Showing results for 
Search instead for 
Did you mean: 

add option to load pulse client at interactive windows logon

Occasional Contributor

add option to load pulse client at interactive windows logon

I've used Network Connect before to create a different realm/sign in page/URL to allow the client to install, then load before the interactive windows login, allowing PCs to authenticate to a domain over the VPN.  eg. under User Roles/VPN Tunneling using the "


I was going to do it the same way, but under Users/Junos Pulse I see you can add additional connections.  The Default SA connection is set to "Automatically at user login." although I've disabled Auto-Launch in each user profile, so I'm a bit confused as to how this overlaps with the other policies.


Which is the correct place to install the client and embed the software, changing the GINA, so authentication do a remote domain can be done at the interactive windows logon?


Thanks for the clarification.


Valued Contributor

Re: add option to load pulse client at interactive windows logon

If you need the tunnel to be created when the machine starts (before windows logon), then you'll want to select either:


  • Automatically when the machine starts. Machine credentials used for authenticationÑEnables machine authentication, which requires that Active Directory is used as the authentication server and that machine credentials are configured in Active Directory.
  • Automatically when the machine starts. Connection is authenticated again when the user signs in into the desktopÑEnables machine authentication for the initial connection. After the user connects with user credentials, the machine authentication is dropped. When the user logs off, the machine authentication connection is restored.



You can do this during the log in as well:


Automatically at user loginÑThis option enables Pulse client interaction with the credential provider software on the endpoint. The user credentials are used to establish the authenticated Pulse connection to the network, login to the endpoint, and login to the domain server.


For more details, you can refer to