Solved

Worklet to deploy Cisco Secure Client Umbrella module

  • 15 March 2024
  • 2 replies
  • 119 views
A
Badge

Cisco AnyConnect and Umbrella Roaming client is EOL in April/24

 

I’m looking for guidance to create a worklet that will install a Cisco secure client with an Umbrella module and enable the Computer Services option so only administrators start/stop Cisco Secure Client's services on a device.

 

https://support.umbrella.com/hc/en-us/articles/17890678933012-Cisco-Secure-Client-with-Umbrella-Module-Installation

icon

Best answer by chall 19 March 2024, 18:40

View original

2 replies

C
Badge

Hello! This is what I did - If you have questions, please comment below. 

Evaluation Code:

Exit 1

Remediation Code:

# Check if Cisco Secure Client VPN Module is installed
$vpnInstalled = Test-Path "C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagent.exe"
if (-not $vpnInstalled) {
    Write-Output "Installing Cisco Secure Client VPN Module."
    msiexec /package "cisco-secure-client-win-5.1.2.42-core-vpn-predeploy-k9.msi" /norestart /quiet PRE_DEPLOY_DISABLE_VPN=1 LOCKDOWN=1
    Start-Sleep -Seconds 20
} else {
    Write-Output "Cisco Secure Client VPN Module is already installed"
}

# Check if Cisco Umbrella Roaming Security Agent is installed
$umbrellaInstalled = Test-Path "C:\Program Files (x86)\Cisco\Cisco Secure Client\UmbrellaDiagnostic.exe"
if (-not $umbrellaInstalled) {
    Write-Output "Installing Cisco Secure Client Umbrella Roaming Security Agent."
    msiexec /package "cisco-secure-client-win-5.1.2.42-umbrella-predeploy-k9.msi" /norestart /quiet LOCKDOWN=1
    Start-Sleep -Seconds 20
} else {
    Write-Output "Cisco Secure Client Umbrella Roaming Security Agent is already installed"
}

# Check if Cisco Diagnostics and Reporting Tool is installed
$dartInstalled = Test-Path "C:\Program Files (x86)\Cisco\Cisco Secure Client\DART\dartcli.exe"
if (-not $dartInstalled) {
    Write-Output "Installing Cisco Diagnostics and Reporting Tool."
    msiexec /package "cisco-secure-client-win-5.1.2.42-dart-predeploy-k9.msi" /norestart /quiet 
    Start-Sleep -Seconds 20
} else {
    Write-Output "Cisco Diagnostics and Reporting Tool is already installed. Exiting."
    exit
}

# Copy OrgInfo.json to Cisco Secure Client Umbrella directory
Write-Output "Copying OrgInfo.json to Umbrella directory."
Copy-Item "OrgInfo.json" "C:\ProgramData\Cisco\Cisco Secure Client\Umbrella\OrgInfo.json" -Force

# Add Cisco Umbrella Root Certificate to the Root Certificate store
Write-Output "Adding Cisco Umbrella Root Certificate to the Root Certificate store."
certutil -enterprise -f -v -AddStore "Root" "Cisco_Umbrella_Root_CA.cer"

 

Payload:

 

A
Badge

Thanks, Chall. 

Does anyone happen to have the script to install Umbrella and deploy the root certificate on Mac? 

Reply


Terms & ConditionsCookie settings