Allow Run Script Action

2 min. readlast update: 06.29.2026

Note: You must have ThreatLocker Windows Agent 10.8.1 or greater to use this Advanced Setting. 

This setting must be enabled for 3 days before you can use the Run Script Action in the Incident Center.

The Allow Run Script Action Advanced Setting enables organizations to run scripts from the Incident Center.

To enable this Advanced Setting in your organization, start by navigating to the Advanced Settings button located at the top of any page of your ThreatLocker Portal.

From the Advanced Settings window, navigate to the '+ New Setting' button found in the top left corner of the window. This will open the Create Settings sidebar.

 In this sidebar, in the Setting Type dropdown, search for Allow Run Script Action and select it from your list of options.

Once selected, the Parameters section will populate. Ensure you have selected the correct Applies To and Order By settings before moving on.

The Parameters section will now include a switch labeled Enabled, which is off by default. Switching this on will activate the Advanced Setting.

For security purposes, ThreatLocker requires that this Advanced Setting remain active for three days before it can be used. Make sure you select the Create button at the bottom of the page, then Update Agents to solidify your changes.

Once the three-day waiting period has been lifted, the Incident Center should now provide you with the Run Script action. This can be found by navigating to any case in your organization and locating the Asset Actions section of the Incident Center. From there, select the More Actions button, which is denoted by an ellipsis icon.

From the dropdown menu, select Run Script.

Selecting this option opens the Run Script menu.

From here, you can choose from assets that are tied to the case you are investigating. If you have remediation scripts in your organization from a ThreatLocker Community policy, they will appear in the Choose a remediation script field. Otherwise, you can enter a PowerShell script into the Response field.

Once the Save Response button is selected, ThreatLocker will push the script to the selected asset or assets upon its next check-in.

Please Note: ThreatLocker is able to send your script, but cannot receive a response back.

Additionally, scripts sent using this Advanced Setting run as System.

Was this article helpful?