Script to set up Cisco Umbrella Roaming Client on Windows
Cisco Umbrella is a cloud-based security service that provides a wide range of security functions in a single platform. With the help of the Umbrella roaming client, enterprises can extend its protection to all users even outside the corporate network. Cisco Umbrella offers command-line installation of the roaming client on Windows devices and allows customization of the roaming client in terms of its appearance and behavior on the device. Performing a command-line installation on each and every device may not be feasible, especially if the organization has numerous endpoints. Using Hexnode’s Execute Custom Script action, you can remotely deploy the Cisco Umbrella roaming client on all your Windows endpoints effortlessly.
Deploying Cisco Roaming Client through Hexnode
The first step in the deployment process is to download the roaming client installation file from the Cisco Umbrella dashboard.
- Log in to Cisco Umbrella.
- Navigate to Deployments > Core Identities > Roaming Computers.
- Click on Roaming Client > Download.
- Choose Download Windows Client.
- Extract the downloaded .zip file.
The downloaded .zip file will contain OrgInfo.json and readme.txt file along with the Setup.msi file. You can host the Setup.msi file on a file server to be available for download on the Windows endpoints.
PowerShell script to install the Cisco Umbrella roaming client on an endpoint:
# URL of Source MSI Package
$url = "path of msi executable with extension"
# Download Package
Start-BitsTransfer -Source $url -Destination C:\Windows\Temp\Setup.msi
# Execute the Package
msiexec /i C:\Windows\Temp\Setup.msi /qn ORG_ID=xxxx ORG_FINGERPRINT=xxxxxx USER_ID=xxxx HIDE_UI=1 HIDE_ARP=1
Start-Sleep -Seconds 10
# Remove the installer package
After specifying the file URL of the MSI package and the location on the endpoint to download the file, you can execute the script from the Hexnode console using the Execute Custom Script action.
You can invoke optional parameters along with the required parameters to configure the appearance and behavior of the roaming client on the Windows device. These parameters are appended along with the msiexec installation command.
The following three parameters should be mandatorily invoked in the installation command of the roaming client:
The above values can be found from the OrgInfo.json file or the readme.txt file in the .zip file downloaded from the Cisco Umbrella dashboard.
The following parameters can be optionally invoked if you want to change the appearance of the roaming client on the device or control the behavior of the client with regard to the internal domains configured in the Cisco Umbrella dashboard:
- HIDE_UI: Hide the roaming client’s tray icon from the system tray of the Windows device to decrease awareness of the roaming client for the end-user.
0 – show system tray icon (default)
1 – hide system tray icon
- HIDE_ARP: Hide the roaming client from the Add/Remove Program list in Windows to prevent its removal by an end-user with admin rights.
0 – show in list (default)
1 – omit from list
- NO_AUTOSUFFIX: Don’t add domains present in the ‘DNS Suffixes’ settings in network adapters and networking properties to the Internal Domains list. This is to make the roaming client more aware of local resources/domains on foreign networks.
0 – add the domains (default)
1 – don’t add the domains
- NO_NXDOMAIN: If a DNS query sent to Umbrella returns an NXDOMAIN, query the local DNS servers before giving up just in case.
0 – query local DNS servers (default)
1 – don’t query local DNS servers