ThreatLocker Configuration Manager

5 min. readlast update: 05.20.2024

undefined

Beginning with ThreatLocker Portal Version 1.8.1, and ThreatLocker Version 9.0, Legacy Configuration Manager policies will no longer be editable as we transition to an updated Configuration Manager system. 

Configuration Manager is a place to quickly design policies that help mitigate the most common threat vectors.  

This article includes information on the transition from the Legacy Config Manager to the updated Config Manager, including: 

  • Changes included in the Config Manager update
  • How to Create Config Manager policies
  • How to Remove Config Manager policies
Note: If you would like Config Manager Policy List with explanations, please visit our Configuration Manager ThreatLocker University Course.

 

undefined

To open Configuration Manager (aka Config Manager), navigate to the left-side main menu under the Modules drop-down menu. 

 

Configuration Manager Policies should be used with care. To see a complete list of policies with their explanation, please navigate to our ThreatLocker University course, Configuration Manager.

 

undefined

Configuration Manager Version 9.0+

Beginning in ThreatLocker Version 9.0, Configuration Manager has undergone a major renovation. Once computers are updated to ThreatLocker Version 9.0, the Legacy policies will no longer be in effect for those endpoints and moving forward, policies will need to be recreated in the new format that is supported by Version 9.0. 

The new format for Config Manager policies will now include the option to revert back to Windows default settings. Many policies have undergone slight name changes. Policies that are better controlled using other ThreatLocker Modules were removed from the Config Manager module, and will be added as Community policies for the other modules. 

All existing Config Manager policies will be located in the Legacy Config tab.

Legacy policies work on computers runnning ThreatLocker Version 8.0 to 8.7.  ThreatLocker recommends recreating legacy policies using the new Config Manager format before updating to Version 9.0. All Legacy policies can be deleted once they have been re-created in the new format. 

If you would like assistance with moving your policies from the Legacy Config format to the new Config Manager format, please reach out to your Solutions Engineer or the Cyber Hero Support Team.

 

undefined

 

Configuration Manager Policy Hierarchy

Keep in mind that policies process from the top of the list down (lowest integer to highest). The order here determines the policy hierarchy of your Configuration Manager policies, regardless of the 'Applies To' level set within the policy.

Click on the policy name to open a window that will allow you to edit the policy and change the number order. 

 

undefined

Configuration Manager Policy Status

Configuration Manager policies, once created, can have a status of Enabled, Disabled, or Not Configured. The status of each policy is displayed on the main page grid under the 'Status' column heading. 

  • Not Configured - Policies set to Not Configured will revert the configuration on all target endpoints to their Windows default settings. The policy will not be enforced or monitored.
  • Enabled - Policies set to Enabled will apply the configuration to the target endpoints. The policy will be enforced or monitored.
  • Disabled - Policies set to Disabled will have the configuration remain in the current state on the target endpoints, but the policy will not be enforced or monitored.

To edit the Status of a policy, open the policy sidebar, navigate to the Configuration Status dropdown, and select the desired status. Then click the blue 'Save' button to apply the new Status to the policy. Be sure to Deploy Policies so the new Status can take effect on the target endpoints.

 

undefined

Add a New Policy 

  • To add a new policy, click the '+ New Policy' button. 

1.  Choose the hierarchy level where this policy will apply.

2. Choose the Configuration Manager policy from the first drop-down menu. This includes all available policies. Each Config Manager policy has slightly different options and information located in the Policy Description section. Once a Configuration has been selected, the Configuration Status dropdown will populate with the relevant status.

 

3.  The name of the policy will match the name you chose from the drop-down list. You can make edits to this field as needed.

4.  Choose an optional expiration date.

5.  Choose where the policy will appear in the Configuration Manager policies' overall order.

6.  Finally, create the policy.

When ready, deploy all newly created and edited Config Manager policies by clicking the 'Deploy Policies' button in the upper right-hand corner. The button will be red when policies need to be deployed. You will see your changes within the next few moments as those machines check in again. 

Remove a Policy 

To remove a policy, you can set the policy to Disabled or Not Configured.  Policies set to Disabled will have the configuration remain in the current state on the target endpoints, but the policy will no longer be enforced or monitored. Policies set to Not Configured will revert the configuration on all target endpoints to their Windows default settings. The policy will not be enforced or monitored.

Deleting a policy will have the same effect as setting the policy to Disabled. It will not revert any changes. If you wish to revert the Configuration changes, set the policy to Not Configured, deploy policies, and wait for all target computers to check in before deleting the policy. 

 

undefined

 

If you need more information, please take the Configuration Manager course in ThreatLocker University, which includes the above information, as well as the topics Managing Your Config Manager Policies, Policy Explanations, etc., or reach out to the Cyber Heroes who are always available to help.

Was this article helpful?