Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com
This article will cover the steps to deploy the ThreatLocker MSI through a Group Policy Object.
Step 1: Create a distribution point for the MSI installer to reside in to allow for deployment. This can be done through creating a network share where this MSI file can reside and allows access to the users or groups that ThreatLocker will be deployed to.
Step 2: Once the network share has been created, start creating the Group Policy Object (GPO) that will be applied to your Users and Groups. To do so, navigate to the Group Policy Management snap-in.
Step 3: Create a new Group Policy Object by right-clicking the Group Policy Object tab and selecting 'New'.
Input a name for the new GPO.
Step 4: Once the new GPO has been created, it will need to be edited.
Step 5: Select the MSI using the UNC path of the network share that was set up previously.
In the following window, select 'Advanced' and select 'OK'
Step 6: In the next window, we will move over to the 'Deployment' tab, select the 'Assigned' option for the deployment type, and then move over to the 'Advanced' option window at the bottom of that window. In the new window that pops up, we will want to check the box for 'Ignore language when deploying this package.'
Select 'OK' on all windows once all options above have been selected and verified. For the last step, link the GPO to apply to the specific users or groups that you would like to deploy ThreatLocker to.
Don’t forget to also run a group policy update to apply to your endpoints.