You can use command-line commands to install and uninstall System Center Mobile Device Manager (MDM) system components. To use these commands, you must enter them at a command prompt in the directory for the relevant Setup file.
Msiexec.exe
You can use Msiexec.exe to perform all Microsoft Windows Installer functions at a command prompt. The following table shows the parameters for Msiexec.exe.
- /i
-
Msiexec parameter: This is a standard Msiexec command to install or configure a product.
- /l*xv <logfile>
-
Msiexec parameter: Turns on verbose logging with extra debugging information written to the log at the <logfile>location.
Note: You should always turn on verbose logging when you run .msi, especially at a command prompt.
- /qb
-
Msiexec parameter: Specifies the user interface level to Basic UI. Quiet mode, no user interaction. See the Setup log files and Event Viewer for warnings, errors, successes, failures, and other details.
- /x
-
Msiexec parameter: Standard Msiexec parameter to uninstall a product.
For more information about the command-line options for Msiexec, see Msiexec at this Microsoft Web site:
Other Parameters
DeviceManagement.msi
Parameter | Required or Optional | Description |
---|---|---|
SQL_SRVR |
This is required for the first MDM Device Management Server or MDM Enrollment Server installation (whichever comes first). |
The fully qualified domain name (FQDN) of the computer that is running SQL Server where you will install MDM Databases. The installing administrator must have permissions to install databases, stored procedures and logins on the database. |
SQL_ACCOUNT_TYPE |
Optional (if DB_USER and DB_PWD are used) |
The database authentication mode for the computer that is running SQL Server. By default, this value is "Current" for Windows Integrated Authentication. MDM sets this value to "Other" for SQL database authentication. |
SRVR_CA |
Recommended |
The server certification authority to use to request certificates for MDM Device Management Server during Setup. You can omit this only if SKIP_SRVR_CERT_REQ is set to TRUE. |
URI |
Required for the first MDM Device Management Server installation |
MDM Device Management Server or MDM Device Management Server load balancer FQDN. We recommend that you use a load balancer. |
DMWEB_SSL_PORT |
Optional |
If unspecified, the default is 8443. The port that MDM Device Management Server Web site uses to listen. |
ADMINWEB_SSL_PORT |
Optional |
If unspecified, the default is 8446. The port that MDM Device Management Server Administration Web site uses to listen. |
DB_USER |
Optional (not recommended) |
We do not recommend that you use this optional value. Only specify this value if you do not use Windows Integrated Authentication to connect to a SQL database. |
DB_PWD |
Optional (not recommended) |
We do not recommend that you use this optional value. Only specify this value if you do not use Windows Integrated Authentication to connect to an SQL database. |
SKIP_SRVR_CERT_REQ |
Optional (not recommended) |
Optional. If set to TRUE it will skip server certificates requests from the specified certification authority (in SRVR_CA) during Setup. You must obtain and apply certificates manually. We do not recommend that you use this optional value. |
For Enrollment.msi:
Parameter | Required or Optional | Description |
---|---|---|
SQL_SRVR |
Required for the first MDM Device Management Server or MDM Enrollment Server installation (whichever comes first) |
The FQDN of the computer that is running SQL Server on which you will install MDM databases. The installing administrator must have permissions to install databases, stored procedures and logins on the database. |
SQL_ACCOUNT_TYPE |
Optional (if DB_USER and DB_PWD are used) |
The database authentication mode for the computer that is running SQL Server. By default, this value is "Current" for Windows Integrated Authentication. MDM sets this value to "Other" for SQL database authentication. |
DEVICE_CA |
Required for the first MDM Enrollment Server installation |
The device certification authority to request certificates for device enrollment on to the domain. |
SRVR_CA |
Recommended |
The server certification authority to request certificates for MDM Enrollment Server during Setup. You can omit this value only if SKIP_SRVR_CERT_REQ is set to TRUE. |
EXT_URI |
Required for the first MDM Enrollment Server installation |
The FQDN for the external (device facing) MDM Enrollment Server or the external (device facing) MDM Enrollment Server load balancer. We recommend that you use a load balancer. |
INT_URI |
Required for the first MDM Enrollment Server installation |
The FQDN for the internal (management tool facing) MDM Enrollment Server or the internal (management tool facing) MDM Enrollment Server load balancer. We recommend that you use a load balancer. |
ADMINWEB_SSL_PORT |
Optional |
If unspecified, the default is 8445. The port that the MDM Enrollment Server Administration Web site uses to listen. |
DB_USER |
Optional (not recommended) |
We do not recommend that you use this optional value. Only specify this value if you do not use Windows Integrated Authentication to connect to the SQL database. |
DB_PWD |
Optional (not recommended) |
We do not recommend that you use this optional value. Only specify this value if you do not use Windows Integrated Authentication to connect to the SQL database. |
SKIP_SRVR_CERT_REQ |
Optional (not recommended) |
We do not recommend that you use this optional value. If set to TRUE, this value skips requests for server certificates from the specified certification authority (in SRVR_CA) during Setup. You must obtain and apply certificates manually. |
SKIP_URI_CHECK |
Optional (not recommended) |
We do not recommend that you use this optional value. If set to TRUE, this value skips FQDN validation on internal and external enrollment. This means that Setup will not try to validate and resolve these FQDNs. Use this option only if you have problems resolving FQDNs. |
ENWEB_SVC_ACC |
Optional |
If you install MDM Enrollment Server in a language that differs from that of the Microsoft SQL Server® installation, and you connect to the server that is running SQL Server remotely, you must specify the name of the Anonymous account on the server that is running SQL Server by using the ENWEB_SVC_ACC parameter. The following example shows you how to run Setup if you install the English version of MDM Enrollment Server but use a remote connection to a computer that is running the German version of SQL Server:
|
For AdminTools.msi
Parameter | Required or Optional | Description |
---|---|---|
ADDLOCAL |
Required |
Lets the installing administrator specify which components to install. This can be a comma separated values (.csv) list that has the following values:
Examples: The following will install MDM Console only silently, with basic UI:
The following will install all components silently, with basic UI:
|
For Gateway.msi
Parameter | Required or Optional | Description |
---|---|---|
VPN_IP |
Required |
The IP address for MDM Gateway Server management. This should be the company network-facing address. Note This IP address is not validated. Make sure that you type the correct address. |
VPN_PORT |
Required |
The port for MDM Gateway Server management. This should be the same port that you used for the Add MDM Gateway Wizardfor MDM Gateway Server management. |
CERT_SSL_HASHCODE |
Required |
The Gateway Authentication certificate hash code. To find the hash code or thumbprint for a certificate, see the following Note. |
CERT_CTL_HASHCODE |
Required |
The certification authority certificate hash code for the root certificate. To find the hash code or thumbprint for a certificate, see the following Note. The certification authority must be a root certification authority. |
Note: |
---|
When you install MDM Gateway Server at a command prompt, you must supply the certificate hash codes to determine which certificates that you want to configure with IIS. You can obtain certificate information by using the Certificate MMC snap-in. To find the hash code, double-click the certificate, choose the Detailstab, and then locate the Thumbprintvalue. The thumbprint is a hexadecimal string that you can copy and paste on to the command line. Make sure that you omit any spaces in the hexadecimal string. Another way to obtain these values is to use MDM Gateway Server Setup in UI mode. In the Certificate Pickerdialog box, choose the Detailstab. |
MDM Enrollment Server
Install Command
Copy Code | |
---|---|
msiexec.exe /i enrollment.msi SQL_SRVR=<SQL_SRVR_NAME> DEVICE_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME> SRVR_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME> EXT_URI=<EXT_URI_NAME> INT_URI=<INT_URI_NAME> /l*xv d:\logs\enrollmentLog.txt /qb |
Uninstall Command
Copy Code | |
---|---|
msiexec.exe /x enrollment.msi /qb SQL_SRVR= "dbsrvr" remove_db=<true|false> /l*xv <logfile> |
You should only use the remove_db parameter when you want to remove the whole MDM system from your environment.
MDM Device Management Server
Install Command
Copy Code | |
---|---|
msiexec.exe /i DeviceManagement.msi SQL_SRVR=<SQL_SRVR_NAME> SRVR_CA=<CA_SRVR_NAME>\<CA_INSTANCE_NAME> URI=<DM_URI_NAME> DMWEB_SSL_PORT=<DM_SSL_PORT> ADMINWEB_SSL_PORT=<ADMIN_SSL_PORT> /l*xv d:\logs\DMLog.txt /qb |
Uninstall Command
Copy Code | |
---|---|
msiexec.exe /x DeviceManagement.msi /qb SQL_SRVR="dbsrvr" remove_db=<true|false> /l*xv <logfile> |
You should only use the remove_db parameter when you want to remove the whole MDM system from your environment.
MDM Gateway Server
Install Command
Copy Code | |
---|---|
msiexec.exe /i Gateway.msi /qb VPN_IP=<InternalIP> VPN_PORT=<SSL_PORT> CERT_SSL_HASHCODE=<Gateway Authentication certificate hash code> CERT_CTL_HASHCODE=<Certification Authority certificate hash code for the root certificate> |
Note: |
---|
When you install MDM Gateway Server at a command prompt, you must supply the certificate hash codes to determine which certificates that you want to configure with IIS. |
MDM Administrator Tools
Install Command
Copy Code | |
---|---|
msiexec.exe /i AdminTools.msi ADDLOCAL="MDM_MANAGEMENT,SOFTWARE_DISTRIBUTION,GROUP_POLICY_EXT" ALLUSERS=1 /l*xv d:\logs\AdminLog.txt /qb |
Important: |
---|
The ADDLOCAL property accepts only case-sensitive values. The input must be in uppercase letters. For example, ADDLOCAL="MDM_MANAGEMENT,GROUP_POLICY_EXT,SOFTWARE_DISTRIBUTION" |
Uninstall Command
Copy Code | |
---|---|
msiexec.exe /x AdminTools.msi /qb |
Remove Features Command
Copy Code | |
---|---|
msiexec /i AdminTools.msi /qb REMOVE="<Feature List>" |