Forum Discussion

Perschall2022

Joining the Conversation

12 months ago

Need help with prelogin Intune deployment

Hello, I need to understand how to get prelogin to work for my environment so users can sign in when off of the network. We are deploying devices from intune using the enrollment status page. S...

Murad

Joining the Conversation

2 months ago

Hi Erwin,

I followed all steps, however it fails when it comes to installing CATO Client via intune during Windows Autopilot on autopilot devices piror to AD login.

Can you share steps here?

Platform script:

$regPath = “HKLM:\SOFTWARE\CatoNetworksVPN”

$subdomain = “sample”

New-ItemProperty -Path $regPath -Name “PreLogin” -PropertyType DWORD -Value 1 -Force

New-ItemProperty -Path $regPath -Name “Subdomain” -PropertyType String -Value $subdomain -Force

New-ItemProperty -Path $regPath -Name “LaunchAuthPageOnStartup” -PropertyType DWORD -Value 1 -Force

New-ItemProperty -Path $regPath -Name “ConnectOnBoot” -PropertyType DWORD -Value 1 -Force

ErwinG

Joining the Conversation

2 months ago

Hi Murad,

Do you know where or why the installation fails? An error code?

The PowerShell script creating the Registry keys should be uploaded as a Platform Script, so it will be executed even before application deployment occurs. In my script, I only use the PreLogin and Subdomain keys.

The Cato client should be uploaded as a Win32 Windows app, and should be set as a required app in the Enrollment Status Page configuration (Block device use until required apps are installed).

If you have your hybrid domain architecture and associated AutoPilot and device configuration profiles configured correctly, it should create a pre-domain join object in your AD and run the Platform Script during the OOBE phase. Then it should install the Cato client and do the actual domain join during the actual enrollment phase.

Murad
Joining the Conversation
2 months ago
Hi Erwin,
CATO VPN deployed through line of business app on device instead of winapp 32, however it fails on pre-logon and doesn't populate on main windows AD login screen.
I have one CATO root certificate which is tied up to CATO management portal, but CATO VPN Prelog in requires signing device certificate which is different from root certificate.
Under Intune, platform script:
$regPath = “HKLM:\SOFTWARE\CatoNetworksVPN”
$subdomain = “sample”
New-ItemProperty -Path $regPath -Name “PreLogin” -PropertyType DWORD -Value 1 -Force
New-ItemProperty -Path $regPath -Name “Subdomain” -PropertyType String -Value $subdomain -Force
New-ItemProperty -Path $regPath -Name “LaunchAuthPageOnStartup” -PropertyType DWORD -Value 1 -Force
New-ItemProperty -Path $regPath -Name “ConnectOnBoot” -PropertyType DWORD -Value 1 -Force

How would I get device sign in certificate? Would it work deploying through prelogin category on CMA portal?
Please assist.

Forum Discussion

Need help with prelogin Intune deployment

Recent Discussions

Remote Port Forwarding

Visit website with error(HTTP Version Not Supported) with Cato

Cato Device Posture Profile problems.. What are others using?

Is there any way to know the actual service signature?

Cato Connect Event: AMA with Professional Services - November 2025