We use Cisco Secure Services Client, we are currently using 4.2, 4.051 and 4.2.1. We found that going from 4.051 to 4.2 really fixed a lot of issues but it broke one major option.
Going from 4.051 to 4.2 or 4.2.1 the client does not allow the computer to access the guest or auth-fail vlans prelogin. This is an issue in an environment that runs updates while the computer sits at the login screen. With 4.051 after a few seconds the computer would pop onto the guest vlan, if a user logged in it would pop them off the guest vlan and then onto the vlan they should be on.
So the question is can 4.2 and 4.2.1 be configured to allow access to the guest or auth-fail vlans prior to login or is this a hard coded issue?
I have already tried setting the login to machine/user thinking the machine would attempt login and knock it onto the auth fail vlan, which seems but now the regular user login doesn't work.