- Jamf Nation Community
- Products
- Jamf Pro
- Cisco AnyConnect - Prevent auto startup at login
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Cisco AnyConnect - Prevent auto startup at login
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-08-2015 12:04 PM
We're using Cisco AnyConnect 3.0.5080, have any other AnyConnect admins figured a way to stop the app from adding itself to Login Items after each use of the app? thanks much
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-08-2015 12:49 PM
Hi,
It doesn't do that for me, but it might be a recent update that changed the behaviour. You can remove it with:
osascript -e 'tell application "System Events" to delete login item "Cisco AnyConnect Secure Mobility Client"'I would check /Library/LaunchAgents or /Library/LaunchDaemons to see if there is a launchd item that is adding it in.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2015 10:25 AM
@davidacland interesting - and you're on 3.0.5080? We've been on this version for a while without updating. It seems something else is adding it back to login items after each use, and it does not appear to be controlled by LaunchAgents or LaunchDaemons. Running the script will remove but it will be added back the next time the user logs into AnyConnect
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2015 11:55 AM
I had the same issue when packaging anyconnect 4. Although I had nothing specified to create the loginitem, it would get created, and then it would get recreated at next login. I was using a choices xml file with the anyconnect pkg to specify which components to install. I believe this had something to do with the problem, because the I noticed that installing the pkg without specifying an xml file would not result in the same loginitem behavior.
I was using the process from this thread to create the xml file and install the pkg:
https://jamfnation.jamfsoftware.com/discussion.html?id=10847
The process worked great. I had a choices xml file that was working for anyconnect 3 and would not create the loginitem. But when I used the same xml file for anyconnect 4, then the problem started. I ended up recreating a new choices xml file for anyconnect 4 that specified every component (the xml file for anyconnect 3 only specified some of the components), even if the component was set to be not selected in the xml file. I can share or post the choices xml files for ver 3 and 4 if you're doing the same and/or if it will help.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2015 01:15 PM
I've got 3.1.06073. I can't see anything in the preferences. The only possibilities I can think of for it to be adding itself back in are LaunchAgents/Daemons, cron, rc files, or login/logouthooks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2015 01:25 PM
@alexk that would be awesome if you could post the choices xml files, thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2015 02:36 PM
Sure, no prob. I would've posted earlier just didn't have access at that time.
I have the choices xml file and the anyconnect pkg in the same directory (in my example /private/tmp/) and then run the installer command. We only select the VPN component in our AnyConnect deployments, but you can select/deselect the other components using the 0/1 integer value for each component
The first xml file worked for us for anyconnect 3.x but caused the same problem in ver 4. Not sure if it will be same for you, but it might be worth trying both xml files for ver 3.x if one or the other doesn't work for you.
Choices xml file (anyconnect-choices-vpn-only.xml) for AnyConnect 3.x:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_websecurity</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_websecurity</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_websecurity</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_posture</string>
</dict>
</array>
</plist>Command used to install AnyConnect 3.x with the xml file:
/usr/sbin/installer -applyChoiceChangesXML "/private/tmp/anyconnect-choices-vpn-only.xml" -pkg "/private/tmp/AnyConnect.pkg" -target /Choices xml file (anyconnect4-choices-vpn-only.xml) for AnyConnect 4.x:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_websecurity</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_websecurity</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_websecurity</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
</array>
</plist>Command used to install AnyConnect 4.x with the xml file:
/usr/sbin/installer -applyChoiceChangesXML "/private/tmp/anyconnect4-choices-vpn-only.xml" -pkg "/private/tmp/AnyConnect.pkg" -target /Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-28-2015 11:30 AM
@alexk thanks for posting the xml files, I gave both a try and still can't seem to stop login item from being added every time if connects to the Cisco appliance, I'm starting to wonder if there is a setting on the appliance side that also controls this, our network team owns it so I don't have a direct view to look around. I may try the xml files again just to be sure I didn't miss something, thanks again for posting.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2016 04:41 PM
Running AnyConnect version 4.2.01022 on MacBook Pro and El Capitan. Uninstalled the program and did a CUSTOM INSTALL of only the VPN part of the program, since that's all I need, and it doesn't start up every time I reboot the Mac.
Much simpler for me than all of the other things suggested.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-20-2016 05:06 AM
@bgreen that sounds like a manual install. We're all discussing programmatic/silent installation here. The behavior I see in AnyConnect 4.3, is that if you manually remove the login item, it gets re-added after you connect to the VPN, not after a restart/re-login to the Mac. I think it's a bug on the Cisco side if you're not pushing a client profile from the ASA, but haven't tested to confirm.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-13-2017 08:58 AM
Any update on this? Ran into the same problem that @alexk was having. Cisco would launch at login and i can't remove the login item from Sys Prefs, its greyed out. Created the package using the Cisco anyconnect pkg and a choices.xml and the profiles. Will try the apple script that was offered but wondering if anyone else found a fix.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-25-2018 08:10 AM
The latest version of Proximity app has a check-box in Proximity | Preferences for " [] Start at Login". Just un-check to turn OFF the launch at login.
