EDR: How to deploy sensor certificates via GPO to disconnected endpoints
search cancel

EDR: How to deploy sensor certificates via GPO to disconnected endpoints

book

Article ID: 289037

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Deploy sensor certificates registry keys via GPO to disconnected endpoints with mismatched settings for sensor group certificates.

Environment

  • EDR (formerly CB Response) Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Resolution

  1. Install new sensor installer on one of the endpoint.
  2. Confirm its working and connected/registered with the EDR console
  3. Copy over client certs from registry of new sensor to non-working/recently-migrated sensor's registry
    • Pre-6.2.3-win sensor:
      • HKLM\SOFTWARE\CarbonBlack\config\SensorClientCert¬†
      • HKLM\SOFTWARE\CarbonBlack\config\SensorClientKey¬†
    • 6.2.3-win and above:
      • HKLM\SYSTEM\CurrentControlSet\services\carbonblackk\SensorClientCert
      • HKLM\SYSTEM\CurrentControlSet\services\carbonblackk\SensorClientKey¬†
  4. Force check-in from endpoint and validate connectivity/registration
    1. Open cmd prompt
    2. Run:
sc control CarbonBlack 200
  1. Push the changes to all sensors through GPO (Group Policy)