Company logoHelp Center
Visit www.threatlocker.com

Register Restrictions

2 min. readlast update: 11.11.2025

Using Advanced Settings, ThreatLocker now provides users with a way to limit ThreatLocker Agent Registrations by IP address. This can help restrict users in your organization to only those that match known IP addresses. It will also confirm that unwanted machines are not added, and that machines that should be in another organization, such as a child organization, are not accidentally added to the wrong organization. This Advanced Setting is not restricted to a specific ThreatLocker Agent version and is available on Windows, MAC, and Linux systems.

To set up your Register Restrictions, navigate to the 'Advanced Settings' page using the left-hand side of the portal, then select '+ New Setting'. In the 'Create Settings' side panel, use the 'Setting Type' dropdown to select 'Register Restrictions'.

Ensure that you select the Entire Organization or computer group to which you would like this Advanced Setting to apply.

Once the Setting Type has been selected, the parameters section will populate with a checkbox titled 'Enabled'. Selecting this checkbox will enable this Advanced Setting.

Once the 'Enabled' checkbox is selected, the following fields will appear in the area below:

  1. IP Address - The IP address field should contain addresses that are permitted to be in your ThreatLocker organization. This field permits the use of IPv4, IPv6, and CIDR notation IP addresses.
  2. Name - The name associated with the inserted IP address(es). This will act as an identifier.

Once you have filled in this information, select the 'Add' button to the right of the fields.

Selecting the 'Add' button will provide another field to enter more IP addresses. You will also see a new button titled 'Remove', which will allow you to remove any IP addresses that are no longer needed.

When you have completed adding all of your information, select the 'Create' button at the bottom of the side panel, then be sure to choose the 'Update Agents' button in the top left corner of the 'Advanced Settings' page.

When this setting is enabled, ThreatLocker will check the IP addresses of computers within your organization. If the computer matches an IP address listed in your 'Register Restrictions' Advanced Setting, the machine will continue to register as expected. However, if the machine does not match, the ThreatLocker Agent will fail to register it to the organization.

Was this article helpful?