Deploy Capsule Security hooks for AI coding assistants across your fleet using ManageEngine Endpoint Central (formerly Desktop Central). This guide covers deployment for Cursor, GitHub Copilot, and Claude Code on both Windows and macOS using Endpoint Central Configurations.
- Access to the Endpoint Central console with administrative privileges
- Endpoint Central agent installed on target devices
- A Capsule Security account with admin access
- Target endpoints managed by Endpoint Central (Windows and/or macOS)
Deploy the Cursor hooks configuration using an Endpoint Central File Folder Operation configuration.
- Log in to the Capsule Security portal
- Navigate to Settings > Integrations
- Locate the Cursor integration
- Download the
hooks.jsonfile
- Log in to the Endpoint Central console
- Navigate to Configurations > Configurations > Add Configuration > Windows > File Folder Operation
- Configure the operation:
- Name: Capsule Security – Cursor Hooks (Windows)
- Description: Deploys Capsule Security hooks configuration for Cursor
- Operation Type: Copy
- Source File: Upload the
hooks.jsonfile - Destination Folder:
C:\ProgramData\Cursor\ - Overwrite if file exists: Yes
- Create destination folder if it does not exist: Yes
- Define the Target:
- Choose Custom Group, Department, or Remote Office
- Select the appropriate Windows endpoints
- Set the Execution Settings:
- Retry Options: Retry on failure
- Execution Time: Immediate (or schedule a maintenance window)
- Click Deploy
- Navigate to Configurations > Configurations > Add Configuration > Mac > File Folder Operation
- Configure the operation:
- Name: Capsule Security – Cursor Hooks (macOS)
- Description: Deploys Capsule Security hooks configuration for Cursor on macOS
- Operation Type: Copy
- Source File: Upload the
hooks.jsonfile - Destination Folder:
/Library/Application Support/Cursor/ - File Permissions:
644 - Overwrite if file exists: Yes
- Create destination folder if it does not exist: Yes
- Target the appropriate Custom Group of macOS endpoints
- Click Deploy
After deployment, restart Cursor on target devices, then:
- Open Cursor Settings
- Navigate to the Hooks tab
- Confirm the hooks are listed and enabled
Deploy the GitHub Copilot hooks configuration using an Endpoint Central Custom Script configuration. GitHub Copilot stores its hooks under each user's profile, so the deployment iterates over local user profiles on the endpoint.
- Log in to the Capsule Security portal
- Navigate to Settings > Integrations
- Locate the GitHub Copilot integration
- Download the
hooks.jsonfile
- Log in to the Endpoint Central console
- Navigate to Configurations > Configurations > Add Configuration > Windows > Custom Script
- Configure the script:
- Name: Capsule Security – GitHub Copilot Hooks (Windows)
- Description: Deploys Capsule Security hooks configuration for GitHub Copilot in VS Code
- Script Type: PowerShell
- Run As: System
- Dependency File: Upload the
hooks.jsonfile
- Paste the following script:
$hooksSource = Join-Path $PSScriptRoot "hooks.json" $userProfiles = Get-ChildItem "C:\Users" -Directory | Where-Object { $_.Name -notin @('Public', 'Default', 'Default User', 'All Users') } foreach ($profile in $userProfiles) { $hooksDir = Join-Path $profile.FullName "AppData\Roaming\Code\User\hooks" if (-not (Test-Path $hooksDir)) { New-Item -ItemType Directory -Path $hooksDir -Force | Out-Null } Copy-Item -Path $hooksSource -Destination (Join-Path $hooksDir "hooks.json") -Force } Write-Output "Capsule hooks configuration deployed successfully." exit 0 - Target the appropriate Custom Group of Windows endpoints
- Click Deploy
- Navigate to Configurations > Configurations > Add Configuration > Mac > Custom Script
- Configure the script:
- Name: Capsule Security – GitHub Copilot Hooks (macOS)
- Description: Deploys Capsule Security hooks configuration for GitHub Copilot on macOS
- Script Type: Shell
- Run As: Root
- Dependency File: Upload the
hooks.jsonfile
- Paste the following script:
#!/bin/bash SOURCE="$(dirname "$0")/hooks.json" for USER_HOME in /Users/*/; do USERNAME=$(basename "$USER_HOME") if [ "$USERNAME" = "Shared" ] || [ "$USERNAME" = ".localized" ]; then continue fi HOOKS_DIR="$USER_HOME/Library/Application Support/Code/User/hooks" mkdir -p "$HOOKS_DIR" cp "$SOURCE" "$HOOKS_DIR/hooks.json" chmod 644 "$HOOKS_DIR/hooks.json" chown "$USERNAME" "$HOOKS_DIR/hooks.json" done exit 0 - Target the appropriate Custom Group of macOS endpoints
- Click Deploy
After deployment, restart VS Code on target devices, then:
- Right-click in the Chat view and select Diagnostics
- Confirm the hooks are loaded and enabled
Deploy the Claude Code managed settings configuration using an Endpoint Central File Folder Operation configuration.
- Log in to the Capsule Security portal
- Navigate to Settings > Integrations
- Locate the Claude Code integration
- Click Install and select your target platform
- Download the
managed-settings.jsonfile
- Log in to the Endpoint Central console
- Navigate to Configurations > Configurations > Add Configuration > Windows > File Folder Operation
- Configure the operation:
- Name: Capsule Security – Claude Code Hooks (Windows)
- Description: Deploys Capsule Security managed settings for Claude Code
- Operation Type: Copy
- Source File: Upload the
managed-settings.jsonfile - Destination Folder:
C:\Program Files\ClaudeCode\ - Overwrite if file exists: Yes
- Create destination folder if it does not exist: Yes
- Target the appropriate Custom Group of Windows endpoints
- Click Deploy
- Navigate to Configurations > Configurations > Add Configuration > Mac > File Folder Operation
- Configure the operation:
- Name: Capsule Security – Claude Code Hooks (macOS)
- Description: Deploys Capsule Security managed settings for Claude Code on macOS
- Operation Type: Copy
- Source File: Upload the
managed-settings.jsonfile - Destination Folder:
/Library/Application Support/ClaudeCode/ - File Permissions:
644 - Overwrite if file exists: Yes
- Create destination folder if it does not exist: Yes
- Target the appropriate Custom Group of macOS endpoints
- Click Deploy
After deployment, restart Claude Code on target devices, then:
- Run
/hooksin Claude Code to confirm all hooks are listed - Start a session and verify events appear in the Capsule Security portal
After publishing configurations, monitor status in the Endpoint Central console:
- Navigate to Configurations > Configurations
- Open the relevant configuration
- Review the deployment status under the Deployment Status tab:
- Success: Configuration applied to the endpoint
- In Progress: Awaiting agent check-in
- Failed / Retry in Progress: Inspect the agent log or Action Log Viewer
- For an inventory-level view, use Inventory > Files & Folders to verify the deployed configuration files exist on target endpoints
- Endpoint Central runs File Folder Operations and Custom Scripts as SYSTEM (Windows) or root (macOS) by default
- Cursor and Claude Code use system-level paths — deploy to device Custom Groups
- GitHub Copilot uses user-level paths — the deployment script iterates over each local user profile on the endpoint to cover every user
- For GitHub Copilot CLI users, create an additional configuration targeting
%USERPROFILE%\.github\hooks\hooks.json(Windows) or~/.github/hooks/hooks.json(macOS) - To update configurations, edit the source file in the existing configuration and redeploy — Endpoint Central will re-execute on the next agent refresh cycle
- Use Custom Groups to target specific OS versions, departments, or Remote Offices for staged rollouts
- All three integrations can be deployed as separate configurations and assigned independently
- Restart each application on target devices after deployment for hooks to take effect
For help with deployment:
- Email: support@capsule.security
- Include: Your organization ID, Endpoint Central environment details, and any error messages