Deploying ThreatLocker via GPO with a startup script
1) Download the startup script.
2) Unzip the script and open it in the text editor of your choice.
3) Add the deployment unique identifier of the parent (Getting your Unique Identifier from ThreatLocker) to the "Key" variable on line 21.


4) Add the organization identifier of the child (on the organizations page) to the "Company" variable on line 21.
Note: If you are deploying to the parent organization, or you do not have any child organizations, simply use the organization unique identifier of the parent (on the organizations page).


5) Save the script.
6) Open Group Policy Management on your AD server.

7) Expand Forest>Domain>Group Policy Objects.

8) Right-click "Group Policy Objects" and select "New".

9) Name your Group Policy Object and select "OK".

10) Right-click the new Group Policy Object and select "Edit".

11) Expand Computer Configuration>Windows Settings.

12) Select "Scripts (Startup/Shutdown)" and double click "Startup".

13) Select "Browse".

14) Paste the startup script from steps 1-4 into the file explorer that opens.

15) Select the script and select "Open".

16) Select "OK".

17) Select "Apply" then select "OK".

18) Exit the Group Policy Management Editor.

19) Back in Group Policy Management, Right-click the OU or domain you would like to apply the Group Policy Object to and select "Link an Existing GPO...".

20) Select the Group Policy Object then select "OK".

21) Right-click the linked Group Policy and select "enforced".

At this point, all that is needed is for the endpoints to get updated group policies.
Note: If you want to force a group policy update on an endpoint to test, use the "gpupdate /force" command in CMD.