Company logoHelp Center
Visit www.threatlocker.com

Deploying ThreatLocker using ConnectWise RMM

5 min. readlast update: 05.22.2025

Table of Contents

Scheduling Continuous Deployment using ConnectWise RMM 

Note: For organizations deploying to a large number of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com

The ThreatLocker agent can be deployed using ConnectWise RMM. Your account must have the option to deploy scripts. 

First, you must install the ThreatLocker PowerShell script. To do so, select the ‘Install Computer’ button in your ThreatLocker portal, which is located at the top right corner of every page. 

Picture 

This button can also be found in the top left-hand corner of the ‘Devices’ page. 

Picture 

A pop-up window titled ‘Download Installer’ will now open. From here, select the dropdown menu under ‘Select your deployment method’ to change the deployment method from ‘Manual Deployment’ to ‘ConnectWise RMM. Select ‘Installation Script’. 

Picture

Selecting ‘Installation Script’ will download the ConnectWise RMM Deployment script. Before deployment, you must change a few qualities about the script. You can do this by opening the script on your machine using Notepad++ or Notepad. 

Once your script has been opened, you will need to change the following: 

  • Under ## Variables, change where it says ‘Insert Organization Name. Instead, this should be the name of the Organization you wish these deployed machines to belong to. If you are deploying your agents to an existing organization, this name must match the ‘Unique Identifier’.

Picture 

Picture 

  • Under ## Attempt Install, you will need to replace the ‘key="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"’ portion with the ‘Unique Identifier’ of your organization. The ‘Unique Identifier’ can be located within the same ‘Download Installer’ pop-up window you navigated to after selecting the ‘Install Computer’ button.

Picture 

Picture

Now that these changes have been made, you can save your newly edited script as a PowerShell script. 

You can now open ConnectWise RMM. From here, navigate to the ‘Automation’ dropdown and select ‘Tasks’. 

Picture 

On the top right-hand side of the page, select the ‘Add’ button, then select ‘PowerShell Script’ from the dropdown menu. 

Picture

A new page titled ‘New Powershell Script’ will open. 

Picture

From here, enter the name of your PowerShell script, add an optional description, and select the category. 

Picture

In the ‘PowerShell Script Editor’ field, paste your PowerShell script. 

Picture

Once you have entered all the information, select the ‘Save & Run’ button at the top right corner of the page.

Picture

A pop-up stating, “This task will be added to tasks list.” will display. Select the ‘Save & Run’ button again. 

Picture 

Selecting this button a second time will bring you to the ‘Schedule Task’ page. 

Picture

Choose the ‘Select Targets’ button within the ‘Targeted Resources’ section. 

Picture

Select the target endpoints for which you would like the ThreatLocker deployment script to be sent. When you are done, select the ‘Save Selection’ button. 

Picture

Above the ‘Targeted Resources’ section, change the radio button on ‘Next Agent Check In’ to ‘Run Now’. Once all information has been input, select the ‘Run’ button in the top right-hand corner of the page to begin deploying your script to machines within your selected Site. 

Picture

Within a few minutes, ThreatLocker will deploy on the specified machines. Once this task has been completed, the status will reflect ‘Success’. 

Picture

Scheduling Continuous Deployment using ConnectWise RMM 

To schedule continuous deployment with ConnectWise RMM, navigate to the ‘Endpoints’ dropdown, then select the ‘Alerts’ dropdown. Choose ‘Monitors’ from the menu. 

Picture 

Now, on the ‘Monitors’ page, select the ‘Create Monitor’ button in the top right corner. 

Picture

You will now be directed to the ‘New Monitor’ page. 

Picture

First, enter the name of your monitor. You can also enter an optional description. 

Picture 

For the ‘Type’ dropdown, select ‘Complex’. Select ‘Critical Impact Alerts’ for ‘Severity’, then select ‘Antivirus’ for ‘Family’. 

Picture 

Select the ‘Select Targets’ button, then choose the Site name you want to apply this monitor to.

Picture

Select the Site(s) you will be applying this monitor to, then select the ‘Save Selection’ button when you are finished.

Picture

Within the ‘Conditions’ section: 

  1. Select ‘File System’ from the dropdown. 

  1. Change ‘File or Directory’ to ‘File. 

  1. Enter the following file path:

C:\Program Files\ThreatLocker\threatlockerservice.exe 

This file path leads to the ThreatLocker Service, which will not exist if ThreatLocker is not installed or installed improperly. 

  1. Change the ‘Exists’ dropdown to ‘Does not exist’.

  1. Select the ‘+ Add inner block’ button. 

Picture

Make sure that ‘AND’ is selected. 

Picture 

In the second dropdown: 

  1. Select ‘Device Availability’. 
  1. Select ‘Up’ in the ‘Endpoint is’ field. 
  1. Select ‘10’ minutes. 

Picture

At the bottom of the ‘Conditions’ section, you will see a button labeled ‘Add Automation’. Select this, then find the task that was previously created to deploy the ThreatLocker PowerShell script. Hit the ‘Select’ button at the bottom of the page once this is found. 

Picture 

Picture

This condition is now designed to check if the user has the threatlockerservice.exe file at that location. If the threatlockerservice.exe file is not found and the endpoint has been up for 10 minutes, the PowerShell script with the ThreatLocker installer will run on the machine. 

Beneath the conditions section is ‘Ticket Resolution’. 

Using the dropdown: 

  1. Select ‘Services’. 
  1. From the ‘Service’ dropdown, select ‘ThreatLockerService’. 
  1. Select ‘is running’. 

Picture

This will ensure that if ‘ThreatLockerService’ is running on the machine, tickets generated on ConnectWise related to this monitor are automatically resolved as ThreatLocker has downloaded onto the machine.

Alternatively, if ‘ThreatLockerService’ is not an option in the ‘Service’ dropdown, you can instead:

  1. Select ‘File System’ from the dropdown. 
  1. Select ‘File’ in ‘File or Directory’. 
  1. Insert the following path into the field: 

C:\Program Files\ThreatLocker\threatlockerservice.exe 

  1. Choose ‘Exists’ from the dropdown. 

This will search the system for the threatlockerservice.exe application. If it sees it on your machine, tickets generated from this monitor will automatically be resolved as ThreatLocker will have downloaded onto the system.

The ‘Monitor Output’ field can be set to whatever you prefer, but generating a ticket for it is recommended so you can be notified if a machine doesn’t properly install ThreatLocker. 

Select the ‘Save’ button at the top of the page.

Picture 

Your monitor will now be applied. The next time a user restarts their machine, ThreatLocker will begin installing on it after 10 minutes of uptime if it has not already been installed. 

Was this article helpful?