Access Keys:
Skip to content (Access Key - 0)

Connecting a Windows laptop to the MIT VPN before logging on to Windows

This article refers to the Cisco AnyConnect VPN. If you're looking for information on the Prisma Access VPN Beta that uses the GobalConnect app, see: Prisma Access VPN Beta Landing Page.

If you're not sure which service you're using, see: How do I know if I'm using the Cisco AnyConnect VPN or the Prisma Access VPN Beta?

Context

Cisco offers a Start Before Logon (SBL) VPN component that provides a mechanism for joining MIT's network through the VPN before the typical Windows logon. This ensures that a computer can contact the domain controller for authentication as well as receive group policy. This also provides network connectivity at logon for mapped drives and printers but also can provide network connectivity for other MIT services that typically are only available while connected to MIT's network. This will provide for an overall computing experience that more closely replicates being on-campus.

Deploying the Start Before Logon Module via MECM

The End User Computing team has provided a Cisco AnyConnect Start Before Logon package in MECM for you to deploy to your computers. This package is listed under MIT Applications and is labeled as "EPM - Cisco AnyConnect VPN Client VersionNumber with Start Before Login Module". This application will install both the Start Before Logon component as well as the main Cisco AnyConnect VPN client.

“Screenshot of Microsoft Endpoint Configuration Manager with Cisco AnyConnect VPN Client circled.”

This package includes a component that provides an additional logon field at the Windows logon screen. This is located in the lower right corner of the logon screen as illustrated in the screenshot below.

Not Seeing the VPN Button at the Windows logon screen?
You may need to logon with a local account and/or reboot the computer before the Start Before Logon field is active

“Screenshot of Windows logon screen with icon for VPN login circled.”

Once you've started the VPN logon process, simply proceed to authenticate to the VPN as usual.

“Screenshot of VPN login screen.”

Additionally, the Cisco AnyConnect VPN Client with Start Before Login Module has been made available in the Software Center for most computers already. Unless you've opted out your computer collection from receiving the standard set of software deployments, you should see this application in the Software Center on your client computers.

Installing the Cisco AnyConnect with SBL using the Software Center:

  1. Connect to an MIT VPN connection.
  2. Click the Windows key and type "Software Center".
  3. Search for "Cisco AnyConnect VPN Client (with Start Before Login Module).
    “Screenshot of Software Center with Cisco AnyConnect as a search result.”
  4. Click "Install".
    “Screenshot of Software Center applications with information on Cisco AnyConnect VPN Client.”!
  5. Upon installation your computer will need to restart.

If you get the error "The software change returned error code 0x87d00607" MECM may need to check-in for your computer's policy and that will take 15 minutes. To do this manually:

  1. Click the Windows key and type "Control Panel".
  2. In the search bar in the top right type "Configuration Manager".
  3. Click the Actions tab.
  4. Select "User Policy Retrieval & Evaluation Cycle".
  5. Click Run Now.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

July 22, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
mecm mecm Delete
vpn vpn Delete
cisco cisco Delete
anyconnect anyconnect Delete
logon logon Delete
c-anyconnect c-anyconnect Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki