Deploying ThreatLocker using Action1

3 min. readlast update: 04.02.2025

Note: For organizations deploying to a large number of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com 

Below, you will find the steps for deploying the ThreatLocker agent through Action1. The following PowerShell script can be used for deployment here. 

Step 1 

Once you have downloaded the above PowerShell script, you will need to replace the variables for $OrganizationName and Key within the script. 

 

Step 2 

After making these edits, log into Action1 and navigate to Script Library using the sidebar. Within the ‘Script Library’ page, select the ‘New Script’ button at the top left corner. 

Step 3 

Now in the ‘New Script’ window, it will require a name for the script. The script can be named anything you choose, and you can optionally provide a description. Select ‘Next Step’ when done. 

Recommendation: If a task includes deploying to multiple organizations, you will potentially need to have multiple scriptsModify each script using the same unique identifier but have a different organization name value for the $OrganizationName variable. Save each script as different names to easily identify them in your Action1 Dashboard 

Step 4 

Leave the language as “PowerShell - Windows” and paste the script that you edited into the field below. Select ‘Next Step’ when done. 

Step 5 

You can choose to test this on a single endpoint and ensure that the script successfully runs. Select the name of the endpoint you will be testing it on, then select the ‘Run Script’ button. 

Step 6 

Once you have completed these steps, select the ‘Finish’ button in the bottom right corner. 

Step 7 

After creation, select the three dots under the Actions column and choose Create Automation’ from the menu. 

Step 8 

Now, ensure that Reboot options is set to Do not reboot automatically. Select ‘Next Step’ when this is done. 

Step 9 

Choose the endpoints you want to target for your ThreatLocker script, then select ‘Next Step’ when done. 

Step 10 

Choose the option for Run Once. You can either select ‘Run Now’ to run the automation immediately or select ‘At specified time’ to schedule it for a later period. Alternatively, you can have this script run repeatedly to ensure that the ThreatLocker agent is installed on your endpoints. Select the ‘Finish’ button at the bottom of the page. 

 

In just a few moments, Action1 will run the script and ThreatLocker will install onto your endpoints. You will see entries begin to populate in the ThreatLocker Portal while on the 'Devices Page' 

Was this article helpful?