Login Enterprise Launcher Setup

Setting up the Launcher

For optimal performance, we recommend deploying two (2) Launchers per environment:

  • One (1) Launcher situated within the data center - utilized to gauge connectivity to the environment, establishing a baseline for measurements.
  • One (1) Launcher positioned outside the data center - employed to assess variations from the baseline in a real-world scenario.

This comparison enables the identification of potential performance degradation stemming from either the connection to the data center or the data center itself. Additionally, it facilitates the assessment of environment accessibility from both internal and external perspectives.

Configuring the Launcher (Windows)

To ensure a successful implementation of the Login Enterprise Launcher on Windows, we recommend performing several configurations on the machine.

Scheduling automatic reboots for the Launcher

Setting Up a Scheduled Task for Automatic Reboot

To mitigate caching issues and other potential instabilities arising from prolonged uptime, we recommend scheduling regular reboots for the launcher machine. This can be achieved by setting up a scheduled task within Windows to automatically reboot the machine on a daily or weekly basis.

For detailed instructions on setting up a scheduled task in Windows, see Windows Server – Schedule a Reboot.

Configuring Automatic Logon in Windows

To streamline operations and reduce manual intervention, we recommend enabling automatic login after scheduled restarts on Windows machines. This can be achieved by configuring specific registry keys:

Registry Location:

HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Registry Keys:

  • AutoAdminLogon
    • Type: REG_SZ
    • Value: 1 (enabled) or 0 (disabled)
    • Enables automatic administrator logon functionality.

  • DefaultDomainName

    • Type: REG_SZ

    • Value: Your domain name (if applicable)

    • Specifies the domain name for the user.

  • DefaultPassword

    • Type: REG_SZ

    • Value: The user's password

    • Sets the password for auto-login.

  • DefaultUserName

    • Type: REG_SZ

    • Value: Username

    • Specifies the username for auto-login.

  • AutoLogonCount

    • Type: REG_SZ

    • Value: 1 (once), 2 (twice), etc.

    • Configures the number of times the machine stores the configuration.

Ensure that the following registry keys are disabled for the above settings to work:

Registry Location:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

  • DontDisplayLastUsername
    • Type: REG_SZ
    • Value: 0 (disabled) or 1 (enabled)
    • Controls the display of the username on the logon screen.

Registry Location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

  • DisableAutomaticRestartSignOn
    • Type: REG_DWORD
    • Value: 0 (disabled) or 1 (enabled)
    • Enables or disables automatic sign-on for users.

Using Sysinternals "Autologon" tool

The Sysinternals section of Microsoft support offers a tool called "Autologon" which simplifies the process of automating the autologon feature on a machine. To utilize the tool, follow these steps:

  1. Visit the Autologon v.3.10 provided by Microsoft support to access detailed instructions on downloading and using the "Autologon" tool.
  2. Download the "Autologon" tool from the provided link.
  3. Follow the instructions provided in the guide to configure autologon for your machine.

Creating an executable for Auto Logon

For a successful and secure implementation, we recommend creating an executable using a tool like AutoIT. This executable will be executed before the automatic reboot of a machine and will contain the implementation of the registry keys described earlier. Ensure that the "AutoLogonCount" registry value is set to 1.

The rationale behind using an executable is twofold:

  1. The executable compiles and encrypts the content, ensuring that all values, including passwords, are securely stored. For example, PowerShell scripts store values as plain text, which can pose a security risk.
  2. By default, the "DefaultPassword" value stores the password as plain text in the registry. This means that if a person with malicious intent gains access to the device, they can see the password stored in the registry. Using an executable in conjunction with the "AutoLogonCount" registry key ensures that after the reboot, the registry entries are cleared, eliminating any security issues.

Automatically starting the Login Enterprise Launcher software after Login

Option 1:

We recommend placing a copy of the Login Enterprise Launcher shortcut (typically found on the desktop after installation) in the startup folder of the machine. Follow these steps:

  1. Copy the Login Enterprise Launcher shortcut.
  2. Press Winkey+R to open the Run window.
  3. Type "shell:startup" (without quotes) and press Enter.
  4. Paste the shortcut into the presented folder.

All files placed in the Startup folder are automatically launched after a user logs in.

Option 2:

If the launcher is integrated into your Login Enterprise configuration and you are using a domain user or domain-attached launcher, you can utilize a workspace management tool such as VMware UEM or Ivanti. Attach a login action to the Launcher device or the Launcher user to execute the launcher executable found in the installation directory. By default, it is located at "C:\Program Files\Login VSI\Login PI 3 Launcher\LoginPI.Launcher.exe".

Power, Lock Screen, and Screensaver settings

To ensure continuous operation of the Launcher, it's essential to prevent interruptions caused by power-saving modes, lock screens, and screensavers. To configure the necessary settings, follow these steps:

Power Settings:

  • Set the screen setting "On battery power, Turn off after" to Never.
  • Set the screen setting "When Plugged, Turn off after" to Never.
  • Set the power setting "On battery power, PC goes to sleep after" to Never.
  • Set the power setting "Sleep when plugged in, PC Goes to sleep after" to Never.
  • Set the "Lid close action" for both "On battery" and "Plugged In" scenarios to Do Nothing.
  • Set the "Power button action" for both "On battery" and "Plugged In" scenarios to Do Nothing.
  • Set the "Sleep button action" for both "On battery" and "Plugged In" scenarios to Do Nothing.

Other Settings:

  • Disable the screensaver on the machine.
  • Disable the lock screen on the machine.

Enabling remote connectivity to the Launcher

When utilizing a physical launcher machine, we recommend enabling a form of remote connectivity to the device. This can include options such as Remote Desktop Protocol (RDP), TeamViewer, Virtual Network Computing (VNC), or other remote connectivity applications. Enabling remote access facilitates easier troubleshooting if necessary.

Physical Launcher setup

When configuring the launcher as a physical device, it's crucial to prioritize security and minimize the risk of unauthorized access. Follow these best practices:

Secure location

Place the Launcher machine in a secure location such as a locked storage room or server room. Limit access to the room as much as possible to reduce the risk of unauthorized entry.

Lock physical pevice

Ensure that the device supports the use of a Kensington lock to prevent easy removal from the secure location.

Device type

To mitigate potential security risks, use a physical device without an attached screen. Avoid using laptops and instead opt for devices such as Intel NUCs, desktop machines, Windows Thin clients, IGEL Thin clients, or similar alternatives. If a laptop is used, ensure that the lid is closed at all times.

Wired connection

To maintain a stable connection, connect the launcher to the internet using a wired LAN cable. Only use wireless connections when necessary.

IT environment Launcher implementation

Security considerations for the launcher extend beyond the physical realm. Follow these recommendations for implementing the launcher in an IT environment:

Do not add a Launcher Device to the Domain

For management or remote connectivity, avoid adding the Launcher machine to the Domain unless necessary. This reduces the risk of unauthorized access to the domain if the device is compromised.

Updates and upgrades

Ensure that the Launcher device is consistently updated with the latest security patches recommended by the software supplier.

Virus scanner

Configure and maintain a virus scanner on the Launcher machine at all times. Keep the virus scanner updated regularly to ensure optimal protection against threats.

Add Launcher to automatic software distribution method

Enhance manageability and streamline software upgrades for the Login Enterprise by adding the launcher machine to your preferred software distribution setup such as SCCM or similar tools. This enables easy distribution of new launcher software updates as soon as they are released.

Additional resources