Install the Windows Agent on Hosts Using a PowerShell Script
This topics walks you through the steps for installing the Lacework Windows agent on a host machine using the Install-LWDataCollector.ps1
PowerShell script. The script downloads the Windows agent MSI package and installs the Windows agent on a host machine.
Prerequisites
- Download the Lacework Powershell Script (powershell.zip file) using the instructions in Download Windows Agent Installer.
- Unzip the powershell.zip file. The signed-scripts folder that is created contains the
Install-LWDataCollector.ps1
file.
Install on a Host Machine using the PowerShell Script
The Install-LWDataCollector.ps1
PowerShell script installs the Lacework Windows agent and adds a local firewall rule to allow the agent to communicate with Lacework. In addition, the script optionally configures a Windows Defender exclusion for the agent.
Lacework recommends that you exclude the agent from any antivirus or Endpoint Detection and Response (EDR) applications on your host. The Install-LWDataCollector.ps1
script allows you to enable this exclusion for Microsoft Defender. For other antivirus applications, you can customize the script to exclude the agent from scanning.
Install with a Configuration File
Create a config.json file on your host using a text editor.
noteDo not create the config.json file in the
C:\ProgramData\Lacework\
directory where the Windows agent components will be installed.Paste the following into the config.json file:
{
"tokens": {
"accesstoken": "Your_Access_Token"
},
"serverurl": "Your_API_Endpoint"
}Where:
Your_Access_Token
specifies the access token to use with the agent. Obtain the access token using the instructions in Agent Access Token.Your_API_Endpoint
specifies the agent server URL. For more information, see serverurl Property.
By default, the agent is automatically upgraded when a new version is available. To disable automatic upgrade, see Automatic Upgrade of Windows Agent.
Save the config.json file in the ASCII format and note the location of the file.
Open a PowerShell terminal as an administrator.
Navigate to the directory containing the Install-LWDataCollector.ps1 script on your host.
Run the script using the following command in the PowerShell command line:
C:\Users\Administrator> .\Install-LWDataCollector.ps1 -MSIURL Agent_MSI_Download_URL -ConfigPath C:\path\to\config.json -Defender
Where:
C:\path\to\config.json
specifies the file path for the config.json file.Agent_MSI_Download_URL
specifies the URL for downloading the Windows agent MSI package. To obtain the URL, do the following:- Go to the Lacework Windows Agent Releases page. This page lists the Windows agent releases you can install.
- Go to the release you want to install.
- Copy the URL for Lacework Windows Agent MSI Package.
- The
-Defender
option excludes the Windows agent from scanning with Windows Defender.
The config.json file is copied to the
C:\ProgramData\Lacework\
directory. You can modify this file to change the agent settings. If you modify the file, you must restart the agent for the changes to take effect. For more information, see Restart Windows Agent.
Install without a Configuration File
Instead of specifying configuration parameters for the agent installation in a config.json file, you can specify them directly in the command line. Do the following:
Open a PowerShell terminal as an administrator.
Navigate to the directory containing the Install-LWDataCollector.ps1 script on your host.
Run the script using the following command in the PowerShell command line:
C:\Users\Administrator> .\Install-LWDataCollector.ps1 -MSIURL Agent_MSI_Download_URL -AccessToken Your_Access_Token -ServerURL Your_API_Endpoint -Defender
Where:
Your_Access_Token
specifies your agent access token. For more information, see Agent Access Token.Your_API_Endpoint
specifies your Lacework agent server URL. For more information, see serverurl Property.Agent_MSI_Download_URL
specifies the URL for downloading the Windows agent MSI package. To obtain the URL, do the following:- Go to the Lacework Windows Agent Releases page. This page lists the Windows agent releases you can install.
- Go to the release you want to install.
- Copy the URL for Lacework Windows Agent MSI Package.
- The
-Defender
option excludes the Windows agent from scanning with Windows Defender.
A config.json file that contains the options you specified in the command line is created in the
C:\ProgramData\Lacework\
directory. You can modify this file to change the settings for the agent. If you modify the file, you must restart the agent for the changes to take effect. For more information, see Restart Windows Agent.