Org: Mass Provisioning
Looking to deploy Control D on a fleet of devices? This section is for you.
Organizations Only
A business account is required to use this feature. If you wish to participate in the beta, email [email protected] from your work email address.
What is Mass Device Provisioning
This feature allows you to generate a provisioning code, and use it to deploy Control D to hundreds of Windows, Mac and Linux devices using a single command using your favorite RMM platform.
Create Provision Code
Within the relevant Organization, click on the Devices tab, and select Provision. Then click the +
button at the top.
Fill out the appropriate fields, which are defined as follows:
- Device Type - What kind of devices you're provisioning: Windows, Mac or Linux
- Enforced Profile - What Profile you wish to enforce on these Devices
- Expires After - How long this code should be usable for. After this time passed, the code cannot be used anymore
- Limit - How many devices you expect to provision. The code will become expired once this limit is reached
- Device Name Prefix - Optional name prefix for this batch of Devices. The name will be the OS hostname appended to the prefix. For example, if you use
admin-
as the prefix, and the machine hostname is "Bob-PC" then the final Device name that you will see in the web panel will be:admin-Bob-PC
- Analytics - Desired Analytics Level
Windows Setup
Once you create a code, you will be shown with usage instructions. If you selected Windows, you will see a modal like this.
Automatic Setup
Simply copy the setup command and execute it on the desired endpoints using your favorite RMM tool using cmd (batch).
powershell -Command "(Invoke-WebRequest -Uri 'https://api.controld.com/dl' -UseBasicParsing).Content | Set-Content '%TEMP%\ctrld_install.bat'" && %TEMP%\ctrld_install.bat CODE_GOES_HERE forced
Alternatively, you can use pure Powershell:
(Invoke-WebRequest -Uri 'https://api.controld.com/dl' -UseBasicParsing).Content | Set-Content "$env:TEMP\ctrld_install.bat"; Start-Process -NoNewWindow -FilePath "$env:TEMP\ctrld_install.bat" -ArgumentList 'CODE_GOES_HERE', 'forced'
This 1 liner command will do the following:
- Download the batch installer script and execute it with the provisioning code as an arg
- The batch script will detect the machine architecture (386, AMD64, ARM64) and download the latest binary for it into C:\ControlD, and add it to the system path
- Register and start a Windows service
- Once the service starts, it will contact the Control D API with the provisioning code, register a Device, and configure DNS on the endpoint to use the DNS-over-HTTPS resolver for that Device
You're done. The endpoint should now be visible in the Devices section.
Manual Setup
If you don't use wish to use the 1 liner installer, or have compatibility issues (let us know!) you can achieve the same thing with a few extra steps.
- Head over to GitHub and download the latest release binaries for your desired architecture
- Deploy the executable to the desired location of your target endpoints using your favorite RMM tool
- Execute the "Start the service" command
ctrld.exe start --cd-org CODE_GOES_HERE
This will perform steps 3-4 from the Automatic Setup.
System path not included
Manual flow does not create a system path for the ctrld.exe executable. You will have to execute ctrld start --cd-org xxxxx command using an absolute path. ie.
C:\ControlD\ctrld.exe start --cd-org xxxxxxx
MacOS Setup
Once you create a code, you will be shown with usage instructions. If you selected Mac (or Linux), you will see a modal like this.
Automatic Setup
Simply copy the setup command and execute it on the desired endpoints using your favorite RMM tool.
sh -c 'sh -c "$(curl -sSL https://api.controld.com/dl)" -s CODE_GOES_HERE forced'
This 1 liner command will do the following:
- Download the bash installer script and execute it with the provisioning code as an arg
- The bash script will detect the machine architecture and download the latest binary for it into
/usr/local/bin
- Register and start a system service
- Once the service starts, it will contact the Control D API with the provisioning code, register a Device, and configure DNS on the endpoint to use the DNS-over-HTTPS resolver for that Device
You're done. The endpoint should now be visible in the Devices section.
Manual Setup
If you don't use wish to use the 1 liner installer, or have compatibility issues (let us know!) you can achieve the same thing with a few extra steps.
- Head over to Github and download the latest release binaries for your desired architecture
- Deploy the executable to the desired location of your target endpoints using your favorite RMM tool
- Execute the "Start the service" command
ctrld start --cd-org CODE_GOES_HERE
This will perform steps 3-4 from the Automatic Setup.
Code Management
When you land on the Provision page, you can view the states of all your provisioning codes and perform various actions.
- Email Code - This will open a modal, where you can input the email of the end user to self-provision their endpoint. This is only useful if the end-user has admin rights to their machine
- Invalidate Code - This will prevent the code from working any further, regardless of the limit or expiry not being reached
- Delete Code - Same as Invalidate Code, but will also remove the record from this view
- Provisioning Instructions - Display the modal that shows you how to use this feature.
Removal
To remove the daemon from the target machine, simply execute this command using your RMM tool:
ctrld uninstall
This will stop and remove the system service, and put back the DNS settings to OS defaults.
If installer was not used
If you didn't use the 1 liner installer,
ctrld
may not be in the system path. You need to run the binary using the absolute path.
Alternatively, you can delete the Device from the Dashboard (this will instantly break DNS on the machine), and reboot the target machine. On OS boot, the daemon will not be able to re-fetch the DNS resolver (because you deleted the Device), and will self-uninstall.
Updated about 9 hours ago