Skip to main content

Install the Windows Agent on Hosts Using a PowerShell Script

This topics walks you through the steps for installing the Lacework Windows agent on a host machine using the Install-LWDataCollector.ps1 PowerShell script. The script downloads the Windows agent MSI package and installs the Windows agent on a host machine.

Prerequisites

  1. Download the Lacework Powershell Script (powershell.zip file) using the instructions in Download Windows Agent Installer.
  2. Unzip the powershell.zip file. The signed-scripts folder that is created contains the Install-LWDataCollector.ps1 file.

Install on a Host Machine using the PowerShell Script

The Install-LWDataCollector.ps1 PowerShell script installs the Lacework Windows agent and adds a local firewall rule to allow the agent to communicate with Lacework. In addition, the script optionally configures a Windows Defender exclusion for the agent.

note

Lacework recommends that you exclude the agent from any antivirus or Endpoint Detection and Response (EDR) applications on your host. The Install-LWDataCollector.ps1 script allows you to enable this exclusion for Microsoft Defender. For other antivirus applications, you can customize the script to exclude the agent from scanning.

Install with a Configuration File

  1. Create a config.json file on your host using a text editor.

    note

    Do not create the config.json file in the C:\ProgramData\Lacework\ directory where the Windows agent components will be installed.

  2. Paste the following into the config.json file:

    {
       "tokens": {
           "accesstoken": "Your_Access_Token"
            },
        "serverurl": "Your_API_Endpoint"
    }

    Where:

    • Your_Access_Token specifies the access token to use with the agent. Obtain the access token using the instructions in Agent Access Token.
    • Your_API_Endpoint specifies the agent server URL. For more information, see serverurl Property.

  3. By default, the agent is automatically upgraded when a new version is available. To disable automatic upgrade, see Automatic Upgrade of Windows Agent.

  4. Save the config.json file in the ASCII format and note the location of the file.

  5. Open a PowerShell terminal as an administrator.

  6. Navigate to the directory containing the Install-LWDataCollector.ps1 script on your host.

  7. Run the script using the following command in the PowerShell command line:

    C:\Users\Administrator> .\Install-LWDataCollector.ps1 -MSIURL Agent_MSI_Download_URL -ConfigPath C:\path\to\config.json -Defender

    Where:

    • C:\path\to\config.json specifies the file path for the config.json file.
    • Agent_MSI_Download_URL specifies the URL for downloading the Windows agent MSI package. To obtain the URL, do the following:
      1. Go to the Lacework Windows Agent Releases page. This page lists the Windows agent releases you can install.
      2. Go to the release you want to install.
      3. Copy the URL for Lacework Windows Agent MSI Package.
    • The -Defender option excludes the Windows agent from scanning with Windows Defender.

    The config.json file is copied to the C:\ProgramData\Lacework\ directory. You can modify this file to change the agent settings. If you modify the file, you must restart the agent for the changes to take effect. For more information, see Restart Windows Agent.

Install without a Configuration File

Instead of specifying configuration parameters for the agent installation in a config.json file, you can specify them directly in the command line. Do the following:

  1. Open a PowerShell terminal as an administrator.

  2. Navigate to the directory containing the Install-LWDataCollector.ps1 script on your host.

  3. Run the script using the following command in the PowerShell command line:

    C:\Users\Administrator> .\Install-LWDataCollector.ps1 -MSIURL Agent_MSI_Download_URL -AccessToken Your_Access_Token -ServerURL Your_API_Endpoint -Defender

    Where:

    • Your_Access_Token specifies your agent access token. For more information, see Agent Access Token.
    • Your_API_Endpoint specifies your Lacework agent server URL. For more information, see serverurl Property.
    • Agent_MSI_Download_URL specifies the URL for downloading the Windows agent MSI package. To obtain the URL, do the following:
      1. Go to the Lacework Windows Agent Releases page. This page lists the Windows agent releases you can install.
      2. Go to the release you want to install.
      3. Copy the URL for Lacework Windows Agent MSI Package.
    • The -Defender option excludes the Windows agent from scanning with Windows Defender.

    A config.json file that contains the options you specified in the command line is created in the C:\ProgramData\Lacework\ directory. You can modify this file to change the settings for the agent. If you modify the file, you must restart the agent for the changes to take effect. For more information, see Restart Windows Agent.

Last updated on