Running a login script when connecting to VPN with Cisco client


We have recently change our firewall from a Sonicwall to Cisco device and as such the VPN end point has changed, as has the client in use.  

We used to use the SonicWall GlobalVPN Client which had a setting to allow a domain login script to be run after connecting.  Now with the Cisco client there doesn't seem to be the same sort of setting, and I am wondering if there is something in there that will allow us to run the login script.  Alternatively just wanting to know what others do to maintain some level of simplicity for the user.

Anyway if anyone can suggest it would be appreciated, and if there is a setting in the Cisco client to allow a login script to run after logging in I would be glad to know.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It's not perfect, but putting a copy of the login script on the users desktop and advising the them to run it manually by double clicking on it is common.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DonNetwork AdministratorCommented:
Try the group policy "Always wait  for the network at computer startup and logon"
biggles70Author Commented:
Yeah I had been thinking about a copy of the login script or a shortcut to the login script on the desktop, but was hoping to not have to do it this way.  Users tend to manage to delete them, and I was hoping there might be a better way.

With relation to the group policy "Always wait  for the network at computer startup and logon", this works well when connecting to wireless networks when a domain controller is available - when connecting via VPN your already logged in, and we need to initiate a connection to a domain controller to run the login script.

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Regarding the Cisco VPN, there is no setting for "run logon script after vpn".  

If you want network connectivity at logon for your VPN clients, then you should use the "Start Before Logon" components of the VPN client.   This option lets the VPN client startup and connect before you use CTRL+ALT+DEL to logon, thus ensuing you have a network connection and can logon the right way and run your scripts, just as it you were on the physical LAN.

If you don't want to use SBL, then your only other option is to use the "Run command on connect" and keep a copy of the script on the local PC.     Or, have the user run it manually.
B HCommented:
you could create a shortcut to the script (addressed via vpn \\server\share\script.cmd) and stick it on their desktop, with a twist....

edit the security permissions of the shortcut... block inheritance, allow them read+execute, deny them 'delete'... then they can't hurt the shortcut... and if addressed over the vpn, they can only run it when on the vpn

This Logon is written with the Tool Kixtart ( for DomainLogon

That cmd ist Local on the Client, with the connection call the Script on the LogonServer

"%ProgramFiles%\cisco systems\vpn client\vpnclient.exe" connect sd  <input hier the name of Profile without Extension>
if %errorlevel% neq 200 goto failed
%windir%\kix32.exe \\Servername\netlogon\_CiscoLogin.kix
goto end
@echo failed to connect with error = %errorlevel%
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.