Skip to main content

How can we help you?

Search

help Knowledge Base
forum Community
checklist Release Notes
event Events

Install Windows Roaming Client using Intune

Minetta Gould Community Team DNSFilter Staff
  • Edited

Follow this post to install the Windows Roaming Client via Intune, Microsoft's endpoint manager. 

What you need from DNSFilter 

  1. Setup a network Site to associate with the agents. Make sure to assign the appropriate Filtering Policy and Block Page to the Site
  2. The Site Secret Key (SSK) from the Roaming Client Install tab
  3. The 64-bit Windows Roaming Client .MSI file (download from the same agent Install tab in the dashboard)

Intune Specifications

Add the Windows Roaming Client following Microsoft's Line of Business instructions. 

  1. Add the .MSI file as the App Package file
  2. Use these specs on the App Information page:
    1. Name: DNSFilter agent 64bit
    2. Description: DNS Filter Agent
    3. Publisher: DNS Filter
    4. App Install Context: Device
    5. Ignore app version: Yes
      • This setting allows the roaming client to stay updated via auto-update without errors of the MSI reinstalling (due to the version not matching)
    6. Command-line arguments: NKEY="Your Site Key"
      • This step will add the SSK to the .MSI file NKEY line
    7. Category: Computer Management
    8. Show this as a featured app in the Company Portal: Yes

 

✍️ When entering in quotes for the NKEY, make sure to use straight quotes instead of smart (curly) quotes. Smart quotes will prevent the Windows Roaming Client from registering successfully.

Once the agent is added, add groups in Intune as needed. 

Comments

5 comments

Date Votes
  • Official comment
    Bailey Taylor Community Manager DNSFilter Staff
    Community Regular

    Alex Billups Apologies for the confusion caused by the instructions in our documentation. To clarify, #4 under What you need from DNSFilter and #6 under Intune Specifications are referring to the same step. They are not separate adjustments but rather the same process described in different contexts.

    For future reference, if you want to edit an .MSI file directly (though not typically necessary for most deployments), you can follow these steps:

    1. Download an MSI Editing Tool: Use a tool like Orca, available as part of the Microsoft Windows SDK.
    2. Open the .MSI File: Launch Orca, and open the DNSFilter .MSI file.
    3. Edit the Property Table: Navigate to the "Property" table and locate the NKEY property.
    4. Add or Modify the Value: Enter your Site Secure Key (SSK) in the NKEY field, e.g., NKEY="YourSiteSecureKey".
    5. Save the File: Save the modified .MSI file, which will now automatically include the SSK without requiring a command-line argument during installation.

    Please note that modifying .MSI files is an advanced process and can introduce errors if not done carefully. For most users, passing the NKEY as a command-line argument remains the simplest and safest method.

    We’ll also work on making our instructions clearer to avoid similar misunderstandings in the future!

  • Alex Billups
    • Edited

    Some discoveries that might help someone else. 
    1.  NKEY = “Your site key” needs to have no spaces in it. (There are spaces in the example text above, that will break the Intune install) 
    The Intune portal should look like 
    NKEY="XXXXXXXXXXXXXXXXXXXXXXXX" 
    inside the Command line argument area

    You can test the NKEY argument locally in PowerShell (not in Intune) the command looks like  

    msiexec /i <drive letter>:<path to file>\DNSFilter_Agent_Setup.msi NKEY="XXXXX" 

    This will auto insert the key and you can see it during the install wizard that pops up.

    This still doesn't explain the section in this help doc discussing “adding the SSK to the msi file”
    Add the SSK to the .MSI file NKEY line” If there is a way to add the key to the .MSI file directly I assume that would remove the need to add the key line into the Intune file… but editing binary's isn't a normal thing so I feel like I missed something there. 

    0
  • Mike S

    I'm working with a customer that has another consulting group helping with AutoPilot deployments. 

    Obviously, DNSFilter would be a tool we want installed on every machine, but this group told me “Line-of-Business app” deployments will work fine for Company Portal or managed deployments, but AutoPilot needs to have the modified or wrapped MSI package Alex talked about and what you mentioned Bailey.

    I think it would be helpful to list the type of install for Windows based on this knowledge that is apparently a well known challenge for Windows Packaging and Imaging admins. I left this world for 12 years and now I'm back, so I want to limit the pain others may be having.

    0
  • Alex Billups
    • Edited

    Mike S 
    I remember they had instructions for modifying the binary as an .MSI file, but those have been removed since I posted my questions. I used Orca from the Windows Installer development tools to edit the binary. However, since they rebuilt the binary, I'm not sure it's as editable as it used to be.

    Windows install dev tool

    https://learn.microsoft.com/en-us/windows/win32/msi/windows-installer-development-tools

    Orca editor

    https://learn.microsoft.com/en-us/windows/win32/msi/orca-exe

    1
  • Minetta Gould Community Team DNSFilter Staff

    Hi Mike S , thanks for reaching out, and thanks for helping out, Alex Billups

    We do have documentation related to using Orca for this process, and this Q&A from Microsoft may also be helpful. 

    We're here to help if you have any other questions! 

    1

Please sign in to leave a comment.

New post

Featured posts