none
login domain after vpn

    Question

  • Grasping at straws. Have to use a Cisco VPN to connect to network before domain logon can be attempted. When running XP as the OS, VPN client has the option to "Enable start before logon". This allows the VPN client to run before logging into the domain, which is a 2008 R2 server. Problem is it does not map drives reliably. Even if you tell the PC to "Always wait for the network at computer start up and logon" in the local computer policies. If using Windows 7 as the OS, Cisco does not offer the "Enable start" option on the VPN client. So my question is, would it be possible to have a script that the user could run that would offer login capabilities to the domain after the VPN client connects and be able to map the necessary drives after this connection is made to the domain. We are in the process of switching from a Novell envionment were all of this was not an issue. We could log in locally, run the VPN client and then log into the Novell client which would map our drives. Not sure if this is even possible with a script but hoping there is some way around this issue and would welcome any suggestions. Thanks in advance. Tommy
    Thursday, February 04, 2010 8:47 PM

Answers

  • Hey ttiller,

    Couldn't you just run the login script after the VPN connection have been made?

    I'm pretty sure that Cisco's VPN Client support execution of a CMD or BAT file after connection has been made.
    You just need to point it to \\servername\scripts\login.bat or to wherever your login file is placed.

    Remember to edit the login file, to Remove all Network drives, before adding them, to ensure that all ready connected but offline Network drives are refreshed.

    You can also create a BAT file that calls a VBS file, for further configuration after the VPN connection has been established.

    If you need further assistant with any of the above, or this is not a good enough solution for you, just say :)



    Best Regards
    Claus Codam
    Junior Consultant - Coretech A/S - Blog
    MCP - CCENT
    • Marked as answer by ttiller Friday, February 05, 2010 1:53 PM
    Thursday, February 04, 2010 10:26 PM

All replies

  • Yep...

    I have the same issue.  It's a Cisco Problem.  BUT in the Cisco clients, (if you don't mind running a legacy logon script) I DO remember there was an option to "Run this program after connect"

    If you're stuck let me know, and I'll check the spot on my laptop.  Sucker isn't handy right now... :)

    Sean
    The Energized Tech
    Powershell. It's so Easy and it's FREE! Dive in and use it now, It'll take no time. :) http://www.energizedtech.com
    Thursday, February 04, 2010 8:51 PM
    Moderator
  • Hey Sean,
    Misery loves company. I'm using two different version of the Cisco client , v4.8 and 5.0. Neither ones gives me an option to run a program after the connection, only before. And then only on the XP PC, not when it's running on the 7 PC. It's never easy. That's is why I was hoping I could drop a file on the PC's desktop and tell the user "click here" after they make the VPN connection. But that might be too much to ask for. Appreciate the quick reply. Tommy
    Thursday, February 04, 2010 9:07 PM
  • Hey ttiller,

    Couldn't you just run the login script after the VPN connection have been made?

    I'm pretty sure that Cisco's VPN Client support execution of a CMD or BAT file after connection has been made.
    You just need to point it to \\servername\scripts\login.bat or to wherever your login file is placed.

    Remember to edit the login file, to Remove all Network drives, before adding them, to ensure that all ready connected but offline Network drives are refreshed.

    You can also create a BAT file that calls a VBS file, for further configuration after the VPN connection has been established.

    If you need further assistant with any of the above, or this is not a good enough solution for you, just say :)



    Best Regards
    Claus Codam
    Junior Consultant - Coretech A/S - Blog
    MCP - CCENT
    • Marked as answer by ttiller Friday, February 05, 2010 1:53 PM
    Thursday, February 04, 2010 10:26 PM
  • I'm on 5.... gimme a second to load it on my PC,  The option is there but it's meant to run after the VPN connects, not after Windows login...

    Ok this is the quick fix

    On the Cisco VPN client menu look for "Options" and choose "Application Launcher"

    Click "Enable" and you can put anything (including a good old fashioned LOGIN.CMD batch file) to run...

    That works and is free.  The alternate I found was a program called "NCP Secure Entry Client" - It has both a 64bit and 32bit version, costs a bit per user but DOES give you that "Validate via VPN so WinLogon WORKS" :)

    I've used the Application Launch option in Cisco 5 on Vista and Windows 7 with no problems.

    And at this point I think I've just stepped completely out of the "Scripting Guy" forum on this one.

    Sean
    The Energized Tech


    Powershell. It's so Easy and it's FREE! Dive in and use it now, It'll take no time. :) http://www.energizedtech.com
    Thursday, February 04, 2010 11:17 PM
    Moderator
  • Claus and Sean,
    You both hit the nail on the head. After I slept on the problem last night, I came to the same conclusion. The PC will cache the local logon credentials and this will allow the drives to be mapped. Appreciate all the effort you went to Sean. All your help is greatly appreciated.
    Tommy
    Friday, February 05, 2010 1:56 PM
  • Try adding the line ForceNetlogin=3 to your VPN client profile, and that'll cause your machine to force a logoff and keep the tunnel up.   When you login the second time the tunnel is already up, so it should run your network scripts .
    Tuesday, March 23, 2010 4:55 PM
  • my cisco client lets me call a program BEFORE connection but not after so it cant map the drives as the server not there yet?
    Friday, March 04, 2011 2:34 PM
  • The newer cisco client (for Windows 7) does not have that option. But since we are swithing to Window 7 PC's and using DFS on the back end, it really has become a non issue. Windows 7 will remember the DFS drive mapping and automatically connect the next time you try to access the share from a VPN connection. And on XP's we just use a batch file but that will eventually go away.

     

    Friday, March 04, 2011 3:45 PM