worklet

Worklet: Install SentinelOne Agent (Windows)

  • 24 March 2022
  • 0 replies
  • 3013 views
A
  • Anonymous
  • 0 replies

Hi, everybody! Since announcing our strategic alliance that pairs our two platforms, Automox has developed customized Worklets for SentinelOne that includes pre-built scripts for automatic deployment of the SentinelOne agent across Windows, Linux and macOS devices - without manual intervention or wasted IT cycles. Below you’ll find the worklet for Windows.

Big thanks to @Zac-Automox  for getting these written. 🤘

 

Worklet Details: Install SentinelOne Agent (Windows)

 

Evaluation Code

<#
.SYNOPSIS
    Evaluate the existence of the SentinelOne agent
    OS Support: Windows 7 and above
    Required modules: NONE
.DESCRIPTION
    This worklet will ensure the SentinelOne agent is installed on the targeted devices.
    The environment specific installer will need to be uploaded to the Automox console.

    $AppName is the name of the application being updated, ie "Sentinel Agent"
.EXAMPLE
    $AppName = "Sentinel Agent"
.NOTES
    Author: Zac Youtz
    Date: August 13, 2021
#>

# Predefinied Variables
$AppName = "Sentinel Agent"

# Check 64bit hive on x64 devices
if([System.Environment]::Is64BitOperatingSystem)
{
    $hklm64 = [Microsoft.Win32.RegistryKey]::OpenBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,[Microsoft.Win32.RegistryView]::Registry64)
    $skey64 = $hklm64.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Uninstall")
    $unkeys64 = $skey64.GetSubKeyNames()
    foreach($key in $unkeys64)
    {
        if($skey64.OpenSubKey($key).getvalue('DisplayName') -like "*$AppName*")
        {
            $installed += 1
        }
    }
}

# Check 32bit hive on 32/64 bit devices
$skey32 = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall"
foreach($key in Get-ChildItem $skey32 -ErrorAction SilentlyContinue | Get-ItemProperty | Where-Object {($_.DisplayName -like "*$AppName*")})
{
    $installed += 1
}

# Check Presence
if(!($installed))
{
    Write-Output "Software not installed - Flagging for installation"
    Exit 1
}

Write-Output "Software is already installed"
Exit 0

 

Remediation Code

 

<#
.SYNOPSIS
    Install SentinelOne Agent - Remediation Script
    OS Support: Windows 7 and above
    Run Type: Evaluation Schedule or OnDemand
.DESCRIPTION
    This worklet is designed to allow an Admin to install the SentinelOne agent on devices where it doesn't already exist.
    The admin will need to upload the most recent 32bit and 64bit MSI installers to the console in order to support both
    architectures.

    Usage: There are three variables used in this remediation script. They are used to define the filenames of both 32bit and 64bit MIS
    installers and the Site token used for communicating to the SentinelOne platform when registering.

    $32bitFilename: This is the 32bit installer filename. Be sure to include the extension in the file name between single quotes. The
    32-bit installer can be retrieved from the "Packages" section within SentinelOne.

    $64bitFilename: This is the 64bit installer filename. Be sure to include the extension in the file name between single quotes. The
    64-bit installer can be retrieved from the "Packages" section within SentinelOne.

    $SiteToken: This is the token used to register the Sentinel agent on installation and can be retrieved from the "Packages" section within SentinelOne.
.EXAMPLE
    $32bitFilename = "SentinelInstaller_windows_32bit_v21_6_2_272.msi"
    $64bitFilename = "SentinelInstaller_windows_64bit_v21_6_2_272.msi"
    $SiteToken = "ABCD123"
.NOTES
    Author: Zac Youtz
    Date: August 13, 2021
#>

###############################
$32bitFilename = ""
$64bitFilename = ""
$SITE_TOKEN = ""
###############################

# Predefinied Variables
$AppName = "Sentinel Agent"
$ScriptDir = Split-Path $script:MyInvocation.MyCommand.Path -Parent
$InstallerArgs = "SITE_TOKEN=$SITE_TOKEN /NORESTART /QUIET"

# Checks for 64-bit machines
if([System.Environment]::Is64BitOperatingSystem)
{
    $installer = "$ScriptDir\$64bitFilename"
    $hklm64 = [Microsoft.Win32.RegistryKey]::OpenBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,[Microsoft.Win32.RegistryView]::Registry64)
    $skey64 = $hklm64.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Uninstall")
    $unkeys64 = $skey64.GetSubKeyNames()

    foreach($key in $unkeys64)
    {
        if($skey64.OpenSubKey($key).getvalue('DisplayName') -like "*$AppName*" -and $skey64.OpenSubKey($key).getvalue("DisplayVersion"))
        {
            $installed += 1
        }
    }
} else {
    $installer = "$ScriptDir\$32bitFilename"
    # Check for installations in the 32bit hive on x86 devices
    $skey32 = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall"

    foreach($key in Get-ChildItem $skey32 -ErrorAction SilentlyContinue | Get-ItemProperty | Where-Object {($_.DisplayName -like "*$AppName*")})
    {
        $installed += 1
    }
}

# Install if not already present
if($installed)
{
  Write-Output "Compliant - $AppName already installed"
  Exit 0
} else {
    Write-Output "Installing $installer"
    $process = Start-Process -FilePath "$installer" -ArgumentList "$InstallerArgs" -Wait -PassThru

    # Check exit code for success/fail and verifying against known successful installation codes
    if (($process.ExitCode -eq '0') -or ($process.ExitCode -eq '3010'))
    {
        Write-Output "Successfully installed $AppName"
        Exit 0
    } elseif ($process.ExitCode -eq '1618') {
        Write-Output "Installation failed; the endpoint must be restarted prior to reinstalling $AppName"
        Exit 1
    } else {
        Write-Output "Installation failed"
        Exit 1
    }
}

 

0 replies

Be the first to reply!

Reply


Terms & ConditionsCookie settings