Stay secure over the holidays with the ThreatLocker Lights-Out Checklist

Endpoint privilege management with Elevation Control

ThreatLocker® Elevation Control is an endpoint privilege management tool that enables system administrators to revoke local administrator rights from their users and execute specific applications with elevated privileges.

What is Elevation Control?

Elevation Control is a policy-based endpoint privilege management solution that assists organizations in being secure but still efficient in their operations. Instead of granting users access to administrator logins, policies can be created to automatically grant higher privileges to applications. This allows the applications to access the necessary resources without giving users these desired credentials.

Elevation Control puts IT administrators in the driving seat, enabling them to control what applications can run as a local admin without giving users local admin rights.

How does it work?

When ThreatLocker is first deployed, all existing applications are learned. Administrators can review the applications, select which applications need privileged access, and set policies to grant elevated access. Once endpoint privilege management (EPM) is enabled on an application, users can run that same application as a local administrator without entering credentials.

Elevation Control integrates with our application control modules. If an application is not currently allowed, the end user can request to run the software, and administrators can approve it, applying elevation simultaneously. For applications that require elevation only to install or update, create time-based policies that will remove elevated rights once the time expires, allowing the application to run with regular privileges.

The ThreatLocker® difference

Traditional Endpoint Privilege Management tools often focus on managing user privileges and roles. ThreatLocker Elevation Control is application-centric, allowing administrators to define and control precisely which applications can run with elevated privileges. This approach provides finer control over the execution of applications, reducing the attack surface.

Restricting applications to run with elevated privileges only when necessary helps to shore up cybersecurity efforts, while traditional EPM tools may require users to go through complex authentication processes, leading to operational friction.  

ThreatLocker endpoint privilege management solution is designed to provide a user-friendly experience. Authorized users can run applications with elevated privileges seamlessly without the need to enter credentials repeatedly.

Frequently asked questions

Can we control which users are allowed to Elevate an application?

Yes, ThreatLocker allows you to create multiple policies for an application to further restrict access to Elevation by User or by Group. 

How does Elevation Control differ from other privilege access manager (PAM) tools?

One main difference is the combination of Elevation Control with Ringfencing - we can elevate that one program, but not allow it to interact with other programs.

What actually gets elevated: the user or the process?

Elevation Control will elevate the process, removing the need for users with administrative privileges.

What prompts will users see if Elevation is enabled?

When Elevation Control is enabled, your users will see our UAC prompt instead of the generic Windows UAC prompt when they attempt to do something they do not have the permissions to do. This prompt allows them to request administrative access from a ThreatLocker Admin. You can also selectively provide prompts to users when elevating processes by policy.

Are these prompts visible even in Learning Mode?

Yes. The endpoint's Application Control maintenance mode has no effect on the presence of Elevation Control prompts.

How do we elevate something? (e.g., put in admin controls in the portal?)

You can either provide elevation to a specific process, entire application via a policy, or you can elevate an entire machine by using our scheduled Elevation Maintenance Mode.

Can we provide elevation "just in time" for installations or is it always on as a policy?

While the "just in time" elevation will still be policy-based, it can be set to expire so that the elevation is not always on.

Can we elevate via a mobile application for quick access?

Yes. Our ThreatLocker mobile application can be used to do everything that you can do in the portal itself aside from utilizing the VDI Testing Environment.

Do we need to set up a local admin account in order to get Elevation Control to work?

 No, but ThreatLocker can be used to remove local administrator accounts.

Elevation Control features

Complete Visibility of Administrative Rights - White Icon

Complete visibility of administrative rights

Gives you the ability to approve specific applications to run as an administrator, even if the user is not a local administrator.

Streamlined Permission Requests - White Icon

Streamlined permission requests

Users can request permission to elevate applications and attach files and notes to support their requests.

Variable Levels of Elevation - White Icon

Varied levels of elevation

Enables you to set durations for how long users are allowed access to specific applications by granting temporary or permanent access.

Secure Application Integration - White Icon

Secure application integration

Ringfencing ensures that users cannot jump to infiltrate connected applications within the network once an application is elevated.

More ThreatLocker® solutions

Harness the Power of ThreatLocker Community

Community

See Solution
ThreatLocker Network Control logo

Network Control

See Solution
ThreatLocker Storage Control Logo

Storage Control

See Solution

Take control of your organization's security

Request your 30-day trial to the entire ThreatLocker platform today.

Try ThreatLocker