Elevation Control: Granting Privileges Without Compromising Security

One of the biggest challenges in managing a dispersed workforce is keeping endpoints secure while allowing users to get their work done. Often, users need to install software, and while ThreatLocker’s Application Control can block unauthorized installations, there are times when users have a legitimate need to install or update software. These requests are often time-sensitive, and the user might be working remotely, on a weekend, or in another situation where IT support isn’t readily available. Wouldn’t it be ideal to let users install what they need without giving them full administrative privileges?

That’s where Elevation Control comes in. It allows you to elevate a user’s privileges to those of a local administrator, but only for the specific application they need to install or update. At the same time, the newly installed application is automatically added to the Application Control policy, ensuring it’s permitted to run. Users can request elevation when an application requires admin privileges, and this request is routed to IT, who can approve it if appropriate, allowing the user to proceed.

You can also restrict the elevation time, limiting how long the application is allowed to execute. This is particularly useful for larger software installations like AutoCAD or Revit that may take longer to complete. Elevation can be combined with Ringfencing, further restricting the application’s ability to interact with other software or built-in Windows tools.