Skip to main content
RMM-and-MDM

Ninja RMM - Parametrized Windows agent install

This guide describes how to mass deploy idemeum agent with Ninja One RMM.

Nik Pot

Ninja RMM - Parametrized Windows agent install

Overview

In this guide we will take a look at how to deploy idemeum desktop agent with a parametrized script. Simply, you will store custom fields for each of your customers in Ninja RMM and use one simple script to deploy agent to each customer workstation.

If you simply want to install to several machines, you can grab the command line script and execute it directly on customer workstation.

Command-line installation
This guide demonstrates how you can install idemeum desktop agent with a command line script.
idemeum docsNik Pot

Install Windows agent

Obtain idemeum deployment variables

As a first step, we will download a simple CSV file that will include all customer tenant idemeum variables required for deployment:

  • tenant FQDN - URL of the customer tenant
  • client id and client secret - required for desktop agent to connect to idemeum cloud
  • master key - customer tenant encryption key that is used for zero-knowledge encryption
Master key
What is the master key? Idemeum desktop client handles sensitive information, including user credentials. In order to achieve the highest level of security and enable client-side encryption, you can generate master key in the admin portal and supply that key to all idemeum desktop agents during installation. This way your
idemeum docsNik Pot

To get the CSV:

  • Access admin portal of your MSP idemeum tenant
  • Navigate to CustomersAdd customerDownload desktop installer CSV
  • First, you will be presented with a parametrized command that you can use for Windows agent deployment
  • And then the CSV file will be downloaded with all customer tenant data. For each tenant you will have FQDN, client id, client secret, and master key.

Create organization fields in Ninja

There are several ways you can leverage custom fields in Ninja to deploy idemeum (use documentation fields, global device fields, etc.). In this guide we will use Global device fields and associate them with each organization in Ninja One.

  • Access AdministrationDevicesGlobal custom fields and then create one field for each of the required 4 parameters. As an example see how we created 4 fields in our demo Ninja tenant.
  • When you create these field make sure:
    • You choose Read only for Automations
    • Choose Organization for Scope id

Assign variables to each organization

Now we can leverage the CSV file downloaded in the previous section to assign idemeum deployment variables to each organization in Ninja.

  • Navigate to Ninja dashboard and access the organization that you want to set up
  • Click on the Custom fields tab at the top
  • Click Edit, then grab the CSV, extract the values for a customer tenant and assign values to custom fields

Create deployment script in Ninja

Now we will create a deployment script in Ninja that will extract variables from custom fields for each tenant, will create the deployment command in PowerShell and deploy idemeum agent to Windows workstation.

  • Navigate to AdministrationLibraryAutomation
  • Add new script
  • You can now add the following script as listed below.
Variable names will depend on the global field names that you created in the previous step.
# Pull idemeum variables for organization
$fqdn = (Ninja-Property-Get idemeumFqdn).ToString()
$clientId = (Ninja-Property-Get idemeumClientId).ToString()
$clientSecret = (Ninja-Property-Get idemeumClientSecret).ToString()
$masterKey = (Ninja-Property-Get idemeumMasterKey).ToString()


Set-ExecutionPolicy RemoteSigned -Scope Process -Force;
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
cd (Get-Item -Path $env:TEMP).FullName;
Invoke-WebRequest -Uri "https://asset.idemeum.com/desktoplogin/idemeumDesktopAppInstall.ps1" -OutFile "idemeumDesktopAppInstall.ps1" ;
.\idemeumDesktopAppInstall.ps1 -tenantFQDN $fqdn -clientId $clientId -clientSecret $clientSecret -masterKey $masterKey -restartAfterInstall 'false'
  • Here is how we configured this script in our Ninja instance

Deploy script to workstations

You can now navigate to any workstation and deploy the created script. The variables will be pulled from the organization and deployment PowerShell command will be pushed to workstation.

Update Windows agent

The update script is the same as the installation one. There is no need to create any additional deployment scripts. Simply deploy the same script that we created above. The script will check the installed version and will update to the latest if new package is available.

Uninstall Windows agent

You can also create idemeum uninstall script. This script will be the same for every organization as it does not depend on any parameters.

Please use the following script to uninstall idemeum on Windows. 

Start-Process -FilePath "msiexec.exe" -ArgumentList "/x {93B9CC98-6004-411E-A8BF-88F7C3BC5541} /qn /norestart" -Wait
Start-Process -FilePath "msiexec.exe" -ArgumentList "/x {71216D26-573B-402B-A3F5-A7CB9F950CFF} /qn /norestart" -Wait