9

Windows Client Mass Deployment Guide

For advanced deployments like InTune integration, the NextDNS Windows application is available as an MSI. This installer enables automated deployment with pre-configuration of the profile.

The MSI installer is available at https://nextdns.io/download/windows/stable.msi

Installation Properties

The following properties can be set during the installation:

  • PROFILE: sets the system wide profile id. When set this way, the end user is not able to change the profile ID from the UI nor stop the client. Only an administrator can, by stopping the NextDNSService service.
  • UI (0 or 1, default:1): installs the application with or without the systray UI. When the UI is disabled, NextDNS can't be disabled by the end user.
  • ARP (0 or 1, default:1): hides the application from Windows' Add/Remove Program
  • REPORT_DEVICE_NAME (0 or 1, default: 1): report the device name and model with DNS queries so they appear in the logs and analytics.
  • EXCLUDE_SSIDS (comma-separated strings): defines a list of WiFi SSIDs on which the client should automatically disable itself. Use commas to pass more than on SSID and quotes if SSIDs contain spaces. SSIDs names are case-sensitive.
  • EXCLUDE_DOMAINS (comma-separated strings): defines a list of domain authorities to exclude from NextDNS resolution. Those domains (and all their sub-domains) will use the system's DNS for resolution.

Here are some examples:

You need to run the command prompt as an administrator, otherwise those properties will be ignored.

  • Force a profile ID abcdef, disable the UI and hide the application from Add/Remove Program:
    msiexec /qn /i NextDNSSetup-X.X.X.msi PROFILE=abcdef UI=0 ARP=0
  • Disable the client when connected the "Corp Network" or "Home" WiFi networks:
    msiexec /qn /i NextDNSSetup-X-X-X.msi EXCLUDE_SSIDS="Corp Network,Home"

All properties above can also be specified as MST properties for GPO/SSCM deployments.

Scripted Installation

To automate the installation of the client from the latest version, you may use the following PowerShell script if your deployment system supports it:

Invoke-WebRequest -Uri "https://nextdns.io/download/windows/stable.msi" -OutFile "$env:TEMP\NextDNSSetup.msi"
msiexec /qn /i "$env:TEMP\NextDNSSetup.msi" PROFILE=abcdef

Uninstallation

To silently uninstall the client (if Add/Remove Program was not disabled via ARP=0), run the following command:

"C:\Program Files (x86)\NextDNS\Uninstall.exe" /S

34 replies

null
    • Peter_Henning
    • 1 yr ago
    • Reported - view

    New Windows 11 machine, stable MSI installed as Administrator with PROFILE=.... and UI=0, service works briefly and then crashes every ~2 minutes. Windows event log just shows the Service Control Manager restarting the "NextDNS DNS53 to DoH proxy" service over and over.

      • Peter_Henning
      • 1 yr ago
      • Reported - view

      NextDNS I uninstalled, rebooted and tried again. So far the constant crashing problem has not come back, it seems ok this time.

      1. Command used to install (from Admin powershell):

          msiexec /qn /log nextdns.log /i NextDNSSetup-3.0.12.msi PROFILE=<xxx> UI=0 EXCLUDE_DOMAINS="<yyy>,<zzz>"

      2. Installer nextdns.log file output tail:

          MSI (s) (1C:54) [10:23:24:746]: Product: NextDNS -- Installation completed successfully.

          MSI (s) (1C:54) [10:23:24:747]: Windows Installer installed the product. Product Name: NextDNS. Product Version: 3.0.8. Product Language: 1033. Manufacturer: NextDNS. Installation success or error status: 0.

      I will try on a few more machines and if it happens again, will file a bug report but it now looks like a once-off glitch, thanks.

      • Peter_Henning
      • 1 yr ago
      • Reported - view

      NextDNS I spoke too soon, it has started crashing again. Here's the output in the windows event log:

      The NextDNS DNS53 to DoH proxy. service terminated unexpectedly.  It has done this 4 time(s).

      And here's the contents of nextdns.txt from the program files folder (seems to be overwritten each time the service restarts, which  is now every 2-4 minutes):

      2023/05/17 10:40:08 INFO starting NextDNSService service
      2023/05/17 10:40:08 INFO Service starting
      2023/05/17 10:40:08 INFO OnStart
      2023/05/17 10:40:08 INFO Registry information Configuration: <xxx>, UI: false, ARP: false
      2023/05/17 10:40:08 INFO Configuration found: <xxx>
      2023/05/17 10:40:08 INFO evaluateState: excluded=false enabled=true shouldStart=true prevShouldStart=false
      2023/05/17 10:40:08 INFO send event: status map[locked:true state:starting version:v3.0.12-2-g648bdf4]
      2023/05/17 10:40:08 INFO Service started
      2023/05/17 10:40:08 INFO send event: status map[locked:true state:started version:v3.0.12-2-g648bdf4]
      2023/05/17 10:40:08 INFO Engine DNS engine started
      2023/05/17 10:40:54 INFO Connected 102.130.49.135:443 (con=1ms tls=15ms, TCP, TLS13)
      2023/05/17 10:40:54 INFO Switching endpoint: https://windows.dns.nextdns.io#188.172.217.27,102.130.49.135,2a00:11c0:67:350::b,2a0b:4342:1a91:e:216:3cff:fe9b:4913
      2023/05/17 10:40:54 INFO Connected 45.90.28.0:443 (con=2ms tls=46ms, TCP, TLS13)
       

    • E_Pereira
    • 1 yr ago
    • Reported - view

    Hello, any news on the msi version with the captive portal fix? I have deployed this to my company’s pcs but have to uninstall occasionally due to the fact that captive portals are not usable with nextdns running. Thanks!

    • Kevin_Jacobson
    • 10 mths ago
    • Reported - view

    Setting REPORT_DEVICE_NAME=1 still does not work

      • Ceason
      • 9 mths ago
      • Reported - view

       Same here. Had setup initially with app, then discovered the mass deployment info. Pushing from our MDM solution, but client names not showing up. Tried reinstall and explicitly setting REPORT_DEVICE_NAME=1, not no change

      • NextDNs
      • 7 mths ago
      • Reported - view

       this issue has been fixed in the 3.0.13 revision pushed yesterday.

    • Ceason
    • 1 mth ago
    • Reported - view

    Hi, any other switches that can be set on install?

    Having issues with captive portals. I there a "detect-captive-portal" switch?

    • Dov_Weinstock
    • 3 wk ago
    • Reported - view

    It would only work for me if i use the full path for some reason. Removing the /qn option gave me an error that wouldn't show otherwise

      • Dov_Weinstock
      • 3 wk ago
      • Reported - view

       

      this was the error. was running the command in cmd as admin