Skip to main content
Skip table of contents

Installing Sectona Launcher

When users are enabled to access target system connections like RDP, SSH and clients over native machines, the Sectona Launcher component must be installed on the user's machine. Sectona Launcher is a single point plugin on a local machine that launches any allowed access type to be accessed natively. Sectona Launcher aggregates and incorporates the full capability of single sign-on and session management on the local machine. This silent plugin is inaccessible for users and initiated upon activation of session from the browser.

Individual users can download the executable file from the individual console while another sophisticated way is to distribute the plugin via Windows Group Policy Objects. This section lists methods for installing and distributing the plugin.

Sectona Launcher communicates with Sectona Web Access component via ports 1080, 22, 23389. These ports are required for communicating to proxies at Sectona Web Access layer or for independent proxies installed elsewhere in your environment.

Launcher operates as a utility to retrieve launch components like RDP and SSH from the Web layer and downloads the components on user workstations. Sometimes this nature of the application is not whitelisted by several leading Endpoint Management or Antivirus products. If you find Sectona launcher to be blocked by your anti-virus system, then follow whitelisting guidelines to allow this exception.

This section covers

Before you begin

  • Ensure you have administrator rights on the client machine

  • Your network administrator has enabled the required port for communication with Sectona Web Access.

Installing Launcher on independent windows machines

If you would like to install the launcher file individually on a local machine, refer to the method listed below.

Once logged in as a user, go to Settings and then navigate to Download Utilities. Click on Sectona Launcher to download the Sectona.Launcher.msi file.

Double click on the downloaded file and click on the Run button to run the setup.

Click on the Next button.

Click on the Install button to confirm the installation.

The installation process begins.

Click on the Finish button to complete the installation.

To automatically update Sectona Client on your system, click on Sectona Client (For Sectona Launcher). This will automatically update the Sectona Client on your system.

Pushing Sectona Launcher via Windows Group Policy Objects

This is a recommended method if you want to push a file to a set of users. Refer to the steps below to deploy an MSI on multiple machines by using Group Policy in Windows Server 2012 and Windows Server 2016. 

  • Methods of deployment 

  • Create a distribution point 

  • Create a Group Policy Object 

  • Assign an MSI package 

  • Publish an MSI package 

Methods of deployment 

Group Policy supports two methods of deploying an MSI package: 

  • Assign software : A program can be assigned per-user or per-machine. If it is assigned per-user, it will be installed when the user logs on. However, if it is assigned per-machine then the program will be installed for all users when the machine starts. Choose the method best suited for your environment.

  • Publish software : A program can be published for one or more users. This program will be added to the Add or Remove Programs list and the user will be able to install it from there. 

Create a distribution point 

The first step in deploying an MSI through GPO is to create a distribution point on the publishing server. This can be done by following these steps: 

  • Log on to the server as an Administrator user 

  • Create a shared network folder (this folder will contain the MSI package) 

  • Set permissions on this folder to allow access to the distribution package 

  • Copy the MSI in the shared folder 

Create a Group Policy Object 

An MSI package is deployed (distributed) through GPO as a Group Policy Object. In order to create an object for your package, you can follow these steps: 

  • Click on the Start button and open Go to Start and open Group Policy Management 

  • Expand Forest (your forest) > Domains (your domain) 

  • Right-click on Group Policy Objects and select New 

  • Enter a name for your policy and leave Source Starter GPO as (none) 

Assign an MSI package 

A package can be assigned per-user or per-machine. Also, if the package is assigned, it will automatically be installed silently. In order to assign a package, you can follow these steps: 

  • Click on your previously created policy 

  • In the right panel click on the Settings Tab 

  • You should see Computer Configuration and User Configuration. Right-click anywhere in the panel and select Edit 

  • Expand User Configuration > Policies > Software Settings 

  • Right-click Software Installation and select New > Package 

  • Select your package from the previously configured network share 

  • In the dialog that appears select Assigned and click OK 

  • The selected package will appear in the Software Installation panel (wait a bit for it to appear) 

  • Double-click on the new package and select the Deployment tab 

  • Check Install this application at logon and at the user interface select Basic 

  • Click OK 

  • Close Group Policy Management Editor 

  • In the Group Policy Management window right-click on the domain name from the left-side panel and select Link an existing GPO 

  • Select the previously created policy with the package and click OK 

Publish an MSI package 

When using Group Policy, you can publish a package to allow the target user to install it by using Add or Remove programs. The steps for publishing a package are: 

  • Click on your previously created policy 

  • In the right panel click on the Settings Tab 

  • You should see Computer Configuration and User Configuration. Right-click anywhere in the panel and select Edit 

  • Expand User Configuration > Policies > Software Settings 

  • Right-click Software Installation and select New > Package 

  • Select your package from the previously configured network share 

  • In the dialog that appears select Published and click OK 

  • The selected package will appear in the Software Installation panel (this will take time to appear) 

  • Double-click on the new package and select the Deployment tab 

  • Check Install this application at logon and at the user interface select Basic 

  • Click OK 

  • Close Group Policy Management Editor 

  • In the Group Policy Management window right-click on the domain name from the left-side panel and select Link an existing GPO 

  • Select the previously created policy with the package and click OK 

Test the package: 

  • Log on to the target computer 

  • Click on the Start button and go to Control Panel 

  • Double-click the Add or Remove programs applet and select Add New Programs 

  • In the Add programs, from your network list select the program you published 

  • Use the Add button to install the package 

  • Click OK and then Close 

Whitelisting Procedure for Sectona Launcher at Antivirus Level

In exception scenario, while using Sectona Launcher for the first time the user might get The system cannot find the specified file specifiederror due to which eventually the user is unable to initiate any session.

This error occurs when the Endpoint Management or Anti-Virus solution blocks the required components of Sectona Launcher which gets downloaded on the end user’s machine in local AppData “temp“ or “Roaming“ directory (based on the configuration on Sectona application level). In Sectona PAM application configuration Sectona Launcher can be configured to download its required components either in the local AppData “temp“ or “Roaming“ directory on end user’s machine.

By default, the Sectona Launcher components get downloaded in the local “temp“ directory on end user’s machine. As these files are downloaded in user’s local temp directory, you might have a policy configured on your Endpoint Management or Anti-Virus solution to clear the temp directory after business hours every day. In this case, on the next day, the Sectona Launcher components will be getting downloaded again on the end user’s machine when the user attempts to access. To avoid this, you can change the Sectona Launcher components to get downloaded on the “AppData\Roaming“ directory.

To whitelist the Sectona Launcher components, in ”temp” add an exclusion for the below path in your endpoint management or anti-virus solution:

CODE 
“C:\Users\%Username%\AppData\Local\Temp\Sectona“

To whitelist the Sectona Launcher components in “Roaming” add an exclusion for the below path in your endpoint management or anti-virus solution:

CODE 
“C:\Users\%Username%\AppData\Local\Roaming\Sectona“

After adding exclusion, the end user’s machine will be able to access target servers/devices using Sectona Launcher.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close