ThreatLocker Elevation – Quick Start Guide

Enabling Elevation on Your ThreatLocker Account

Before you can leverage the Elevation Control product, you will need to enable it on your ThreatLocker account.

Navigate to the Organizations page.
Find the Organization you want to enable Elevation on and click the dropdown menu under the 'Product' column.
Click the checkbox next to Elevation to enable it.

Elevation Control will be enabled the next time the endpoints check in to the portal. 

How to Use ThreatLocker Elevation

Elevation integrates with our Application Control, meaning that if an application is not currently allowed, you may approve and elevate it simultaneously.

For example, a user may request access to an application through the use of our new Tray Application.

A screen shot of a computer error

Description automatically generated

This request may be viewed from the Approval Center, and it will indicate that this is an Application Request as shown here:

Now you will have the opportunity to,

Approve the application

A screenshot of a computer

Description automatically generated

Approve with Ringfence, which is highly important as you may not want the elevated app to speak to Command Prompt or PowerShell, for example:

A screenshot of a computer

Description automatically generated

Set an expiration date for the policy

A close-up of a screen

Description automatically generated

Allow the application to elevate as an administrator

A screenshot of a computer

Description automatically generated

Apply the policy to the specified level

A computer group box with white text

Description automatically generated with medium confidence

After configurations have been made and Save has been selected, you may now run this application as a normal user as expected. If the application is run as an administrator, you will receive confirmation through the Tray Application that the application has been elevated.

A blue rectangular sign with white text

Description automatically generated

Note: If ringfencing was enabled, you will not be able to bypass elevation for other applications. For example, if we attempt to run PowerShell as an administrator from Putty, we will receive a block, as one would expect.

undefined

In the case that you would like to allow elevation for an application that is already being permitted, there are two ways of achieving this.

Allowing Elevation for an application that is already being permitted: 2 Methods

Method 1

Navigate to Application Control > Policies.
Select the pencil icon that corresponds to the desired policy.

A screenshot of a computer application

Description automatically generated

Enable the Elevation slider.

A screenshot of a computer

Description automatically generated

Save and Deploy Policies.

A red rectangle with white text

Description automatically generated

Method 2

Open the desired application as an administrator. In this example, we are running PowerShell, which we have already permitted.

This will bring forth a notification allowing you to request elevation for this application.

A screenshot of a computer screen

Description automatically generated

This request may be viewed from the Approval Center, and it will indicate that this is an Elevation Request, as shown here:

A screenshot of a computer

Description automatically generated

Within the request,

Configure the policy settings as desired
Select Save

This will create a policy, and if elevation is selected, the application will be able to run as an administrator within 60 seconds.