Configuration Manager

Configuration Manager is a place to quickly design policies that help mitigate the most common threat vectors.  

This Article includes information on how to: 

• Create Config Manager Policies from scratch or from the Suggested Policies button
• Remove Config Manager Policies

Note: If you would like Config Manager Policy List with explanations, please visit our Configuration Manager ThreatLocker University Course.

To open Configuration Manager (aka Config Manager), navigate to the left side main menu, under the Modules drop-down menu. 

Configuration Manager Policies should be used with care. To see a complete list of policies with their explanation, please navigate to our ThreatLocker University course, Configuration Manager.

Add a Suggested Policy

To add a suggested policy, click the 'Add Suggested Policy' button. 

1. Select the policy/s from the list of available options. 
2. Select the hierarchy level for your policy. 
3. Click the 'Add All Suggested Policy' button 

When you click the 'Add All Suggested Policies' button the policies you've selected will immediately be added to the hierarchy level you selected, and those policies will disappear from the list of available-to-add policies. However, the Suggested Policies pop-up screen will remain open. You can continue to add policies to this or other hierarchy levels or close the Suggested Policies pop-up window. 

At this point, you can reorder your policies, deactivate or activate policies, review details, or delete any Configuration Manger policy.

Keep in mind that policies process from the top down (lowest integer to highest). The order here determines the policy hierarchy of your Configuration Manager policies, regardless of the level of the organization. 

Click on the policy name to open a window that will allow you to edit the policy and change the number order. 

Please note: Policies can be deactivated for temporary reasons or deleted. Deactivating a policy will not remove it from the policy list. To ensure you can see all policies in your Configuration Manager, make sure to view 'All Policies' and check the 'inactive/expired policies' check box.  

When ready, deploy these policies by clicking the 'Deploy Policies' button in the upper right-hand corner. The button will be red when policies need to be deployed. You will see your changes within the next few moments, as those machines check-in again. 

Add a New Policy 

• To add a new policy, click the '+ New Policy' button. 

• Choose the Configuration Manager policy from the first drop-down menu. This includes all available policies. 
• Next, choose the hierarchy level this policy will apply to. 

• The name of the policy will match the name you chose from the drop-down list. You can make edits to this field as needed.
• Expand the Policy Expiration/Order.
• Choose if this policy will be active when created.
• Choose an optional expiration date.
• Choose where the policy will show up in the overall order of Configuration Manager policies.
• Finally, create the policy and deploy. 

Remove a Policy 

To remove a policy, you can either deactivate the policy from the Configuration Manager tab or you can delete the policy. 

Remember to verify that all computers that this policy is attached to are checking into the ThreatLocker service while the policy is deactivated. 

If you need more information, please take the Configuration Manager course in ThreatLocker University which includes the above information, as well as the topics Managing Your Config Manager Policies, Policy Explanations, etc., or reach out to the Cyber Heroes who are always available to help.