# Windows Installation Guide

### Overview

This guide describes how to install StrongDM on Windows. The primary download package includes the [StrongDM Desktop](https://docs.strongdm.com/users/client) application and a [CLI](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli). You can optionally download the CLI independently from the Admin UI.

{% hint style="info" %}
If you intend to use StrongDM with Windows Subsystem for Linux (WSL) please see the [WSL](https://docs.strongdm.com/users/client/wsl) page for more information.
{% endhint %}

{% hint style="info" %}
**Installation Recommendation:** On Windows, StrongDM recommends installing the desktop application for all users of the machine when possible. This installation method provides stronger security controls than a single-user installation.
{% endhint %}

### Download StrongDM

Use the following steps to the desktop app and CLI on Windows. To bypass the desktop app, you can [download the CLI](#download-the-strongdm-cli-only) independently.

1. Open the invitation email you received for your StrongDM account.
2. Click the link included in the email to set your password.
3. Log in to StrongDM and go to the **Download & Install** page in the Admin UI. ![](https://3360496582-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHaY8OFbXUreWEF61MhKm%2Fuploads%2Fgit-blob-99cce9b64c4dec828613ed4effcf7844f5093d0d%2Fdownload-install-windows.png?alt=media)
4. Under **Windows**, click **Download StrongDM for Windows** to download the desktop app and CLI immediately, or click **Show download options** for other options.

   * **EXE**: This full installer version includes the desktop app and CLI together. When run as administrator, the EXE installs the StrongDM System Service, which enables you to access [Virtual Networking Mode](https://app.gitbook.com/s/F7eka9SH5TT8nJm2ZfWj/clients/client-networking/virtual-networking-mode) resources that may be available to you. When run as a non-administrator, StrongDM is installed, but the system service is not installed or updated. The EXE is the recommended installation option.
   * **MSI**: This installer version includes the desktop app and CLI together. The MSI provides easy prompts that guide you through the installation process. MSI installation should be followed by the post-install command, which, if run as an administrator, also installs the StrongDM System Service that enables you to access [Virtual Networking Mode](https://app.gitbook.com/s/F7eka9SH5TT8nJm2ZfWj/clients/client-networking/virtual-networking-mode) resources that may be available to you. When the post-install command is run as a non-administrator, StrongDM is installed, but the system service is not installed or updated.
   * **CLI**: The StrongDM CLI option includes only the CLI (not the desktop app). [Download and install the CLI only](#download-the-strongdm-cli-only) if you don't want to install the desktop app.

   Once the download is successful, the file name appears as **SDM-\<VERSION\_NUMBER>.msi** or **SDM-\<VERSION\_NUMBER>.exe**, depending on the selected kind.
5. Optionally, check that the downloaded binary is legitimate and verify the checksum using PowerShell, as in the following example:

   ```powershell
   Get-FileHash SDM-21.54.0.exe | Format-List
   ```

   ```powershell
   Algorithm : SHA256
   Hash      : F68C6AEB471E2E85F59011ACF400A823FCB19953802917DC97DB55B366B678BA
   Path      : C:\Users\[User]\Downloads\SDM-21.54.0.exe
   ```

   The checksum should match the value in the **SHA256 Checksum** section of the Admin UI.

   ![](https://3360496582-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHaY8OFbXUreWEF61MhKm%2Fuploads%2Fgit-blob-1c71962674c43c8f8e8110e4310a9cb3279d2d2c%2Fwindows-checksums.png?alt=media)

### Install StrongDM

#### EXE

To install StrongDM with the full version (EXE), follow these steps.

1. Locate the downloaded EXE file (**SDM-\<VERSION\_NUMBER>.exe**), which is typically in your **Downloads** folder.
2. Right-click on the installer and select **Run as Administrator**. A dialog box appears.
3. Follow the instructions to run the installation.

{% hint style="info" %}
**Security Recommendation:** StrongDM recommends installing the desktop app for all users of the machine whenever possible. Installing with Administrator privileges allows Windows to apply stronger protections to the application directory, helping prevent unauthorized changes to application files. Use the per-user installation option only when you cannot obtain Administrator privileges.
{% endhint %}

To install StrongDM from the Command Prompt, run the EXE installer as in the example shown.

```
SDM-21.58.0.exe
```

{% hint style="info" %}
When run as administrator, the EXE installs the StrongDM System Service, which enables you to access [Virtual Networking Mode](https://app.gitbook.com/s/F7eka9SH5TT8nJm2ZfWj/clients/client-networking/virtual-networking-mode) resources that may be available to you. If you want to install the desktop app without the adapter, don't run it as administrator.
{% endhint %}

#### MSI

To install StrongDM (SDM) with the installer version (MSI), follow these steps.

1. Double-click the downloaded MSI file (**SDM-\<VERSION\_NUMBER>.msi**). The SDM Setup Wizard opens.
2. On the welcome screen, click **Next**.
3. Choose one of the following installation scopes and then click **Next**:
   1. **Install for all users of this machine (recommended):** This option installs StrongDM in a per-machine folder. You can change the default installation folder. This option requires local Administrator privileges and is the recommended installation method because it provides stronger system-level protections for application files and reduces the risk of unauthorized modification.
   2. **Install just for you:** This option installs StrongDM in a per-user folder that is available only to your user account (for example, `C:\Users\<YOUR-NAME>\AppData\Local\Programs\SDM`). This option does not require local Administrator privileges. However, it provides fewer system-level protections and should be used only when Administrator privileges are not available.

{% hint style="info" %}
**Security Recommendation:** StrongDM recommends installing the desktop app for all users of the machine whenever possible. Installing with Administrator privileges allows Windows to apply stronger protections to the application directory, helping prevent unauthorized changes to application files. Use the per-user installation option only when you cannot obtain Administrator privileges.
{% endhint %}

4. Use the **Back** button to review or change any of your installation settings, or click **Cancel** to exit the setup wizard. When you're satisfied with your settings, click **Install**.
5. When installation is complete, the setup wizard provides the option to run StrongDM. If you wish to open the desktop app now, keep the **Run SDM** checkbox selected. If you don't, uncheck **Run SDM**.
6. Next run the post-install command to complete setup.
   * For per-machine installation, right-click the Command Prompt and select **Run as administrator**. Then run:

     `"C:\Program Files\SDM\resources\sdm.exe" system desktop post-install`
   * For per-user installation, open the Command Prompt and run:

     `"%LOCALAPPDATA%\Programs\SDM\resources\sdm.exe" system desktop post-install` \
     \
     Note that for per-user installation, if you're not an administrator, StrongDM will still work but without Virtual Networking Mode. Per-user installation provides fewer system-level protections and should be used only when Administrator privileges are not available.
7. Click **Finish** to exit the setup wizard.

### Launch StrongDM Desktop

Use these steps to launch the desktop app on Windows. When you launch the application, all authentications and resource access get routed through StrongDM.

1. Open the **Start** menu and search for **SDM** or navigate to the **Downloads** folder. Click to launch the **SDM** application.
2. Click the **sdm** icon in the tray.
3. Enter the email and password created during the email invitation step. You may also be redirected to your single sign-on (SSO) provider.
4. After logging in, a list of resources you have permission to access appears in the Resource Center.
5. Click one of these resources to enable a connection and gain access. A green icon appears next to the connected resource.
6. You can now connect to the resource on your machine using your preferred tool. When prompted for connection information, you can usually use **localhost** for the hostname/IP, leave the username and password blank, and specify the port listed next to the resource in StrongDM Desktop. If the connection fails using these defaults, check the [Connect to Resources documentation](https://docs.strongdm.com/users/connect) for more information.

{% hint style="info" %}
If you click a website resource, it launches in your default browser. To disconnect from any resource, click the named instance in the desktop app and the green connection icon disappears. Any existing connections from your local machine to the resource are immediately disabled.
{% endhint %}

#### Run StrongDM at startup

By default, StrongDM requires a manual launch whenever your Windows machine is started or restarted. With the following steps, you can optionally configure StrongDM to automatically run at startup.

1. Open the Windows search and type **run**. Launch the **Run** application. You can also use the shortcut **Windows logo button + R**.
2. Type `shell:common startup` and click **OK**. The **Startup** folder opens.
3. Copy the **SDM** shortcut from the app menu (for example, `C:\Users\[user]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StrongDM`) and paste it in the **Startup** folder. When you restart your computer, the StrongDM Desktop app appears in the taskbar. Depending on your network settings, you may have to allow access for the **sdm32.exe** file.

#### SSH with Windows 10/11

Windows 10 and 11 come with OpenSSH already installed. However, the executable is not where StrongDM looks for it by default. In order to use `sdm ssh` commands, a symbolic link to the `ssh.exe` binary must be created in the WindowsApps path.

This can be accomplished by opening PowerShell (as Administrator) and running the following command:

```shell
New-Item -ItemType SymbolicLink -Path $HOME\AppData\Local\Microsoft\WindowsApps\ssh.exe -Value C:\Windows\System32\OpenSSH\ssh.exe
```

### Download the StrongDM CLI Only

On Windows, you can bypass the desktop app and download the CLI independently. Use the following steps to install the CLI only.

1. Open the invitation email you received for your StrongDM account.
2. Click the link included in the email to set your password.
3. Log in to StrongDM and go to the **Download & Install** page in the Admin UI.
4. Under **Windows**, click **Show download options**.
5. From the **Download the StrongDM CLI** section, download the StrongDM CLI for your architecture (x86-64 or x86). The files are downloaded to a zipped folder on your computer. This depends on your architecture, but the folder name appears as **sdmcli\_\<VERSION\_NUMBER>\_windows\_amd64**, with a file similar to **sdm.amd64.exe** inside. Unzip the files.
6. Take the unzipped **sdm.amd64.exe** file and copy it to a directory in your [PATH parameter](https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats). The suggested location is `C:\Users\[user]\AppData\Local\Microsoft\WindowsApps\sdm.exe`, but any location specified in PATH is acceptable.
7. Name the copied file **sdm** rather than **sdm.amd64** so that you can call it via `sdm` commands. This change is consistent with CLI usage throughout the StrongDM documentation.
8. Test that the CLI is installed correctly by running `sdm --version`. If it is correctly installed, the version displays.

{% hint style="info" %}
The CLI does not update automatically. To ensure that it is up to date, periodically run `sdm update`.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/users/client/windows.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.