How to enable elevation control in ThreatLocker?
This document outlines the step-by-step process of how to enable elevation control in ThreatLocker Dashboard.
This article is a part of our ThreatLocker How-to Guides series, Chapter 07 – Elevation Control (Privilege Management).
Introduction
What is Elevation Control?
Elevation Control is a security feature in ThreatLocker that allows specific applications to run with administrator privileges without giving full local admin rights to the user. This ensures that users can perform necessary tasks while maintaining strict control over what is allowed to run elevated.
Objective
The objective of enabling elevation control is to provide users with controlled and temporary admin-level access for approved applications. In this article, we will walk through the steps to create an elevation policy using ThreatLocker.
Implementation
Step 1: Access the Application Control Module
- Log in to the ThreatLocker Portal.
- Navigate to Modules > Application Control
- Click Create Policy
Step 2: Create the Elevation Policy
- Fill the policy form:
- In the Details section:
- Name: Elevation Control – PowerShell
- Description: Allow PowerShell to run with elevation
- In the Applied To section:
- Select the target computer or computer group where the policy should apply
- In the Condition section:
- Select the application: PowerShell
- Choose All Interfaces
- Select “No Policy Expiration” to ensure the rule remains active indefinitely.
- In the Action section:
- Enable “Assist with programs that require local administrator privileges”
- Select “Elevate to run as local administrator”
- (Optional) Enable “Notify User” to inform the user
- (Optional) Set a duration for how long elevation should be active (e.g., 30 minutes, 12 hours)
- Select “Elevate to run as local administrator”
- Enable “Assist with programs that require local administrator privileges”
2. Click Create to save the policy once all fields are completed
Step 3: Deploy the Policy to enable elevation control in ThreatLocker
Deploy the policy from the policy list to enforce it on the target devices
Conclusion
Elevation Control is a key feature for organizations that want to maintain strong security while still supporting legitimate admin tasks. By allowing elevation only for approved applications and limiting access scope and duration, you maintain control and reduce risk.ThreatLocker’s Elevation Control enforces the principles of Zero Trust, giving IT teams the flexibility to support users without compromising on security.