Windows Client Mass Deployment Guide
For advanced deployments like InTune integration, the NextDNS Windows application is available as an MSI. This installer enables automated deployment with pre-configuration of the profile.
The MSI installer is available at https://nextdns.io/download/windows/stable.msi
The following properties can be set during the installation:
- PROFILE: sets the system wide profile id. When set this way, the end user is not able to change the profile ID from the UI nor stop the client. Only an administrator can, by stopping the NextDNSService service.
- UI (0 or 1, default:1): installs the application with or without the systray UI. When the UI is disabled, NextDNS can't be disabled by the end user.
- ARP (0 or 1, default:1): hides the application from Windows' Add/Remove Program
- REPORT_DEVICE_NAME (0 or 1, default: 1): report the device name and model with DNS queries so they appear in the logs and analytics.
- EXCLUDE_SSIDS (comma-separated strings): defines a list of WiFi SSIDs on which the client should automatically disable itself. Use commas to pass more than on SSID and quotes if SSIDs contain spaces. SSIDs names are case-sensitive.
- EXCLUDE_DOMAINS (comma-separated strings): defines a list of domain authorities to exclude from NextDNS resolution. Those domains (and all their sub-domains) will use the system's DNS for resolution.
Here are some examples:
You need to run the command prompt as an administrator, otherwise those properties will be ignored.
- Force a profile ID abcdef, disable the UI and hide the application from Add/Remove Program:
msiexec /qn /i NextDNSSetup-X.X.X.msi PROFILE=abcdef UI=0 ARP=0
- Disable the client when connected the "Corp Network" or "Home" WiFi networks:
msiexec /qn /i NextDNSSetup-X-X-X.msi EXCLUDE_SSIDS="Corp Network,Home"
All properties above can also be specified as MST properties for GPO/SSCM deployments.
To automate the installation of the client from the latest version, you may use the following PowerShell script if your deployment system supports it:
Invoke-WebRequest -Uri "https://nextdns.io/download/windows/stable.msi" -OutFile "$env:TEMP\NextDNSSetup.msi" msiexec /qn /i "$env:TEMP\NextDNSSetup.msi" PROFILE=abcdef
To silently uninstall the client (if Add/Remove Program was not disabled via ARP=0), run the following command:
"C:\Program Files (x86)\NextDNS\Uninstall.exe" /S
how to report name to NEXT DNS by MSI?
After following these steps, I've noticed that the NextDNS client "Settings" window automatically opens each time the computer is restarted. It also does not allow the option to disable the client. Are these known issues? Thank you.
Where are the options stored for registered values if they need to be edited later without redeploying?
Ex: where are EXCLUDE_DOMAINS stored so that I can add or remove domains after installation?
Edit: Settings seem to be stored in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\NextDNS\Settings. Is this the only place they are stored?
I'm using this guide to install using Microsoft InTune and it works well. The program is installed but the Configuration ID does not come over. It's just blank.
Does not seem to work.
How do we uninstall NextDNS is it was installed using UI=0 ARP=0
MDM solution is asking to upload .msi file directly. Then it asks (requires) for Product Code and Bundle Identifier. How do I extract them to provide to the MDM app?
Great job! This is exactly what I was hoping for.
Question/request: Is there a way to deploy this and use DNS-over-HTTPS?
How do we cal the msi file to remove the service?
(when ARP=0 is used to install?)
New Windows 11 machine, stable MSI installed as Administrator with PROFILE=.... and UI=0, service works briefly and then crashes every ~2 minutes. Windows event log just shows the Service Control Manager restarting the "NextDNS DNS53 to DoH proxy" service over and over.