Cisco AnyConnect silent installation PowerShell

How to Silently Install Cisco AnyConnect Using PowerShell (Step-by-Step Guide)

Remote work and secure connectivity are now standard requirements for modern businesses. Cisco AnyConnect Secure Mobility Client remains one of the most widely used VPN solutions due to its reliability and strong security posture.

In this guide, we’ll walk through how to silently install Cisco AnyConnect using PowerShell and preconfigure a VPN server address, making it ideal for enterprise deployments via Intune, RMM, or SCCM.

Why Use PowerShell for AnyConnect Deployment?

Using PowerShell allows IT teams to:

  • Automate VPN deployments at scale
  • Avoid manual user interaction
  • Ensure consistent configuration across devices
  • Deploy via Intune, RMM tools, or Group Policy

Silent installation is especially useful for laptops shipped directly to end users.

Prerequisites

Before you begin, ensure:

  • You have the Cisco AnyConnect Core VPN MSI
  • Local administrator privileges
  • PowerShell execution policy allows script execution
  • The MSI is accessible locally or via a deployment package

PowerShell Script: Silent Cisco AnyConnect Installation

The script below installs Cisco AnyConnect silently and creates a default VPN connection entry for users.

Powershell : Cisco AnyConnect Silent Install 
# ================================
# Cisco AnyConnect Silent Install
# ================================

$MsiPath = "C:\Temp\anyconnect-win-4.9.06037-core-vpn-webdeploy-k9.msi"
$InstallArgs = "/i `"$MsiPath`" /qn /norestart"

# Verify MSI exists
if (!(Test-Path $MsiPath)) {
    Write-Error "MSI not found at $MsiPath"
    exit 1
}

# Install AnyConnect
Start-Process "msiexec.exe" -ArgumentList $InstallArgs -Wait -NoNewWindow

# Profile directory
$ProfileDir = "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile"
$ProfilePath = Join-Path $ProfileDir "default.xml"

# Create profile directory if missing
if (!(Test-Path $ProfileDir)) {
    New-Item -ItemType Directory -Path $ProfileDir -Force | Out-Null
}

# AnyConnect profile template
$ProfileXml = @"
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
    <ServerList>
        <HostEntry>
            <HostName>Corporate VPN</HostName>
            <HostAddress>vpn.example.com</HostAddress>
        </HostEntry>
    </ServerList>
</AnyConnectProfile>
"@

# Write profile
$ProfileXml | Out-File -FilePath $ProfilePath -Encoding UTF8 -Force

🔧 Tip: Replace vpn.example.com with your actual VPN gateway address.

What This Script Does

  • Installs Cisco AnyConnect silently (no UI)
  • Prevents forced reboots
  • Creates a default VPN entry visible to users
  • Works on Windows 10 and Windows 11
  • Suitable for enterprise deployment tools

Best Practices for Enterprise Deployments

  • Use Intune Win32 apps for modern device management
  • Add detection rules to prevent reinstall loops
  • Combine with Conditional Access + MFA for Zero Trust
  • Keep AnyConnect versions aligned with firewall firmware

Final Thoughts

Automating Cisco AnyConnect installation with PowerShell saves time, reduces user friction, and ensures consistent VPN configuration across your environment. Whether you’re onboarding new staff or standardising remote access, scripted deployments are a reliable and scalable approach.

If you manage VPNs for multiple customers or devices, this method integrates cleanly into modern endpoint management workflows.

Related Posts