Help CenterNote: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com
The following steps will guide you in deploying ThreatLocker to your clients via N-able N-sight RMM.
Creating the Deployment Script
From the ThreatLocker Portal, navigate to the 'Install Computer' button. This button can be found on any page in your portal in the top right part of the screen to the right of the 'Deploy Policies' button.
You can also locate this button by navigating to the 'Devices' page on the left-hand side of the portal, then selecting the 'Install Computer' button at the top left of the page.
After selecting this button, a pop-up window will display titled 'Download Installer'. From here, select the dropdown titled 'Select your deployment method' and choose 'N-able' from the list.
Select the 'Installation Script' button to download the 'N-able' deployment script. This will download a .zip file with a .amp file inside. Unless you are deploying via FedRAMP, you will not need to make any modifications to the downloaded file.
Note: If you are deploying with FedRAMP, you MUST manually change the URLs in the script to the following:
https://api.threatlockerfed.com/installers/threatlockerstubx64.exe
AND
https://api.threatlockerfed.com/installers/threatlockerstubx86.exe
Once your script has been downloaded, log in to your N-able N-sight RMM Dashboard. Using the left-hand side of the portal, select 'All Devices'. Then, select 'Settings' from the top of the page and navigate to 'Script Manager' in the dropdown menu.
Selecting the 'Script Manager' option will open a pop-up window titled 'Script Manager'. At the top of this window, select the '+ New' button.
A new window titled 'Add User Defined Scripts' will open, allowing you to enter details about your new script.
To start, enter a name and a description for your script.
Usage Notes are not required but can be entered if preferred. Additionally, the Default Timeout will be set to 120 seconds by default, but it can be adjusted accordingly.
The next section provides checkboxes for the 'Type' and 'OS' that will apply to this deployment script. Within the 'Type' section, make sure the 'Automated Task' checkbox is selected, and that 'Windows' is selected for 'OS'.
Lastly, in the 'Upload a script' section, select the 'Browse' button and upload the deployment script you downloaded from the ThreatLocker Portal.
Once all of this has been entered, select the 'Save' button at the bottom of the window.
For Each Client in N-able RMM:
N-able RMM does not allow the client name to be passed as a script parameter. As a result, a separate task must be created for each client.
From the 'All Devices' page, right-click on the client or site you will be deploying your script to. Then, from the pop-up window, select 'Task' and 'Add'.
A new window titled 'Add Automated Task' will appear. Using the search bar, search for the name of the ThreatLocker deployment script you have added to N-sight. Then choose 'Next' at the bottom of the page.
Now, select the device type you want to add this task to. By default, the 'Servers' and 'Workstations' checkboxes will be selected and can be kept as such. Select 'Next' when done.
On the next page, add a Descriptive Name, your ThreatLocker Unique Identifier, and the Client Name. While your Descriptive Name can be anything, the ThreatLocker Unique Identifier and the Client Name must be specific.
The ThreatLocker Unique Identifier can be found in the ThreatLocker Portal by selecting the 'Install Computer' button, which is located at the top of any page or on the 'Devices' page. For more information on how to find your ThreatLocker Unique Identifier, please refer to the following article:
Getting your Unique Identifier from ThreatLocker | ThreatLocker Help Center
The Client Name should match the Identifier name in the ThreatLocker Portal. If you are deploying to an existing ThreatLocker Organization, ensure that the Client Name matches the Identifier in your portal. The Identifier for your Organization can be found by navigating to the 'Organizations' page using the left-hand side of the portal, then selecting the gear icon to the right of the organization you are deploying to. Selecting this button opens the 'Edit Organization Settings Sidebar,' where you will see a field labeled 'Identifier'.
Once this information has been entered, select 'Next' at the bottom of the window.
This page lets you choose the frequency at which this script runs. By default, it will run once per day. Please change the frequency on this page to better fit your organization if necessary, then select 'Next'.
The default selections on this page are fine as is, and can be updated if necessary. Select 'Next' after all changes have been made.
This final page lets you select which devices this task will run on. All devices for the selected client will be selected by default, and devices can be excluded from receiving the script by deselecting the checkbox to the left of each device. Once all devices have been selected, choose the 'Add Task' button at the bottom of the window to deploy your newly created task.