# Nightfall Windows Agent Deployment: JumpCloud MDM ## Prerequisites Before beginning the install, make sure you have the following: * A JumpCloud Admin / MDM environment ready, and the JumpCloud Agent already configured or in process of being configured for your Windows devices. * The Nightfall Windows Agent (MSI) and associated parameters (API\_KEY / COMPANY\_ID) as from the [Nightfall Endpoint](https://app.nightfall.ai/endpoint) page → **Download Packages**. * Internal device group or OU targeting plan within JumpCloud (for example: Windows corporate laptops, desktops, etc). * Communication to end-users (if needed) and any documentation of maintenance windows or reboots. * Valid credentials / admin rights on target Windows devices (or ability via MDM / script to install silently). *** ## Connect JumpCloud to Nightfall 1. Log in to `app.nightfall.ai` and navigate to **Settings > MDM Profile**. 2. Select **JumpCloud** from the list of supported MDM providers. 3. Complete the OAuth flow to grant Nightfall read-only access to your JumpCloud device and user directory. This maps JumpCloud user identities to devices in the Nightfall console automatically. ## Deploy the Nightfall Agent via JumpCloud Use JumpCloud’s Commands/Policies feature to deploy the Nightfall Agent silently to the target Windows device group: 1. In JumpCloud Admin Portal: **Device Management → Commands → Commands** tab **→** click **+ Command** (or use Policies if available) * **Type:** Windows * Check "Windows PowerShell" * **Command:** Copy/paste in the command shown below. * Replace the File Destination ($msi value) as needed or leave as-is. * Replace the API\_KEY and COMPANY\_ID with what is in the Nightfall console. * From the [Nightfall Endpoint](https://app.nightfall.ai/endpoint) page > click **Download Package** > copy the **API\_KEY** and **COMPANY\_ID** from the Windows command. ```jsx $msi = 'C:\\Windows\\Temp\\NightfallAgent.msi' $args = @( '/i', "`"$msi`"" 'API_KEY=""' 'COMPANY_ID=""' 'INSTALL_NF_DRIVER=1' '/qn' ) Start-Process msiexec.exe -ArgumentList $args -Wait -NoNewWindow ``` * **Command Name**: (e.g., “Install Nightfall Agent Windows”) 2. Under **Files** > click **+ File** > upload the NightfallAgent.msi ![Setting the path of the file upload](https://3764378997-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZeqNSdo8J8cLJPU3Gs5M%2Fuploads%2F0Azh92e74Lnq3S6tRKCd%2Ffile-destination.png?alt=media\&token=987572f8-34df-416d-89e5-280157dbc172) 3. Copy the File Destination where the MSI would be copied onto the enrolled devices by jumpcloud mdm. 4. Choose a Device Group 1. Navigate to the **Device Groups** tab. 2. Check the group to use for deployment. 5. Click "**Save**". 6. Click "**Run Now**".​ *** ## Post-Installation Verification After installation, verify that the Nightfall Agent is functioning correctly: * In JumpCloud, **Device Management** → **Devices**, check that the device remains active and that there are no policy conflicts or errors. * In the **Nightfall Console** → **Integrations** → **Manage** (macOS or Windows) → confirm the device is in the “Connected” state. * On the Windows machine, check **Programs & Features** to confirm “Nightfall Agent” appears. * In Services (`services.msc`), verify the Nightfall service is installed and running. * Confirm that the NightfallUI app is shown on the taskbar and that the Version, Company UUID, and Device ID are correct. * Conduct a simple test of exfiltration detection (per your internal policy) to ensure the agent is monitoring as expected.​ *** ## Troubleshooting & Best Practices * Ensure that the MSI installation parameters (API\_KEY, COMPANY\_ID) are correct and correspond to your Nightfall account. * If installation fails silently, re-run the installation with log flags and check the install log file: ```jsx $args = @( '/i', ""$msi"" 'API_KEY=""' 'COMPANY_ID=""' 'INSTALL_NF_DRIVER=1' '/qn' '/L*V’,'C:\\Windows\\Temp\\NightfallAgent-install.log’ ) ``` * If devices have pending reboots or other software installations, consider staging installation to avoid conflicts. * Because you’re installing via JumpCloud, ensure the device’s JumpCloud Agent is up-to-date and reporting properly before deploying Nightfall. * For stealth or minimal-disruption deployment (if desired), schedule installs during off-hours and consider using silent `/qn /norestart`. The Nightfall Windows guide supports silent installs. * Document versioning of Nightfall Agent: if you need to upgrade later, consider how you’ll script uninstall + reinstall or patch. The MSI guide covers uninstall. * Monitor JumpCloud’s device compliance and policy execution logs to ensure the command executed successfully. *** ## Uninstall via JumpCloud 1. In JumpCloud Admin Portal: **Device Management** → **Commands** → **+ Command** * **Type:** Windows * Check "Windows PowerShell" * **Command:** Copy/paste in the command shown below: * ```jsx # Uninstall "NightfallAI Agent" silently via MSI ProductCode, with full logging. # Works for both 64-bit and 32-bit (WOW6432Node) installs. $TargetDisplayName = 'NightfallAI Agent' $UninstallHives = @( 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall', 'HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall' ) Write-Host "Searching for '$TargetDisplayName' in uninstall registry..." -ForegroundColor Cyan $found = $null foreach ($hive in $UninstallHives) { if (-not (Test-Path $hive)) { continue } foreach ($sub in Get-ChildItem $hive -ErrorAction SilentlyContinue) { try { $p = Get-ItemProperty $sub.PSPath -ErrorAction SilentlyContinue if ($p.DisplayName -eq $TargetDisplayName) { $found = [pscustomobject]@{ KeyName = $sub.PSChildName KeyPath = $sub.PSPath DisplayName = $p.DisplayName UninstallString = $p.UninstallString } break } } catch { } } if ($found) { break } } if (-not $found) { Write-Host "Not installed: $TargetDisplayName — nothing to do." -ForegroundColor Yellow exit 0 } Write-Host "Found:" -ForegroundColor Green Write-Host " Key: $($found.KeyPath)" Write-Host " UninstallString: $($found.UninstallString)" # Try to extract ProductCode (GUID) from key name or UninstallString $guid = $null if ($found.KeyName -match '^\\{[0-9A-Fa-f-]{36}\\}$') { $guid = $found.KeyName } elseif ($found.UninstallString -match '\\{[0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}\\}') { $guid = $matches[0] } $LogPath = 'C:\\Windows\\Temp\\NightfallAgent-uninstall.log' if ($guid) { Write-Host "Using ProductCode $guid for silent uninstall via msiexec..." $args = @('/x', $guid, '/qn', '/norestart', '/L*V', $LogPath) $proc = Start-Process -FilePath msiexec.exe -ArgumentList $args -Wait -PassThru -NoNewWindow $code = $proc.ExitCode Write-Host "msiexec exit code: $code" if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" } exit $code } else { # Fallback: run the UninstallString directly (best effort). # If it's msiexec without silent flags, try to add /qn /norestart. $cmd = $found.UninstallString if ([string]::IsNullOrWhiteSpace($cmd)) { Write-Error "UninstallString missing — cannot continue." exit 1 } if ($cmd -match 'msiexec(\\.exe)?\\s+/I\\s*(\\{[^\\}]+\\})') { # Convert /I to /x for remove, add silent + log $guid2 = $matches[2] Write-Host "Converting msiexec /I to silent remove for $guid2" $args = @('/x', $guid2, '/qn', '/norestart', '/L*V', $LogPath) $proc = Start-Process -FilePath msiexec.exe -ArgumentList $args -Wait -PassThru -NoNewWindow $code = $proc.ExitCode Write-Host "msiexec exit code: $code" if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" } exit $code } elseif ($cmd -match 'msiexec(\\.exe)?') { # It's some other msiexec form; append silent flags if missing $aug = $cmd if ($aug -notmatch '/qn') { $aug += ' /qn' } if ($aug -notmatch '/norestart'){ $aug += ' /norestart' } if ($aug -notmatch '/L\\*V') { $aug += " /L*V `"$LogPath`"" } Write-Host "Running: $aug" $proc = Start-Process -FilePath 'cmd.exe' -ArgumentList '/c', $aug -Wait -PassThru -NoNewWindow $code = $proc.ExitCode Write-Host "msiexec exit code: $code" if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" } exit $code } else { # Non-MSI uninstaller (unlikely for your MSI). Launch as-is. Write-Host "Non-MSI uninstall string; executing as-is." $proc = Start-Process -FilePath 'cmd.exe' -ArgumentList '/c', $cmd -Wait -PassThru -NoNewWindow $code = $proc.ExitCode Write-Host "Uninstaller exit code: $code" exit $code } } ``` * **Command Name**: (e.g., “Uninstall NightfallAI Agent Windows”) 1. Choose a Device Group 1. Navigate to the **Device Groups** tab. 2. Check the group to use for deployment. 2. Click "**Save**". 2. Run whenever needed. *** ## Appendix / Reference Links * Nightfall Windows Agent MSI Deployment Guide – Nightfall Help Center: [Install Nightfall AI Agent for Windows OS](https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_endpoint/install-nightfall-ai-agent-for-windows-os?utm_source=chatgpt.com) * JumpCloud Windows Agent Installation Walk-through – JumpCloud Support: [JumpCloud Agent Windows Installation Walkthrough](https://jumpcloud.com/support/jumpcloud-agent-windows-installation-walkthrough?utm_source=chatgpt.com) * JumpCloud Commands / Remote Application Install guide: [Install Applications Remotely via JumpCloud](https://jumpcloud.com/support/install-applications-remotely?utm_source=chatgpt.com)