Team: Huntress EDR
Product: Microsoft System Center Configuration Manager (SCCM) or Endpoint Configuration Management (ECM)
Environment: Windows
Summary: Deploy Huntress via SCCM or ECM utilizing PowerShell scripts
This document assumes that you already have SCCM/ECM configured and running in your environment and have used it to deploy PowerShell scripts in the past. SCCM/ECM agent installed on all endpoints is required.
IMPORTANT: If you have never deployed PowerShell scripts with your implementation of SCCM/ECM, then it is likely that you will need to create 3 new security roles to support this activity with the following permissions. Located at SCCM/ECM | Administration | Security | Security Roles.
-Script Runners
Category:Collection-Permission:Run Script-State:Yes
Category:Site-Permission:Read-State:Yes
Category:SMS Scripts-Permission:Create-State:Yes
Category:SMS Scripts-Permission:Read-State:Yes
- Script Authors
Category:Collection-Permission:Run Script-State:No
Category:Site-Permission:Read-State:Yes
Category:SMS Scripts-Permission:Create-State:Yes
Category:SMS Scripts-Permission:Read-State:Yes
Category:SMS Scripts-Permission:Delete-State:Yes
Category:SMS Scripts-Permission:Modify-State:Yes
- Script Approver
Category:Collection-Permission:Run Script-State:No
Category:Site-Permission:Read-State:Yes
Category:SMS Scripts-Permission:Read-State:Yes
Category:SMS Scripts-Permission:Approve-State:Yes
Category:SMS Scripts-Permission:Modify-State:Yes
These roles will need to be applied to the accounts that you are using to approve and run the scripts, all can be assigned to the same user to keep things simple if preferred. If using the same account to both approve and run scripts, you will need to go to Administration | Site Configuration | Click “Hierarchy Settings” at top | Uncheck “Script authors require additional script approver”
IN THIS ARTICLE
Creating the Script
- Deploying our PowerShell script via SCCM/ECM is simple. First, copy the script from our GitHub (https://raw.githubusercontent.com/huntresslabs/deployment-scripts/main/Powershell/InstallHuntress.powershellv2.ps1) to your clipboard. In SCCM/ECM | Software Library | Click “Scripts” | Click “Create Script” at the top and follow through the following prompts. Script Name: Install Huntress
Script Language: PowerShell
Script: Paste the script you copied from our GitHub page into the window as shown above and click “Next” - Script parametersAcctkey: Enter your Huntress account key
Orgkey: Enter your Huntress organization key
Tags: Enter a list of tags (optional), separated by commas
Click “Next” - SummaryValidate your settings and click next to create the script. You should see a confirmation screen.
Approving the Script for Deployment
Once the script is created, we will need to approve the script for deployment.
- In SCCM/ECM | Software Library | Scripts | Highlight the script you just created called “Install Huntress” | Click “Approve” at the top to see these dialogues:
- Click "next."
- Verify your parameters and click "next."
- Select Approve and click "Next" to finish.
Running the script
Once the script is approved the last step is to deploy, this can be done to either a specific machine or a collection as it works the same way. In SCCM/ECM | Assets and Compliance | Select either Devices or Device Collections | Select Device or Collection | Click “Run Script” at top and follow this dialogue:
Highlight Huntress Install in the list and click “Next”
Confirm script parameters and click “Next”
Confirm Summary and click Next to deploy script and see results.
Comments
0 comments
Please sign in to leave a comment.