Microsoft SCCM Distribution (Windows)

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude
• Connect to Cursor

  Install MCP server on Cursor
• Connect to VS Code

  Install MCP server on VS Code

Deploy Capsule Security hooks for AI coding assistants across your Windows fleet using Microsoft System Center Configuration Manager (SCCM). This guide covers deployment for Cursor, GitHub Copilot, and Claude Code.

Prerequisites

• Microsoft SCCM infrastructure with administrative access to the SCCM console
• A network share accessible by SCCM distribution points
• A Capsule Security account with admin access
• Target devices running Windows

Cursor

Deploy the Cursor hooks configuration as an SCCM Application.

Step 1: Download and Stage the Configuration

1. Log in to the Capsule Security portal
2. Navigate to Settings > Integrations
3. Locate the Cursor integration and download the hooks.json file
4. Place the file on a network share:
   \\sccm-server\sources\Software\CapsuleCursorHooks\hooks.json

Step 2: Create the SCCM Application

1. Open the SCCM Console and navigate to Software Library > Application Management > Applications

2. Click Create Application and select Manually specify the application information:

   • Name: Capsule Security Cursor Hooks
   • Publisher: Capsule Security

3. Add a Deployment Type with Script Installer:

   • Content location: \\sccm-server\sources\Software\CapsuleCursorHooks\

   • Install command:

     cmd.exe /c mkdir "C:\ProgramData\Cursor" & copy /Y "hooks.json" "C:\ProgramData\Cursor\hooks.json"

   • Uninstall command:

     cmd.exe /c del "C:\ProgramData\Cursor\hooks.json"

4. Configure the Detection Method:

   Setting	Value
   Type	File
   Path	C:\ProgramData\Cursor
   File name	hooks.json
   Property	File or folder exists

5. Configure User Experience settings:

   Setting	Value
   Installation behavior	Install for system
   Logon requirement	Whether or not a user is logged on
   Installation program visibility	Hidden
   Maximum allowed run time	5 minutes

Step 3: Deploy

1. Right-click the application and select Distribute Content to your distribution point groups

2. Right-click the application and select Deploy

3. Choose the target Device Collection and configure:

   Setting	Value
   Action	Install
   Purpose	Required
   Schedule	As soon as possible (or a maintenance window)

Verification

After deployment, restart Cursor on target devices, then:

1. Open Cursor Settings
2. Navigate to the Hooks tab
3. Confirm the hooks are listed and enabled

GitHub Copilot

Deploy the GitHub Copilot hooks configuration as an SCCM Application.

Step 1: Download and Stage the Configuration

1. Log in to the Capsule Security portal
2. Navigate to Settings > Integrations
3. Locate the GitHub Copilot integration and download the hooks.json file
4. Place the file on a network share:
   \\sccm-server\sources\Software\CapsuleCopilotHooks\hooks.json

Step 2: Create the SCCM Application

1. Open the SCCM Console and navigate to Software Library > Application Management > Applications

2. Click Create Application and select Manually specify the application information:

   • Name: Capsule Security GitHub Copilot Hooks
   • Publisher: Capsule Security

3. Add a Deployment Type with Script Installer:

   • Content location: \\sccm-server\sources\Software\CapsuleCopilotHooks\

   • Install command:

     cmd.exe /c mkdir "%APPDATA%\Code\User\hooks" & copy /Y "hooks.json" "%APPDATA%\Code\User\hooks\hooks.json"

   • Uninstall command:

     cmd.exe /c del "%APPDATA%\Code\User\hooks\hooks.json"

4. Configure the Detection Method:

   Setting	Value
   Type	File
   Path	%APPDATA%\Code\User\hooks
   File name	hooks.json
   Property	File or folder exists

5. Configure User Experience settings:

   Setting	Value
   Installation behavior	Install for user
   Logon requirement	Only when a user is logged on
   Installation program visibility	Hidden
   Maximum allowed run time	5 minutes

Step 3: Deploy

1. Right-click the application and select Distribute Content to your distribution point groups

2. Right-click the application and select Deploy

3. Choose the target User Collection and configure:

   Setting	Value
   Action	Install
   Purpose	Required
   Schedule	As soon as possible (or a maintenance window)

Verification

After deployment, restart VS Code on target devices, then:

1. Right-click in the Chat view and select Diagnostics
2. Confirm the hooks are loaded and enabled

Claude Code

Deploy the Claude Code managed settings configuration as an SCCM Application.

Step 1: Download and Stage the Configuration

1. Log in to the Capsule Security portal
2. Navigate to Settings > Integrations
3. Locate the Claude Code integration
4. Click Install and select Windows as the target platform
5. Download the managed-settings.json file
6. Place the file on a network share:
   \\sccm-server\sources\Software\CapsuleClaudeCodeHooks\managed-settings.json

Step 2: Create the SCCM Application

1. Open the SCCM Console and navigate to Software Library > Application Management > Applications

2. Click Create Application and select Manually specify the application information:

   • Name: Capsule Security Claude Code Hooks
   • Publisher: Capsule Security

3. Add a Deployment Type with Script Installer:

   • Content location: \\sccm-server\sources\Software\CapsuleClaudeCodeHooks\

   • Install command:

     cmd.exe /c mkdir "C:\Program Files\ClaudeCode" & copy /Y "managed-settings.json" "C:\Program Files\ClaudeCode\managed-settings.json"

   • Uninstall command:

     cmd.exe /c del "C:\Program Files\ClaudeCode\managed-settings.json"

4. Configure the Detection Method:

   Setting	Value
   Type	File
   Path	C:\Program Files\ClaudeCode
   File name	managed-settings.json
   Property	File or folder exists

5. Configure User Experience settings:

   Setting	Value
   Installation behavior	Install for system
   Logon requirement	Whether or not a user is logged on
   Installation program visibility	Hidden
   Maximum allowed run time	5 minutes

Step 3: Deploy

1. Right-click the application and select Distribute Content to your distribution point groups

2. Right-click the application and select Deploy

3. Choose the target Device Collection and configure:

   Setting	Value
   Action	Install
   Purpose	Required
   Schedule	As soon as possible (or a maintenance window)

Verification

After deployment, restart Claude Code on target devices, then:

1. Run /hooks in Claude Code to confirm all hooks are listed
2. Start a session and verify events appear in the Capsule Security portal

Key Considerations

• Cursor and Claude Code use system-level paths — target Device Collections
• GitHub Copilot uses a user-level path (%APPDATA%) — target User Collections
• To update configurations, replace the files on the network share and create a new deployment or use SCCM's content update and redeployment workflow
• Restart each application on target devices after deployment for hooks to take effect
• Consider using SCCM Maintenance Windows to control when deployments occur
• For GitHub Copilot CLI users, create an additional application targeting %USERPROFILE%\.github\hooks\hooks.json
• All three integrations can be deployed as separate SCCM applications and assigned independently

Support

For help with deployment:

• Email: support@capsule.security
• Include: Your organization ID, SCCM environment details, and any error messages