How to bundle Cisco AnyConnect modules to install in a specific order

This article will demonstrate how you can control the order of install for the Cisco AnyConnect modules. Generally the Secure Mobility Client module needs to be updated first on an endpoint before you can update any of the other modules.

The Cisco AnyConnect modules are part of our catalogue using the local content repository.

We will leverage the custom right click action Add custom pre/post scripts on the Cisco AnyConnect Secure Mobility Client product to install the other modules as part of a post install script, i.e. to install the other modules after the Secure Mobility Client has installed.

The steps covered in this article can be used in all tabs in Publisher: Updates, ConfigMgr Apps, Intune Apps and Intune Updates.

Topics covered in this article:

Step 1: Download modules

Download all the latest Cisco AnyConnect modules and store only the Secure Mobility Client installer in your local content repository:

Store the Secure Mobility Client in the local content repository

Step 2: Enable the product and configure post script

Within the Patch My PC Publisher, ensure you only have the Cisco AnyConnect Secure Mobility Client enabled. Right click on the product and choose Add custom pre/post scripts.

Enable the Secure Mobility Client

Download PatchMyPC-Install-CiscoAnyConnectModules.zip and unpack its contents. This contains the post-script which will call the other module installers.

At the subsequent dialogue, click Browse beside Post Script and choose the PatchMyPC-Install-CiscoAnyConnectModules.ps1 script file. This script will install all of the other module installer files after the Secure Mobility Client has installed.

Click Browse beside Additonal Files and choose all of the other Cisco AnyConnect Modules you need, excluding the Secure Mobility Client (typically named anyconnect-win-x.x.x-core-vpn-predeploy-k9.msi). Doing this will include the other module installers within the same the content payload as the Secure Mobility Client package.

Click OK.

Define post script and additional files

Step 3: Synchronize to publish

Now the product is configured you are ready to publish. Navigate to the Sync Schedule tab and click Run Publishing Service Sync.

Once publishing is complete, you will see only one update or application for the Cisco AnyConnect Security Mobility Client. This will include all installers for the other modules, which will be installed on the device after the Security Mobility Client has been installed.

Moving forward and dealing with new updates

When a new version of the modules has been released by Cisco, the process is:

  1. Repeat Step 1 of downloading all of the needed modules from Cisco’s website and storing the Secure Mobility Client installer in your local content repository.
  2. Right click on the Cisco AnyConnect Secure Mobility Client product in the Publisher, choose Manage custom pre/post scripts and remove all of the existing additional files, and replace them with the newly downloaded module installers.

It is not necessary to redownload the PatchMyPC-Install-CiscoAnyConnectModules.ps1 script and re-add that back in to the Publisher.

Published On May 06, 2021