploy-k9.msi

anyconnect-win-4.6.03049-nam-predeploy-k9.msi

configuration.xml

2. The Network Access Manager module can be configured to convert some existing Windows 7
or later wireless profiles to the Network Access Manager profile format when the module is
installed on the client system for the first time. Infrastructure networks that match these criteria that
can be converted:

● Open
● Static WEP
● WPA/WPA2 Personal
● Only non-GPO native Wi-Fi user network profiles are converted.

Note: For WPA2 Enterprise profiles, a profile with the same name must be created through
Network Access Manager Profile Editor in the configuration.xml file
3. The system is restarted after the installation and this should be notified to the users already.

Configure
Creation of Batch file

In this document, the assumed location of the Anyconnect msi, configuration.xml files is C:\cisco.
These commands or the batch file with these commands must be executed from the same
location.

● cd C:\cisco
Installation of the core VPN module is required for the NAM module to be installed. This command
installs the core VPN module and hides the VPN module tile.
● msiexec /package anyconnect-win-4.6.04054-core-vpn-predeploy-k9.msi /norestart
/passive PRE_DEPLOY_DISABLE_VPN=1
A timeout is required for the installation of the module to complete. This command induces a
timeout of 15 minutes.

● timeout /t 15
This command installs the NAM module with profile conversion enabled.

● msiexec /i anyconnect-win-4.6.04054-nam-predeploy-k9.msi PROFILE_CONVERSION=1


/norestart /passive
A timeout is required for the installation of the module to complete. This command induces a
timeout of 15 minutes.

● timeout /t 15
This command copies the configuration.xml profile which is created with the NAM Profile editor,
to the required location.

● xcopy configuration.xml C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility


Client\Network Access Manager\newConfigFiles
This command indicates that the required installation and conversion is complete and notifies that
a reboot is initiated in 2 minutes.

● echo "Your machine will reboot in 2 minutes. Please save your work"
This command initiates a restart the Windows Operating System in 2 minutes

● shutdown -r -t 120

Note: All these commands or the batch file with these commands must be executed with
administrative privileges and in the same order.

Anyconnect User-End Procedure


1. Once the Anyconnect agent is installed on the machine when the machine restarts, the
Anyconnect icon pops up and the user is connected to preferred SSID in the list.
2. One can connect to other SSIDs from the drop-down menu provided in the AnyConnect NAM
Module UI.

3. In order to view the saved networks, click on the list icon provided in the NAM module UI and
then click Manage Networks, as shown in the image.
4. Connections to any network provided by the adapters managed by the AnyConnect NAM
module must be made from AnyConnect NAM.

Example: In order to connect to a new wifi connection Mnason-mob-new, select the network, a
pop-up screen is thrown for the key. Enter the wifi password in the Key field to connect to the new
network.
Additional Information
Native Supplicant tray icon may confuse the users to connect to a network as NAM must be used
and not the Native Supplicant. These changes can be made to the Windows registry to hide the
network connectivity tray icon:

1. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Exp
lorer.
2. Edit the value of the REG_DWORD named HideSCANetwork to 1 (hexadecimal) if present
or create one if it is not present.
3. Restart the system.

Note: This change to the registry was tested with Windows 7 and Windows 10.

Verify
Use this section to confirm that your configuration works properly.

After the changes to the registry and the reboot, the network connectivity tray should be hidden.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy