How to create time-limited elevation policies in ThreatLocker?
This document outlines the step-by-step process of how to create time-limited elevation policies in ThreatLocker Dashboard.
This article is a part of our ThreatLocker How-to Guides series, Chapter 07 – Elevation Control (Privilege Management).
Introduction
ThreatLocker Elevation Control allows administrators to grant temporary administrator privileges to approved applications without giving users full local admin rights.This guide explains how to configure a time-limited elevation policy, which allows a specific application (e.g., Command Prompt) to run with elevated privileges only for a defined period.
Implementation
Step 1: Access the Application Control Module
- Log in to the ThreatLocker Portal.
- Navigate to Modules > Application Control
- Click Create Policy
Step 2: Create the Elevation Policy
- Fill the policy form:
- In the Details section:
- Name: Elevation Control – CMD
- Description: Time-limited elevation for Command Prompt
- In the Applied To section:
- Select the target computer or computer group where the policy should apply
- In the Condition section:
- Select the application: Command Prompt (CMD)
- Choose All Interfaces
- Select “No Policy Expiration” to ensure the rule remains active indefinitely.
- In the Action section:
- Enable “Assist with programs that require local administrator privileges”
- Select “Elevate to run as local administrator”
- (Optional) Enable “Notify User” to inform the user about elevation
- Set a duration for how long the elevation should remain active (e.g., 30 minutes, 1 hour, 8 hours)
- Select “Elevate to run as local administrator”
- Enable “Assist with programs that require local administrator privileges”
3. Click Create to save the policy once all fields are completed
Step 3: Verify and Deploy the Policy to create time-limited elevation policies in ThreatLocker
Deploy the policy from the policy list to enforce it on the target devices
Conclusion
With time-limited elevation policies, you can give users temporary access to admin privileges for trusted applications, while keeping strict control over duration and scope.This helps enforce the principle of least privilege, reduce security risks, and maintain user productivity, all within the Zero Trust model.