Cisco Secure Client (formerly AnyConnect) Start Before Logon

System admin guide to installing start before logon components for Cisco Secure Client (formerly AnyConnect) VPN client for Windows

Start Before Logon (SBL) forces the user to connect to the campus network over a VPN connection before logging on to Windows by starting the Cisco Secure Client before Windows login dialog box appears.  After authenticating to connect.tamu.edu, the Windows login dialog appears, and the user logs in as usual.  SBL is only available for Windows.

The SBL components must be installed after the core client has been installed.  Also, the version of SBL must match the version of the core client. You can download the AnyConnect client and the SBL MSI files along with the XML profile from our Cisco AnyConnect Client document.

  1. Install the Cisco AnyConnect Secure Mobility Client using the file anyconnect-win-<version>-pre-deploy-k9.msi. If the core client is already installed, make sure that the installed version matches the version on the anyconnect-gina-win-<version>-pre-deploy-k9.msi file. If they match, proceed to Step 2. If they do not match, use the client install file provided to upgrade/downgrade the client.
     
  2. Install the SBL components using the file anyconnect-gina-win-<version>-pre-deploy-k9.msi
     
  3. Place the SBL-profile.xml file in the following directory: 

    C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
     
  4. Reboot computer in order for Start Before Logon to be enabled.

Logging onto a Windows 8 - 11 PC with SBL enabled

NOTE: The PC/Tablet must be connected to the network (wired or wireless) prior to logging into connect.tamu.edu

  1. At the Windows Lock Screen, press the Ctrl+Alt+Delete key combination or click any key depending on your computer’s setup.
  2. At the Initial Login Screen, verify that you have an active network connection with the wired/LAN indicator at the lower right (Figure 1, red circle) or the wireless indicator (Figure 1A, red circle).  Clicking on the wireless indicator will display on the right side of the screen the available wireless connections, allowing you to verify or connect to a wireless network. 

    wired/LAN indicator

    Figure 1: Initial login screen with wired connection indicator

    wireless indicator
     
    Figure 1A: Wireless connection indicator
     
  3. Once you’ve verified the network connection, click on the Network Connect button (Figure 2, green circle) to display the Cisco Secure app tile and client window. 

    Network Connect button

    Figure 2: Network Connect button
     
  4. In the Cisco Secure Client window, type in connect.tamu.edu and click the Connect button (Figure 3).

    click the Connect button

    Figure 3: Cisco Secure Client connection window
     
  5. At the Cisco Secure Client Login window, enter your NetID and password and click OK (Figure 4).

    enter your NetID and password and click OK

    Figure 4: Cisco Secure Client Login window
     
  6. When the user connects, the user sees a screen like the Network Connect window, except that it has the Disconnect button in the lower-right corner (Figure 5, red circle).  This button is the only indication that the connection to connect.tamu.edu was successful.

    the Disconnect button in the lower-right corner
     
    Figure 5: Example Disconnect Window
     
  7. Log into the domain/computer as normal.
Was this helpful?
0 reviews
Print Article

Details

Article ID: 509
Created
Thu 5/2/24 10:02 AM