Skip to main content

Mass Deployment on Windows via InTune

Need to speed things up? Try this...

Updated this week

🚨 IMPORTANT 🚨

Please note, the DeviceName must be unique to avoid issues when scanning.

Please note, every organisation has a different environment, different device/software management processes and very different requirements so we can only provide a generic guide – we cannot account for every eventuality, but we hope this helps.

Step one:

Get your agent information

  1. Go to your Intruder account > Targets > Click Add target > click Internal targets:
    ​

  2. Select Mass deployment:
    ​

  3. You will be presented with the following screen, make sure you note down the Prefix and Key and hit 'All done'.
    ​

  4. From here, you need to grab the installer file. To do that, you can head to Tenable's downloads page and then skip down to the installation instructions.
    ​
    Alternatively, hit the Add targets button again > select Internal targets :
    ​


    Then hit Single agent

  5. When the following modal appears, enter Windows, the OS version, and any device name (this is not needed as the device names will be uniquely generated as part of the deployment) > Download agent:
    ​

  6. After clicking 'Download agent', you can then download and save the .msi file, and then delete the internal target that was created if you don't need it.

Step two:

Installation instructions modal

  1. Make sure you download the Nessus Agent to a clean folder on your computer (in this case and for the remainder of this guide we will refer to the agent MSI file as NessusAgent-10.1.1-Win32.msi please note that the 10.1.1 part may change as new versions are released).

  2. Take a copy of the command and keep it handy so you can extract the information you need to deploy to multiple agents.
    In our example the command we will refer to is:

    msiexec /i "NessusAgent-10.1.1-Win32.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef NESSUS_NAME=01234567-89ab-cdef-0123-456789abcdef_MYDEVICE /qn

Step three:

Prepare your .intunewin package

    1. Download the Microsoft Intune Win32 App Packaging Tool Microsoft via Github:

      https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Too

  2. Create a folder and download your NessusAgent MSI file (NessusAgent-10.1.1-Win32.msi from the previous stage) in to that folder; if it's already in it's own folder don't worry about this step.

  3. Create an installation file (named Install.cmd) in the same folder as your NessusAgent-10.1.1-Win32.msi file, and add the following installation command on a single line:

    msiexec /i "NessusAgent-10.1.1-Win32.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef NESSUS_NAME=01234567-89ab-cdef-0123-456789abcdef_%ComputerName% /qn

  4. Now, make sure that you:

    • Replace the NessusAgent-10.1.1-Win32.msi with the exact name of the MSI you downloaded previously

    • Replace the NESSUS_KEY value with the Key in the command you copied from the portal in the previous stage

    • Replace the NESSUS_NAME value with the one in the command you copied from the portal in the previous stage - this needs to be your Prefix from the portal

    • Ensure that you add _%ComputerName% to the end of the NESSUS_NAME value after the prefix

      • %ComputerName% is a placeholder that will be automatically replaced with the name of the computer from your machines' Environment Variables, at installation time.


    Save the Install.cmd file and close

  5. Open a Command Prompt cmd.exe as Administrator
    (right-click on Command Prompt and "Run as Administrator")
    ​
    Run IntuneWinAppUtil.exe from the Intune Win32 App Packaging Tool that you downloaded previously.


    Follow the steps to create the .intunewin package that can be used to deploy to multiple systems:

    • Please specify the source folder: This should be the folder where your NessusAgent-10.1.1-Win32.msi and Install.cmd files are located

    • Please specify the setup file: This should be the NessusAgent-10.1.1-Win32.msi

    • Please specify the output folder: This should be the location you want to save the .intunewin package, such as C:\Temp

Step four:

Deploy your .intunewin package

In Intune you will need to add a Windows app (Win32)

  1. When creating the app select App package file and upload your .intunewin package file

  2. Add your App Information if needed:

    • Name

    • Description

    • Publisher

    • etc.

  3. Select Program and change the Install command setting to Install.cmd

  4. Make sure the Uninstall command setting is sensible

  5. Make sure your App requirements are appropriate

  6. Make sure the Detection rules contains a manually configured detection rule:

    • Rule type: this should be set to MSI

    • MSI product code: this should be pre-populated

  7. Make sure the Return codes are appropriate, they should be pre-populated

  8. Add your app

You should now be able to deploy your app to a test system and validate that the agent calls back to your Intruder portal account.

If you come unstuck, it might be worth reviewing the other help article found here.

Related Articles
Zapier integration
Mass Deployment on Windows using PowerShell
Mass deployment on MacOs
Did this answer your question?