ThreatLocker Elevation – Quick Start Guide

Enabling Elevation on Your ThreatLocker Account

Before you can leverage the Elevation Control product, you will need to enable it on your ThreatLocker account. 

1. Navigate to the Organizations page. 
2. Find the Organization you want to enable Elevation on and click the dropdown menu under the 'Product' column. 
3. Click the checkbox next to Elevation to enable it. 

Elevation Control will be enabled the next time the endpoints check in to the portal.    

How to Use ThreatLocker Elevation

Elevation integrates with our Application Control, meaning that if an application is not currently allowed, you may approve and elevate it simultaneously.

For example, a user may request access to an application through the use of our new Tray Application.

This request may be viewed from the Approval Center, and it will indicate that this is an Application Request as shown here:

Now you will have the opportunity to,

• Approve the application

• Approve with Ringfence, which is highly important as you may not want the elevated app to speak to Command Prompt or PowerShell for example

• Set an expiration date for the policy

• Allow the application to elevate as an administrator

• Apply the policy to the specified level

After configurations have been made and Save has been selected, you may now run this application as a normal user as expected. If the application is ran as an administrator, you will receive confirmation through the Tray Application that the application has been elevated. 

Note: If ringfencing was enabled, you will not be able to bypass elevation for other applications. As an example, if we attempt to run PowerShell as an administrator from Putty, we will receive a block, as one would expect.

In the case that you would like to allow elevation for an application that is already being permitted, there are two ways of achieving this.

Allowing Elevation for an application that is already being permitted: 2 Methods  

Method 1

• Navigate to Application Control > Policies.
• Select the pencil icon that corresponds to the desired policy.

• Enable the Elevation checkbox.

• Save and Deploy Policies.

Method 2

Open the desired application as an administrator. In this example we are running PowerShell, which we have already permitted.

This will bring forth a notification allowing you to request elevation for this application.

• This request may be viewed from the Approval Center, and it will indicate that this is an Elevation Request as shown here:

• Within the request,
• Configure the policy settings as desired
• Select Save

This will create a policy and if elevation was selected, the application will be able to run as an administrator within 60 seconds.