Help CenterThreatLocker Elevation allows you to elevate a local user's privileges to that of a local administrator for a selected application. If you are using the ThreatLocker Elevation module, it is important to know that it will not be affected by 'Learning Mode'.
When you first deploy ThreatLocker, your computers will default into 'Learning Mode' whereby applications are not blocked by ThreatLocker and ThreatLocker learns the files used by that application.
With 'Elevation' enabled, your end users will receive an 'Elevation' UAC prompt even when in 'Learning Mode' if they attempt to run an application that requires elevated privileges.
When the Elevation Control Module is enabled, ThreatLocker will validate that the registry key EnableLUA at the following registry path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System is enabled setting this to a value of 1. With this set to 1 the UAC will be enabled on a device. This is required for elevation to work as expected when applying policies.
This causes issues with customer environments that have the UAC disabled through the use of a GPO due to some applications being used requiring the UAC to be disabled to function properly.
If the user chooses 'Request ThreatLocker Elevation,' you will receive a request in the Approval Center. The user can fill out their email and information when submitting the request.
In the Approval Center, you can distinguish an Elevation request by the word 'elevate' below the details as shown in the screenshot below.
If you don't want end users to receive this Elevation UAC prompt during your initial learning duration, you may choose to disable Elevation Control. Navigate to the Organizations page. Find the organization name that you want to disable 'Elevation' on. In the dropdown menu under 'Modules' ('Product' if you are using the ThreatLocker Legacy Portal), deselect the checkbox next to 'Elevation'.
Please note that the user will still receive the Windows UAC prompt when attempting to run or install an application that requires local admin privileges while in 'Learning Mode.' Without those administrator credentials, the program will be unable to run.