Org: Mass Provisioning

Looking to deploy Control D on a fleet of devices? This section is for you.

Suggest Edits

🚧

Organizations Only

A business account is required to use this feature. If you wish to participate in the beta, email [email protected] from your work email address.

What is Mass Device Provisioning

This feature allows you to generate a provisioning code, and use it to deploy Control D to hundreds of Windows, Mac and Linux devices using a single command using your favorite RMM platform.

Create Provision Code

Within the relevant Organization, click on the Devices tab, and select Provision. Then click the + button at the top.


Fill out the appropriate fields, which are defined as follows:

  • Device Type - What kind of devices you're provisioning: Windows, Mac or Linux
  • Enforced Profile - What Profile you wish to enforce on these Devices
  • Expires After - How long this code should be usable for. After this time passed, the code cannot be used anymore
  • Limit - How many devices you expect to provision. The code will become expired once this limit is reached
  • Device Name Prefix - Optional name prefix for this batch of Devices. The name will be the OS hostname appended to the prefix. For example, if you use admin-as the prefix, and the machine hostname is "Bob-PC" then the final Device name that you will see in the web panel will be: admin-Bob-PC
  • Analytics - Desired Analytics Level
  • Prevent Deactivation - Set a PIN code that must be supplied in order to uninstall the ctrld daemon.

Windows Setup

Once you create a code, you will be shown with usage instructions. If you selected Windows, you will see a modal like this.

Automatic Setup - Installer

Simply copy the setup command and execute it on the desired endpoints using your favorite RMM tool.

(Invoke-WebRequest -Uri 'https://api.controld.com/dl/rmm' -UseBasicParsing).Content | Set-Content "$env:TEMP\ctrld_install.ps1"; Invoke-Expression "& '$env:TEMP\ctrld_install.ps1' 'CODE_GOES_HERE'"

This 1-liner command will do the following:

  1. Download the Powershell installer script and execute it with the provisioning code as an arg
  2. The Powershell script will detect the machine architecture (386, AMD64, ARM64) and download the latest binary for it into C:\ControlD, and add it to the system path.
  3. Register and start a Windows service
  4. Once the service starts, it will contact the Control D API with the provisioning code, register a Device, and configure DNS on the endpoint to use the DNS-over-HTTPS resolver for that Device

You're done. The endpoint should now be visible in the Devices section.

Automatic Setup - Script

Alternatively, you can download the self-contained installation ps1 script using the Download Install Script button.

This script can then be deployed via your RMM and executed without any args. It will perform the same installation as in the Installer step.

Manual Setup

If you don't use wish to use the 1 liner installer or Powershell for that matter, or have compatibility issues (let us know!) you can achieve the same thing with a few extra steps.

  1. Head over to GitHub and download the latest release binaries for your desired architecture
  2. Deploy the executable to the desired location of your target endpoints using your favorite RMM tool or manually. We recommend C:\ControlD\ctrld.exe
  3. Execute the "Start the service" command 
ctrld.exe start --cd-org CODE_GOES_HERE

This will perform steps 3-4 from the Automatic Setup.

Alternatively, you can use the specific Resolver ID from the relevant Device, instead of the Provision code. The command would be like so:

ctrld.exe start --cd RESOLVER_ID_HERE

🚧

System path not included

Manual flow does not create a system path for the ctrld.exe executable. You will have to execute ctrld start --cd-org xxxxx command using an absolute path. ie. C:\ControlD\ctrld.exe start --cd-org xxxxxxx

MacOS Setup

Once you create a code, you will be shown with usage instructions. If you selected Mac (or Linux), you will see a modal like this.

Automatic Setup - Installer

Simply copy the setup command and execute it on the desired endpoints using your favorite RMM tool. 

sh -c 'sh -c "$(curl -sSL https://api.controld.com/dl/rmm)" -s CODE_GOES_HERE'

This 1 liner command will do the following:

  1. Download the bash installer script and execute it with the provisioning code as an arg
  2. The bash script will detect the machine architecture and download the latest binary for it into /usr/local/bin
  3. Register and start a system service
  4. Once the service starts, it will contact the Control D API with the provisioning code, register a Device, and configure DNS on the endpoint to use the DNS-over-HTTPS resolver for that Device

You're done. The endpoint should now be visible in the Devices section.

Automatic Setup - Script

Alternatively, you can download the self-contained installation bash script using the Download Install Script button.

This script can then be deployed via your RMM and executed without any args. It will perform the same installation as in the Installer step.

Manual Setup

If you don't use wish to use the 1 liner installer, or have compatibility issues (let us know!) you can achieve the same thing with a few extra steps.

  1. Head over to Github and download the latest release binaries for your desired architecture
  2. Deploy the executable to the desired location of your target endpoints using your favorite RMM tool
  3. Execute the "Start the service" command
ctrld start --cd-org CODE_GOES_HERE

This will perform steps 3-4 from the Automatic Setup.

Linux Setup

The instructions are identical to MacOS. Please use the above guide.

Code Management

When you land on the Provision page, you can view the states of all your provisioning codes and perform various actions.

  • Email Code - This will open a modal, where you can input the email of the end user to self-provision their endpoint. This is only useful if the end-user has admin rights to their machine
  • Invalidate Code - This will prevent the code from working any further, regardless of the limit or expiry not being reached
  • Delete Code - Same as Invalidate Code, but will also remove the record from this view
  • Provisioning Instructions - Display the modal that shows you how to use this feature.

Upgrade

To upgrade the ctrld daemon to the latest version, execute the same install command but omit the first arg that supplies the provisioning code. This will download the latest version of the binary, and restart itself while keeping all the settings.

Windows

(Invoke-WebRequest -Uri 'https://api.controld.com/dl/rmm' -UseBasicParsing).Content | Set-Content "$env:TEMP\ctrld_install.ps1"; Invoke-Expression "& '$env:TEMP\ctrld_install.ps1'"

MacOS/Linux

sh -c 'sh -c "$(curl -sSL https://api.controld.com/dl/rmm)"'

Removal

To remove the daemon from the target machine, simply execute this command using your RMM tool:

ctrld uninstall

This will stop and remove the system service, and put back the DNS settings to OS defaults. The binary will still remain on disk, but will no longer do anything until you run the start command again.

🚧

If installer was not used

If you didn't use the 1 liner installer, ctrld may not be in the system path. You need to run the binary using the absolute path.

Alternatively, you can delete the Device from the Dashboard (this will instantly break DNS on the machine), and reboot the target machine. On OS boot, the daemon will not be able to re-fetch the DNS resolver (because you deleted the Device), and will self-uninstall.

Updated 14 days ago