Windows Managed Devices
The Twingate Windows Client is distributed in both an EXE and MSI package format, allowing organizations to choose the method of device deployment that works best for them.
Both formats support the same command line parameters, the difference is that the EXE package also contains the required .NET Runtime prerequisite, and will install it automatically. This is the recommended method for distributing the Windows Client. If you decide to distribute the MSI instead please be aware that you may need to also distribute the appropriate .NET 8 Runtime.
You can download the EXE release for the latest Client version here which you can download and configure in your MDM solution (for example, Microsoft InTune).
If you need the MSI release then you can download it here.
We also maintain a historical public changelog of prior releases.
.NET Prerequisite
The MSI installer does not include the .NET Desktop Runtime. When installing the Client via the MSI, you must manually install .NET Desktop Runtime alongside the Client if not already installed.
Versions of the Windows Client from November 2024 onward require the .NET Desktop Runtime 8.0 (x64) or higher. It is recommended to install this version of the runtime in order to support all versions of the Twingate Windows Client.
You can download the .NET 8.0 Desktop Runtime x64 directly from Microsoft.
Command Line Deployment Options
Both the EXE and MSI packages support a number of command line options that are useful for automated deployments:
- Silent installation. The
/qn
option will suppress the installation dialog and automatically accept the user terms of service. - Pre-configure the Twingate Network. The
network=
option allows pre-configuring the Twingate Network name so that users do not have to enter this information. - Automatically reconnect after an update. The
auto_update=
option will tell the Client to reconnect using the existing Twingate Network session, avoiding the need for the user to log back in after an update. - Disable user triggered updates. Setting
no_optional_updates=true
will disable optional updates. See the next section for more information on why you might want to do this. - Configure NCSI global DNS. Setting
ncsi_global_dns=true
will enableNCSI_GlobalDns
. Enable this option if users are experiencing a false “No internet” NCSI while Twingate is running.
Example
In this example, this will install the Twingate Windows Client, setting the Twingate Network to beamreach.twingate.com
and disable optional updates.
TwingateWindowsInstaller.exe /qn network=beamreach.twingate.com no_optional_updates=true auto_update=true
When that command is run on a system that already has the Twingate Client installed, it will attempt to perform an in-place update over top of the existing installation, and because of the auto_update=true
option being set once complete it should log the user back in to their existing session.
Should you use the no_optional_updates
option?
Usually, yes, but this depends on whether you allow users to have local admin rights on their Windows PC. User-triggered updates cannot be installed without the local user providing administrator authorization, so if you do not allow local admin rights, you should disable local user-triggered updates. The command line option allows flexibility for different user groups depending on their local admin permissions.
In summary:
- If you allow local admin rights: We recommend you leave user-triggered updates enabled (this is the default). Users will be prompted when an update is available and asked to update the Twingate Client.
- If you do not allow local admin rights: You should disable user-triggered updates. This is because, if optional updates are enabled, users will receive update availability prompts but will not be able to update the Client. New versions of the Twingate Windows Client must instead be pushed to users via your MDM solution.
Remember, Clients older than 12 months are not supported and will not be able to connect to the Twingate service. If you disable user-triggered updates, you should ensure that you have a process in place to update the Client on user devices on a regular basis.
Microsoft Intune and Endpoint Manager
Microsoft Intune and Endpoint Manager are popular solutions for managing Windows devices. You can deploy the Twingate Windows Client using Microsoft Intune by following the steps outlined in the Microsoft Intune & Endpoint Manager guide.
Third-party MDM solutions
If you use a third-party MDM solution, you can deploy the Twingate Windows Client using the EXE or MSI package and the command line options described above. Consult your MDM documentation for instructions on how to deploy software packages.
If custom PowerShell scripts are supported, you can follow the instructions in the Microsoft Intune custom script guide. This guide provides an example script that downloads both the .NET Runtime and the Twingate Client MSI installer and installs it on the device.
Chocolatey
Early Access
Chocolatey packages are not currently updated as part of our automated release pipeline so package updates may be subject to delayed release.
Chocolatey is a package manager for Windows that allows easy installation and updates of thousands of software packages. Installation instructions are available on Chocolatey’s website.
With Chocolatey installed, Twingate can be installed with a single command:
choco install twingate
Last updated 2 days ago