How is blockchain related to the future of technology? Today, we look at how this cutting-edge new tech can be applied in a wide variety of fields.
“How’d” is a question that people often ask when they are trying to figure out how something works. The “how’d” is a command-line tool that allows users to search and download app packages from the iOS App Store.
The Crowdstrike Falcon Technology is a next-generation endpoint security platform that is cloud-based and AI-powered. You can swiftly safeguard your systems and begin to block breaches in a matter of minutes by using their lightweight agent, the Crowdstrike Falcon Sensor, but how do you get it installed?
In this article, you’ll learn how to remove that complication by deploying the Crowdstrike Falcon Sensor for Windows using PowerShell & Group Policy. You will see, step-by-step, what is needed for installation and deployment. You will then configure and link a Group Policy Object containing your deployment script configuration.
Are you ready to protect your Windows environment with the finest endpoint security technology on the market today? If that’s the case, keep reading!
Prerequisites
To get started, you’ll need the following:
- A Crowdstrike account – a 15-day free trial is available here. This tutorial requires the usage of a Customer Identifier (CID).
- An Active Directory Domain Admin account is required. Editing and updating Group Policy requires this account.
- On a domain-joined PC, install the Remote Server Administration Tools (RSAT) software package. You may also use an Active Directory Domain Controller to access Group Policy Management.
- A file sharing where computers may access the Crowdstrike Falcon Sensor software. The path srv1Installers will be used in this tutorial.
- To install the Crowdstrike Falcon Sensor, you’ll need at least one domain-joined Windows 7+ PC.
Let’s get going!
Finding Your Crowdstrike Falcon Sensor and Downloading It
You’ll need your Crowdstrike Customer ID in the subsequent PowerShell script, so make a note of it if you don’t already have it. To do so:
- Open a browser window and go to the Crowdstrike administration portal’s Sensor Downloads area, or click on the Sensor Downloads item on the Falcon dashboard, as shown below.
Dashboard for Crowdstrike Falcon
2. When you go to the Sensor Downloads page, look for the HOW TO INSTALL section, which is displayed below. Your client ID may be found in this area. That ID should be copied to your clipboard.
Dashboard for Crowdstrike Falcon Sensor Downloads
3. On the same page, click the Download button (#2 in the photo above) in the bottom right corner.
4. You should have a file named WindowsSensor.exe after downloading. Move this file to a network share that all of the machines you’ll be installing it on will have access to.
Any network share with Read-Only permissions for users and machines may be used as the network share. In reality, they may be shares that house other network-wide installation files.
You’re ready to write the PowerShell script that will install and activate the Crowdstrike Falcon Sensor once you have the CID in your clipboard or stored someplace and the Falcon Sensor downloaded.
Make a PowerShell script for installation.
The next step is to create a PowerShell installation script. This script will prepare the computer on which it runs, download the sensor, install it, and activate it. The sole instructions in the official Crowdstrike manual are for producing a batch file to utilize for installation.
Batch files are considered obsolete and are not recommended for contemporary Windows systems. Instead, PowerShell should be used! Do you doubt me? Then check out this batch scripting post from TechRepublic from 20 years ago. PowerShell is more user-friendly.
To execute PowerShell scripts, you may need to update the PowerShell execution policy. When PowerShell security settings are centrally maintained, this is generally regulated through Group Policy.
This PowerShell script was written as follows:
- Paste the following code into Visual Studio (VS) Code or your preferred code editor. The script below does the following:
- For the download, create a temporary folder.
- Copies the sensor file to the temporary folder from the file share.
- If the Falcon Sensor is not already operating, it is checked.
- The Falcon Sensor is installed.
# Update these variables as needed $CID = ‘your CID here’ $SensorShare = ‘path to the sensor executable’ # The sensor is copied to the following directory $SensorLocal = ‘C:TempWindowsSensor.exe’ # Create a TEMP directory if one does not already exist if (!(Test-Path -Path ‘C:Temp’ -ErrorAction SilentlyContinue)) { New-Item -ItemType Directory -Path ‘C:Temp’ -Force } # Now copy the sensor installer if the share is available if (Test-Path -Path $SensorShare) { Copy-Item -Path $SensorShare -Destination $SensorLocal -Force } # Now check to see if the service is already present and if so, don’t bother running installer. if (!(Get-Service -Name ‘CSFalconService’ -ErrorAction SilentlyContinue)) { & $SensorLocal /install /quiet /norestart CID=$CID }
2. Before saving the script, change the value of the $CID variable in the script above to your Falcon dashboard CID.
3. Also, replace the $SensorShare variable’s UNC share with the location where your WindowsSensor.exe Falcon sensor is saved, for as SERVERFileshareWindowsSensor.exe.
4. Save the script as Install-Crowdstrike.ps1 on the same network share (SERVERFileshare).
In your shared network location folder, you should now have a PowerShell script and WindowsSensor.exe.
To install the Crowdstrike Falcon Sensor, create a Group Policy Object.
The Crowdstrike Falcon Sensor, as well as the PowerShell script, must be installed on all endpoints. Create a Group Policy Object to do this (GPO). This GPO will provide instructions for setting up a Windows scheduled task to execute the installation script you just produced at a predetermined time.
Check out the Microsoft documentation if you’re not sure how to create a GPO.
- Open a run prompt on your domain-joined PC and enter GPMC.msc, then click OK. The Group Policy Management Console will open as a result of this operation.
2. Then, as seen below, right-click Group Policy Objects and choose New:
Creating a new GPO in the Group Policy Management Console
3. Give your GPO a name that is significant. The GPO for this lesson is Deploy Crowdstrike Windows Sensor, as seen below:
Choosing a Name for a New GPO
4. To create the GPO, click OK.
5. Right-click the GPO you established as shown below in the Contents pane and choose Edit.
Making changes to the newly formed GPO
6. Navigate to Computer Configuration —> Preferences —> Control Panel Settings.
7. Right-click on Scheduled Tasks and select New —> Scheduled Task (At least Windows 7) as shown below. The New Task configuration screen will appear.
For Windows 7 and later, create a new Scheduled Task.
Create a Scheduled Task.
After you’ve finished creating the GPO template, you’ll need to establish a scheduled task to run the installation script. The Scheduled Task is the most important aspect of this procedure since it allows you to have the greatest control over the deployment. To begin, go to:
- Change the Action to Replace on the New Task page to start customizing the scheduled task choices. Every time the GPO is refreshed, the scheduled job will be created.
2. Assign a name and a brief description to the scheduled job. Deploy Crowdstrike Falcon for Windows is the name of the tutorial’s scheduled task.
3. Make the following adjustments:
- Choose to execute the job as NT AuthoritySystem under Security settings.
- Select Run whether a user is signed in or not to start the script without requiring a user account to log in interactively.
- Select Executed with maximum privileges to ensure that the script is run with elevated credentials.
- Select Windows 7, Windows Server 2008R2 from the Configure for menu.
New Task – General Settings Tab
4. Select the Triggers option. You may choose when this job will execute on this tab. This is a key step since you may choose to start the installation operation later or right after you finish configuring the GPO.
5. Click New as indicated below when on the Triggers tab to close the window.
Creating a new trigger in the New Task – Triggers tab
6. Choose a time for the installation to take place. The example in this tutorial uses an established maintenance window of 11 a.m. on Tuesday. You may choose a time that is most convenient for you. Begin the project. On a timer, with the settings and advanced options you choose. Once you’re happy, click OK as indicated below:
Configured new trigger
Configured new trigger When using Computer policies, a reboot may be necessary to create the Scheduled Task. Keep this in mind when choosing a trigger time.
7. Add Actions, or what you want to happen when the scheduled job is activated. Begin by selecting the Actions tab, as seen below. The Scheduled Task for the Install-Crowdstrike.ps1 script will be configured here.
8. Click New on the Actions tab, as shown below. The dialog box for New Action will display.
Creating a new action in the New Task – Actions tab
9. Leave the Action option at Start a program blank since you’re executing a PowerShell script. Powershell.exe will be executed by the scheduled job.
10. In the Settings section, enter Powershell.exe.
11. You must now give the powershell.exe engine with a few settings. In the Add parameters(optional) box, type the following arguments. These parameters instruct PowerShell to ignore the client machine’s execution policy and execute the script from the network share that was previously established.
-File “svr1InstallersInstall-Crowdstrike.ps1” -ExecutionPolicy Bypass
12. When you’re done, click OK as shown:
Configured new action
- You’ve returned to the Actions tab. The setup of the Scheduled Task is complete! Return to the Group Policy Management Console by clicking OK, as seen below:
Completed task setup
The Scheduled Task should now be listed in the GPO. Congrats! Another step down.
GPO with Scheduled Task configured
Connect the GPO to a Business Unit
Congratulations if you’ve stuck with me this far! You’ve taken the first step toward a successful deployment.
The next step is to use the Group Policy Management Console to connect the GPO you just established to an OU of your choosing. The OU should include all of the machines on which the Crowdstrike Falcon Sensor will be installed.
- To connect to an OU, right-click it and choose Link an Existing GPO, as illustrated below:
Creating a GPO
2. The GPO Select dialog box will display. Click OK after selecting the GPO you just established.
Choose GPO dialogue
3. The GPO should now be connected to the GPO. The policy is implemented to the full kindlelab.local domain in the following example:
GPO is connected to GPO.
The GPO in Action
They must reboot after linking the GPO to the target systems’ OU in order to execute the GPO and generate the scheduled job. Reboot one of the PCs in the OU you’ve targeted to test your implementation. When the machine restarts, a new scheduled job should appear in Task Manager, as illustrated below.
Task Manager
It’s now only a matter of waiting for the scheduled job to run the installation script and install the Falcon Sensor. An agent takes around 30 seconds to install.
Sensor Deployment Verification
Agents placed on all of the target machines will eventually appear in the Falcon interface. After a successful installation, deployed agents emerge in five minutes or less.
There are a couple of ways you can verify the deployment was successful. The easiest way is to visit the Crowdstrike Falcon console and selecting Hosts —> Hosts Management.
You can also use the cmdlet Get-Service in PowerShell to enumerate the CSFalconService on an endpoint, as illustrated below. This command is used to look for a service. The Falcon Sensor is installed and active if the service appears and is running.
Get-Service ‘CSFalconService’ -ServiceName
cmdlet Get-Service
Additional Information
Here are some more resources you may find useful:
The “how to draw” is a question that has been asked many times. This article will provide you with the steps on how to draw something.
Related Tags
- how ‘m
- how are you
- how to make
- how l
- 1. how
