The installation of the Agent starts immediately after the successful login to the local computer.
The credentials can either be an identification token for installation with AD functionality, or a login and password if you are installing the agent without AD functionality. If you install the agent without the credentials, you will need to log into each agent manually.
The client installs the package via GPO for the required number of users.The guide below shows the process of the Agent application installation on the Active Directory environment:
##### [https://docs.safedns.com/books/installation-guides/page/safedns-ad-agent-environment-configuration](https://docs.safedns.com/books/installation-guides/page/safedns-ad-agent-environment-configuration) ##### 2. SafeDNS Dashboard configuration (continue) After the Agent`s installation is complete, the agent starts automatically when the user logs in and transmits information about the user to the Dashboard on the "ActiveDirectory" page, "Users" submenu. Once the User appears on the list, he is not associated with any filtering profile. To allocate the user with the filtering profile please go to the Collections tab. [](https://docs.safedns.com/uploads/images/gallery/2024-07/FhmGEGT33lzOPEsL-image-1722110978059.png) ##### 3. Allocating users with the filtering Policy. To start filtering create a Collection in the "Collections" tab: [](https://docs.safedns.com/uploads/images/gallery/2024-07/3xvYzF98sD3mc2OW-image-1722111108970.png) 1\. Enter the name of the Collection; 2\. Choose the domain name; 3\. Press the "Save Collection" button; [](https://docs.safedns.com/uploads/images/gallery/2024-07/uPt4sAVTcFpCQSlt-image-1722115683684.png) Once the collection is created, the following window will appear: [](https://docs.safedns.com/uploads/images/gallery/2024-07/4O7F4FHEh1XlGBF4-image-1722116750272.png) ##### 4. Collection Overview Once the Users are allocated with the Filtering policy, the Collection tab looks the following way: [](https://docs.safedns.com/uploads/images/gallery/2024-07/0acAUb2gEyXIgjcG-image-1722116823435.png) [](https://docs.safedns.com/uploads/images/gallery/2024-07/zL4TPIgRPHB6zgAc-image-1722117616284.png) ##### 5. Users tab overview Once the Users are allocated with the Policies, the User tab shows the detailed information: [](https://docs.safedns.com/uploads/images/gallery/2024-07/4iVJay5KJsc9TvgL-image-1722117823217.png) # SafeDNS and local resources This guide explains how to set up the SafeDNS service in the Active Directory environment with the SafeDNS Dashboard. #### Manual Setup in the Dashboard One of the main ways to gain access to AD resources without using the safeDNS agent is to use special options available on Office/Enterprise plans. You must add SafeDNS DNS-servers addresses - **195.46.39.39** and **195.46.39.40** - to the DNS forwarder on your Primary Domain Controller (and secondary, if applicable), so all devices in a filtered network receive SafeDNS IP addresses as the DNS. After this you need to add your external IP address to the dashboard. Navigate to **Dashboard -> Settings -> Devices** and add your external IP in the section "IP addresses/DynDNS". [](https://docs.safedns.com/uploads/images/gallery/2024-08/FIP0HKxn982piWKP-1-safedns-and-active-directory.png) #### Grant access to local resources. 1\. Navigate to **Dashboard -> Settings -> Advanced -> Active Directory**. 2\. Enter and add your AD **domain** in the form. [](https://docs.safedns.com/uploads/images/gallery/2024-08/Y113X9uER9P6bTlW-2-safedns-and-active-directory.png) 3\. Enter and add the **name** of the PDC (Primary Domain Controller) and its **IP address** in the local network. [](https://docs.safedns.com/uploads/images/gallery/2024-08/u5MYiddKxF8Wsm2D-3-safedns-and-active-directory.png) 4\. Add **secondary** domain controllers, if applicable. You can change the **PDC** by clicking on the pencil icon on the right. [](https://docs.safedns.com/uploads/images/gallery/2024-08/Zf21sGriNmPyuBkP-4-safedns-and-active-directory.png) 5\. Set aliases for all required local resources in the **Aliases** table below. Enter the **name of a local resource** and its **local IP address**.[](https://docs.safedns.com/uploads/images/gallery/2024-08/3mlFsPYGtzJlYrw9-5-safedns-and-active-directory.png) 6\. Wait about **5-7 minutes** until all local resources become accessible.Please note that settings take 5-7 minutes to apply. Stats and filtering status update every 10 minutes.
# SafeDNS Agent Intune installation #### 1. Setting up the Intune environment Firstly, need to set up the user, and domain in the Intune panel, add the software, configure it, and then log in to the Microsoft/Intune account from the client's computer. To install the SafeDNS agent, download the **.exe** installation file from the SafeDNS Dashboard. Then the installation file should be converted into a **.intunewin** file.Before starting the installation ensure that the necessary licenses are active. If there are no licenses, go to **Marketplace** > **All Products** > **Security and Identity** and select needed licences.
1\. Open Microsoft 365 Admin Center: [https://admin.microsoft.com.](https://admin.microsoft.com/) Select **Billing** > **Licenses** Make sure that the following licenses are active: 1\. Intune 2\. Microsoft Entra licenses ID P2 [](https://docs.safedns.com/uploads/images/gallery/2024-07/48IYhjbKDHAyP2CA-image-1719870095958.png) 2\. If there are no licenses, go to **Marketplace** > **All Products** > **Security and Identity**, select the licenses listed above, and order them. [](https://docs.safedns.com/uploads/images/gallery/2025-06/qvhHGZNbPCHQcfNH-intune-installation1.png) 3\. The next step is creating/adding users to log in from client computers. New users can be created or invited to existing external users. [](https://docs.safedns.com/uploads/images/gallery/2024-07/m6zFpqjEV7eFMyXB-image-1719870128052.png) 4\. Creating the username, nickname, display name, and password: [](https://docs.safedns.com/uploads/images/gallery/2024-07/5KJkNlKmggYvE4b3-image-1719870156017.png) 5\. Review and check the parameters, then finish the process of user creation: [](https://docs.safedns.com/uploads/images/gallery/2024-07/rJN3nilchm3l0Ck9-image-1719870225845.png) 6\. Go to the Intune admin panel: [https://intune.microsoft.com](https://intune.microsoft.com/) There might be a need to enter a password or use the Microsoft authenticator from the phone Go to **Devices** > **Windows:** [](https://docs.safedns.com/uploads/images/gallery/2024-07/nabGlgkbWmcTwvZs-image-1719870242916.png) 7\. Select **Enrollment** > **Automatic Enrollment:** [](https://docs.safedns.com/uploads/images/gallery/2024-07/LPQdvRZtQIF4TeVt-image-1719870250730.png) 8\. Activate **MDM user Scope** > **All** and **Save** the settings: [](https://docs.safedns.com/uploads/images/gallery/2024-07/804T1LQepmucYIxQ-image-1719870265104.png) 9\. Set the PIN code to unlock the device using the Windows Hello for Business feature: [](https://docs.safedns.com/uploads/images/gallery/2024-07/4wHjc1rHpnfE71W9-image-1719870315636.png) 10\. The settings are on the right-side panel. Once the settings are configured, save the changes. Now using the credentials created above user can log in to the Azure Active Directory #### 2. Preparing application for Intune PortalPrepare the application to be loaded into the Intune Portal. The supported format of the application is the \***.intunewin** To create the application, use the tool `IntuneWinAppUtil.exe` For more information on how to prepare the \***.intunewin** application, follow the guide below:
1\. Microsoft Win32 Content Prep Tool link: [https://go.microsoft.com/fwlink/?linkid=2065730](https://go.microsoft.com/fwlink/?linkid=2065730) The tool creates the \***.intunewin** application that is ready to upload into Intune. Here is the [link ](https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-prepare)on how to do it. 2\. The next step is to configure the application: Go to **Apps** > **Windows** [](https://docs.safedns.com/uploads/images/gallery/2024-07/srmf1L69SWVwNVia-image-1719870336808.png) 3\. Add the newly created \***.intunewin** application: [](https://docs.safedns.com/uploads/images/gallery/2024-07/PiokZv7SzJgUBqfQ-image-1719870509233.png) 4\. Select from the list of Windows app **Win32**, and tap **Select**: [](https://docs.safedns.com/uploads/images/gallery/2024-07/UTlWGBMnbdK9EK96-image-1719870523295.png) 5\. Press the **Select app** package file button, select the recently created **.intunewin** file, and tap **OK**: [](https://docs.safedns.com/uploads/images/gallery/2024-07/WVu7uc5kI4S8WJDN-image-1719870722594.png)The installation of the Agent starts immediately after the successful login to the local computer.
Important Notice:
I: If the Active Directory is already installed and configured, while the Group Policy Management is not configured, please proceed with the installation of the Group Policy Management.
II: If the Active Directory and Group Policy Management are already installed and configured, please proceed to step 3 - Creating Users/Groups.
III: If the Active Directory and Group Policy Management are already installed and configured and Users/Groups exist, please proceed to step 4 - MSI File Preparation on the Server
This process for the NOAD agent installation follows exactly the same steps as described below. The only difference is that the NOAD agent uses credentials instead of an AD key and has the AD module disabled using the /noad key.
#### 1. Server installation Part. Installation of the Roles and Features. Start the Server Manager and initiate the installation of the Roles: [](https://docs.safedns.com/uploads/images/gallery/2024-07/fpeMuWymNxnDmtvG-image-1719873513183.png) [](https://docs.safedns.com/uploads/images/gallery/2024-07/EfqtjYupHPZW2LJ8-image-1719873557001.png) Selecting Role-based or feature-based installation: [](https://docs.safedns.com/uploads/images/gallery/2024-07/NZaPRJDhOlIHVdWU-image-1719873584888.png) Selecting the local server from the Server Pool: [](https://docs.safedns.com/uploads/images/gallery/2024-07/mwXzwdmtXlpzkKOc-image-1719873617241.png) Selecting the Active Directory Domain Services role and in the small window taping the Add Features button: [](https://docs.safedns.com/uploads/images/gallery/2024-07/jcatm5dCsvL2KF7B-image-1719873688795.png) The next step is to select the Role of the DNS Server, accepting the proposed Features list: [](https://docs.safedns.com/uploads/images/gallery/2024-07/4r12SwKMJB7OZWrZ-image-1719873785690.png) Accept the selected before Roles and tap the Next button: [](https://docs.safedns.com/uploads/images/gallery/2024-07/9PS6JD1zXy3kYnmL-image-1719873996913.png) Select the Group Policy Management feature: [](https://docs.safedns.com/uploads/images/gallery/2024-07/sKXFcyvJKcI9CLpV-image-1719874023816.png) Brief information about Azure Active Directory Domain Services(promo): [](https://docs.safedns.com/uploads/images/gallery/2024-07/iYaSkmOClSoYSQoz-image-1719874060407.png) Brief information about installing DNS server: [](https://docs.safedns.com/uploads/images/gallery/2024-07/fNf1c3a3GhOlmLa6-image-1719874123270.png) The summary with the list of installing Roles and Features: [](https://docs.safedns.com/uploads/images/gallery/2024-07/4SSatQaKOjxOS9Dc-image-1719874166388.png) The installtion process begins: [](https://docs.safedns.com/uploads/images/gallery/2024-07/CSR3qbOZm9wlfilj-image-1719874227531.png) Once installed, the wizard shows the results of the installation: [](https://docs.safedns.com/uploads/images/gallery/2024-07/0YvPjebw88vapdEu-image-1719875358686.png) We are set with the installation of the Roles & Features. Please close the window. #### 2. Active Directory Configuration process. Start the Server Management and promote the server as a domain controller: [](https://docs.safedns.com/uploads/images/gallery/2024-07/pzQmE0vTiGlegThW-image-1719875481886.png) Creating a new forest and name it accordingly: [](https://docs.safedns.com/uploads/images/gallery/2024-07/lbcZdskoYVHBfApm-image-1719875665812.png) Leaving the options by default. Please set the DSRM password: [](https://docs.safedns.com/uploads/images/gallery/2024-07/dnJrC5lzt7YDgImt-image-1719875707416.png) Configure the delegation options (if there is a need for that): [](https://docs.safedns.com/uploads/images/gallery/2024-07/a0Ccc7AVXAjt53Ue-image-1719876092400.png) Configure the NETBIOS name: [](https://docs.safedns.com/uploads/images/gallery/2024-07/JmRLtDbkHTaTXhNH-image-1719876146683.png) Configuring the system folders: [](https://docs.safedns.com/uploads/images/gallery/2024-07/zsRtbf2hQRKLULUJ-image-1719876165886.png) The preview of the installing options: [](https://docs.safedns.com/uploads/images/gallery/2024-07/PR5xlNh44RCtEzmX-image-1719876207394.png) Prerequisites check and install: [](https://docs.safedns.com/uploads/images/gallery/2024-07/9AYI8ZxAkLPuF2ia-image-1719876234499.png) #### 3. Creating User/Groups on the AD. The new group and user should be created for the Agent Software delivery to the end-user computers. The application installation starts immediately after first user logon to the computer. ##### 3.1. Creating a new user. Open the Active Directory Users and Computers, select the recently created domain, then Users => New => User: [](https://docs.safedns.com/uploads/images/gallery/2024-07/OWyGJA8HutQyRBRD-image-1719876407599.png) Setting the username: [](https://docs.safedns.com/uploads/images/gallery/2024-07/9c9wpUT3XszoJAyv-image-1719876466036.png) Password: [](https://docs.safedns.com/uploads/images/gallery/2024-07/ARMWzVmE1HaW3QS5-image-1719876540954.png) Reviewing the object(User) summary and finishing the process: [](https://docs.safedns.com/uploads/images/gallery/2024-07/hEo8BBESpq15vzcE-image-1719876563571.png) ##### 3.2. Creating of the User Group. Users can be part of one group within the AD environment. The application can be applied to a group of users optimizing the configuration and management of the Application Rollout. Active Directory Users and Computers, Selecting our domain, and then tap on the Users => New => Group: [](https://docs.safedns.com/uploads/images/gallery/2024-07/LDtUAcgSefihSowG-image-1719876621028.png) Entering the data of the Group and tap OK: [](https://docs.safedns.com/uploads/images/gallery/2024-07/4C2uISBze4B0isC5-image-1719876851444.png) Please check that User and group has been created: [](https://docs.safedns.com/uploads/images/gallery/2024-07/LBSU3zYSaxBADlnn-image-1719876932012.png) ##### 3.3. User added to the group. Select the group and in the context menu tap the Properties: [](https://docs.safedns.com/uploads/images/gallery/2024-07/DBNkH9v9DEZSwFDi-image-1719876972656.png) On the appeared window select Members and tap the Add button. Enter the username in the search field and press OK: [](https://docs.safedns.com/uploads/images/gallery/2024-07/SsrQYSXGxmQ6Sa9c-image-1719877100730.png) Select the user safedns\_win11\_test and tap OK button: [](https://docs.safedns.com/uploads/images/gallery/2024-07/ha4q9uhlYv2PbKPs-image-1719877211354.png) Check the result and press OK button: [](https://docs.safedns.com/uploads/images/gallery/2024-07/fm9wQPjrx3C5A5ny-image-1719877253089.png) The user creation part is over, now we need to configure GPO. #### 4. MSI file Preparation on the server. The MSI Agent package should be prepared and copied to the folder on the Active Directory Server.The MSI Agent package is prepared by SafeDNS. Our technical team generates and inserts your personal identification token into the package.
The folder with the Agent package should be avalable from the client's computer. [](https://docs.safedns.com/uploads/images/gallery/2024-07/fTqbKW70mD2CHv1m-image-1719877376881.png) The folder permissions should be the following. User Everyone should have access to the read&execute: [](https://docs.safedns.com/uploads/images/gallery/2024-07/V5E5cpGwUYE9HX8x-image-1719930007444.png) The preparation of the file process is over. #### 5. Group Policy Configuration. Open the Group Policy Management console Select the current domain, then Group Policy Objects and open the context menu => New [](https://docs.safedns.com/uploads/images/gallery/2024-07/m2fPOCTbXggQW51T-image-1719930175238.png) Please name the Group Policy accordingly: [](https://docs.safedns.com/uploads/images/gallery/2024-07/7SAcLCuN7K0pqu61-image-1719930314761.png) Once the policy is created, please set the User/Group applied the GPO installation: [](https://docs.safedns.com/uploads/images/gallery/2024-07/UJPr3QIrAuGWQN3x-image-1719930359537.png) In the appeared window select the Group safedns\_agent - with the user safedns\_win11\_test: [](https://docs.safedns.com/uploads/images/gallery/2024-07/efT9y6Y6Vc4Zw0Tb-image-1719930504658.png) Once the GPO is created, tap the context menu of the object and click on Edit button: [](https://docs.safedns.com/uploads/images/gallery/2024-07/prutRLgRGrRSaA7p-image-1719930644053.png)Important notice: There are 2 possible ways of the MSI package installation:
1. ##### Installation Policy applied to the computer - Computer Configuration 2. ##### Installation Policy applied to the user - User configuration [](https://docs.safedns.com/uploads/images/gallery/2024-07/LcZajQiSLYmUqyLk-image-1719930802132.png)It is recommended to use Computer Configuration - the software installation will start without user interaction and the user can not stop/close installation.
The second option - User Configuration requires user actions on the computer to start the package installation and will require Administrator credentials.
In the Group Policy Management Editor select Computer Configuration then Policies => Software Settings => Software Installation. Tap the context menu button and select New=>Package: [](https://docs.safedns.com/uploads/images/gallery/2024-07/bgZow6vtrilY4MJ2-image-1719931149148.png) Select the SafeDNS Agent installation package. The path should be the following: \\\\server\\share\\SafeDNS\_AD\_Agent\_3.0.5.msi [](https://docs.safedns.com/uploads/images/gallery/2024-07/AHJc3A0eMPvbD9B5-image-1719931222454.png) Select the Assigned deploy method: [](https://docs.safedns.com/uploads/images/gallery/2024-07/eC9ZDldz9Hn6R5ep-image-1719931383646.png) Once the Application package is added, the new record should appear in the list: [](https://docs.safedns.com/uploads/images/gallery/2024-07/U6YkIda8czGHyHQO-image-1719931442193.png)The installation is finished, the Agent should be installed after the next login to the computer.
Depending on the MSI package settings, after the installation the following objects should appear: 1. SafeDNS Agen icon on the Desktop 2. SafeDNS Agent service 3. SafeDNS icon on the system tray [](https://docs.safedns.com/uploads/images/gallery/2024-07/emJMNg8RQNwpMXq8-image-1719931503726.png) If there is a need to start the MSI package installation before restarting/new login please start the CMD command line and run the following command: ##### gpupdate /force This command will initiate the installation process: [](https://docs.safedns.com/uploads/images/gallery/2024-07/ipkxenlzPF9pVrhG-image-1719931829481.png) Once the computer restarted, the applicaation will appear on the Desktop, the service created and the icon appeared in the system tray: [](https://docs.safedns.com/uploads/images/gallery/2024-07/oqjBY0YeodbeDvXt-image-1719931964437.png)