gitadmin/mdm-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3101cb8d889c031eb7120e2824b69c1018125edf
mdm-scripts/install.ps1
gitadmin 3101cb8d88 Add install.ps1
2026-03-12 08:56:11 +00:00

92 lines
3.6 KiB
PowerShell
Raw Blame History

# ControlD MDM Agent — Windows Installer
# Usage: powershell -ExecutionPolicy Bypass -File install.ps1 -ControlDToken <TOKEN> -DashboardURL <URL> -EmployeeName <NAME>
param(
[Parameter(Mandatory=$true)][string]$ControlDToken,
[Parameter(Mandatory=$true)][string]$DashboardURL,
[Parameter(Mandatory=$true)][string]$EmployeeName
)
$ErrorActionPreference = "Stop"
$CtrldDir = "C:\ProgramData\ControlD"
$CtrldBin = "$CtrldDir\ctrld.exe"
$CtrldConfig = "$CtrldDir\ctrld.toml"
$DeviceID = [guid]::NewGuid().ToString()
$Hostname = $env:COMPUTERNAME
Write-Host "[*] Installing ControlD MDM agent for $EmployeeName on $Hostname..."
# 1. Download ctrld binary
Write-Host "[*] Downloading ctrld..."
New-Item -ItemType Directory -Force -Path $CtrldDir | Out-Null
$arch = if ([Environment]::Is64BitOperatingSystem) { "amd64" } else { "386" }
$url = "https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-windows-$arch.exe"
Invoke-WebRequest -Uri $url -OutFile $CtrldBin -UseBasicParsing
# 2. Write config
Write-Host "[*] Writing ctrld.toml..."
@"
[upstream.0]
endpoint = "https://dns.controld.com/$ControlDToken"
type = "doh"
timeout = 5000
[listener.0]
ip = "127.0.0.1"
port = 53
"@ | Set-Content -Path $CtrldConfig -Encoding UTF8
# 3. Install as Windows Service
Write-Host "[*] Installing Windows service..."
& $CtrldBin service install --config $CtrldConfig 2>$null
& $CtrldBin service start 2>$null
if ($LASTEXITCODE -ne 0) {
sc.exe create "ControlDAgent" binPath= "`"$CtrldBin`" run --config `"$CtrldConfig`"" start= auto | Out-Null
sc.exe start "ControlDAgent" | Out-Null
}
# 4. Set DNS on all adapters to 127.0.0.1
Write-Host "[*] Setting system DNS..."
Get-NetAdapter | Where-Object { $_.Status -eq 'Up' } | ForEach-Object {
Set-DnsClientServerAddress -InterfaceIndex $_.ifIndex -ServerAddresses "127.0.0.1"
}
# 5. Register with MDM backend
Write-Host "[*] Registering device with MDM backend..."
try {
$body = @{
device_id = $DeviceID
hostname = $Hostname
employee = $EmployeeName
os = "windows"
resolver_id = $ControlDToken
} | ConvertTo-Json
Invoke-RestMethod -Uri "$DashboardURL/api/register" -Method POST -Body $body -ContentType "application/json"
} catch {
Write-Host "[!] Warning: Could not reach MDM backend. Device will register on next heartbeat."
}
# 6. Set up heartbeat scheduled task (every 5 min)
Write-Host "[*] Setting up heartbeat..."
$heartbeatScript = @"
try {
`$ip = (Invoke-RestMethod -Uri 'https://ifconfig.me' -UseBasicParsing -TimeoutSec 5)
} catch { `$ip = 'unknown' }
`$body = @{ device_id = '$DeviceID'; ip = `$ip } | ConvertTo-Json
Invoke-RestMethod -Uri '$DashboardURL/api/heartbeat' -Method POST -Body `$body -ContentType 'application/json' -TimeoutSec 10
"@
$heartbeatPath = "$CtrldDir\heartbeat.ps1"
$heartbeatScript | Set-Content -Path $heartbeatPath -Encoding UTF8
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-ExecutionPolicy Bypass -File `"$heartbeatPath`""
$trigger = New-ScheduledTaskTrigger -RepetitionInterval (New-TimeSpan -Minutes 5) -Once -At (Get-Date)
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
Register-ScheduledTask -TaskName "ControlDHeartbeat" -Action $action -Trigger $trigger -Principal $principal -Force | Out-Null
Write-Host "[+] Installation complete!"
Write-Host " Device ID: $DeviceID"
Write-Host " Config: $CtrldConfig"
Write-Host " DNS: 127.0.0.1 -> ControlD (DoH)"
Reference in New Issue View Git Blame Copy Permalink