I was recently asked to deploy the brand new SentinelOne
antivirus of the death from hell that kills XDR (for Extended Detection and Response) in a Windows Workstations environment…
If you haven't seen the movie, it's a security tool that uses a AI power engine to prevent, detect and respond to software threats.
As you can see it's "blah blah blah" extraordinary but how to deploy it? Well, I haven't found a pre-built method to deploy it on a large scale.
So I had to find a way to deploy it…
When launching the msi, the SentinelOne installer asks for a Token.
We can't use the native msi GPO software installation for this one. (I even tried, without success, a solution with Orca to add token property.).
C:\>msiexec /i "SentinelInstaller_windows.msi" /q /norestart SITE_TOKEN="ps3GpmsPqogCBKF0ANnRhmUVptppZlKPMncnl2CGNG6cbaHia3yRHw6aWRb12AeDSj5NpabG1T4A6XPWzOsHt62jAgwK8IL5l0JibeWa"
This will help us to write the installation script.
@echo off :REM check if "HKLM\Software\Sentinel Labs" registry key is present reg query "HKLM\Software\Sentinel Labs" :REM if "HKLM\Software\Sentinel Labs" registry key is present, it means that sentinel has already been installed on this host, so go to the INSTALLED switch of the script IF %ERRORLEVEL% == 0 goto INSTALLED :REM Copy SentinelInstaller_windows.msi installer from SYSVOL share to local TEMP folder WORKSTATION copy \\std\sysvol\std.local\scripts\SentinelOne\SentinelInstaller_windows.msi c:\windows\temp\ /Z /Y :REM install msi package msiexec /i "c:\windows\temp\SentinelInstaller_windows.msi" /q /norestart SITE_TOKEN="ps3GpmsPqogCBKF0ANnRhmUVptppZlKPMncnl2CGNG6cbaHia3yRHw6aWRb12AeDSj5NpabG1T4A6XPWzOsHt62jAgwK8IL5l0JibeWa" :REM if install is ok go to OK switch IF %ERRORLEVEL% == 0 goto OK :REM if install fails go to ERROR switch goto ERROR :INSTALLED echo "Already Installed" goto END :ERROR echo "Install Error" goto END :OK echo "Install OK" :END
We will therefore create a GPO that will execute the installation script when our computers start up.
And that's it…