rss logo
Computing
Home
How To
Music
The Band
Tracks
Misc
Links
🇫🇷 Fr

How to Deploy SentinelOne in an Active Directory Environment

SentinelOne logo

I was recently asked to deploy the brand-new SentinelOne antivirus of the death from hell that kills XDR (for Extended Detection and Response) in a Windows Workstation environment…

If you haven't seen the movie, it's a security tool that uses an AI engine to prevent, detect and respond to software threats.

As you can see, it's "blah blah blah" amazing, but how to deploy it? Well, I couldn't find a predefined method for deploying it on a large scale.

So I had to find a way to do it… Let's see how I did it!

Manual installation

When the msi is launched, the SentinelOne installation program requests a token.

Because of this, you can't use the traditional msi software deployment via GPO for this installation. (I even tried, unsuccessfully, a solution with Orca (see here: https://docs.microsoft.com/) to add the token property.).

Sentinel One Install
  • We can add the token property with the msiexec command, as follows:
    • /i: install
    • /q: Quiet mode, no user interaction
    • /norestart: do not restart after the installation is complete
C:\>msiexec /i "SentinelInstaller_windows.msi" /q /norestart SITE_TOKEN="ps3GpmsPqogCBKF0ANnRhmUVptppZlKPMncnl2CGNG6cbaHia3yRHw6aWRb12AeDSj5NpabG1T4A6XPWzOsHt62jAgwK8IL5l0JibeWa"

This is the command we'll use in our installation script.

Batch Script

  • I've written a small installation script to install SentinelOne only if it hasn't already been installed:
@echo off REM check if "HKLM\Software\Sentinel Labs" registry key is present reg query "HKLM\Software\Sentinel Labs" REM if "HKLM\Software\Sentinel Labs" registry key is present, it means that sentinel has already been installed on this host, so go to the INSTALLED switch of the script IF %ERRORLEVEL% == 0 goto INSTALLED REM Copy SentinelInstaller_windows.msi installer from SYSVOL share to local TEMP folder WORKSTATION copy \\std\sysvol\std.local\scripts\SentinelOne\SentinelInstaller_windows.msi c:\windows\temp\ /Z /Y REM install msi package msiexec /i "c:\windows\temp\SentinelInstaller_windows.msi" /q /norestart SITE_TOKEN="ps3GpmsPqogCBKF0ANnRhmUVptppZlKPMncnl2CGNG6cbaHia3yRHw6aWRb12AeDSj5NpabG1T4A6XPWzOsHt62jAgwK8IL5l0JibeWa" REM if install is ok go to OK switch IF %ERRORLEVEL% == 0 goto OK REM if install fails go to ERROR switch goto ERROR :INSTALLED echo "Already Installed" goto END :ERROR echo "Install Error" goto END :OK echo "Install OK" :END
  • What the script does:
    • Check wether the entry "HKLM\Software\Sentinel Labs" exists in the registry (if it does, this means SentinelOne is already installed, so exit the script.).
    • If not, copy the SentinelInstaller_windows.msi file from AD share to c:\windows\temp\.
    • Then install the msi package.
  • From an Active Directory server, save the batch script and the SentinelOne msi package in C:\Windows\SYSVOL\sysvol\std.local\scripts\SentinelOne:
SYSVOL folder

Create a Group Policy Object

We're going to create a GPO that will run the installation script when our computers start up.

  • Open the Active Directory Users and Computers console:
Run Active Directory Users and Computers
  • Move the Computers where you want to install SentinelOne to the OU (Organizational Unit) Workstations:
Run Active Directory Users and Computers
  • Open the Group Policy Manager console:
Run Group Policy Management Console
  • Create a GPO:
Create a GPO
  • Give the new GPO a name:
New GPO name
  • Edit GPO:
Edit a GPO
  • Go to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown). Right-click on Startup > Properties
GPO New MSI Package
  • Click on Add… and Browse for the script:
GPO New MSI Package

And that's all…

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :

contact mail address