Deploy Scripts on Endpoint Devices Using Secure Client
Secure Client lets you download and run scripts when the following events occur:
-
Establishment of a new client VPN session with the threat defense. The script triggered by this event is an OnConnect script because it requires this filename prefix. Reconnection of the VPN session does not trigger this script.
-
Disconnection of a client VPN session with the threat defense. The script triggered by this event is an OnDisconnect script because it requires this filename prefix.
These scripts run asynchronously and do not delay the connection establishment or disconnection. They can be of any extension and must be executable on the endpoint. Secure Client identifies the OnConnect and OnDisconnect scripts by the filename. It looks for a file whose name begins with OnConnect or OnDisconnect regardless of the file extension.
Some examples of this feature are:
-
Refresh the group policy upon VPN connection.
-
Mount a network drive upon a VPN connection.
-
Unmount a network drive upon a VPN disconnection.
To enable scripts, check the Enable Scripting option in the VPN profile. By default, the client does not launch scripts. The client does not require the script to be written in a specific language. It requires an application that can run the script to be installed on the client computer. For the client to launch the script, the script must run from the command line.
Secure Client can only launch scripts after the user logs in and establishes a VPN session. You cannot launch the OnConnect script from the Start Before Logon (SBL) GUI. You must check the Enable Post SBL On Connect Script option in the VPN profile to trigger the scripts once the user logs in. Secure Client is a 32-bit application. When the scripts run on a 64-bit Windows version, they use the 32-bit version of cmd.exe.