ThreatLocker Deployment [NinjaOne]
Purpose
This solution is designed to configure the automatic deployment of the ThreatLocker Agent on Windows and Macintosh machines that are missing the agent, using the NinjaOne platform.
Associated Content
Custom Field
| Content | Type | Available Options | Function |
|---|---|---|---|
| cPVAL ThreatLocker Deployment | Drop-down | All, Windows, Windows and Macintosh, Disabled, windows workstations, windows servers and Macs, Windows Workstations and macs, windows servers, macs, Uninstall | Custom Field to select OS to enable auto-deployment of ThreatLocker. Select 'Uninstall' to uninstall ThreatLocker if it is already installed on the machines. |
| cPVAL ThreatLocker Auth Key | Text | Stores the ThreatLocker authorization key for Windows machines. | |
| cPVAL ThreatLocker Organization Name | Text | Fill it with the organization name under which the ThreatLocker agent is to be installed in ThreatLocker Portal | |
| cPVAL ThreatLocker Mac GroupKey | Text | Stores one or more tags, separated by commas (optional). |
Automation
| Content | Function |
|---|---|
| ThreatLocker Deployment | Installs ThreatLocker agent on Windows operating systems. |
| ThreatLocker Deployment - MAC | Installs ThreatLocker agent on Macintosh operating systems. |
| Uninstall ThreatLocker | Uninstalls ThreatLocker from a Windows machine. Tamper Protection must be disabled before running this script, otherwise the uninstall may fail. |
Compound Conditions
| Content | Function |
|---|---|
| ThreatLocker Deployment - Workstations | Triggers the ThreatLocker Deployment automation on Windows workstations where deployment is enabled and ThreatLocker is not installed. |
| ThreatLocker Deployment - Servers | Triggers the ThreatLocker Deployment automation on Windows servers where deployment is enabled and ThreatLocker is not installed. |
| ThreatLocker Deployment - MAC | Triggers the ThreatLocker Deployment [MAC] automation on Macintosh machines where deployment is enabled and ThreatLocker is not installed. |
| Uninstall ThreatLocker - Windows | Triggers the Uninstall ThreatLocker automation on Windows machines where uninstallation is enabled and ThreatLocker is installed. |
Implementation
Step 1
Create the following custom fields:
- cPVAL ThreatLocker Deployment
- cPVAL ThreatLocker Auth Key
- cPVAL ThreatLocker Organization Name
- cPVAL ThreatLocker Mac GroupKey
Step 2
Create the following automations:
Step 3
Create the following Compound conditions:
- ThreatLocker Deployment - Workstations
- ThreatLocker Deployment - Servers
- ThreatLocker Deployment - MAC
- Uninstall ThreatLocker - Windows
FAQ
Q. What is this solution used for?
A. This solution is used to automatically deploy the ThreatLocker agent on Windows and macOS endpoints managed by NinjaOne when the agent is missing. It ensures consistent security coverage without requiring manual installation.
Q. Which operating systems are supported?
A. Windows and macOS
Q. Will this reinstall ThreatLocker if it is already installed?
A. No. The compound conditions explicitly check whether the ThreatLocker agent is not installed. If the agent is already present, the deployment script will not run.
Q. Where are the ThreatLocker credentials stored?
A. Credentials are stored securely using NinjaOne Custom Fields:
- Windows Auth Key: cPVAL ThreatLocker Auth Key
- Windows Organization Name: cPVAL ThreatLocker Organization Name
- macOS Group Key: cPVAL ThreatLocker Mac GroupKey
These values are retrieved dynamically at runtime by the deployment scripts.
Q. Can this be enabled or disabled per organization?
A. Yes. The custom field cPVAL ThreatLocker Deployment controls whether automatic deployment is enabled at the organization level. This allows granular control over where ThreatLocker is deployed.
Q. Does this require user interaction?
A. No. The deployment runs silently in the background via NinjaOne automations and does not require any user interaction.
Changelog
2026-06-02
- Added Uninstall option in the
cPVAL ThreatLocker Deploymentcustom field. - Added missing components to the documents as per our new document standards.
- Renamed the compound condition from
ThreatLocker-deployment-windowstoThreatLocker-deployment-workstations. Separated workstations and servers compound conditions because servers use different Custom fields for deployment. - Added ThreatLocker uninstallation script for windows and its corresponding Custom Field.
2025-05-27
- Initial version of the document