Help CenterNote: This feature is only available for users with ThreatLocker Windows Agent version 10.6.2 or greater.
As of ThreatLocker Windows Agent version 10.6.2, users can now apply policies for Application Control directly to local groups on a machine. A local group functions in that multiple users with access to the same machine can be assigned to a group on that machine, restricting their access to only what is necessary. With this new feature, administrators creating or editing policies can specify which users can access applications on a machine. To specify a local group, navigate to the 'Application Control' module using the left-hand side of the ThreatLocker portal.
From the 'Application Control' page, you can either select to create a new policy using the '+ New Policy' button in the left-hand corner, or navigate to the 'Policies' tab to choose an already existing policy from your organization. Opting to create a new policy will open the 'Create Application Policy' side panel, whereas editing an existing one will open the 'Edit Application Policy' side panel. Insert your information as you usually would to create a new policy.
In the 'Applies To' section of the page, select which ThreatLocker group or computer you would like this policy to apply to.
Below this, select the button labeled 'Selected Users & Groups'.
Once this button is selected, a bar will appear below it. This area is used to enter a specific group or user as they appear in the machine or Active Directory. With the addition of local groups, users can insert Built-In (groups pre-made by Windows) or custom (groups that an administrator has created) groups in this area by abiding by the syntax and inserting local: followed by the name of the local group.
Note: Capitilzation does not matter in this area.
Once you have inserted your group name, select the '+' button to add that local group to the policy.
To delete a local group from the policy, select the 'trash can' icon to the right of the group name.
Once you have entered all local groups that should apply to this policy, select the 'Create' or 'Save' button at the bottom of the side panel. Ensure that you deploy policies after this is completed.
When policies are deployed, users in the specified local groups should receive permissions based on your newly created or edited policies.
Functionality of Local Groups: Things to Note
When using local groups to permit policies for certain users, please keep the following information in mind:
- ThreatLocker will check for direct and indirect memberships for these local groups. Please note that this depends on the local group containing a domain group.
- Example: A user makes a policy for "local:customgroup1" and "customgroup1" contains the domain group "domaingroup1". Domain users belonging to "domaingroup1" will apply to this policy.
- Windows requires users to log out and back in once added to a group to solidify changes. If a user is added to a group, ensure that they log out and back in to apply these changes; otherwise, the policy will not apply to them.