PS C:WINDOWSsystem32 gpupdate /force /boot Updating policy. Computer Policy update has completed successfully. User Policy update has completed successfully. I am not a programmer, so I rely on what I find in the forum to fix problems. How are you trying to impliment this batch file? If you want to truely force a GPO update, the command that you need to use is gpupdate /force. This will update all the Group Policies, including ones that only run at logon, it will force the user to log off and back on, but it is the only way that you can force all the GPOs to apply.
KB ID 0001353
ProblemI’ve seen this asked a lot in forums, and it came up on EE again today. I’ve never had to set this up in the past, but I’ve posted the links to the correct Cisco articles when people have asked. After the question was asked again today, I thought I’d take the time to write a decent article on how to do it. Creating Batch File In XpWhy would you want to do this? You might want to map/reconnect a mapped drive, or perform anything thats usually acheivable with a login script. Solution
1. First make sure you have your script, I’m using a simple batch file but you can also use .vbs. As you can see my script just maps a drive (s:) to a network share on the machine you are looking at. Note: I’ve used an IP address rather than a DNS name, there’s nothing wrong with using a DNS name, providing your remote AnyConnect clients are able to resolve that hostname. Note2: I’m also embedding the username and password in the drive mapping request, This is because my AnyConnect uses LOCAL usernames and passwords on the ASA, so the server wouldn’t be able to authenticate the request. 2. To ’embed’ this script into the firewall, log into the ASDM > Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Customization/Localization > Script > Import > Give it a name > Select ‘Script runs when client connects‘ > Platform = win > Browse Local Files > Locate your batch file > OK > Import Now > OK. 3. The script wont run unless scripts are allowed in the VPN Client Profile > Note: You may, or may not already have a client VPN Profile > Navigate to Configuration > Remote Access VPN > AnyConnect Client Profile > Add (Or skip to Edit if you already have one) > Give the profile a name > Select your AnyConnect Group Policy (If you don’t know, connect with an AnyConnect client, and see what is shown under ‘Group‘) > OK. 4. Edit your policy. 5. Preferences (Part 2) > Tick ‘Enable Scripting‘ > Tick ‘User Controllable‘ (Note: this just lets a user untick enable scripting in their client software) > OK. 6. Save the changes > Apply > File > Save Running Configuration to Flash. Troubleshooting AnyConnect OnConnect / Logon ScriptsIf theres a problem (i.e. it does not work.) Your first task is to make sure the client got the script, it saves it in the following location. %ALLUSERSPROFILE%CiscoCisco AnyConnect Secure Mobility ClientScript Connect your AnyConnect client, then execute each of the commands in the script locally to see why it’s not working. Batch File To Run GpupdateBatch File SamplesRelated Articles, References, Credits, or External LinksGpupdate Force Batch File DownloadNA Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |