# Nightfall Windows Agent Deployment: JumpCloud MDM ## Prerequisites Before beginning the install, make sure you have the following: * A JumpCloud Admin / MDM environment ready, and the JumpCloud Agent already configured or in process of being configured for your Windows devices. * The Nightfall Windows Agent (MSI) and associated parameters (API\_KEY / COMPANY\_ID) as from the [Nightfall Endpoint](https://app.nightfall.ai/endpoint) page → **Download Packages**. * Internal device group or OU targeting plan within JumpCloud (for example: Windows corporate laptops, desktops, etc). * Communication to end-users (if needed) and any documentation of maintenance windows or reboots. * Valid credentials / admin rights on target Windows devices (or ability via MDM / script to install silently). *** ## Connect JumpCloud to Nightfall 1. Log in to `app.nightfall.ai` and navigate to **Settings > MDM Profile**. 2. Select **JumpCloud** from the list of supported MDM providers. 3. Complete the OAuth flow to grant Nightfall read-only access to your JumpCloud device and user directory. This maps JumpCloud user identities to devices in the Nightfall console automatically. ## Deploy the Nightfall Agent via JumpCloud Use JumpCloud’s Commands/Policies feature to deploy the Nightfall Agent silently to the target Windows device group: 1. In JumpCloud Admin Portal: **Device Management → Commands → Commands** tab **→** click **+ Command** (or use Policies if available) * **Type:** Windows * Check "Windows PowerShell" * **Command:** Copy/paste in the command shown below. * Replace the File Destination ($msi value) as needed or leave as-is. * Replace the API\_KEY and COMPANY\_ID with what is in the Nightfall console. * From the [Nightfall Endpoint](https://app.nightfall.ai/endpoint) page > click **Download Package** > copy the **API\_KEY** and **COMPANY\_ID** from the Windows command. ```jsx $msi = 'C:\\Windows\\Temp\\NightfallAgent.msi' $args = @( '/i', "`"$msi`"" 'API_KEY=""' 'COMPANY_ID=""' 'INSTALL_NF_DRIVER=1' '/qn' ) Start-Process msiexec.exe -ArgumentList $args -Wait -NoNewWindow ``` * **Command Name**: (e.g., “Install Nightfall Agent Windows”) 2. Under **Files** > click **+ File** > upload the NightfallAgent.msi ![Setting the path of the file upload](/files/AWi2NUiPBsIzmXXvq48s) 3. Copy the File Destination where the MSI would be copied onto the enrolled devices by jumpcloud mdm. 4. Choose a Device Group 1. Navigate to the **Device Groups** tab. 2. Check the group to use for deployment. 5. Click "**Save**". 6. Click "**Run Now**".​ *** ## Post-Installation Verification After installation, verify that the Nightfall Agent is functioning correctly: * In JumpCloud, **Device Management** → **Devices**, check that the device remains active and that there are no policy conflicts or errors. * In the **Nightfall Console** → **Integrations** → **Manage** (macOS or Windows) → confirm the device is in the “Connected” state. * On the Windows machine, check **Programs & Features** to confirm “Nightfall Agent” appears. * In Services (`services.msc`), verify the Nightfall service is installed and running. * Confirm that the NightfallUI app is shown on the taskbar and that the Version, Company UUID, and Device ID are correct. * Conduct a simple test of exfiltration detection (per your internal policy) to ensure the agent is monitoring as expected.​ *** ## Troubleshooting & Best Practices * Ensure that the MSI installation parameters (API\_KEY, COMPANY\_ID) are correct and correspond to your Nightfall account. * If installation fails silently, re-run the installation with log flags and check the install log file: ```jsx $args = @( '/i', ""$msi"" 'API_KEY=""' 'COMPANY_ID=""' 'INSTALL_NF_DRIVER=1' '/qn' '/L*V’,'C:\\Windows\\Temp\\NightfallAgent-install.log’ ) ``` * If devices have pending reboots or other software installations, consider staging installation to avoid conflicts. * Because you’re installing via JumpCloud, ensure the device’s JumpCloud Agent is up-to-date and reporting properly before deploying Nightfall. * For stealth or minimal-disruption deployment (if desired), schedule installs during off-hours and consider using silent `/qn /norestart`. The Nightfall Windows guide supports silent installs. * Document versioning of Nightfall Agent: if you need to upgrade later, consider how you’ll script uninstall + reinstall or patch. The MSI guide covers uninstall. * Monitor JumpCloud’s device compliance and policy execution logs to ensure the command executed successfully. *** ## Uninstall via JumpCloud 1. In JumpCloud Admin Portal: **Device Management** → **Commands** → **+ Command** * **Type:** Windows * Check "Windows PowerShell" * **Command:** Copy/paste in the command shown below: * ```jsx # Uninstall "NightfallAI Agent" silently via MSI ProductCode, with full logging. # Works for both 64-bit and 32-bit (WOW6432Node) installs. $TargetDisplayName = 'NightfallAI Agent' $UninstallHives = @( 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall', 'HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall' ) Write-Host "Searching for '$TargetDisplayName' in uninstall registry..." -ForegroundColor Cyan $found = $null foreach ($hive in $UninstallHives) { if (-not (Test-Path $hive)) { continue } foreach ($sub in Get-ChildItem $hive -ErrorAction SilentlyContinue) { try { $p = Get-ItemProperty $sub.PSPath -ErrorAction SilentlyContinue if ($p.DisplayName -eq $TargetDisplayName) { $found = [pscustomobject]@{ KeyName = $sub.PSChildName KeyPath = $sub.PSPath DisplayName = $p.DisplayName UninstallString = $p.UninstallString } break } } catch { } } if ($found) { break } } if (-not $found) { Write-Host "Not installed: $TargetDisplayName — nothing to do." -ForegroundColor Yellow exit 0 } Write-Host "Found:" -ForegroundColor Green Write-Host " Key: $($found.KeyPath)" Write-Host " UninstallString: $($found.UninstallString)" # Try to extract ProductCode (GUID) from key name or UninstallString $guid = $null if ($found.KeyName -match '^\\{[0-9A-Fa-f-]{36}\\}$') { $guid = $found.KeyName } elseif ($found.UninstallString -match '\\{[0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}\\}') { $guid = $matches[0] } $LogPath = 'C:\\Windows\\Temp\\NightfallAgent-uninstall.log' if ($guid) { Write-Host "Using ProductCode $guid for silent uninstall via msiexec..." $args = @('/x', $guid, '/qn', '/norestart', '/L*V', $LogPath) $proc = Start-Process -FilePath msiexec.exe -ArgumentList $args -Wait -PassThru -NoNewWindow $code = $proc.ExitCode Write-Host "msiexec exit code: $code" if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" } exit $code } else { # Fallback: run the UninstallString directly (best effort). # If it's msiexec without silent flags, try to add /qn /norestart. $cmd = $found.UninstallString if ([string]::IsNullOrWhiteSpace($cmd)) { Write-Error "UninstallString missing — cannot continue." exit 1 } if ($cmd -match 'msiexec(\\.exe)?\\s+/I\\s*(\\{[^\\}]+\\})') { # Convert /I to /x for remove, add silent + log $guid2 = $matches[2] Write-Host "Converting msiexec /I to silent remove for $guid2" $args = @('/x', $guid2, '/qn', '/norestart', '/L*V', $LogPath) $proc = Start-Process -FilePath msiexec.exe -ArgumentList $args -Wait -PassThru -NoNewWindow $code = $proc.ExitCode Write-Host "msiexec exit code: $code" if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" } exit $code } elseif ($cmd -match 'msiexec(\\.exe)?') { # It's some other msiexec form; append silent flags if missing $aug = $cmd if ($aug -notmatch '/qn') { $aug += ' /qn' } if ($aug -notmatch '/norestart'){ $aug += ' /norestart' } if ($aug -notmatch '/L\\*V') { $aug += " /L*V `"$LogPath`"" } Write-Host "Running: $aug" $proc = Start-Process -FilePath 'cmd.exe' -ArgumentList '/c', $aug -Wait -PassThru -NoNewWindow $code = $proc.ExitCode Write-Host "msiexec exit code: $code" if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" } exit $code } else { # Non-MSI uninstaller (unlikely for your MSI). Launch as-is. Write-Host "Non-MSI uninstall string; executing as-is." $proc = Start-Process -FilePath 'cmd.exe' -ArgumentList '/c', $cmd -Wait -PassThru -NoNewWindow $code = $proc.ExitCode Write-Host "Uninstaller exit code: $code" exit $code } } ``` * **Command Name**: (e.g., “Uninstall NightfallAI Agent Windows”) 1. Choose a Device Group 1. Navigate to the **Device Groups** tab. 2. Check the group to use for deployment. 2. Click "**Save**". 2. Run whenever needed. *** ## Appendix / Reference Links * Nightfall Windows Agent MSI Deployment Guide – Nightfall Help Center: [Install Nightfall AI Agent for Windows OS](https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_endpoint/install-nightfall-ai-agent-for-windows-os?utm_source=chatgpt.com) * JumpCloud Windows Agent Installation Walk-through – JumpCloud Support: [JumpCloud Agent Windows Installation Walkthrough](https://jumpcloud.com/support/jumpcloud-agent-windows-installation-walkthrough?utm_source=chatgpt.com) * JumpCloud Commands / Remote Application Install guide: [Install Applications Remotely via JumpCloud](https://jumpcloud.com/support/install-applications-remotely?utm_source=chatgpt.com)
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_endpoint/install-nightfall-ai-agent-for-windows-os/nightfall-windows-agent-deployment-jumpcloud-mdm.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.