Nightfall Windows Agent Deployment: JumpCloud MDM

Learn how to install the Nightfall agent on Microsoft Windows OS using the JumpCloud MDM.

1. Pre-deployment Preparations

Before beginning the install, make sure you have the following:

A JumpCloud Admin / MDM environment ready, and the JumpCloud Agent already configured or in process of being configured for your Windows devices.
The Nightfall Windows Agent deployment bundle (MSI) and associated parameters (API_KEY / COMPANY_ID) as provided by Nightfall.
Internal device group or OU targeting plan within JumpCloud (for example: Windows corporate laptops, desktops, etc).
Communication to end-users (if needed) and any documentation of maintenance windows or reboots.
Valid credentials / admin rights on target Windows devices (or ability via MDM / script to install silently).

2. Installing the JumpCloud Agent (if not already installed)

If JumpCloud Agent is not yet installed on your Windows endpoints, follow these steps:

In the JumpCloud Admin Portal, go to Device Management → Devices → click + Add Device, select the Windows tab.
Download the Windows Agent MSI (e.g., jcagent-msi-signed.msi).
Install the MSI on the endpoint manually, or via script/automation:
- Double-click the MSI and follow the install wizard.
- Alternatively, via command line:
  msiexec /i "<path>\\jcagent-msi-signed.msi" /quiet JCINSTALLERARGUMENTS="-k <CONNECT_KEY> /VERYSILENT /SUPPRESSMSGBOXES"
  where <CONNECT_KEY> is the JumpCloud device connect key.
Verify installation:
- Control Panel → Programs & Features should show “JumpCloud Agent vX.X.X”.
- In Services (services.msc), find the “JumpCloud Agent” service and ensure it’s running.
- In JumpCloud Admin Portal → Devices, verify device appears and status is Active (green check).

Once JumpCloud agent is installed and reporting, you’re ready to deploy the Nightfall Windows Agent via JumpCloud.

3. Package and Script Preparation for Nightfall Agent

Since the Nightfall Windows Agent requires installation with parameters (API_KEY, COMPANY_ID) and likely silent deployment, prepare the package and scripts accordingly:

Obtain the NightfallAgent MSI from Nightfall (e.g., NightfallAgent.msi).
Copy the install command from the Nightfall console, it will have the values for API_KEY and COMPANY_ID that you would be using in jumpcloud command configuration.
If using network share or download from URL, reference the documented options in Nightfall’s MSI Deployment guide.

4. Deploying via JumpCloud – Windows Endpoint Group

Use JumpCloud’s Commands/Policies feature to deploy the Nightfall Agent silently to the target Windows device group:

In JumpCloud Admin Portal: Commands → + Create Command (or use Policies if available)
Provide a name for the command (e.g., “Install Nightfall Agent Windows”)
Select Run As: root
Select Platform: Windows
Check the checkbox for Windows Powershell
Check marking windows powershell checkbox
Scroll to bottom and upload the Nightfall MSI (if pushing file) or ensure the script will download the MSI from a central location. (See JumpCloud’s “Install Applications Remotely” guide: it supports uploading files or downloading within the script)
Setting the path of the file upload
Copy the File Destination where the MSI would be copied onto the enrolled devices by jumpcloud mdm.

Paste the following in command body and replace with your File Destination ($msi value), API_KEY and COMPANY_ID that you got from the nightfall dashboard.

$msi = 'C:\\Windows\\Temp\\NightfallAgent.msi'
$args = @(
    '/i', "`"$msi`""
    'API_KEY="<API_KEY>"'
    'COMPANY_ID="<COMPANY_ID>"'
    'INSTALL_NF_DRIVER=1'
    '/qn'
)

Start-Process msiexec.exe -ArgumentList $args -Wait -NoNewWindow

Scope the command to the appropriate device group(s) – your Windows endpoints group.
Schedule or trigger the command: depending on your rollout plan, may execute on a maintenance window, or immediately in a pilot group.
(Optional) Add reboot logic if required.

5. Post-Installation Verification

After installation, verify that the Nightfall Agent is functioning correctly:

On the Windows machine, check Programs & Features to confirm “Nightfall Agent” appears.
In Services (services.msc), verify the Nightfall service is installed and running.
Confirm that the NightfallUI app is shown on the taskbar and that the Version, Company UUID, and Device ID are correct.
In the Nightfall Admin Console → Endpoints (or equivalent) confirm the device is in the “Connected” state.
In JumpCloud Admin Portal → Devices, check that the device remains active and that there are no policy conflicts or errors.
Conduct a simple test of exfiltration detection (per your internal policy) to ensure the agent is monitoring as expected.

6. Troubleshooting & Best Practices

Ensure that the MSI installation parameters (API_KEY, COMPANY_ID) are correct and correspond to your Nightfall account.
If installation fails silently, re-run the installation with log flags and check the install log file:

$args = @( 
    '/i', ""$msi"" 
    'API_KEY="<API_KEY>"' 
    'COMPANY_ID="<COMPANY_ID>"' 
    'INSTALL_NF_DRIVER=1'
    '/qn'

    '/L*V’,'C:\\Windows\\Temp\\NightfallAgent-install.log’
)

If devices have pending reboots or other software installations, consider staging installation to avoid conflicts.
Because you’re installing via JumpCloud, ensure the device’s JumpCloud Agent is up-to-date and reporting properly before deploying Nightfall.
For stealth or minimal-disruption deployment (if desired), schedule installs during off-hours and consider using silent /qn /norestart. The Nightfall Windows guide supports silent installs.
Document versioning of Nightfall Agent: if you need to upgrade later, consider how you’ll script uninstall + reinstall or patch. The MSI guide covers uninstall.
Monitor JumpCloud’s device compliance and policy execution logs to ensure the command executed successfully.

7. Roll-out Plan Summary

Phase

Actions

Pilot

Select small group (~5-10 Windows devices) → install JumpCloud agent if needed → deploy Nightfall via JumpCloud → verify functionality.

Production

After successful pilot, scale to full Windows device group via JumpCloud command/policy.

Post-rollout

Monitor agent reporting, exfiltration alerts, endpoint health via Nightfall and JumpCloud dashboards.

Maintenance

Define schedule for Nightfall Agent updates, patches, and periodic compliance checks.

8. Uninstall via JumpCloud

In JumpCloud Admin Portal: Commands → + Create Command (or use Policies if available)
Provide a name for the command (e.g., “Uninstall NightfallAI Agent Windows”)
Select Run As: root
Select Platform: Windows
Enable the checkbox for Windows Powershell
Keep the Timeout After value to 1200s (20m)

Paste the following into Command:

# Uninstall "NightfallAI Agent" silently via MSI ProductCode, with full logging.
# Works for both 64-bit and 32-bit (WOW6432Node) installs.

$TargetDisplayName = 'NightfallAI Agent'
$UninstallHives = @(
  'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
  'HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall'
)

Write-Host "Searching for '$TargetDisplayName' in uninstall registry..." -ForegroundColor Cyan

$found = $null
foreach ($hive in $UninstallHives) {
  if (-not (Test-Path $hive)) { continue }
  foreach ($sub in Get-ChildItem $hive -ErrorAction SilentlyContinue) {
    try {
      $p = Get-ItemProperty $sub.PSPath -ErrorAction SilentlyContinue
      if ($p.DisplayName -eq $TargetDisplayName) {
        $found = [pscustomobject]@{
          KeyName         = $sub.PSChildName
          KeyPath         = $sub.PSPath
          DisplayName     = $p.DisplayName
          UninstallString = $p.UninstallString
        }
        break
      }
    } catch { }
  }
  if ($found) { break }
}

if (-not $found) {
  Write-Host "Not installed: $TargetDisplayName — nothing to do." -ForegroundColor Yellow
  exit 0
}

Write-Host "Found:" -ForegroundColor Green
Write-Host "  Key: $($found.KeyPath)"
Write-Host "  UninstallString: $($found.UninstallString)"

# Try to extract ProductCode (GUID) from key name or UninstallString
$guid = $null
if ($found.KeyName -match '^\\{[0-9A-Fa-f-]{36}\\}$') { $guid = $found.KeyName }
elseif ($found.UninstallString -match '\\{[0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}\\}') { $guid = $matches[0] }

$LogPath = 'C:\\Windows\\Temp\\NightfallAgent-uninstall.log'

if ($guid) {
  Write-Host "Using ProductCode $guid for silent uninstall via msiexec..."
  $args = @('/x', $guid, '/qn', '/norestart', '/L*V', $LogPath)
  $proc = Start-Process -FilePath msiexec.exe -ArgumentList $args -Wait -PassThru -NoNewWindow
  $code = $proc.ExitCode
  Write-Host "msiexec exit code: $code"
  if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" }
  exit $code
}
else {
  # Fallback: run the UninstallString directly (best effort).
  # If it's msiexec without silent flags, try to add /qn /norestart.
  $cmd = $found.UninstallString
  if ([string]::IsNullOrWhiteSpace($cmd)) {
    Write-Error "UninstallString missing — cannot continue."
    exit 1
  }

  if ($cmd -match 'msiexec(\\.exe)?\\s+/I\\s*(\\{[^\\}]+\\})') {
    # Convert /I to /x for remove, add silent + log
    $guid2 = $matches[2]
    Write-Host "Converting msiexec /I to silent remove for $guid2"
    $args = @('/x', $guid2, '/qn', '/norestart', '/L*V', $LogPath)
    $proc = Start-Process -FilePath msiexec.exe -ArgumentList $args -Wait -PassThru -NoNewWindow
    $code = $proc.ExitCode
    Write-Host "msiexec exit code: $code"
    if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" }
    exit $code
  }
  elseif ($cmd -match 'msiexec(\\.exe)?') {
    # It's some other msiexec form; append silent flags if missing
    $aug = $cmd
    if ($aug -notmatch '/qn')       { $aug += ' /qn' }
    if ($aug -notmatch '/norestart'){ $aug += ' /norestart' }
    if ($aug -notmatch '/L\\*V')     { $aug += " /L*V `"$LogPath`"" }

    Write-Host "Running: $aug"
    $proc = Start-Process -FilePath 'cmd.exe' -ArgumentList '/c', $aug -Wait -PassThru -NoNewWindow
    $code = $proc.ExitCode
    Write-Host "msiexec exit code: $code"
    if (Test-Path $LogPath) { Write-Host "MSI log: $LogPath" }
    exit $code
  }
  else {
    # Non-MSI uninstaller (unlikely for your MSI). Launch as-is.
    Write-Host "Non-MSI uninstall string; executing as-is."
    $proc = Start-Process -FilePath 'cmd.exe' -ArgumentList '/c', $cmd -Wait -PassThru -NoNewWindow
    $code = $proc.ExitCode
    Write-Host "Uninstaller exit code: $code"
    exit $code
  }
}

Scope the command to the appropriate device group(s) or device(s).
Save.
Run the command as needed.

9. Appendix / Reference Links

Nightfall Windows Agent MSI Deployment Guide – Nightfall Help Center: Install Nightfall AI Agent for Windows OS
JumpCloud Windows Agent Installation Walk-through – JumpCloud Support: JumpCloud Agent Windows Installation Walkthrough
JumpCloud Commands / Remote Application Install guide: Install Applications Remotely via JumpCloud

If you want, I can:

Convert the images to GitBook-friendly embeds if you provide the source files, or
Produce a ready-to-paste JumpCloud command JSON/manifest if you want to automate creation.

PreviousManual Installation NextNightfall Windows Agent Deployment: Microsoft Intune

Last updated 2 days ago

Was this helpful?