Deploying ThreatLocker with a datto RMM Component

3 min. readlast update: 12.27.2023

View in Browser

Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com

 ThreatLocker is now available as a Component in the datto ComStore, further simplifying the deployment of ThreatLocker using datto RMM. You will need to retrieve your company's Unique Identifier from the ThreatLocker portal before proceeding.

In the ThreatLocker portal, navigate to the 'Computers' page of your organization. Select the 'Install New Computer' button at the top. This will open a window containing your Unique Identifier as highlighted in the screenshot below. You will need to input this Unique Identifier into your datto Component.

undefined

 Log into your datto RMM account. Navigate to the 'ComStore' tab. There you can search for ThreatLocker. Select 'ThreatLocker Installer [WIN]' to download the Component.

undefined

(New UI pictured above and Legacy UI pictured below)

undefined

Once you have downloaded 'ThreatLocker Installer [WIN]', it will be available in your 'Components' tab.  

Navigate to the 'Components' tab. Click on 'Copy' by 'ThreatLocker Installer [WIN]' in your list of Components to create a copy of the Component that you can edit.  

Click in the name of the copied Component to open it for editing. Scroll down to the 'Variables' section. By default, the variable named usrTLSerial will be listed. 

undefined

Click on the pencil icon to edit the usrTLSerial variable. In the 'Default' textbox, enter your ThreatLocker Unique Identifier. And then click the green checkmark to save your change. This is the only change you need to make, and your Component is now ready to be used to deploy ThreatLocker.

undefined

(New UI pictured above and Legacy UI pictured below) 

undefined

Your organizations in ThreatLocker will be created by datto RMM to match your Site names in datto, under the ThreatLocker Organization that you obtained the Unique Identifier from.  

If you have already provisioned your organizations in ThreatLocker, care must be taken to be sure your 'Identifier' in ThreatLocker matches your datto Site name exactly otherwise new organizations will be created in ThreatLocker with the Identifer of the Site names in datto. The 'Identifier' is located in the smaller font below the name of your organization.

undefined

The 'Identifier' can be changed by clicking the pencil icon, and replacing the text in the 'Identifier' box.

undefined

If you wish to override the usrTLSerial variable with a Site variable and specify a specific Site to map your devices to, navigate to the 'Sites' tab in datto and select the desired Site from the dropdown list.  

Next, go to the 'Settings' tab for that Site. 

undefined

Scroll down until you reach the 'Variables' section.

undefined

Click the 'Add Variable' button. Name the variable 'usrTLSerialSITE' and input the Unique Identifier of the target organization in ThreatLocker.  

Now when you run the deployment script in datto, any machine located within that Site in datto will be mapped according to the Unique Identifier you placed in your usrTLSerialSITE variable.

Was this article helpful?