Deploy Tailscale and keep it updated

Has anyone had success with deploying tail scale via Microsoft endpoint manager (Intune) and keeping it up to date via supersede? I’m trying to go this route but not sure if this is the best and recommended

1 Like

In case it helps: we’re deploying the MSI as line of business and updating it when a new Tailscale release is available. Works, but you do need to do that manual work.

1 Like

Just as @wout.peeters said, try using MSI instead of a win32 deployment package. I find this also less work than preparing win32 app packages, but you loose “supersede” functionality, and as a result, test-deployments for a subset of your devices are slightly more opaque.

So, strong recommendation: Try MSI, but also try updating that MSI via endpoint and see if the machines can reconnect reliably after that (why? because, for us it doesn’t work, so we … update less).

ETA: Maybe also have a look at Unattended Tailscale Doesn't Survive Reboot - discussion about unattended install for Windows

1 Like

Do you deploy the app in a group of users or groups of devices?

The reason I ask about the install group is because when I deploy the tail scale .msi application as line of business app, it installs on the endpoint, but it shows as “tailscale already in use by X user” so I’m not able to login to authorize the user. Is that something that has been seen before?

Apologies, should have mentioned this. The way we got that to work properly was to use this command line argument:
TS_NOLAUNCH=“nolaunch”
That way it doesn’t start by default and can be started with the correct user scope.
We assign a user group with device context for install.

3 Likes

This helped with that “tailscale already is use by X user” thank you @wout.peeters! One more question, when you deploy that new msi package to the device, do you uninstall the old msi package as well or do you just keep them together?

So far we have not specifically uninstalled anything and assumed the newly uploaded MSI (we edit the existing app) just replaces the previous version. I’m going to take a look at this though to make sure we’re not slowly filling up disks with more versions but I believe Intune is smart enough to look at the versions embedded in the MSI? :slight_smile:

I’m trying to deploy this today as well.

When I uninstalled and restarted it installed correctly. But on machines where it was user-installed it just disconnects them and stays on “Pending Install”.

I have the TS_NOLAUNCH flag set to “nolaunch” as directed. But has anyone else ran into that problem?