Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Installing Components of Cisco AnyConnect 4.7

Hi all,

I've seen various threads on this, some dating back to years ago, and I was hoping to get some concrete suggestions on the most efficient way to go about this.

We're wanting to deploy only the VPN, Umbrella, and AMP portions of AnyConnect, along with their respective config files from our organization. I've seen seen mention of using the Packages app, as well as Pacifist, but going that route leads to the issue. I've tried a myriad of different things, but I can't seem to get it setup without issue.

Any insight is greatly appreciated!

Like Comment
Order by:
SOLVED Posted: by stevewood

@landon_Starr using a Choices.xml file is your best bet. You can check out this blog post:

Using installer choices.xml to modify AnyConnect and McAfee deployments

That's what we do. I package the AnyConnect installer direct from Cisco, along with the Choices.xml file and a postinstall script. I drop the PKG file and the XML into /tmp and then the postinstall script installs them:



/usr/sbin/installer -applyChoiceChangesXML /tmp/${anyChoice} -pkg /tmp/${anyInstall} -target /

exit 0

Could take it a step further and instead of a postinstall use a script in a policy set to After with Parameter 4 and 5 set to the name of the package and the XML file. That would make it more universal (the script that is) so that it could be used for other apps like Office or anything else you only want pieces from.

Hope that makes sense.

SOLVED Posted: by primalcurve

For some reason, the idea of distributing a package that includes features I will never use bothers me.

I used to crack open the flat metapackage with pkgutil, remove the superfluous packages, and then modify the Distribution file to only point to the remaining packages, but I got tired of doing that every time so I wrote a python script that breaks it down and does all the work for me.

Unfortunately it relies on some of my custom libraries so I can't just copy/paste it here for you to use. I can maybe modify it to include the missing functions.

SOLVED Posted: by landon_Starr

Hey @stevewood ,

Thanks for your help! That's the first time I've come across the page you shared, and it definitely helpful.

Though it still looks like I'm missing something. I threw the AnyConnect.pkg file, along with the XML file under /tmp. I modified the XML so that it should only install the VPN and Umbrella portions of the application:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <array> <dict> <key>attributeSetting</key> <integer>1</integer> <key>choiceAttribute</key> <string>selected</string> <key>choiceIdentifier</key> <string>choice_vpn</string> </dict> <dict> <key>attributeSetting</key> <integer>0</integer> <key>choiceAttribute</key> <string>selected</string> <key>choiceIdentifier</key> <string>choice_websecurity</string> </dict> <dict> <key>attributeSetting</key> <integer>0</integer> <key>choiceAttribute</key> <string>selected</string> <key>choiceIdentifier</key> <string>choice_fireamp</string> </dict> <dict> <key>attributeSetting</key> <integer>0</integer> <key>choiceAttribute</key> <string>selected</string> <key>choiceIdentifier</key> <string>choice_dart</string> </dict> <dict> <key>attributeSetting</key> <integer>0</integer> <key>choiceAttribute</key> <string>selected</string> <key>choiceIdentifier</key> <string>choice_posture</string> </dict> <dict> <key>attributeSetting</key> <integer>0</integer> <key>choiceAttribute</key> <string>selected</string> <key>choiceIdentifier</key> <string>choice_iseposture</string> </dict> <dict> <key>attributeSetting</key> <integer>0</integer> <key>choiceAttribute</key> <string>selected</string> <key>choiceIdentifier</key> <string>choice_nvm</string> </dict> <dict> <key>attributeSetting</key> <integer>1</integer> <key>choiceAttribute</key> <string>selected</string> <key>choiceIdentifier</key> <string>choice_umbrella</string> </dict> </array> </plist>

And then copied over the little post install: (changing the variables, of course)

#!/bin/bash anyChoice="AnyConnectChoices.xml" anyInstall="AnyConnect.pkg" /usr/sbin/installer -applyChoiceChangesXML /tmp/${anyChoice} -pkg /tmp/${anyInstall} -target / exit 0

Upon testing the install, every component was installed. Am I a big dummy and miss something super simple?

SOLVED Posted: by rob_c28

I got the install to work by creating the choice.xml

What i do get now is the user is prompted to open the security Pref Pane and allow the app extension. Anyone know a way to automate that process so that it is a completely silent install?

SOLVED Posted: by marklamont

I presume you are talking about the kernel extension warning. you need to create a profile for it and ensure it deploys to the devices. This will be useful . Like this example for McAfee.