Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com
The following steps demonstrate how to deploy ThreatLocker to your clients utilizing a PowerShell script via Atera.
Important Notes:
PowerShell 4.0 is required for this method to work.
It is best to run the script found below against clients one at a time.
Creating the Script
In Atera:
- Navigate to the Admin Panel
- Select Scripts under Monitoring
- On the next screen, select Create Script.
- Create a 'Script Name' and input a 'Script description'
- Leave 'File type' as ps1 (shell script written in powershell)
It is optional to modify the remaining 'script properties'. This can be left as the default selections.
- In the script editor section, copy the contents from the 'Atera Script file' found in your Deployment Center then select 'Create'
No modifications to the script are required.
Deployment
- Navigate to the site where you wish to deploy Threatlocker to and either select all machines or an individual machine
- Once you've selected your machine(s), select 'Run Script'
- Click 'Run' for the Threatlocker deployment script that was created earlier
- The script has three variables that need to be assigned values prior to running the script
- Add the organization name as you want them to appear in your Threatlocker portal.
- When you input an organization name that currently does not exist in your portal, it will be created during this process. However, when you input an organization name that already exists under your management, no new organization will be generated and your machine(s) will be deployed in your desired location.
Note: When creating a new organization in your portal during deployment, the organization name and the organization identifier will be identical. When deploying to an already existing organization, the value that is placed within this parameter MUST to be that of the organization identifier. Use the image below as guidance:
- Identify the computer group you want your device(s) to be a part of.
- 'Workstations' and 'Servers' are automatically generated when a new organization is created. You can input a custom computer group if neither 'Workstations' or 'Servers' fit your criteria and it will generate in the portal within the organization.
- Enter you UniqueIdentifier. The unique identifier can be found in your 'Deployment Center' tab in your ThreatLocker portal.
- The unique identifier used is based upon where the agent will live. The parent organization unique identifier is commonly used if you are deploying into your organization or your child organizations. When deploying to your child organizations, you 'do not' use their unique identifier. Using your child organization's unique identifier, when deploying agents, will subsequentially create an organization under them, essentially creating a grandchild organization. For more information on how to locate your ThreatLocker Identifier please review our article: Getting your Unique Identifier from ThreatLocker | ThreatLocker Help Center
- Click 'Run Script'
After a few minutes the agents should begin to appear in the ThreatLocker Portal.