How to create a policy for a user group?
This document outlines the step-by-step process of how to create a policy for a user group in ThreatLocker Dashboard.
This article is a part of our ThreatLocker How-to Guides series, Chapter 03 – Zero Trust Policies (Application Control).
Introduction
ThreatLocker enables administrators to enforce granular security policies at various levels including devices, individual users, and user groups.
This is particularly useful when blocking or allowing specific applications for a user group, without affecting unrelated users.This guide explains how to create an Application Control policy that targets a user group, ensuring consistent enforcement across all members.
Implementation
Step 1: Access the Application Control Policies
Log in to the ThreatLocker Portal, then go to: Modules > Application Control > PoliciesClick on “Create Policy” to begin configuring a new rule.
Step 2: Complete the Policy Form
Fill in the Policy Details section:
- Name: e.g., Block CMD (User Group)
Description: e.g., Block Command Prompt access for the selected user group
In the Apply To section:
Select the computer group where you want the policy to apply
Then, click on “Selected User and Group”
Add the relevant user group (e.g., EN Users, HR, etc.)
In the Condition section, choose the application you want to block.
Then, in the Action section, select “Deny”, enable End User Experience (e.g., show notification and allow user to request access), and click “Create” to finalize the policy.
Step 3: Deploy the Policy To create for a user Group
After creating the policy, click “Deploy” to apply it to the selected user and devices.
Once deployed, the policy will appear in the list of active policies.
Conclusion
Creating a user group-specific policy in ThreatLocker provides precise and consistent control over application access across multiple users.
By targeting an entire group and defining application behaviors, you enhance your Zero Trust posture while streamlining policy management.
Once deployed, the policy is immediately enforced across all selected users, ensuring that only authorized personnel can access sensitive or restricted tools.