Install on Windows
Requirements
- Windows 10 or 11 (64-bit)
- ~400 MB available disk space
- Built-in or external webcam
Download
Download the latest installer from screenstop.co/downloads.
File: ScreenStop_Setup.exe
Interactive Installation
- Right-click
ScreenStop_Setup.exe> Run as administrator - Follow the installation wizard
- Optionally check "Launch ScreenStop" on the final page
- ScreenStop appears in the system tray
Silent / Command-Line Installation
The installer automatically:
- Installs to
C:\Program Files\ScreenStop\ - Adds a registry key for auto-start on login
- Creates Start Menu shortcuts
- Registers in Programs and Features (Add/Remove Programs)
Enterprise Deployment
Microsoft Intune (Win32 App)
- Package the EXE using the Intune Content Prep Tool:
- Upload to Intune > Apps > Windows > Add > Windows app (Win32)
- Install command:
ScreenStop_Setup.exe /S - Uninstall command:
"C:\Program Files\ScreenStop\Uninstall.exe" /S - Detection rule: File exists —
C:\Program Files\ScreenStop\ScreenStopTray\ScreenStopTray.exe
Group Policy / Login Script
@echo off
set INSTALLER=\\fileserver\software\screenstop\ScreenStop_Setup.exe
if exist "C:\Program Files\ScreenStop\ScreenStopTray\ScreenStopTray.exe" (
echo Already installed, skipping.
exit /b 0
)
"%INSTALLER%" /S
Deploy via GPO as a Computer Startup Script or User Logon Script.
PDQ Deploy / SCCM
Use install command: ScreenStop_Setup.exe /S
Headless Deployment (No Control Center)
By default, ScreenStop installs the Control Center — a local settings panel visible to the end user.
For most enterprise deployments, IT should remove the Control Center after installation. This is the recommended approach for managed workstations because:
- Prevents tampering — users cannot disable detection, change sensitivity, or pause protection
- Enforces policy — all configuration is pushed centrally from the dashboard; local overrides are not possible
- Reduces attack surface — no UI means no way for a user to interact with the agent
Privileged users (executives, IT staff) who need local control can keep the Control Center installed by omitting this step for their machines.
MDM Post-Install Script (Intune / SCCM / PDQ)
Add this as a post-install step in your deployment, scoped to all machines except privileged groups:
@echo off
REM Remove ScreenStop Control Center — enforce headless/managed mode
rmdir /s /q "C:\Program Files\ScreenStop\ScreenStopGUI"
The daemon and tray app continue running normally. Only the local settings panel is removed.
Privileged users
Scope this script to exclude privileged user groups in your MDM. Those machines will retain the Control Center for local management.
Uninstallation
Interactive: - Go to Settings > Apps > ScreenStop > Uninstall
Silent:
User data in %LOCALAPPDATA%\ScreenStop\ is preserved.
Dashboard Configuration
Before deploying to stations, create a setup_parameters.json file and place it alongside the installer. The installer copies it to:
C:\Program Files\ScreenStop\setup_parameters.json
Minimum configuration:
{
"dashboard_url": {
"value": "https://your-dashboard.example.com",
"override": true
},
"dashboard_api_token": {
"value": "your-token-here",
"override": true
},
"capture_mode": {
"value": true,
"override": false
}
}
Enable capture_mode for the dashboard Capture Logs tab
By default capture_mode is disabled, which means detection events arrive on the dashboard with no camera snapshots attached — the Capture Logs tab stays empty even though events flow normally. Set capture_mode: true in setup_parameters.json on first install (as shown above) to enable snapshot delivery out-of-the-box. Using "override": false means existing stations that have already been configured will not be touched on reinstall.
Full reference — all supported keys:
| Key | Description | Example value |
|---|---|---|
dashboard_url |
Dashboard server URL (no trailing slash) | "https://10.0.20.5" |
dashboard_port |
Dashboard port (omit if 443) | 8080 |
dashboard_api_token |
Bearer token matching STATION_API_TOKEN on the server |
"abc123" |
phone_detection |
Enable phone detection | true |
shoulder_surfing |
Enable shoulder surfing detection | true |
camera_covered |
Enable camera-covered detection | true |
stranger_face |
Enable unauthorized person detection | true |
unattended_screen |
Enable unattended screen detection | true |
audit_mode |
Log detections without enforcing locks/eject/cancel | false |
capture_mode |
Send camera snapshots with detection events (required for the dashboard Capture Logs tab) | true |
usb_protection |
Eject USB drives when unauthorized person present | false |
print_protection |
Cancel print jobs when unauthorized person present | false |
First install vs. reinstall behaviour:
- First install (no previous
setup_parameters_*.jsonarchives found) — all keys are applied unconditionally. - Reinstall / upgrade — only keys with
"override": trueare applied. Keys with"override": falseare skipped to preserve settings the user may have changed locally.
After processing, the file is renamed to setup_parameters_<timestamp>.json as a permanent audit record.
Enterprise deployment: Include setup_parameters.json in your Intune/SCCM/PDQ package alongside the installer EXE.
Note
Stations without setup_parameters.json will run in standalone mode — detection works but no dashboard sync.
Next Step
After installation, complete face enrollment so ScreenStop can recognize the authorized user.