Threatlocker Deployment [NinjaOne]
Purpose
This solution is designed to configure the automatic deployment of the Threatlocker Agent on Windows and Macintosh machines that are missing the agent, using the NinjaOne platform.
Associated Content
Custom Field
| Content | Type | Available Options | Function |
|---|---|---|---|
| cPVAL Threatlocker Deployment | Drop-down | Windows, Windows and Macintosh, Disabled | Enables Threatlocker auto-deployment for Windows or both Windows and Macintosh machines at the organization level. |
| cPVAL Threatlocker Deployment - Exclude | Drop-down | Yes, No | Allows exclusion of specific locations or devices from Threatlocker auto-deployment. |
| cPVAL Threatlocker Auth Key | Text | Stores the Threatlocker authorization key for Windows machines. | |
| cPVAL Threatlocker Organization Name | Text | Fill it with the organization name under which the Threatlocker agent is to be installed in Threatlocker Portal | |
| cPVAL ThreatLocker Mac GroupKey | Text | Stores one or more tags, separated by commas (optional). |
Automation
| Content | Function |
|---|---|
| Threatlocker Deployment | Installs Threatlocker agent on Windows operating systems. |
| Threatlocker Deployment - MAC | Installs Threatlocker agent on Macintosh operating systems. |
Compound Conditions
| Content | Function |
|---|---|
| Threatlocker Depoyment - Windows | Triggers the Threatlocker Deployment automation on Windows machines where deployment is enabled and Threatlocker is not installed. |
| Threatlocker Deployment - MAC | Triggers the Threatlocker Deployment [MAC] automation on Macintosh machines where deployment is enabled and Threatlocker is not installed. |
Implementation
Step 1
Create the following custom fields:
- cPVAL Threatlocker Deployment
- cPVAL Threatlocker Deployment - Exclude
- cPVAL Threatlocker Auth Key
- cPVAL Threatlocker Organization Name
- cPVAL ThreatLocker Mac GroupKey
Step 2
Create the following automations:
Step 3
Create the following Compound conditions:
Create the Threatlocker Depoyment - Windows compound condition for both default agent policies: Windows Server [Default] and Windows Workstation [Default].
Step 4
Create the Threatlocker Deployment - MAC compound condition for both default agent policies: Mac Server [Default] and Mac [Default].
FAQ
Q. What is this solution used for?
A. This solution is used to automatically deploy the ThreatLocker agent on Windows and macOS endpoints managed by NinjaOne when the agent is missing. It ensures consistent security coverage without requiring manual installation.
Q. Which operating systems are supported?
A. Windows and macOS
Q. Will this reinstall ThreatLocker if it is already installed?
A. No. The compound conditions explicitly check whether the ThreatLocker agent is not installed. If the agent is already present, the deployment script will not run.
Q. Where are the ThreatLocker credentials stored?
A. Credentials are stored securely using NinjaOne Custom Fields:
- Windows Auth Key: cPVAL Threatlocker Auth Key
- Windows Organization Name: cPVAL Threatlocker Organization Name
- macOS Group Key: cPVAL ThreatLocker Mac GroupKey
These values are retrieved dynamically at runtime by the deployment scripts.
Q. Can this be enabled or disabled per organization?
A. Yes. The custom field cPVAL Threatlocker Deployment controls whether automatic deployment is enabled at the organization level. This allows granular control over where ThreatLocker is deployed.
Q. Does this require user interaction?
A. No. The deployment runs silently in the background via NinjaOne automations and does not require any user interaction.