Help CenterAs GPO can sometimes be unreliable, ThreatLocker has created a logon script that can be run to check for computers in your Active Directory environment that are not running ThreatLocker. Once run, this script will send up the hostname of any computer not running ThreatLocker, making it viewable in a tab on your ‘Devices’ page.
The logon script was designed for Active Directory environments. You will not need to utilize this script if you are using an RMM as you can set up a continuous deployment whereby newly installed computers will automatically have ThreatLocker installed on whatever schedule you have set up.
To download the logon script, navigate to the ‘Devices’ page using the left-hand menu in the ThreatLocker portal. Once in the ‘Devices’ page, select the hamburger menu in the top left corner of the page. This menu will be to the right of the ‘Install Computer’ button. Selecting the hamburger menu will open a popup window titled ‘Computer Options’. Select the ‘Get Logon Script’ button from here.
Now, you will see a popup window titled ‘Logon Scripts’.
Your Authorization Key will be input into the script for you automatically.
You can select either the signed or unsigned version of this script. The unsigned version was created to decrease the size of the file, but both scripts function exactly the same way.
Choosing the download labeled ‘Sample Batch’ will provide you with an example of how to add the logon script to your existing login script.
Run this script on your AD server using admin credentials. It will check all computers in your AD environment for ThreatLocker. Any endpoint that does not have ThreatLocker installed and running will have its hostname sent to the ThreatLocker Portal and will be listed in a new tab made available on the ‘Devices’ page.
Once a computer within the organization is detected as not having ThreatLocker installed, a new option will be available within the ‘Devices’ page, appearing to the right of the ‘Computer Group’ dropdown menu.
Selecting the ‘Installed’ option will show you your regular list of devices that have ThreatLocker installed on them.
Switching to ‘Not Installed’ will show you all computers within your organization that do not have ThreatLocker installed on them.
