Help CenterMangeEngine’s Endpoint Central makes it very easy for users to deploy ThreatLocker onto the machines in their organization. The installation of ThreatLocker through ManageEngine requires having a license or Trial for Endpoint Central. To install ThreatLocker using ManageEngine, first make sure that the agent is installed on your target machines. You will then need to log into your Endpoint Central account.
ManageEngine can deploy ThreatLocker onto devices within your organization through all three deployment methods provided by ThreatLocker for Windows: Stub Installer, MSI Installer, and PowerShell script. All three of these installation methods will be covered in the following article.
Note: This article focuses on ThreatLocker installations from ManageEngine to Windows machines and does not cover Linux or MacOS installations.
Installing ThreatLocker through ManageEngine via Stub Installer
Within ManageEngine Endpoint Central, navigate to the ‘Software Deployment’ tab, which is shown at the top of the page. Select ‘Packages’ from the left-hand menu available in the dropdown labeled ‘Package Creation’.
Now on the ‘Packages’ page, select the ‘+ Add Package’ dropdown.
The dropdown menu will have you select which OS you will be creating the package for. In this example, we will be selecting the ‘Windows’ option.
After selecting the OS, you will now be brought to the ’Windows Package Creation’ page. Here, you will be tasked with filling out all necessary information for creating your package.
The following fields must be filled out:
-
Package Name – This will be a name to identify the package. In this example, it has been named ‘ThreatLocker Stub Installer’.
-
Package Type – For this field, the ‘EXE/APPX/MSIEXEC/MSU option has been selected as the ThreatLocker stub installer downloads as an executable file.
-
License Type – This is a dropdown menu that allows you to select ‘Commercial’ or ‘Non-Commercial’.
-
Locate installable – Here, you will select where the stub installer file is located. If your stub installer file is saved on a shared folder, you can select that button. Otherwise selecting ‘From Local Computer’ will allow you to find the stub installer file located on your machine. For questions regarding downloading the stub installer from the ThreatLocker portal, please navigate to this article:
After this section has been filled out, you can optionally add installation details to your package. ManageEngine will require you to add an Installation Command with Switches for the deployment. In the example below, we have inserted the following installation command:
ThreatlockerStubX64_c9ed467c8f24d5a0f2e1866f_D.exe /S
This means that this will be a silent installation. If a different installation command would better suit your deployment, you can change it accordingly.
Note: The stub installer will be different for each organization and each computer group. Make sure you include the correct name of your stub installer and not the one listed above.
For further questions regarding Software Package creation, please consult ManageEngine’s article:
Select the ‘Add Package’ button at the bottom of the page the package.
Within the ‘Packages’ page, you will now see your new package added to the list of packages.
Deploying the ThreatLocker Agent from ManageEngine Using the MSI Installer
Navigate to the ‘Software Deployment’ tab, selecting ‘Packages’ from the ‘Package creation’ dropdown menu.
Select the ‘+ Add Package’ dropdown menu, then select ‘Windows’.
You will now be directed to the ‘Windows Package Creation’ page.
From here, name your Package and select the ‘MSI/MSP’ Package Type.
Next, select the License Type for your installer file, then locate the installer file from your Shared Folder or machine.
You can also set specific installation details using the final section of the page, but these are not required. The only required field is to input the MSI/MSP File Name. Remember that the name should not be changed as this will cause the installation to fail.
Select the ‘Add Package’ button at the bottom of the page when all parameters have been met.
Once this is done, you will now see your newly created package populated in the ‘Packages’ page.
Deploying the Package
To deploy the package, navigate to ‘Action’ and select the meatball menu. From this popout menu, choose ‘Install Software – Computer'.
This will open a page titled ‘Install/Uninstall Windows Software (Computer)’. You will have to fill out the menu according to your organization’s needs.
First, start by giving your deployment a name. You can optionally provide a description.
Next, select ‘Install’ as your Operation Type. Select the Package Name for the corresponding installation method you would like to deploy. You can also use the ‘Configure Install/Uninstall options’ dropdown to choose which user account to run the software on.
Next, select the dropdown for Apply Deployment Policy. This will give you several options for how you would like the installation to begin, whether you would like to permit user intervention, and more. You can also create a new deployment policy to meet the guidelines of your environment. For this example, we will be selecting ‘Download immediately and deploy during deployment window’.
Within the ‘Define Target’ section, you can set your parameters for which machines you want to deploy ThreatLocker on. Start by selecting the name of your Remote Office.
Choose which machines you would like to deploy ThreatLocker on. Select the dropdown menu under ‘Filter Computers based on’. For this example, we will only be deploying ThreatLocker onto one Workstation, but you can select to target specific domains, IP ranges, and more.
Within the ’Execution Settings’ section of the page, you can select specific characteristics for how this installer is run. This section is optional but allows you to change when the installer starts being deployed, when it stops, how many retries are made if the installer fails, and more.
Once all parameters are met, select the ‘Deploy’ or ‘Deploy immediately’ button at the bottom of the page. You can also select the ‘Save As’ button to save this configuration as a Draft or Template for future installations.
The ThreatLocker installer will now be deployed to your target machines. You will see them appear within your ‘Devices’ page in the ThreatLocker Portal when the deployment is successful.
Installing ThreatLocker through ManageEngine Using a PowerShell Script
Navigate to the ‘Software Deployment’ tab, then select ‘Script Repository’ from the ‘Settings’ dropdown. Select the ‘+ Add Script’ button from the top of the page.
Download the PowerShell script installer for the workgroup you will be deploying this agent for. On the ‘Add Script’ page, locate the script on your machine using the ‘Browse’ button.
Next, add Script Arguments, if necessary, then specify any exit codes. Select a platform for the installation and put in an optional description for your script.
Select the ‘Add’ button at the bottom of the page to create your script.
From here, select the ‘Configurations’ tab, then select ‘Configuration’ under the ‘Add Configurations’ dropdown. Specify which OS this configuration will be supported with.
Within the ‘Add Configuration’ page, select the ‘Custom Script’ option, then select the ‘Computer Configuration’ option.
On the ‘Custom Script’ page, name your custom script. You can also add an optional description.
In the ’Configure Custom Script’ section, select ’Repository’ for where to execute the script from. This will locate the script you have just created and saved in the Script Repository. In the Script Name section, you can input the name of the ThreatLocker Deployment script. Input any other information that you would like to change for the script deployment in this area. You can also specify to execute the script as a system user or regular user.
In the ‘Define Target’ area, input the level at which you would like to deploy this PowerShell script.
The final ’Execution Settings’ section allows you to specify how many times the installation will be retried and more. You can also choose to enable notifications.
Once all parameters are met, select the ‘Deploy’ or ‘Deploy immediately’ button at the bottom of the page. You can also select the ‘Save As’ button to save this configuration as a Draft or Template for future installations.
The ThreatLocker PowerShell Script Installer will now be deployed to your target machines. You will see them appear within your ‘Devices’ page in the ThreatLocker Portal when the deployment is successful.