Cisco Anyconnect Start Before Logon Windows 10

Posted By admin  On 17.09.21

On IT Services managed machines, once you are set up with access to the Campus VPN, you can create a Campus VPN connection to the University from off-campus before attempting to login to Windows. This method uses a feature of the VPN called Start Before Login or SBL.

This article outlines the process of connecting up to VPN prior to login. This is primarily used when sending equipment out where a user could not login to populate accounts. Requirements: To use the VPN Before Login Module, you must be using a computer that is: Running Windows 10 (SCCM Template) Supported by ITServices has an Asset or Service. This post describes how to configure the Cisco ASA and AnyConnect VPN to use the Start-Before Logon (SBL) feature. This allows the user to connect to the VPN before logging onto Windows, thus allowing login scripts and Windows Group Policies to be applied. Create/Modify the AnyConnect Profile. Open the AnyConnect VPN Profile Editor.

The advantages are:

  • Local offline files on your machine are synchronised with your H:drive and be backed up
  • M: drive shared folders will be available as usual
  • You will be able to install applications from the Software Center if you wish

How To Start Cisco Anyconnect Before Windows Login

Essentially, things will “work as they do on the on-campus wired network”.

Once you are set up with access to the Campus VPN, you can start a secure connection to the University from off-campus. You do this on powering up your machine before attempting to login to Windows. This method uses a feature of the VPN called Start Before Login or SBL. This web page has step-by-step guidance on using start before login as well as a video guide.
This must be done when Windows is started not when logging back into a machine, which will not work.
The campus VPN is a shared resource and you should only use this periodically for the reasons stated above, please disconnect when you have finished.

Cisco Anyconnect Start Before Logon Windows 10
You must ask for access to campus VPN from the Help Desk before you can use it. Use this self-service request form to get access or call the Help Desk on 024 765 73737.

Cisco Anyconnect Start Before Logon Windows 100

Video guide to Start before login

VPN Start Before Login - Windows 10 start the Cisco AnyConnect VPN before signing into Windows
Start Before Login is required to download windows updates and sync files, stored on your IT Services Managed Desktop, with the Server. This could take an hour or two so might be best done when you've finished working, this needs to be done on a weekly basis, if you are working off-site.

Step by step instructions

Cisco Anyconnect Start Before Logon Windows 10

1. At the start-up screen, press CTRL+ALT+DEL at the same time on the keyboard.

2. Accept the Managed Desktop acknowledgement.

3. You may need to Select ‘Other User’ at the bottom left-hand side of the username displayed is not your own.

4. Click the 'Network sign-in' button in the lower right corner of the screen.

5. The Cisco AnyConnect login dialog will appear.

If this is the first time SBL has been used on the laptop, it will be necessary to enter the name of the VPN you wish to connect to (typically this will be vpn.warwick.ac.uk):
Type campusvpn.warwick.ac.uk in the box and click “Connect” where you will be prompted for login credentials:

At this point, you may receive a warning about certificates. If you see this warning, accept (trust) the certificate and it won't appear again.

Cisco Anyconnect Start Before Logon Windows 10 Update

6. Once the VPN has established a connection (it will present a dialog box saying so), from here continue to login to Windows as normal.

Important things to be aware of and useful information. PLEASE READ.
Cisco anyconnect start before logon windows 1000

Cisco Anyconnect Start Before Logon Windows 10 Free

  1. The VPN connection imposes an overhead, so on a poor connection there may be an impact on performance, and even on a modest broadband connection (e.g. 2Mb/s ADSL), things may take longer than normal and can sometimes timeout
  2. Once installed locally, an application from the Software Center resides on the local machine. A VPN connection is only subsequently required if the application itself needs to connect to resources as if it were on the University network. Some applications need to contact a licence server, which requires a VPN connection. Please note that some applications may fail to work, even when there is a VPN connection. SPSS, for example, is known to fail over a VPN connection and will NOT work.
  3. If the network connection being used is wireless, then Windows must already be able to connect to that wireless network before attempting to establish a VPN connection. For example: on a home wireless network, log in to Windows without the VPN, set up the wireless network, then logout and follow the steps above. By default, Windows will automatically connect to that wireless network when in range.
  4. The campus wireless network (hotspot-secure) requires authentication in order to connect and therefore SBL can’t be used with it to establish a VPN connection before Windows login. However, it is possible to authenticate to hotspot-secure and enable Windows to authenticate to a Domain Controller over the campus wireless, with no requirement for a VPN connection.
  5. Laptops using the Managed Windows 10 Desktop can still be used offsite without establishing a VPN connection before login (and even without any network connectivity), but in such cases H: drive files will use local copies that are synchronised automatically when connectivity is restored. It is possible to access M: drive files using either MyFiles or by establishing a VPN connection (note that creating a VPN connection after login to Windows won’t allow Group Policy or any updates we want to push out to be applied without manually forcing them and it won’t reset the inactivity countdown referred to in the note below).
WindowsCisco Anyconnect Start Before Logon Windows 10

Note: Any device which has not had an 'online' session for 30 days is marked as inactive and may not be able to login “online” without intervention from IT Services. 'Online' means connected on-campus or off-campus with Start Before Login.