The Windows Service Account Installer

strongDM provides a variant installer to set up the strongDM client as a Windows service. This document details the steps required to set up strongDM as a service.

Note: The Windows Service Account installer is designed to function on Windows 2008R2 and later.

  1. If you have not already done so, generate a service account token and assign it to a role.

  2. Download the installer zip from https://app.strongdm.com/releases/cli/windows. It can also be downloaded by logging into app.strongdm.com and selecting the ‘Windows Service Installer’ download.

  3. Find the downloaded zipfile and unzip it, revealing sdm32.exe.

  4. Open PowerShell as an administrator and navigate to the directory containing sdm32.exe.

  5. Run .\sdm32 install

  6. If prompted, type y then hit enter. (Newer versions of Windows will correctly determine administrator privileges and will not show this prompt.) Admin privileges required

  7. Paste in the service account token that has been assigned to this system and hit enter. Service account token

  8. Customize the installation path and data path, or hit enter twice to accept the defaults. A successful install will look like the screenshot above. If the install fails, please verify that you are running PowerShell as an administrator.

Testing the setup

Open a new PowerShell window as admin and run sdm status. You should see something like the screenshot below. SDM status

Some older versions of Windows do not update the PATH until the system is rebooted. If you get an error like in the screenshot below, you can use the existing sdm32.exe rather than sdm. For example: .\sdm32 status. sdm32.exe In this situation, the path will be set properly after a Windows reboot.

Connecting to datasources

Run sdm connect <unique substring of datasource name>. strongDM will recognize which data source you mean even without specifying the entire name. If you have enabled automatic datasource connection for service accounts as described in the service account guide then all datasources will be connected without the need for sdm connect.