Windows Client Mass Deployment Guide

updated 1 yr ago
34replies

For advanced deployments like InTune integration, the NextDNS Windows application is available as an MSI. This installer enables automated deployment with pre-configuration of the profile.

The MSI installer is available at https://nextdns.io/download/windows/stable.msi

Installation Properties

The following properties can be set during the installation:

PROFILE: sets the system wide profile id. When set this way, the end user is not able to change the profile ID from the UI nor stop the client. Only an administrator can, by stopping the NextDNSService service.
UI (0 or 1, default:1): installs the application with or without the systray UI. When the UI is disabled, NextDNS can't be disabled by the end user.
ARP (0 or 1, default:1): hides the application from Windows' Add/Remove Program
REPORT_DEVICE_NAME (0 or 1, default: 1): report the device name and model with DNS queries so they appear in the logs and analytics.
EXCLUDE_SSIDS (comma-separated strings): defines a list of WiFi SSIDs on which the client should automatically disable itself. Use commas to pass more than on SSID and quotes if SSIDs contain spaces. SSIDs names are case-sensitive.
EXCLUDE_DOMAINS (comma-separated strings): defines a list of domain authorities to exclude from NextDNS resolution. Those domains (and all their sub-domains) will use the system's DNS for resolution.

Here are some examples:

You need to run the command prompt as an administrator, otherwise those properties will be ignored.

Force a profile ID abcdef, disable the UI and hide the application from Add/Remove Program:
```
msiexec /qn /i NextDNSSetup-X.X.X.msi PROFILE=abcdef UI=0 ARP=0
```
Disable the client when connected the "Corp Network" or "Home" WiFi networks:
```
msiexec /qn /i NextDNSSetup-X-X-X.msi EXCLUDE_SSIDS="Corp Network,Home"
```

All properties above can also be specified as MST properties for GPO/SSCM deployments.

Scripted Installation

To automate the installation of the client from the latest version, you may use the following PowerShell script if your deployment system supports it:

Invoke-WebRequest -Uri "https://nextdns.io/download/windows/stable.msi" -OutFile "$env:TEMP\NextDNSSetup.msi"
msiexec /qn /i "$env:TEMP\NextDNSSetup.msi" PROFILE=abcdef

Uninstallation

To silently uninstall the client (if Add/Remove Program was not disabled via ARP=0), run the following command:

"C:\Program Files (x86)\NextDNS\Uninstall.exe" /S

Windows

- Peter_Henning
- 1 yr ago
- Reported - view
New Windows 11 machine, stable MSI installed as Administrator with PROFILE=.... and UI=0, service works briefly and then crashes every ~2 minutes. Windows event log just shows the Service Control Manager restarting the "NextDNS DNS53 to DoH proxy" service over and over.
- Peter_Henning
  
  1 yr ago
  
  Reported - view
  NextDNS I uninstalled, rebooted and tried again. So far the constant crashing problem has not come back, it seems ok this time.
  
  1. Command used to install (from Admin powershell):
  
      msiexec /qn /log nextdns.log /i NextDNSSetup-3.0.12.msi PROFILE=<xxx> UI=0 EXCLUDE_DOMAINS="<yyy>,<zzz>"
  
  2. Installer nextdns.log file output tail:
  
      MSI (s) (1C:54) [10:23:24:746]: Product: NextDNS -- Installation completed successfully.
  
      MSI (s) (1C:54) [10:23:24:747]: Windows Installer installed the product. Product Name: NextDNS. Product Version: 3.0.8. Product Language: 1033. Manufacturer: NextDNS. Installation success or error status: 0.
  
  I will try on a few more machines and if it happens again, will file a bug report but it now looks like a once-off glitch, thanks.
- Peter_Henning
  
  1 yr ago
  
  Reported - view
  NextDNS I spoke too soon, it has started crashing again. Here's the output in the windows event log:
  
  The NextDNS DNS53 to DoH proxy. service terminated unexpectedly. It has done this 4 time(s).
  
  And here's the contents of nextdns.txt from the program files folder (seems to be overwritten each time the service restarts, which is now every 2-4 minutes):
  
  2023/05/17 10:40:08 INFO starting NextDNSService service
  2023/05/17 10:40:08 INFO Service starting
  2023/05/17 10:40:08 INFO OnStart
  2023/05/17 10:40:08 INFO Registry information Configuration: <xxx>, UI: false, ARP: false
  2023/05/17 10:40:08 INFO Configuration found: <xxx>
  2023/05/17 10:40:08 INFO evaluateState: excluded=false enabled=true shouldStart=true prevShouldStart=false
  2023/05/17 10:40:08 INFO send event: status map[locked:true state:starting version:v3.0.12-2-g648bdf4]
  2023/05/17 10:40:08 INFO Service started
  2023/05/17 10:40:08 INFO send event: status map[locked:true state:started version:v3.0.12-2-g648bdf4]
  2023/05/17 10:40:08 INFO Engine DNS engine started
  2023/05/17 10:40:54 INFO Connected 102.130.49.135:443 (con=1ms tls=15ms, TCP, TLS13)
  2023/05/17 10:40:54 INFO Switching endpoint: https://windows.dns.nextdns.io#188.172.217.27,102.130.49.135,2a00:11c0:67:350::b,2a0b:4342:1a91:e:216:3cff:fe9b:4913
  2023/05/17 10:40:54 INFO Connected 45.90.28.0:443 (con=2ms tls=46ms, TCP, TLS13)
- E_Pereira
- 1 yr ago
- Reported - view
Hello, any news on the msi version with the captive portal fix? I have deployed this to my company’s pcs but have to uninstall occasionally due to the fact that captive portals are not usable with nextdns running. Thanks!
- Kevin_Jacobson
- 11 mths ago
- Reported - view
Setting REPORT_DEVICE_NAME=1 still does not work
- Ceason
  
  9 mths ago
  
  Reported - view
  Same here. Had setup initially with app, then discovered the mass deployment info. Pushing from our MDM solution, but client names not showing up. Tried reinstall and explicitly setting REPORT_DEVICE_NAME=1, not no change
- NextDNs
  
  8 mths ago
  
  Reported - view
  this issue has been fixed in the 3.0.13 revision pushed yesterday.
- Ceason
- 2 mths ago
- Reported - view
Hi, any other switches that can be set on install?

Having issues with captive portals. I there a "detect-captive-portal" switch?
- Dov_Weinstock
- 1 mth ago
- Reported - view
It would only work for me if i use the full path for some reason. Removing the /qn option gave me an error that wouldn't show otherwise
- Dov_Weinstock
  
  1 mth ago
  
  Reported - view
  this was the error. was running the command in cmd as admin