This article provides clarification on the managed deployment of the Pulse Desktop client as outlined in the Pulse Desktop client admin guide
Problem or Goal
Due to corporate restrictions, users are unable to install Pulse directly on their systems; the company has opted to use a managed software solution to allow the admin-based install for non-admin users (e.g. SCCM). What are the best practices for SCCM deployment?
The Pulse Desktop client (Pulse) operates in the USER context for storing connection information.
After installation, Pulse is started using the username that triggered the installation.
When the SYSTEM user triggers the install, Pulse runs as the SYSTEM user and does not have access to the connection data stored in the USER profile.
The user profile allows for unique contexts between users as well as non-admin users to access the software (after installation by an admin user).
To install in the USER context, first advertise the .msi while in the SYSTEM context. For example, to advertise the 64-bit Windows installation to all users, use the following msiexec command: msiexec /jm \PulseSecure.x64.msi The advertisement allows the installation to be run in USER context even if the user is a restricted (non-admin) user. The location where the advertisement is run and where the actual installation is run must be the same. If the installation is an upgrade, you must advertise the upgrade version before running it. (Note that it is much easier to upgrade the Pulse client by not disabling the automatic upgrade feature on the Pulse server.) After the installation is run by the user, the Pulse client will use the correct user certificate and context.
The installation can be run over SCCM, or equivalent software, as long as the package has admin rights; another option for installation is to install the Pulse Installer service as an admin.
The installation needs to only be done once for all users on the system.
A reboot is not required after installation; however, the Pulse client needs to be stopped from the SYSTEM context and started again from the user context.
For a Windows installation (.msi) that uses an automated distribution mechanism and where the users do not have administrator privileges, ensure that the installation is run in the proper context, typically the USER context.