Elevation Control and the Onboarding process
ThreatLocker Elevation allows you to elevate a local user's privileges to that of a local administrator for a selected application. If you are using the ThreatLocker Elevation product, it is important to know that it will not be affected by 'Learning Mode'.
When you first deploy ThreatLocker, your computers will default into 'Learning Mode' whereby applications are not blocked by ThreatLocker and ThreatLocker learns the files used by that application.
With 'Elevation' enabled, your end users will receive an 'Elevation' popup even when in 'Learning Mode' if they attempt to run an application that requires elevated privileges.
If the user chooses 'Request Access', you will receive a request in the Approval Center.
In the Approval Center, you can distinguish an Elevation request by the word 'elevate' below the details as shown in the screenshot below.
If you don't want end users to receive this Elevation popup during your initial learning duration, you may choose to disable Elevation Control. Navigate to the Organizations page. Find the organization name that you want to disable 'Elevation' on. In the dropdown menu under 'Product', deselect the checkbox next to 'Elevation'.
Please note that the user will still receive the Windows UAC prompt when attempting to run or install an application that requires local admin privileges while in 'Learning Mode' and without those administrator credentials, the program will be unable to run.