How to deploy SIMS.net to Entra Joined Devices

One of the main challenges for schools moving to fully cloud based devices (Entra Joined) is being able to deploy SIMS.net applications to these devices.

Since the devices are not on the Active Directory Domain, traditional deployment methods will fail to install the SOLUS3 client and SIMS.net applications. In this guide I will demonstrate how to deploy SOLUS3 and SIMS.net to Entra Joined Devices Via Intune.

Package the Installer Files

The first step is to locate the SOLUS3 installation files on your SIMS server.

It’s likely the location will be S:\SIMS\SOLUSSETUPS but this could vary depending on your install. The folder should contain the following files.

AgentInstaller.js
Solus3.Keys.DeploymentService.Public.xml
Solus3AgentInstaller.bat
SOLUS3AgentInstaller_x64.msi
SOLUS3AgentInstaller_x86.msi

Copy these files into a folder on your local PC and launch the Intune Content Prep Tool

1. Select the folder containing the install files
2. Select the Solus3AgentInstaller.bat as the install file
3. Select a suitable output folder.

Deploy the Installer

Head to Intune > Apps > Windows > Create. Select Windows App (Win32).

Upload your Solus.intunewin file

Under Program enter the following details.

Install Command: Solus3AgentInstaller.bat
Uninstall Command: cmd.exe /c exit 0 (fake command that does nothing)
Install Behaviour: System

Continue to the Detection Rules Tab and add a new detection rule

Rule Type: File

Path: C:\Program Files\Solus3\AgentService
File or folder: Sims.Solus3.Agent.AgentService.exe
Detection Method: File or Folder Exists

Continue to the Assignments tab and deploy Solus to the group containing your target devices.

The Solus app should now install on your device.

---

Setting Up Firewall Exceptions

In order for the Deployment Service to be able to communicate with your devices, we need to setup some firewall exceptions in Intune.

Head to Intune > Devices > Windows > Configuration and add a new Policy with the following settings.

Windows 10 and later
Templates
Endpoint Protection

Give your policy a suitable name.

Under Configuration Settings click Windows Firewall and scroll down to Firewall Rules and click Add.

Now we are going to create the following Rules

Solus 3 DS In

Direction: Inbound
Action: Allow
Network Type: Domain, Private
Protocol: TCP
Ports: 52965

Solus 3 DS Out

Direction: Outbound
Action: Allow
Network Type: Domain, Private
Protocol: TCP
Ports: 52965

Solus 3 Agent In

Direction: Inbound
Action: Allow
Network Type: Domain, Private
Protocol: TCP
Ports: 52966

Solus 3 Agent Out

Direction: Outbound
Action: Allow
Network Type: Domain, Private
Protocol: TCP
Ports: 52966

Solus 3 Agent UI In

Direction: Inbound
Action: Allow
Network Type: Domain, Private
Protocol: TCP
Ports: 8739

Solus 3 Agent UI Out

Direction: Outbound
Action: Allow
Network Type: Domain, Private
Protocol: TCP
Ports: 8739

The ports below are used by SOLUS for browsing the network and should be used with caution.

Solus 3 TCP139 In

Direction: Inbound
Action: Allow
Network Type: Domain, Private
Protocol: TCP
Ports: 139

Solus 3 TCP139 Out

Direction: Outbound
Action: Allow
Network Type: Domain, Private
Protocol: TCP
Ports: 139

Solus 3 UDP137 In

Direction: Inbound
Action: Allow
Network Type: Domain, Private
Protocol: UDP
Ports: 137

Solus 3 UDP137 Out

Direction: Outbound
Action: Allow
Network Type: Domain, Private
Protocol: UDP
Ports: 137

Solus 3 UDP138 In

Direction: Inbound
Action: Allow
Network Type: Domain, Private
Protocol: UDP
Ports: 138

Solus 3 UDP138 Out

Direction: Outbound
Action: Allow
Network Type: Domain, Private
Protocol: UDP
Ports: 138

---

Deploying SIMS

No head back to the SIMS Server and open up the Deployment Server UI app.

Go to Environment > Targets > Clients and click Add.

Tick ‘SIMS‘ and Choose Clients

Select ‘Agents‘ and Find the device(s) you wish to deploy SIMS to.

Note: The device must be on the same network as the server at this point.

The install will now begin on your selected Device(s)

If you experience Net TCP error from the SOLUS Deployment server when deploying, ensure your network is showing as Private instead of Public.

You can test this this by running the following cmdlet in Powershell

Get-NetConnectionProfile

It should show NetworkCategory as Private. If not you can use this cmdlet to change it manually.

Set-NetConnectionProfile -Name "NetworkName" -NetworkCategory Private

If you wish to set this via script you can use the following PowerShell script assigned to your devices via intune.

$targetName = "networkname"
$profile = Get-NetConnectionProfile | Where-Object { $_.Name -eq $targetName }
if ($profile -and $profile.NetworkCategory -ne "Private") {
    Set-NetConnectionProfile -InterfaceIndex $profile.InterfaceIndex -NetworkCategory Private
}

Please note “NetworkName” must match what is outputted in Get-NetConnectionProfile