Long Arrow Right External Link angle-right Search Send Times Loader chevron-down thumb-up thumb-down Spinner angle-left
Go to ThreatLocker

ThreatLocker Elevation – Quick Start Guide

Enabling Elevation on Your ThreatLocker Account

Before you can leverage the Elevation Control product, you will need to enable it on your ThreatLocker account. 

  1. Navigate to the Organizations page. 
  2. Find the Organization you want to enable Elevation on and click the dropdown menu under the 'Product' column. 
  3. Click the checkbox next to Elevation to enable it. 

Elevation Control will be enabled the next time the endpoints check in to the portal.    

How to Use ThreatLocker Elevation

Elevation integrates with our Application Control, meaning that if an application is not currently allowed, you may approve and elevate it simultaneously.

For example, a user may request access to an application through the use of our new Tray Application.

undefined undefined

This request may be viewed from the Approval Center, and it will indicate that this is an Application Request as shown here:

undefined

Now you will have the opportunity to,

  • Approve the application
undefined
  • Approve with Ringfence, which is highly important as you may not want the elevated app to speak to Command Prompt or PowerShell for example
undefined
  • Set an expiration date for the policy
undefined
  • Allow the application to elevate as an administrator
undefined
  • Apply the policy to the specified level
undefined

After configurations have been made and Save has been selected, you may now run this application as a normal user as expected. If the application is ran as an administrator, you will receive confirmation through the Tray Application that the application has been elevated. 

undefined

undefined

Note: If ringfencing was enabled, you will not be able to bypass elevation for other applications. As an example, if we attempt to run PowerShell as an administrator from Putty, we will receive a block, as one would expect.

undefined undefined undefined

In the case that you would like to allow elevation for an application that is already being permitted, there are two ways of achieving this.

Allowing Elevation for an application that is already being permitted: 2 Methods  

Method 1

  • Navigate to Application Control > Policies.
  • Select the pencil icon that corresponds to the desired policy.
undefined
  • Enable the Elevation checkbox.
undefined
  • Save and Deploy Policies.
undefined

Method 2

Open the desired application as an administrator. In this example we are running PowerShell, which we have already permitted.

This will bring forth a notification allowing you to request elevation for this application.

undefined undefined
  • This request may be viewed from the Approval Center, and it will indicate that this is an Elevation Request as shown here:
undefined
  • Within the request,
    • Configure the policy settings as desired
    • Select Save

This will create a policy and if elevation was selected, the application will be able to run as an administrator within 60 seconds.

undefined undefined

Did this answer your question?
Thanks so much for your feedback!
%s of people found this helpful.