Help CenterNote: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com
1) Download the startup script.
2) Unzip the script and open it in the text editor of your choice.
3) Add the deployment unique identifier of the parent (Getting your Unique Identifier from ThreatLocker) to the "Key" variable on line 21.
4) Add the organization identifier of the child (on the organizations page) to the "Company" variable on line 21.
Note: If you are deploying to the parent organization, or you do not have any child organizations, simply use the parent organization's identifier (on the organizations page).
5) Save the script.
6) Open Group Policy Management on your AD server.
7) Expand Forest>Domain>Group Policy Objects.
8) Right-click "Group Policy Objects" and select "New".
9) Name your Group Policy Object and select "OK".
10) Right-click the new Group Policy Object and select "Edit".
11) Expand Computer Configuration>Windows Settings.
12) Select "Scripts (Startup/Shutdown)" and double click "Startup".
13) Select "Browse".
14) Paste the startup script from steps 1-4 into the file explorer that opens.
15) Select the script and select "Open".
16) Select "OK".
17) Select "Apply" then select "OK".
18) Exit the Group Policy Management Editor.
19) Back in Group Policy Management, Right-click the OU or domain you would like to apply the Group Policy Object to and select "Link an Existing GPO...".
20) Select the Group Policy Object then select "OK".
21) Right-click the linked Group Policy and select "enforced".
At this point, all that is needed is for the endpoints to get updated group policies.
Note: If you want to force a group policy update on an endpoint to test, use the "gpupdate /force" command in CMD.
Troubleshooting
In case the ThreatLocker agent is not deploying to your endpoints, please use the following troubleshooting steps:
- Test connections using PSEXEC, including checking internet properties. (inetcpl.cpl, or running Google Chrome as System and attempting to access a webpage)
- Use Invoke-WebRequest to test connections to ThreatLocker APIs. (Invoke-WebRequest -uri "https://api.g.threatlocker.com as an example)
- Add a delay to the script to allow network drivers to load. (this may cause the boot procedure to take longer on a machine.)