Long Arrow Right External Link angle-right Search Times Spinner angle-left

ThreatLocker Elevation – Quick Start Guide

Note: ThreatLocker Elevation requires Agent Version 6.0 or above

To get started with ThreatLocker Elevation:

  • Navigate to Computer Groups in the ThreatLocker Portal.
  • Select the group(s) you want upgraded to use Elevation.
undefined
  • Select update ThreatLocker Version > 6.0 (or higher).
undefined undefined

Select Update.

undefined

After the computers checkin,

  • Navigate to the Computers Page in the ThreatLocker Portal.
  • Select the computer(s) you want to elevate > Select Restart Service.
undefined

ThreatLocker Elevation requires a new tray. Due to this, to use ThreatLocker Elevation, you will need to either:

  • Log out of your machine
  • Reboot your machine
  • Kill the ThreatLockerTray process and manually reopen it.

Next Steps:

Once your machines are checking in with version 6.0 as displayed in the Computers Page:

undefined
  • Select the Organizations tab.
undefined
  • Ensure you have Elevation enabled in the Product drop-down list.
undefined undefined

If checked, ThreatLocker Elevation is now enabled.

Note: We Audit all elevation in the Unified Audit. All elevation will have the action type 'elevate'.
undefined

How to Use ThreatLocker Elevation:

Elevation integrates with our Application Control, meaning that if an application is not currently allowed, you may approve and elevate it simultaneously.

For example,

A user may request access to an application through the use of our new Tray Application.

undefined undefined

This request may be viewed from the Approval Center, and it will indicate that this is an Application Request as shown here:

undefined

Now you will have the opportunity to,

  • Approve the application
undefined
  • Approve with Ringfence, which is highly important as you may not want the elevated app to speak to Command Prompt or PowerShell for example
undefined
  • Set an expiration date for the policy
undefined
  • Allow the application to elevate as an administrator
undefined
  • Apply the policy to the specified level
undefined

After configurations have been made and Save has been selected,

undefined

you may now run this application as a normal user as expected. If the application is ran as an administrator, you will receive confirmation through the Tray Application that the application has been elevated.

undefined

Note: If ringfencing was enabled, you will not be able to bypass elevation for other applications. As an example, if we attempt to run PowerShell as an administrator from Putty, we will receive a block, as one would expect.

undefined undefined undefined

In the case that you would like to allow elevation for an application that is already being permitted there are two ways of achieving this.

Method 1)

  • Navigate to Application Control > Policies.
  • Select the pencil icon that corresponds to the desired policy.
undefined
  • Enable the Elevation checkbox.
undefined
  • Save and Deploy Policies.
undefined

Method 2)

Open the desired application as an administrator. In this example we are running PowerShell, which we have already permitted.

This will bring forth a notification allowing you to request elevation for this application.

undefined undefined

This request may be viewed from the Approval Center, and it will indicate that this is an Elevation Request as shown here:

undefined

Within the request,

  • Configure the policy settings as desired.
  • Select Save.

This will create a policy and if elevation was selected, the application will be able to run as an administrator within 60 seconds.

undefined undefined