7

Windows Client Mass Deployment Guide

For advanced deployments like InTune integration, the NextDNS Windows application is available as an MSI. This installer enables automated deployment with pre-configuration of the profile.

The MSI installer is available at https://nextdns.io/download/windows/stable.msi

Installation Properties

The following properties can be set during the installation:

  • PROFILE: sets the system wide profile id. When set this way, the end user is not able to change the profile ID from the UI nor stop the client. Only an administrator can, by stopping the NextDNSService service.
  • UI (0 or 1, default:1): installs the application with or without the systray UI. When the UI is disabled, NextDNS can't be disabled by the end user.
  • ARP (0 or 1, default:1): hides the application from Windows' Add/Remove Program
  • REPORT_DEVICE_NAME (0 or 1, default: 1): report the device name and model with DNS queries so they appear in the logs and analytics.
  • EXCLUDE_SSIDS (comma-separated strings): defines a list of WiFi SSIDs on which the client should automatically disable itself. Use commas to pass more than on SSID and quotes if SSIDs contain spaces. SSIDs names are case-sensitive.
  • EXCLUDE_DOMAINS (comma-separated strings): defines a list of domain authorities to exclude from NextDNS resolution. Those domains (and all their sub-domains) will use the system's DNS for resolution.

Here are some examples:

You need to run the command prompt as an administrator, otherwise those properties will be ignored.

  • Force a profile ID abcdef, disable the UI and hide the application from Add/Remove Program:
    msiexec /qn /i NextDNSSetup-X.X.X.msi PROFILE=abcdef UI=0 ARP=0
  • Disable the client when connected the "Corp Network" or "Home" WiFi networks:
    msiexec /qn /i NextDNSSetup-X-X-X.msi EXCLUDE_SSIDS="Corp Network,Home"

All properties above can also be specified as MST properties for GPO/SSCM deployments.

Scripted Installation

To automate the installation of the client from the latest version, you may use the following PowerShell script if your deployment system supports it:

Invoke-WebRequest -Uri "https://nextdns.io/download/windows/stable.msi" -OutFile "$env:TEMP\NextDNSSetup.msi"
msiexec /qn /i "$env:TEMP\NextDNSSetup.msi" PROFILE=abcdef

Uninstallation

To silently uninstall the client (if Add/Remove Program was not disabled via ARP=0), run the following command:

"C:\Program Files (x86)\NextDNS\Uninstall.exe" /S

29 replies

null
    • Higor_de_Deus_Matos
    • 1 yr ago
    • Reported - view

    how to report name to NEXT DNS by MSI?

      • NextDNs
      • 11 mths ago
      • Reported - view

      Higor de Deus Matos last revision has it on by default and REPORT_DEVICE_NAME=0 can be used to disable it.

      • Higor_de_Deus_Matos
      • 11 mths ago
      • Reported - view

      NextDNS Please check this function. Tested in different environments and reporting device name doesn't work even with "REPORT_DEVICE_NAME=1"

      • NextDNs
      • 11 mths ago
      • Reported - view

      Higor de Deus Matos make sure your command prompt is ran as administrator 

      • Higor_de_Deus_Matos
      • 11 mths ago
      • Reported - view

      NextDNS I checked in every case.
      Report name is not being enabled by command "REPORT_DEVICE_NAME=1".
      When creating the key manually in regedit it works.

    • Matt.7
    • 11 mths ago
    • Reported - view

    After following these steps, I've noticed that the NextDNS client "Settings" window automatically opens each time the computer is restarted. It also does not allow the option to disable the client. Are these known issues? Thank you.

      • NextDNs
      • 11 mths ago
      • Reported - view

      Matt UI=0 is the option to disable the client. Plus uninstall any version pf nextdns you had before if any.

    • scrypt
    • 11 mths ago
    • Reported - view

    Where are the options stored for registered values if they need to be edited later without redeploying?

    Ex: where are EXCLUDE_DOMAINS stored so that I can add or remove domains after installation?

    Edit: Settings seem to be stored in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\NextDNS\Settings. Is this the only place they are stored?

      • NextDNs
      • 11 mths ago
      • Reported - view

      scrypt correct 

    • Raul_Mercado
    • 11 mths ago
    • Reported - view

    I'm using this guide to install using Microsoft InTune and it works well. The program is installed but the Configuration ID does not come over. It's just blank.

    PROFILE=abcdef
    

    Does not seem to work.

      • quartz_station
      • 11 mths ago
      • Reported - view

      Raul Mercado Works for me on Intune/MS Endpoint.  Make sure to replace 'abcdef' in profile with your configuration. 
      I have used this in the Installed command in Intune: msiexec /i "NextDNSSetup-3.0.12.msi" /qn profile=<yourConfigID> UI=0

      Works fine for me, and I can see device+DNS queries on the NextDNS

      Intune could not detect the app via MSI after installing tho, so make sure to add detection rules as:  File C:\Program Files (x86)\NextDNS

      • Raul_Mercado
      • 4 mths ago
      • Reported - view

      This worked. Thank you. 

    • Tzvi
    • 11 mths ago
    • Reported - view

    How do we uninstall NextDNS is it was installed using UI=0 ARP=0

      • quartz_station
      • 11 mths ago
      • Reported - view

      Tzvi "C:\Program Files (x86)\NextDNS\Uninstall.exe" /S 

      It is in the post

      • Tzvi
      • 11 mths ago
      • Reported - view

      RR thanks for your help! The solution you are proposing, as stated above in the post, is only if Add/Remove Program was not disabled via ARP=0. My question though is when it was indeed disabled via ARP=0. How to uninstall in that case, please?

      • shane
      • 7 mths ago
      • Reported - view

      RR Agreed. Read the post. He asked if ARP=0 was used.

    • Tzvi
    • 11 mths ago
    • Reported - view

    MDM solution is asking to upload .msi file directly. Then it asks (requires) for Product Code and Bundle Identifier. How do I extract them to provide to the MDM app?

    • Chase
    • 7 mths ago
    • Reported - view

    Great job! This is exactly what I was hoping for.

    Question/request: Is there a way to deploy this and use DNS-over-HTTPS?

      • Chase
      • 7 mths ago
      • Reported - view

      After some quick searching, the Windows client v3.0 and above enabled DoH? Just wanted to confirm.

      • BigDargon
      • 7 mths ago
      • Reported - view

      Chase The NextDNS app uses DoH only. Currently, only Windows 11 supports DoH encrypted DNS.

    • shane
    • 7 mths ago
    • Reported - view

    How do we cal the msi file to remove the service?

    (when ARP=0 is used to install?)

      • NextDNs
      • 7 mths ago
      • Reported - view

      shane you have to reinstall with ARP=1 then use the uninstaller for now.

      • shane
      • 7 mths ago
      • Reported - view

      NextDNS Thanks. I will try that tomorrow.

    • Peter_Henning
    • 6 mths ago
    • Reported - view

    New Windows 11 machine, stable MSI installed as Administrator with PROFILE=.... and UI=0, service works briefly and then crashes every ~2 minutes. Windows event log just shows the Service Control Manager restarting the "NextDNS DNS53 to DoH proxy" service over and over.

      • NextDNs
      • 6 mths ago
      • Reported - view

      Peter Henning please post the log files located in the program’s directory.