STG Deployment

This article applies to the following products:

• Server Threat Guard (STG)

Summary

The STG Deployment Manager PowerShell script is an interactive deployment utility used to manage STG Monitor deployments across multiple servers. It supports upgrading, installing, uninstalling, pausing, and resuming STG services through a menu-driven interface.

The script automates the following tasks:

• Loads a server list from a text file

• Copies deployment files to remote servers

• Executes Setup-STG.ps1 remotely

• Detects installer versions automatically

• Pauses and resumes STG processing during upgrades

• Supports logging to a text file

• Allows changing the STG control connection port

• Supports both MSI and EXE installer formats

Requirements & Privileges

• PowerShell 5.1 or later
• Script must be run in an elevated Administrator PowerShell session
• Remote PowerShell (WinRM) access to all target servers
• Administrative access to remote servers
• Network access to the deployment file share
• Remote administrative shares enabled (example: C$)
• TLS 1.2 enabled on older Windows operating systems
   

Required Privileges

The STG Deployment Manager PowerShell script is an interactive deployment utility used to manage STG Monitor deployments across multiple servers. It supports upgrading, installing, uninstalling, pausing, and resuming STG services through a menu-driven interface.

The script automates the following tasks:

• Loads a server list from a text file

• Copies deployment files to remote servers

• Executes Setup-STG.ps1 remotely

• Detects installer versions automatically

• Pauses and resumes STG processing during upgrades

• Supports logging to a text file

• Allows changing the STG control connection port

• Supports both MSI and EXE installer formats

Server List Format

The script loads target servers from a text file. Each line should contain one server name or IP address. 

1. Open PowerShell as Administrator

2. Navigate to the folder containing Deploy-STG-all.ps1

3. Run the script

   1. Provide the server list text file path when prompted

   2. Select the desired menu option

   3. Provide the STG source path if different from the default

       

Menu Options

• 1) Upgrade (Keep Settings/Data) – Upgrades STG while preserving existing settings and data.

• 2) Upgrade (Clear Settings/Data) – Performs an upgrade and replaces existing settings/data.

• 3) First-time Install – Performs a clean STG installation on target servers.

• 4) Uninstall – Removes STG from all selected servers.

• 5) Pause all servers – Sends a pause command to STG services before maintenance.

• 6) Resume all servers – Resumes STG processing after maintenance.

• 7) Change Connection Port – Changes the REST API port used for pause/resume commands. Default is 5066.

• 9) Reload Server List – Reloads the server list from another text file.

• 0) Exit – Closes the application.

Upgrade Workflow

• 1 - Pause STG processing on all servers

• 2 - Validate installer files and setup script

• 3 - Copy deployment files to each remote server

• 4 - Run Setup-STG.ps1 remotely

• 5 - Verify installation result

• 6 - Resume STG processing on all servers

Troubleshooting

• Cannot resolve server: Verify DNS resolution, network connectivity, and server name accuracy.

• Access denied: Ensure the account has administrator rights and WinRM access.

• Installer not found: Verify the source directory contains a supported installer filename.

• Pause/Resume failures: Verify the STG REST endpoint is reachable on the configured port.

• Remote script not found: Ensure Setup-STG.ps1 exists in the source deployment folder.