Deploying SentinelOne in a Active Directory environment

SentinelOne logo

I was recently asked to deploy the brand new SentinelOne antivirus of the death from hell that kills XDR (for Extended Detection and Response) in a Windows Workstations environment…

If you haven't seen the movie, it's a security tool that uses a AI power engine to prevent, detect and respond to software threats.

As you can see it's "blah blah blah" extraordinary but how to deploy it? Well, I haven't found a pre-built method to deploy it on a large scale.

So I had to find a way to deploy it…

Manual installation

When launching the msi, the SentinelOne installer asks for a Token.

We can't use the native msi GPO software installation for this one. (I even tried, without success, a solution with Orca to add token property.).

Sentinel One Install
  • Anyway, we can add token property with the msiexec command, this way :
    • /i : install
    • /q : Quiet mode, no user interaction
    • /norestart : do not restart after the installation is complete
C:\>msiexec /i "SentinelInstaller_windows.msi" /q /norestart SITE_TOKEN="ps3GpmsPqogCBKF0ANnRhmUVptppZlKPMncnl2CGNG6cbaHia3yRHw6aWRb12AeDSj5NpabG1T4A6XPWzOsHt62jAgwK8IL5l0JibeWa"

This will help us to write the installation script.

Batch Script

  • I wrote a small installation script to install SentinelOne only if it has not already been installed :
@echo off

:REM check if "HKLM\Software\Sentinel Labs" registry key is present
reg query "HKLM\Software\Sentinel Labs"

:REM if "HKLM\Software\Sentinel Labs" registry key is present, it means that sentinel has already been installed on this host, so go to the INSTALLED switch of the script

:REM Copy SentinelInstaller_windows.msi installer from SYSVOL share to local TEMP folder WORKSTATION
copy \\std\sysvol\std.local\scripts\SentinelOne\SentinelInstaller_windows.msi c:\windows\temp\ /Z /Y

:REM install msi package
msiexec /i "c:\windows\temp\SentinelInstaller_windows.msi" /q /norestart SITE_TOKEN="ps3GpmsPqogCBKF0ANnRhmUVptppZlKPMncnl2CGNG6cbaHia3yRHw6aWRb12AeDSj5NpabG1T4A6XPWzOsHt62jAgwK8IL5l0JibeWa"

:REM if install is ok go to OK switch
IF %ERRORLEVEL% == 0 goto OK

:REM if install fails go to ERROR switch
goto ERROR

echo "Already Installed"
goto END

echo "Install Error"
goto END

echo "Install OK"

  • From Active Directory save batch script and SentinelOne msi package to C:\Windows\SYSVOL\sysvol\std.local\scripts\SentinelOne :
SYSVOL folder

Create Group Policy Object

We will therefore create a GPO that will execute the installation script when our computers start up.

  • Open Active Directory Users and Computers console :
Run Active Directory Users and Computers
  • Move Computers where you want to install SentinelOne to Workstations OU (Organizational Unit) :
Run Active Directory Users and Computers
  • Open Group Policy Manager console :
Run Group Policy Management Console
  • Create GPO :
Create a GPO
  • Give a name to the new GPO :
New GPO name
  • Edit the GPO :
Edit a GPO
  • Go to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown). Do a Right click Startup > Properties
GPO New MSI Package
  • Click Add… and Browse to the script :
GPO New MSI Package

And that's it…

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :