Allow organization level Admins to download the installer
P
Paul Pfeister
We have yet to deploy Huntress outside of labs because our client sites require the ability to add devices themselves (co-managed). We explored creating custom tooling for this, but we haven't had the time to do so.
We would like the ability for organization level Admins to download the installer and use their own unique organization key to register the device (ideally, up to a set maximum per org).
This would also be the dividing line between organization level security engineers and administrators (as one doesn't currently exist, as the existence of the role is being reevaluated).
J
Jim Greco
This request was cross posted this is my same feedback. A potential solution could include support for time-limited or execution-limited temporary organization codes. These could be passed as a parameter or bundled in an optional token file distributed with the installer. This approach would preserve installer integrity (keeping it signed) while enabling secure, user-friendly deployments at scale—particularly helpful for remote onboarding workflows.
Both mechanisms would offer flexible, controlled provisioning while maintaining strong security boundaries and minimizing risk of credential leakage.
J
Jon Snyderman
Totally odd to me that this is an open issue. This should not be something that even needs a FR. In my opinioon, this is a bug.
Based on https://support.huntress.io/hc/en-us/articles/4404012728083-Huntress-Portal-User-Permissions and looking at the Organizational-Level User section, the information under User clearly says that it cannot download the installer. The admin does not say that which implies that they should be able to.
This is a bug, not by design.
P
Paul Pfeister
Jon Snyderman Should clarify --- that page reads "An Organization-Level Admin / Security Engineer has the same restrictions as Organization-Level Users", so it is correct in its description. Although given how this is in my opinion basic functionality, I still might count it as a bug even if not a technical or documentation error
M
Martin Twerski
Take the Huntress PowerShell script and hardcode your key in it. Convert the script to an exe with something like ps2exe
it's not perfect, but it's likely good enough until this gets implemented.
P
Paul Pfeister
Martin Twerski Hm. One problem with this is that it's harder to limit. If Huntress were to properly allow this, it should theoretically come with a maximum endpoint count setting on each org. Without that, if a client's internal IT were to accidentally over provision, then we would get severely over-billed.
Hopefully doesn't happen, but theoretically possible when you give someone unfettered account-level access.
That also doesn't properly protect the account key, rather, it just adds an extra step before viewing it. It'd be like saving your creds in a txt file and just changing the extension. Not great, but there aren't many other options that don't involve completely reinventing the wheel.