What I'm trying to do is when a Student or Employee logs on to the VPN through our ASA 8.0(4)16 they automatically get assigned a Connection Profile. Currently Using Cisco ACSv4.0
I understand the class IETF  Class attribute and how it works and have it working at the moment that way where it assigns a group policy when a student or employee logs on.
The catch is because I don't have the drop down connection profiles enabled for them to chose (I don't want to enable it either) they get assigned the default WebVPN connection Profile.
From what I can understand if A connection profile is not selected it will assign this default one. Also If you try to lock down the policy to a tunnel group it will fail authentication. I believe this is cause because it is still defaulting to the webvpn and then denying the user to log on as the policy is locked down to a tunnel group
So what I'm trying to eventually accomplish is when a user logs on they get assigned a connection profile and a group policy based on whether they are a Employee or a Student without them selecting it from a drop down.