Company logoHelp Center
Visit www.threatlocker.com

/portalAPI/MaintenanceMode/*

17 min. readlast update: 01.31.2025

This article will encompass all portalAPI calls that are related to /portalAPI/MaintenanceMode/* endpoints

 

Be sure to input the instance your organization exists on for each call. This is indicated with the "INSTANCE" text in each endpoint. Linked here is a KB to find your instance: 

Locating Your Organization's Instance | ThreatLocker Help Center

 

MaintenanceModeGetByComputerIdV2

https://portalapi.INSTANCE.threatlocker.com/portalapi/MaintenanceMode/MaintenanceModeGetByComputerIdV2

  • Method: GET
  • Description: This API is used on the Devices page in the ThreatLocker Portal when viewing an individual computer using the computer sidebar and looking to review the Maintenance History on the computer. This API will return the Maintenance Mode history of a machine. This endpoint can only be utilized with one machine at a time. This can be useful for evaluating the Maintenance Modes the computer has been in previously, determining if the machine is currently in a Maintenance mode(s), and to gather the maintenanceModeId(s) from the Maintenance Mode(s) the machine is currently in. If looking to view a computer's Maintenance Mode history only for a computer in a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • computerId: This field expects the computerId of the computer that will have their Maintenance Mode history returned to be entered in the below formatting:
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • pageNumber and pageSize: This field determines how many Maintenance History logs will be returned. However, this field does not follow the same conventions of the pageNumber and pageSize values as the portal does (pageSize in the portal is 25, 50, or 100). Any valid integer can be entered and it will return in the selected formatting. For instance, if there are 5 logs to be returned but “pageNumber” : 1 and “pageSize” : 2, 2 entries will be returned per page and the first two logs will be shown.
      • Expects: An Integer value
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permissions Needed for User
    • Edit Computers
    • Install Computers

 

MaintenanceModeInsert

https://portalapi.INSTANCE.threatlocker.com/portalapi/MaintenanceMode/MaintenanceModeInsert

  • Method: POST
  • Description: This API is used on the Devices page in the ThreatLocker Portal when viewing an individual computer using the computer sidebar and looking to enable a Maintenance Mode, allowing you to add to the maintenance schedule of a computer. This API will allow you to add to an existing application using Installation and Learning Mode, create a new application using Installation and Learning Mode, utilize automatic Learning with Learning Mode, and enable all other Maintenance Modes. This endpoint can only be used with one computer at a time as it expects a computerId to be entered in the call. If looking to manage a computer's Maintenance Mode for a computer in a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below. Listed below are what is expected in all the fields for this endpoint.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • Fields
      • allUsers: This field determines whether all users on the selected computer will be affected by the Maintnance Mode that will be enabled. If you wish to have only select users affected by the Maintenance Mode, set allUsers to false and utilize the userList field below to input the users the Maintenance Mode will apply to.
        • Expects: true or false
      • automaticApplication: This field is used when using Learning Mode and is used to specify whether automatic Learning will be utilized. If set to true, automatic Learning will be enabled as per the automaticApplicationType set. Refer to the field below for valid automaticApplicationTypes.
        • Expects: true or false
      • automaticApplicationType: This field is used to determine what type of automatic Learning will be utilized when using an automatic application with Learning Mode. Automatic Computer will create new applications and policies as needed with the policies being created at the computer level. Automatic Group will create new applications and policies as needed with the policies being created at the computer group level. Automatic System will only learn drivers and miscellaneous Windows files, applying only to the individual system. Listed below are the Integers that are expected to be used with this field:
        • empty = 0
        • Automatic Computer = 1
        • Automatic Group = 2
        • Automatic System = 3
      • comptuerId: This field determines the computer where you would like to enable the Maintenance Mode.
        • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
      • createNewApplication: This field is used when enabling Learning or Installation Mode to determine whether a new application will be used. If a new application is going to be used, be sure to refer to the newApplication list/description below. If wanting to create a new application, set this to true. Otherwise, leave this false.
        • Expects: true or false
      • endDateTime: This field specifies when the Maintenance Mode will end on a machine. This expects a time entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
        • Expects end date and time in format: "YYYY-MM-DDTHH:MM:SSZ"
      • existingApplication: This field is used when utilizing an existing application, when not utilizing a new application for Learning or Installation Mode, and not using automatic Learning with Learning Mode. The below fields are used in association with this field.
        • applicationId: This field determines the existing application that will be used.
          • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
        • name: This field expects the name of the application to be entered as it is assigned to the application already. If the name entered is not what is assigned in the Portal, the name will not change to what was entered and the name associated with the applicationId is still used.
          • Expects: Text of the application name
      • maintenanceTypeId: This field specifies the Maintenance Mode that will be enabled. Listed below are the integers expected to be used with this field.

        • ApplicationControlMonitorOnly = 1

        • ApplicationControlInstallationMode= 2 

        • Learning = 3 

        • Elevation = 4 

        • TamperProtectionDisabled = 6 

        • Isolation = 14 

        • Lockdown = 15 

        • DisableOpsAlerts = 16 

        • NetworkControlMonitorOnly = 17 

        • StorageControlMonitorOnly = 18

      • newApplication: This field is used when creating a new application with Learning or Installation Mode. The additional fields for configuring how this application is created are listed below.
        • applicationId: This field will be assigned automatically after this call is completed, it can stay as "00000000-0000-0000-0000-000000000000".
        • applicationName: This field expects the new application name to be entered.
          • Expects: Text of the new application name
        • createApplicationOnly: This field determines whether a new policy will be created with the new application or not. If you wish to only create a new application, set "createApplicationOnly" to true. If you want to create a new policy, set "createApplicationOnly" to false and enter the ID of where you would like to set the policy in the "appliesToId" field below.
          • Expects: true or false
        • appliesToId: This field specifies where the policy will be applied when creating a new policy with the new application. The new policy can be created at the computer level (use computerId), at a computer group level (use computerGroupId), or it can be the entire organization level (use organizationId).
          • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
      • permitEnd: This field is used to determine whether the end user has the option to end the Maintenance Mode from their computer or not. If permitEnd is set to true, the tray prompt will appear in the bottom right corner of their screen and the user has the option to end the Maintenance Mode directly from their computer. If permitEnd is set to false, there will be nothing that appears for the end user and they will not have the option to end the Maintenance Mode directly from their computer.
        • Expects: true or false
      • startDateTime: This field specifies when the Maintenance Mode will start on a machine. This expects a time entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
        • Expects start date and time in format: "YYYY-MM-DDTHH:MM:SSZ"
      • useExistingApplication: This field specifies when using Learning or Installation Mode whether an existing application will be used when enabling the Maintenance Mode. If an existing application is going to be used, be sure to refer to the existingApplication list/description above. If wanting to use an existing application, set this to true. Otherwise, leave this false.
        • Expects: true or false
      • usersList: This field will contain the list of users the Maintenance Mode will apply to if allUsers is set to false. Enter the users you'd like to have the Maintenance Mode effect, separating each user with a comma, expected in this format: "DOMAIN\\USERNAME".
        • Expects: A list of users in the above format separated by commas
      • computerDateTime: This field is used to determine the current time on the machine. As long as this field in not blank, processing will continue as normal as this call should pull the time information from the organization. This expects a time entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
        • Expects a date and time in format: "YYYY-MM-DDTHH:MM:SSZ"
    • Required body for enabling Automatic Computer Learning

{
  "allUsers": true,
  "automaticApplication": true,
  "automaticApplicationType": 1,
  "computerId": "00000000-0000-0000-0000-000000000000",
  "createNewApplication": false,
  "endDateTime": "YYYY-MM-DDTHH:MM:SSZ",
  "existingApplication": {
    "applicationId": "00000000-0000-0000-0000-000000000000",
    "name": ""
  },
  "maintenanceTypeId": 3,
  "newApplication": {
    "applicationId": "00000000-0000-0000-0000-000000000000",
    "applicationName": "",
    "createApplicationOnly": false,
    "appliesToId": "00000000-0000-0000-0000-000000000000"
  },
  "permitEnd": true,
  "startDateTime": "YYYY-MM-DDTHH:MM:SSZ",
  "useExistingApplication": false,
  "usersList": [
    "DOMAIN\USERNAME"
  ],
  "computerDateTime": "YYYY-MM-DDTHH:MM:SSZ"
}

 

    • Required body for enabling Installation Mode with a new application

{
  "allUsers": true,
  "automaticApplication": false,
  "automaticApplicationType": 1,
  "computerId": "00000000-0000-0000-0000-000000000000",
  "createNewApplication": true,
  "endDateTime": "YYYY-MM-DDTHH:MM:SSZ",
  "existingApplication": {
    "applicationId": "00000000-0000-0000-0000-000000000000",
    "name": ""
  },
  "maintenanceTypeId": 2,
  "newApplication": {
    "applicationId": "00000000-0000-0000-0000-000000000000",
    "applicationName": "string",
    "createApplicationOnly": false,
    "appliesToId": "00000000-0000-0000-0000-000000000000"
  },
  "permitEnd": true,
  "startDateTime": "YYYY-MM-DDTHH:MM:SSZ",
  "useExistingApplication": false,
  "usersList": [
    "string"
  ],
  "computerDateTime": "YYYY-MM-DDTHH:MM:SSZ"
}

    • Required body for enabling Learning Mode with an existing application (assuming a valid applicationId and name are entered into their fields)

{
  "allUsers": true,
  "automaticApplication": false,
  "automaticApplicationType": 1,
  "computerId": "00000000-0000-0000-0000-000000000000",
  "createNewApplication": false,
  "endDateTime": "YYYY-MM-DDTHH:MM:SSZ",
  "existingApplication": {
    "applicationId": "00000000-0000-0000-0000-000000000000",
    "name": "String"
  },
  "maintenanceTypeId": 3,
  "newApplication": {
    "applicationId": "00000000-0000-0000-0000-000000000000",
    "applicationName": "",
    "createApplicationOnly": false,
    "appliesToId": "00000000-0000-0000-0000-000000000000"
  },
  "permitEnd": true,
  "startDateTime": "YYYY-MM-DDTHH:MM:SSZ",
  "useExistingApplication": true,
  "usersList": [
    "string"
  ],
  "computerDateTime": "YYYY-MM-DDTHH:MM:SSZ"

  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permissions Needed for User
    • Edit Computers
    • Edit Application Control Applications
    • Manage Application Control Installation Mode
    • Manage Application Control Learning Mode

 

MaintenanceModeEndById

https://portalapi.INSTANCE.threatlocker.com/portalapi/MaintenanceMode/MaintenanceModeEndById

  • Method: PATCH
  • Description: This API is used on the Devices page in the ThreatLocker Portal when viewing an individual computer using the computer sidebar and looking to end a Maintenance Mode by clicking on the End button in the PortalThis API will allow you to end a Maintenance Mode.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • Fields
      • computerId: This field determines the computer where you would like to end the current Maintenance Mode.
        • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
      • maintenanceModeId: This field expects the current MaintenanceModeId to be entered in the below format. You can utilize the MaintenanceModeGetByComputerIdV2 endpoint to get the current MainteanceModeId as this will change each time a new Maintenance Mode is enabled on the computer.
        • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
      • maintenanceTypeId: This field expects one of the following Integers to be entered from below that corresponds with the active Maintenance Mode on the computer. You can utilize the MaintenanceModeGetByComputerIdV2 endpoint to get the current maintenanceTypeId that is active on the computer.

        • ApplicationControlMonitorOnly = 1

        • ApplicationControlInstallationMode= 2 

        • Learning = 3 

        • Elevation = 4 

        • TamperProtectionDisabled = 6 

        • Isolation = 14 

        • Lockdown = 15 

        • DisableOpsAlerts = 16 

        • NetworkControlMonitorOnly = 17 

        • StorageControlMonitorOnly = 18

    • Required Body

{ 
     "ComputerID" : "00000000-0000-0000-0000-000000000000", 
     "MaintenanceModeId" : "00000000-0000-0000-0000-000000000000", 
     "MaintenanceTypeId" : <Integer>
}

  • Optional Body/Parameters
    • N/A
  • Permissions Needed for User
    • Edit Computers

 

MaintenanceModeUpdateEndDateTimeForSpecificDate

https://portalapi.INSTANCE.threatlocker.com/portalapi/MaintenanceMode/MaintenanceModeUpdateEndDateTimeForSpecificDate

  • Method: POST
  • Description: This API is used on the Devices page in the ThreatLocker Portal when using the quick dropdown to select a Maintenance Mode and modifying the time it will end from anything other than the one hour default. This API will allow you to change the end date/time of a maintenance mode. Important note that this will only extend or shorten the current active Maintenance Mode. If you input a different MaintenanceTypeId than the one currently active on the machine, the Maintenance Mode will not be modified based on the date supplied. Listed below are the Maintenance Modes and identifiers associated with each Maintenance Mode.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • Fields
      • computerId: This field specifies which computer the Maintenance Mode will be extended for.
        • Expects: GUID in format: "00000000-0000-0000-0000-000000000000"
      • maintenanceEndDate: This field expects a time to extend the Maintenance Mode until entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
        • Expects date and time in format: "YYYY-MM-DDTHH:MM:SSZ"
      • maintenanceTypeId: This field expects one of the following Integer values from below depending on the Maintenance Mode the computer is currently in. You can utilize the MaintenanceModeGetByComputerIdV2 endpoint to get the current maintenanceTypeId that is active on the computer.:

        • ApplicationControlMonitorOnly = 1  

        • ApplicationControlInstallationMode= 2  

        • Learning = 3  

        • Elevation = 4 

        • TamperProtectionDisabled = 6  

        • Isolation = 14  

        • Lockdown = 15  

        • DisableOpsAlerts = 16  

        • NetworkControlMonitorOnly = 17  

        • StorageControlMonitorOnly = 18

    • Required body:

      {

         "computerId": "00000000-0000-0000-0000-000000000000",

         "maintenanceEndDate": "YYYY-MM-DDTHH:MM:SSZ",

        "maintenanceTypeId": <Integer>

}

  • Optional Body/Parameters
    • N/A
  • Permissions Needed for User
    • Edit Computers
    • Manage All Maintenance Modes
    • Super Admin
    • Super Admin Child
    • Manage ThreatLocker Detect Threats
    • Manage ThreatLocker Detect Remediations
Was this article helpful?