I was recently asked to deploy the brand new SentinelOne antivirus of the death from hell that kills XDR (for Extended Detection and Response) in a Windows Workstations environment…
If you haven't seen the movie, it's a security tool that uses a AI power engine to prevent, detect and respond to software threats.
As you can see it's "blah blah blah" extraordinary but how to deploy it? Well, I haven't found a pre-built method to deploy it on a large scale.
So I had to find a way to deploy it…
When launching the msi, the SentinelOne installer asks for a Token.
We can't use the native msi GPO software installation for this one. (I even tried, without success, a solution with Orca to add token property.).
C:\>msiexec /i "SentinelInstaller_windows.msi" /q /norestart SITE_TOKEN="ps3GpmsPqogCBKF0ANnRhmUVptppZlKPMncnl2CGNG6cbaHia3yRHw6aWRb12AeDSj5NpabG1T4A6XPWzOsHt62jAgwK8IL5l0JibeWa"
This will help us to write the installation script.
@echo off
:REM check if "HKLM\Software\Sentinel Labs" registry key is present
reg query "HKLM\Software\Sentinel Labs"
:REM if "HKLM\Software\Sentinel Labs" registry key is present, it means that sentinel has already been installed on this host, so go to the INSTALLED switch of the script
IF %ERRORLEVEL% == 0 goto INSTALLED
:REM Copy SentinelInstaller_windows.msi installer from SYSVOL share to local TEMP folder WORKSTATION
copy \\std\sysvol\std.local\scripts\SentinelOne\SentinelInstaller_windows.msi c:\windows\temp\ /Z /Y
:REM install msi package
msiexec /i "c:\windows\temp\SentinelInstaller_windows.msi" /q /norestart SITE_TOKEN="ps3GpmsPqogCBKF0ANnRhmUVptppZlKPMncnl2CGNG6cbaHia3yRHw6aWRb12AeDSj5NpabG1T4A6XPWzOsHt62jAgwK8IL5l0JibeWa"
:REM if install is ok go to OK switch
IF %ERRORLEVEL% == 0 goto OK
:REM if install fails go to ERROR switch
goto ERROR
:INSTALLED
echo "Already Installed"
goto END
:ERROR
echo "Install Error"
goto END
:OK
echo "Install OK"
:END
We will therefore create a GPO that will execute the installation script when our computers start up.
And that's it…
Contact :