Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com
Deploying with Powershell
When on Configuration manager
- Go to your 'Software Library'
- Find the 'Scripts' option
- Once that opens click the 'Create Script' icon
- Name your Script
- Put a description/information that the script is going to accomplish
- Script language default is set to 'Powershell'
- Place a Script Timeout of anywhere from 60-180
- Click the 'Import' option and import your 'Powershell Script' from wherever you have it saved on your SCCM server
After filling out the rest of the information, you will see the script populate on the window below. It must be 'Approved' before being able to run, or you can right-click and edit if need be.
- After your Script has been approved, head over to your 'Assets and Compliance' tab
- Find whatever device/device group that you plan on pushing your script to
- Right-click and find the 'Run Script' option
- Select the Script that you would like to run
After running your script, you should see a screen with the 'Script Monitoring Status'. If you were successful, you should see something like this appear with the output that was completed on the target computer
Install Script:
# $groupId = 'n5i5rnljiou3f6uehyhzm4b6'; if (!(Test-Path "C:\Temp")) { mkdir "C:\Temp"; } if ([Environment]::Is64BitOperatingSystem) { $downloadURL = "\\SCCMTEST-SC01\Users\SCCM\Downloads\TL-STUB\ThreatlockerStubX64_n5i5rnljiou3f6uehyhzm4b6_A.exe"; } else { $downloadURL = "c:\windows\ccmcache\threatlockerstubx86.exe"; } $localInstaller = "C:\Temp\ThreatlockerStubX64_n5i5rnljiou3f6uehyhzm4b6_A.exe"; Invoke-WebRequest -Uri $downloadURL -OutFile $localInstaller; & C:\Temp\ThreatlockerStubX64_n5i5rnljiou3f6uehyhzm4b6_A.exe;
Uninstall Script:
$groupId = 'n5i5rnljiou3f6uehyhzm4b6';
## Create Temp file to store exe if (!(Test-Path "C:\Temp")) { mkdir "C:\Temp"; }
Check OS bit type and download correct uninstaller if ([Environment]::Is64BitOperatingSystem) { $downloadURL = "https://api.threatlocker.com/updates/installers/threatlockerstubx64.exe"} else { $downloadURL = "https://api.threatlocker.com/updates/installers/threatlockerstubx86.exe" }
##Final call to uninstall $localInstaller = "C:\Temp\ThreatLockerStub.exe"; Invoke-WebRequest -Uri $downloadURL -OutFile $localInstaller; & C:\Temp\ThreatLockerStub.exe uninstall
Please note you will have to change these to your unique group id on your stub, as well as what share folder you place the stub into on your SCCM Server.
Deploying with an MSI file
Obtain the MSI file
- Log into the ThreatLocker portal
- Click on Deployment Center
- Select the organization you are deploying into
- Download the MSI Installer for the group you are installing
Additionally, the MSI file can be obtained on the Computers page by clicking on ‘Install New Computer’ and accepting the EULA. For additional information please see the ‘Deploying the ThreatLocker Agent’ course in ThreatLocker University.
Create the Application in SCCM
- Launch the SCCM console.
- Select Software Library > Application Management > Applications
- On the Home tab, in the Create group, choose Create Application
- On the General page of the Create Application Wizard, choose Automatically detect information about this application from installation files. Then specify the following information:
- Type: Choose Windows Installer (*.msi file)
- Location: Specify the location of the .msi file
- The location must be a Networkshare
- Choose Next.
- Review the Import Information page and choose Next again
- On the General Information page, you can supply further information about the application to help you sort and locate it in the Configuration Manager console. Choose Next.
- On the Summary page, you can confirm your application settings and then complete the wizard.
Prior to deployment, add a requirement to specify conditions that must be met before the application is installed on a device and distribute the application content to a distribution point. Review the source article linked at the top of the page for more information.
Deploy the ThreatLocker Application in SCCM
- Launch the SCCM console
- Select Software Library > Application Management > Applications
- Select the application you created earlier
- On the Home tab in the Deployment group, choose Deploy.
- On the General page of the Deploy Software Wizard, choose Browse to select the All Systems device collection.
- On the Content page, check that the distribution point from which you want PCs to install the application is selected.
- On the Deployment Settings page, make sure that the deployment action is set to Install, and the deployment purpose is set to Required.
- On the Scheduling page, you can configure when the application will be installed. It is recommended to select ‘As soon as possible after the available time’.
- On the User Experience page, choose Next to accept the default values.
- Complete the wizard.