Deploying ThreatLocker with a Datto RMM Component

6 min. readlast update: 07.01.2025

Table of Contents

Locating the Unique Identifier | Downloading and Configuring the ThreatLocker Component (New UI) | Downloading and Configuring the ThreatLocker Component (Legacy UI) 

Note: For organizations deploying to a large number of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com 

ThreatLocker is available as a component in Datto's ComStore, simplifying its deployment using Datto RMM. Before proceeding, you must retrieve your company's Unique Identifier from the ThreatLocker portal. 

Locating the Unique Identifier

To locate your company’s unique identifier, you can select the 'Install Computer’ button located at the top right corner of every page within the ThreatLocker portal. 

Picture 

Alternatively, navigate to the ‘Devices’ page using the left-hand side of the portal and select the ‘Install Computer’ button in the page's top left corner. 

Picture 

Selecting this button will open a pop-up window titled ‘Download Installer’. Here, you can view your Unique Identifier for your organization. 

Picture

Downloading and Configuring the ThreatLocker Component (New UI) 

Once your Unique Identifier has been located, you can log into your Datto RMM account. Using the left-hand side of the Datto RMM portal, select the ‘Automation’ dropdown, then select ‘ComStore. 

Picture 

Now, in the ‘ComStore’ page, use the search bar to search for ‘threatlocker and select ‘ThreatLocker Installer [WIN]’. 

Picture

Picture

Select the ‘Add’ button to the right of the component to add it to your list of components. Once this has been downloaded, it will now be available in your ‘Components’ tab. 

Now, navigate to the ‘Components’ tab using the left-hand side of the page. 

Picture 

Using the search bar, enter ‘ThreatLocker Installer [WIN]’. 

Picture

Select your newly added ‘ThreatLocker Installer [WIN]’ component, then select the kebab menu option above it. 

Picture 

From within this menu, select ‘Copy’. Creating a copy of the ThreatLocker Installer component will allow you to have a base version not associated with a Unique Identifier from another one of your organizations.

Picture

In the ‘Name’ field, you can choose to change the name of the copy of your ThreatLocker Installer. 

Picture

Now, navigate to the ‘Variables’ section of the page. By default, the variable named usrTLSerial will be listed.

Picture

Using the ‘Default Value’ field provided, enter the Unique Identifier for the organization that the machines you will be deploying ThreatLocker in will belong to. 

Picture

This is the only change necessary for your component. 

You can now select ‘Create Component’ at the bottom of the page to solidify your changes. 

Picture 

Your organizations in ThreatLocker will be created by Datto RMM to match your Site names in Datto under the ThreatLocker Organization from which you obtained the Unique Identifier.   

If you have already provisioned your organizations in ThreatLocker, care must be taken to ensure that your 'Identifier' in ThreatLocker matches your Datto Site name exactly. Otherwise, new organizations will be created in ThreatLocker with the Identifier of the Site names in Datto. The 'Identifier' is located in the smaller font below your organization's name. 

Picture 

The Identifier can be changed by navigating to the ‘Organizations’ page, selecting the gear icon to the right of the organization's name, and then navigating to the ‘Identifier’ field within the ‘Edit Organization Settings’ page. 

PicturePicture 

If you wish to override the usrTLSerial variable with a Site variable and specify a specific Site to map your devices to, navigate to the ‘Components’ section and select the component you want to edit the variable on. You can also copy the component to create a new one for a ThreatLocker Site. 

Once selected, navigate to the ‘Variables’ section of your component. Where the variable named ‘userTLSerial’ is placed, select this and change the variable from ‘usrTLSerial’ to ‘usrTLSerialSite’. 

Picture

Add the Unique Identifier of the target organization within the 'Default Value' field, then select ‘Create Component’ at the bottom of the page. When you run the deployment script in Datto, any machine located within that Site in Datto will be mapped according to the Unique Identifier you placed in your usrTLSerialSITE variable. 

Downloading and Configuring the ThreatLocker Component (Legacy UI) 

Once your Unique Identifier has been located, you can log into your Datto RMM account. Using the menu at the top of the screen, select ‘ComStore’ > ‘All Components’. 

Picture 

Now in ‘ComStore’, use the search bar at the top of the page to search for ‘threatlocker’ and select ‘ThreatLocker Installer [WIN]. 

Picture

Select the component, then choose ‘Add to my Component Library’ within the pop-up window. 

Picture

Once selected, you can now view this component within your ‘Components’ page. Using the menu at the top of the page once more, select ‘Components’.

Picture 

Enter ‘ThreatLocker Installer [WIN]’ in the search bar to locate your newly downloaded component. 

Picture 

To the right of the component, select the copy icon. This will create a copy of your component and allow you to maintain a base version of the component that is not associated with a Unique Identifier from any of your organizations. 

Picture 

Once you select to copy this component, a pop-up window asking you to confirm you want to copy this will appear. Select ‘OK’ to proceed. 

Picture 

Once your component has been copied, a page containing its settings will open. Here, you can change its name and description. It is recommended that you name the component so that you will remember which organization it is associated with. 

Picture

Now, navigate to the ‘Variables’ section of the page. By default, the variable named usrTLSerial will be listed. 

Picture

Select the pencil icon to the right of the variable to edit it. 

Picture 

Within the ‘Default’ field, enter the Unique Identifier for the organization to which the machines you will be deploying ThreatLocker will belong. 

Picture

This is the only change necessary for your component. Once done, select the checkmark button to the right of the variable.

Once this has been added, you can select the ‘Save’ button at the bottom of the page. 

Picture 

Your organizations in ThreatLocker will be created by Datto RMM to match your Site names in Datto under the ThreatLocker Organization from which you obtained the Unique Identifier.   

If you have already provisioned your organizations in ThreatLocker, care must be taken to ensure that your 'Identifier' in ThreatLocker matches your Datto Site name exactly. Otherwise, new organizations will be created in ThreatLocker with the Identifier of the Site names in Datto. The 'Identifier' is located in the smaller font below your organization's name. 

Picture 

The identifier can be changed by navigating to the ‘Organizations’ page, selecting the gear icon to the right of the organization name, and then navigating to the ‘Identifier’ field within the ‘Edit Organization Settings’ page. 

PicturePicture 

If you wish to override the usrTLSerial variable with a Site variable and specify a specific Site to map your devices to, navigate to the ‘Components’ section and select the component you want to edit the variable on. You can also copy the component to create a new one for a ThreatLocker Site. 

Once selected, navigate to the ‘Variables’ section of your component. Where the variable named ‘userTLSerial’ is placed, select this and change the variable from ‘usrTLSerial’ to ‘usrTLSerialSite’. 

 Picture 

Add the Unique Identifier of the target organization within the 'Default' field, select the checkmark button to the right of the variable, then select ‘Save’ at the bottom of the page. Now, when you run the deployment script in Datto, any machine located within that Site in Datto will be mapped according to the Unique Identifier you placed in your usrTLSerialSITE variable.

Was this article helpful?