Company logoHelp Center
Visit www.threatlocker.com

Agent Settings

10 min. readlast update: 06.03.2025
Table of Contents

The 'Agent Settings' page allows you to make granular settings for some features of the ThreatLocker agent. To navigate to the 'Agent Settings' page, select 'Agent Settings' from the left-hand side of the page.

Navigating the Agent Settings Page

The 'Agent Settings' page will show you a list of the current settings within your organization. There are several rows displayed along with this that can provide information on the settings:

  1. Order - The order in which settings within your organization will be processed. A lower number ensures that a setting will be processed sooner than a setting with a higher number.
  2. Type - This is the setting type that matches this setting. The following setting types are available:
    • UAC Branding
    • Proxy Settings
    • Full Self Elevation - Not available until ThreatLocker Windows Agent 10.2
  3. Applies To - This section displays which users this setting applies to. Settings can be applied to individual computers, computer groups, the entire organization, or global groups.
  4. Created - This is the date and time the setting was made.
  5. Delete - Selecting the trashcan icon within this row lets you delete settings. Before deleting a setting, you must verify that you want to permanently remove it.

Alongside these rows of information on each individual setting, there are two actionable buttons on the top right side of the page:

  1. Selecting this button will bring you to this article, which provides information on how to use the agent settings page.
  2. This refreshes the Agent Settings list.

Lastly, there are two actionable buttons on the top left-hand side of the page:

  1. + New Setting - When selected, this button opens a side panel titled 'Create Settings' that allows you to create a new agent setting.
  2. Update Agents - This button allows you to update agents within your organization. This is crucial when applying new agent settings, as the settings will not be applied until the agent is updated.

Creating a New Agent Setting

To create a new agent setting, select the '+ New Setting' button found in the top left-hand corner of the 'Agent Settings' page.

Once this has been selected, a page called 'Create Settings' will open.

Selecting the dropdown under 'Setting Type' will provide you with three options:

  • UAC Branding
  • Proxy Settings
  • Full Self Elevation

Once one of these setting types is selected, the 'General' section will display the following:

  1. Setting Type - A dropdown that permits users to select the Agent Setting.
  2. Applies To - This section will remain greyed out until a setting type is chosen. Once it is enabled, you can choose between the entire organization (selected by default), an individual computer, a computer group, or a global group.
  3. Order By - By default, 'Add Settings to Top' will be chosen. The order of policies determines the order in which policies will be processed. Policies at the top (policies with a lower number), will be processed first whereas policies at the bottom (policies with a higher number), will be processed last.

The rest of the 'Create Settings' page will appear differently depending on the setting type chosen. Each setting type provides a unique setting that can be applied to users within your organization.

UAC Branding

Note: Requires ThreatLocker Windows Agent Version 10.1 or greater.

UAC or User Account Control is a part of Windows that defends the Operating System from unauthorized changes. Any time a user who does not have administrator permissions attempts to perform an operation on their machine that requires administrator permissions, a UAC Window will open, requiring the user to input admin credentials or request ThreatLocker Elevation. The UAC Branding Setting type provides several fields that allow you to personalize the UAC prompt that users receive when requesting elevation permissions. The UAC prompt is an essential part of elevation.

When the Setting Type 'UAC Branding' is selected, a new section titled 'Parameters' will display. There are many different fields that are provided in the 'Parameters' section:

  1. Title Label - This field allows you to input a different message that shows at the top of the User Account Control pop-up. The default message will say "User Account Control".
  2. Prompt Message Label - This field allows you to change the prompt message of the User Account Control popup. The default message will say, "Do you want to allow this app to make changes to your device?"
  3. Publisher Label—This section will change the text for the publisher label, which by default in the UAC message is "Verified Publisher." It cannot change the actual publisher's name.
  4. Full path Label - This section will change the text for the 'Full path' portion of the UAC message. The default message for this section is "Full path". This cannot change the name of the actual full path.
  5. Windows UAC Option Label - The text for this section refers to the radio button with the text "Windows User Account Control".
  6. Username Placeholder - This section allows you to change the text that appears in the 'Username' field when the 'Windows User Account Control' radio button is selected. By default, this field has the text "User Name".
  7. Password Placeholder - This section allows you to change the text that appears in the 'Password' field when the 'Windows User Account Control' radio button is selected. By default, this field has the text "Password".
  8. ThreatLocker Request Option Label - This field allows you to change the text for the radio button to request elevation. This button usually displays the text "Request ThreatLocker Elevation".
  9. User ID/Email Required - This switch is toggled off by default. This setting requires the 'User ID/Email' field to be filled out before requesting ThreatLocker elevation.
  10. User ID/Email Placeholder - Changes the text of the User ID/Email entry field. The default text is "User ID/Email".
  11. Helper Text - The Helper Text section changes the placeholder shown in the field below 'User ID/Email'. The text usually displays "Information".
  12. Additional Information Required - This switch is toggled off by default. Switching this on will require the user to input additional information within the field below 'User ID/Email'.
  13. Additional Information Placeholder - The Additional Information section is located below the Request ThreatLocker Elevation section. The text that appears here by default is "To help the cybersecurity professionals process your request, please outline a reason for your request and any information that may help them process the request."
  14. Submit Button Label - This label is a button only shown if the 'Request ThreatLocker Elevation' radio button is selected. This button is used to send an elevation request to the Approval Center. This button's default text states "Send Request".
  15. Cancel Button Label - This label is a button only shown if the 'Request ThreatLocker Elevation' radio button is selected. This button will cancel the request for elevation and close out the UAC window. This button's default text shows "Cancel".
  16. Yes Button Label - This label is a button shown if the 'Windows User Account Control' radio button remains selected. If the user enteers the correct admin user name and password, selecting 'Yes' will grant administrator permissions for the selected application. The button's default text shows "Yes".
  17. No Button Label - This button is shown if the 'Windows User Account Control' radio button remains selected. If this button is chosen, the UAC window will close. The button's default text shows "No".

When you enter text into one of the allocated fields, the appearance of the UAC Window changes. This can be customized to fit your organization's needs.

Proxy Settings

Note: Requires ThreatLocker Windows Agent Version 10.1 or greater.

When the Proxy Settings Setting Type is selected, the parameters section will provide you with a field in which you can input a list of proxies and the order you would like them applied. These proxies will act as a middle ground between you and the sites you are accessing, ensuring that the pages accessed only interact with the proxy you have applied. These settings can be applied to the entire organization, global groups, computer groups, or individual computers, and multiple Proxy Settings Agent Settings can be created to cater to your specific needs.

ThreatLocker provides you with an 'Order By' field. This field is used to help organize the order in which you would like your proxies to be applied. For example, if you have two proxies, inputting '1' in the 'Order By' field will ensure that that proxy will be applied first, whereas '2' will be applied second, and so on.

In the remaining field, you will input your proxy's hostname/IP address and port number. You can add multiple proxies within this area by using the '+' button to the right of the proxy input field to create a new input line.

To delete a proxy from your list, select the '-' button located in the same area.

The following image is an example of what your Parameters section might look like once you have entered your proxy settings.

Full Self Elevation

Note: Requires ThreatLocker Windows Agent Version 10.2 or greater.

Full Self Elevation is a setting type that can be applied to users within your organization that grants admin permissions for the specified time period. Full Self Elevation can be applied to the level of your choice, though Entire Organization is selected by default.

Once Full Self Elevation is selected, a new switch called 'Allow users to self-elevate' will appear in the 'Paramters' section.

Once switched on, a dropdown menu titled 'Set elevation period' will appear. By default, the elevation period will be set for 1 hour. However, the following options can be selected instead:

  • 15 minutes
  • 30 minutes
  • 45 minutes
  • 1 hour
  • 2 hours
  • 3 hours
  • 6 hours

The 'Set elevation period' dropdown indicates how long elevation will last on the user's machine once Full Self Elevation is utilized.

Once the agent has been updated on the user's machine, the user can view a new button in the ThreatLocker tray. Right-clicking on the ThreatLocker tray icon will display the new button, titled 'Elevation Mode'.

Selecting the 'Elevation Mode' option will open a pop-up window titled 'Elevation Justification'. This is required to enable Elevation Mode on the user's machine. You must fill in a short message describing why Elevation is needed before selecting 'Apply'.

Once 'Apply' has been selected, Elevation Mode will begin on the user's machine for the amount of time that the 'Set elevation period' is set during creation of the Agent Setting.

Finalizing the Agent Setting

Once you have filled out your Setting Type and Parameters, navigate to the bottom of the 'Create Settings' side panel. Select the 'Create' button at the bottom of the page to create the setting.

Once created, the new setting will appear on your 'Agent Settings' page. After making each agent setting, select the 'Update Agents' button to update the ThreatLocker agents and push this new setting to them.

Was this article helpful?