# Microsoft SCCM Distribution (Windows) Deploy Capsule Security hooks for AI coding assistants across your Windows fleet using Microsoft System Center Configuration Manager (SCCM). This guide covers deployment for Cursor, GitHub Copilot, and Claude Code. ## Prerequisites - Microsoft SCCM infrastructure with administrative access to the SCCM console - A network share accessible by SCCM distribution points - A **Capsule Security** account with admin access - Target devices running Windows ## Cursor Deploy the Cursor hooks configuration as an SCCM Application. ### Step 1: Download and Stage the Configuration 1. Log in to the **Capsule Security** portal 2. Navigate to **Settings > Integrations** 3. Locate the **Cursor** integration and download the `hooks.json` file 4. Place the file on a network share: ``` \\sccm-server\sources\Software\CapsuleCursorHooks\hooks.json ``` ### Step 2: Create the SCCM Application 1. Open the **SCCM Console** and navigate to **Software Library > Application Management > Applications** 2. Click **Create Application** and select **Manually specify the application information**: - **Name**: Capsule Security Cursor Hooks - **Publisher**: Capsule Security 3. Add a **Deployment Type** with **Script Installer**: - **Content location**: `\\sccm-server\sources\Software\CapsuleCursorHooks\` - **Install command**: ```cmd cmd.exe /c mkdir "C:\ProgramData\Cursor" & copy /Y "hooks.json" "C:\ProgramData\Cursor\hooks.json" ``` - **Uninstall command**: ```cmd cmd.exe /c del "C:\ProgramData\Cursor\hooks.json" ``` 4. Configure the **Detection Method**: | Setting | Value | | --- | --- | | Type | File | | Path | `C:\ProgramData\Cursor` | | File name | `hooks.json` | | Property | File or folder exists | 5. Configure **User Experience** settings: | Setting | Value | | --- | --- | | Installation behavior | Install for system | | Logon requirement | Whether or not a user is logged on | | Installation program visibility | Hidden | | Maximum allowed run time | 5 minutes | ### Step 3: Deploy 1. Right-click the application and select **Distribute Content** to your distribution point groups 2. Right-click the application and select **Deploy** 3. Choose the target **Device Collection** and configure: | Setting | Value | | --- | --- | | Action | Install | | Purpose | Required | | Schedule | As soon as possible (or a maintenance window) | ### Verification After deployment, restart Cursor on target devices, then: 1. Open Cursor Settings 2. Navigate to the **Hooks** tab 3. Confirm the hooks are listed and enabled ## GitHub Copilot Deploy the GitHub Copilot hooks configuration as an SCCM Application. ### Step 1: Download and Stage the Configuration 1. Log in to the **Capsule Security** portal 2. Navigate to **Settings > Integrations** 3. Locate the **GitHub Copilot** integration and download the `hooks.json` file 4. Place the file on a network share: ``` \\sccm-server\sources\Software\CapsuleCopilotHooks\hooks.json ``` ### Step 2: Create the SCCM Application 1. Open the **SCCM Console** and navigate to **Software Library > Application Management > Applications** 2. Click **Create Application** and select **Manually specify the application information**: - **Name**: Capsule Security GitHub Copilot Hooks - **Publisher**: Capsule Security 3. Add a **Deployment Type** with **Script Installer**: - **Content location**: `\\sccm-server\sources\Software\CapsuleCopilotHooks\` - **Install command**: ```cmd cmd.exe /c mkdir "%APPDATA%\Code\User\hooks" & copy /Y "hooks.json" "%APPDATA%\Code\User\hooks\hooks.json" ``` - **Uninstall command**: ```cmd cmd.exe /c del "%APPDATA%\Code\User\hooks\hooks.json" ``` 4. Configure the **Detection Method**: | Setting | Value | | --- | --- | | Type | File | | Path | `%APPDATA%\Code\User\hooks` | | File name | `hooks.json` | | Property | File or folder exists | 5. Configure **User Experience** settings: | Setting | Value | | --- | --- | | Installation behavior | Install for user | | Logon requirement | Only when a user is logged on | | Installation program visibility | Hidden | | Maximum allowed run time | 5 minutes | ### Step 3: Deploy 1. Right-click the application and select **Distribute Content** to your distribution point groups 2. Right-click the application and select **Deploy** 3. Choose the target **User Collection** and configure: | Setting | Value | | --- | --- | | Action | Install | | Purpose | Required | | Schedule | As soon as possible (or a maintenance window) | ### Verification After deployment, restart VS Code on target devices, then: 1. Right-click in the **Chat** view and select **Diagnostics** 2. Confirm the hooks are loaded and enabled ## Claude Code Deploy the Claude Code managed settings configuration as an SCCM Application. ### Step 1: Download and Stage the Configuration 1. Log in to the **Capsule Security** portal 2. Navigate to **Settings > Integrations** 3. Locate the **Claude Code** integration 4. Click **Install** and select **Windows** as the target platform 5. Download the `managed-settings.json` file 6. Place the file on a network share: ``` \\sccm-server\sources\Software\CapsuleClaudeCodeHooks\managed-settings.json ``` ### Step 2: Create the SCCM Application 1. Open the **SCCM Console** and navigate to **Software Library > Application Management > Applications** 2. Click **Create Application** and select **Manually specify the application information**: - **Name**: Capsule Security Claude Code Hooks - **Publisher**: Capsule Security 3. Add a **Deployment Type** with **Script Installer**: - **Content location**: `\\sccm-server\sources\Software\CapsuleClaudeCodeHooks\` - **Install command**: ```cmd cmd.exe /c mkdir "C:\Program Files\ClaudeCode" & copy /Y "managed-settings.json" "C:\Program Files\ClaudeCode\managed-settings.json" ``` - **Uninstall command**: ```cmd cmd.exe /c del "C:\Program Files\ClaudeCode\managed-settings.json" ``` 4. Configure the **Detection Method**: | Setting | Value | | --- | --- | | Type | File | | Path | `C:\Program Files\ClaudeCode` | | File name | `managed-settings.json` | | Property | File or folder exists | 5. Configure **User Experience** settings: | Setting | Value | | --- | --- | | Installation behavior | Install for system | | Logon requirement | Whether or not a user is logged on | | Installation program visibility | Hidden | | Maximum allowed run time | 5 minutes | ### Step 3: Deploy 1. Right-click the application and select **Distribute Content** to your distribution point groups 2. Right-click the application and select **Deploy** 3. Choose the target **Device Collection** and configure: | Setting | Value | | --- | --- | | Action | Install | | Purpose | Required | | Schedule | As soon as possible (or a maintenance window) | ### Verification After deployment, restart Claude Code on target devices, then: 1. Run `/hooks` in Claude Code to confirm all hooks are listed 2. Start a session and verify events appear in the Capsule Security portal ## Key Considerations - **Cursor** and **Claude Code** use system-level paths — target **Device Collections** - **GitHub Copilot** uses a user-level path (`%APPDATA%`) — target **User Collections** - To update configurations, replace the files on the network share and create a new deployment or use SCCM's content update and redeployment workflow - Restart each application on target devices after deployment for hooks to take effect - Consider using SCCM Maintenance Windows to control when deployments occur - For GitHub Copilot CLI users, create an additional application targeting `%USERPROFILE%\.github\hooks\hooks.json` - All three integrations can be deployed as separate SCCM applications and assigned independently ## Support For help with deployment: - **Email**: support@capsule.security - **Include**: Your organization ID, SCCM environment details, and any error messages