Install the OpenFrame Agent on Windows

ENDPOINT MANAGEMENTIMPLEMENTATIONOPENFRAMETUTORIAL

Phase 2 — Device Deployment · Step 2

Section

June 18, 2026

Published

Vladislav Marchenko

Vladislav Marchenko

Head Of Marketing

Same idea as the Mac, different shell. The OpenFrame agent installs on Windows with a single PowerShell command that downloads the client, unpacks it, and registers the PC to the customer you pick. Here's how to do one by hand before you roll it out fleet-wide.


Before you start

  • You need an Admin role in OpenFrame.
  • You need local administrator rights on the Windows machine, and you'll run the command in an elevated PowerShell (Run as administrator).
  • Know which customer this PC belongs to — set it at install time so the device lands under the right client.
  • Expect a possible antivirus block on first install. It's a false positive; handle it with the exclusions below.

Get the install command

  1. Left nav → DevicesAdd Device.
  2. Under Select Customer, pick the client this PC belongs to.
  3. Under Select Platform, choose Windows.
  4. (Optional but recommended) Click Add Device Tag to attach tags now — e.g. Type: desktop or Purpose: server. It saves sorting later (see Organize Devices with Device Tags).
  5. The command appears under Device Add Command. Click Copy Command.

It looks like this (your key and org ID are embedded — keep them private):

powershell
Set-Location ~; `
Remove-Item -Path 'openframe-client.zip','openframe-client.exe' -Force -ErrorAction SilentlyContinue; `
Invoke-WebRequest -Uri '<openframe release URL>/openframe-client_windows.zip' -OutFile 'openframe-client.zip'; `
Expand-Archive -Path 'openframe-client.zip' -DestinationPath '.' -Force; `
& '.\openframe-client.exe' install --serverUrl <your-tenant>.openframe.ai --initialKey <YOUR_KEY> --orgId <YOUR_ORG_ID>

In plain terms: it downloads the Windows client zip, extracts it, and runs openframe-client.exe install pointed at your tenant with an enrollment key and the customer's org ID.

The --initialKey is a live enrollment token. Treat the copied command like a credential — don't drop it in a public channel or a client-visible ticket.


Run it on the PC

  1. On the target machine, open PowerShell as administrator (right-click → Run as administrator).
  2. Paste the command and press Enter.
  3. Let it download, install, and register. No reboot required.

Shortcut for the machine you're on: the Add Device screen has a Run on Current Machine button if you're enrolling the PC you're sitting at. For remote machines you'll use the copied command (and Deploy at Scale for many at once).


Confirm it worked

Go to Devices — the PC should show Online within a minute or two. Full verification and fixes are in Confirm Your First Device Is Connected.


Troubleshooting

Antivirus blocked the install. Very common on Windows and it's a false positive — the client just hasn't built reputation with security vendors yet. If it gets quarantined, add these folders to your AV exclusions:

  • C:\Program Files\OpenFrame
  • C:\Program Files\TacticalAgent
  • C:\ProgramData\OpenFrame
  • C:\ProgramData\OpenFrameInstall
  • C:\ProgramData\TacticalRMM
  • C:\Program Files\Orbit

Or temporarily disable protection for the install, then turn it back on. For managed AV, push these exclusions via policy before a mass rollout so you're not chasing blocks machine by machine.

"Running scripts is disabled on this system." Execution policy is blocking it. Run PowerShell as admin and either run the command in a session started with powershell -ExecutionPolicy Bypass, or set an appropriate policy per your org's standards.

Not elevated. If you see permission/access errors, you're not in an admin PowerShell. Close it and reopen with Run as administrator.

Download fails. Check outbound internet and that a proxy or web filter isn't blocking GitHub release downloads.

Installed but Offline. Wait a couple of minutes; if it sticks, see Confirm Your First Device Is Connected and Troubleshooting a Disconnected Device (Phase 10).


Quick checklist

  • Selected the correct customer
  • Chose Windows and (optionally) added tags
  • Ran the command in an elevated PowerShell
  • Added AV exclusions if the install was blocked
  • Confirmed the PC shows Online under Devices

What's next

With a Mac and a PC both reporting in, verify them properly in Confirm Your First Device Is Connected — then, when you're ready to do this at volume, Deploy at Scale via RMM / GPO / MDM.


Based on OpenFrame v0.9.19. The install command and client version come straight from your console's Add Device screen — always copy the current one rather than reusing an old command.

Vladislav Marchenko

Head Of Marketing

Hi all! My name is Vlad and I’ve been brought on to head the marketing team at Flamingo. Thankfully, this isn’t the first time I will be building a marketing department from scratch, so the experience should come in handy. Now it’s time to dive into the world of MSPs and find myself in this new world.

More in Phase 2 — Device Deployment

Related Content

Product Releases

Webinars

Case Studies

Blog Posts

Frequently Asked Questions

MSP AI Agents

Yes. In production MSP shops today, 10% to 25% of tickets close before a human opens them. Thread alone has processed 173 million tickets across 750-plus MSP partners at 96% triage accuracy, handing back 490,000-plus technician hours. Agents own the low-risk, high-volume work (password resets, MFA enrollment, known installs, onboarding and offboarding) and flag anything that touches production data or needs judgment for a human to take.
On a five-person desk, reported deployments show $78,000 to $130,000 in annual direct labor savings, roughly 30% fewer escalations, and 15% to 20% better SLA compliance. Broader MSP adoption data adds ticket handling time cut by 45% and five to 12 points of margin, all from reclaimed capacity rather than headcount cuts.

About OpenFrame

OpenFrame isn't built to plug into your stack. It replaces it. Instead of duct-taping a dozen tools together (RMM, MDM, SIEM, patching, remote access, each its own login and bill), we bundle it into one unified platform: RMM, MDM, monitoring, automation, remote access, patch management, security monitoring, and ticketing, plus built-in AI copilots. So "does it integrate with X?" usually means: you won't need X anymore.

EDR Security

SentinelOne is a strong fit for MSPs that want autonomous detection, one-click ransomware rollback, and real multi-tenancy across Windows, macOS, and Linux. The trade-offs are a dense console, premium pricing, and a tuning period that produces false positives early on.

Endpoint Security

Yes, for security-led MSPs and MSSPs serving mid-market or compliance-driven clients. The detection and threat hunting rank at the top of the market, and Flight Control handles multi-tenant management. It fits poorly for books made up of many small clients on tight budgets.
Bitdefender GravityZone is a cloud-native endpoint protection platform that combines prevention, EDR, and XDR in one agent and console. For MSPs, it adds multi-tenant management, so one team can protect and monitor every client's endpoints from a single dashboard.
Yes, for MSPs that want one vendor across endpoint, firewall, and managed detection. Sophos Central Partner gives true multi-tenant control, and MSP Connect Flex bills monthly by usage. Plan around occasional CPU spikes on busy servers and a console learning curve.

Sophos XDR

Sophos XDR is extended detection and response built on Intercept X. It correlates telemetry from endpoints, the Sophos firewall, email, cloud, and identity inside Sophos Central, then lets technicians hunt across that data with Live Discover queries.

Microsoft Defender XDR

Microsoft Defender XDR is Microsoft's extended detection and response suite. It unifies endpoint, email, identity, and cloud-app threat signals into one Defender portal, correlating related alerts into single incidents so teams investigate one timeline instead of chasing scattered, disconnected alerts.

EDR Comparison

It depends on the job. SentinelOne has the higher endpoint score, a 4.7 on G2, and stronger autonomous response. Sophos wins on breadth and price, pairing endpoint with firewall and a 4.7-rated MDR service from one console.