Click on the gear icon in the top right corner, followed by Download Collectors.
Click 📥 Download SharpHound v#.#.# (.zip) on the SharpHound version marked “(Latest)”.
Connect to the server on which the SharpHound Enterprise service should be installed.
Validate that your SharpHound service account is a member of the local Administrators group.
Extract the zip archive.
Run SHSetup-v#.#.#.exe as an Administrator.
SmartScreen may display a warning if you are running Microsoft Defender:
Click More info.
Validate the publisher shows Specter Ops, Inc. then click Run anyway.
Choose where to install the service and click Next. We recommend a path protected from low-privileged user writes such as the default “C:\Program Files (x86)\SHService”.
Click Install.
Provide credentials for your SharpHound service account in the format: DOMAIN\username
If using a gMSA, according to our Hardening Guidelines, you must provide the credentials for a normal user account with local administrator access to the system, then post-installation, change the service to run as the gMSA as described in Add the gMSA to the SharpHound Enterprise service.
Click Finish.
The “SharpHoundDelegator” service has now been installed. If you don’t see the service, see the section I don’t see the SHDelegator Service.
Start the service once; the startup will fail but trigger the creation of the configuration and log directory in the service account’s user directory: “%AppData%\Roaming\BloodHoundEnterprise”
Change the files “settings.json” and “auth.json” in the configuration described in SharpHound Enterprise Local Configuration. In most cases, only the following needs to change:
In “settings.json”
Set “RestEndpoint” to the BloodHound Enterprise domain name in the format: “CODENAME.bloodhoundenterprise.io”. This is the domain that the service connects to.
If using a proxy, set “Proxy” to the proxy name and port in the format: “proxy.acme.com:8080”
Create a BloodHound Enterprise collector client, and then in “auth.json” set “Token” and “TokenID” to the values given after you created the client. This is the secret that the service authenticates with.
Start the service. If service start fails see the section The SharpHound Delegator Service won’t start
Return to BloodHound Enterprise, and you should see the client reporting ”🟢 Ready”
Most frequently, this is the result of one of two issues:
The service account was not added as a local Administrator before installation.
The password was entered into the credential window incorrectly.
The installation log may be of help in troubleshooting and can be found in the file “InstallUtil.Install.Log” in the installation directory; the default path is “C:\Program Files (x86)\SHService\InstallUtil.Install.Log”.
Check the “TempDirectory” value in the configuration file “settings.json” described in SharpHound Enterprise Local Configuration.If “TempDirectory” is null, the service account has not been granted local Administrator privileges. Add the service account to the local Administrators group and restart the service.If “TempDirectory” is set to a directory, navigate to that directory, look for service.log, and review the message for errors. Common issues include:
RestEndpoint cannot be resolved
Validate that you properly configured the RestEndpoint value to match the domain name BloodHound Enterprise tenant in the format: “CODENAME.bloodhoundenterprise.io”
Validate that you can resolve the domain from the host using the command prompt.
RestEndpoint cannot be reached (timeout, connection rejected, etc)
Validate that firewall exclusions to your BloodHound Enterprise tenant have been created appropriately
If you need an explicit proxy, configure it within settings.json
Validate TLS 1.2 connectivity to your BloodHound Enterprise tenant over port 443