Дякуємо, ми отримали ваше повідомлення і звʼяжемось в найближчий час! :)
What is Elevation Control?
Elevation Control is a policy-based privilege management solution for endpoints that helps organizations stay secure without compromising operational efficiency.
Instead of granting users administrator account access, administrators can create policies that automatically elevate privileges only for specific applications.
This allows applications to access necessary resources without exposing sensitive credentials to users.
Elevation Control gives administrators full control over which applications can run with local administrator rights — without the need to grant these rights to users.
How Does It Work?
After initial deployment, ThreatLocker automatically analyzes all existing applications on the system.
Administrators can review the application list, identify which ones require elevated privileges, and configure access policies.
When endpoint privilege management (EPM) is enabled for a specific application, users can run it with local administrator rights — without entering credentials.
Elevation Control integrates with Application Control.
If an application is not permitted to run, users can request access, and administrators can approve it while simultaneously granting elevated privileges.
For applications that only require elevation during installation or updates, time-bound policies can be created.
Once the set time expires, administrator rights are revoked, and the application runs with standard privileges.
What Makes ThreatLocker® Unique?
Unlike traditional endpoint privilege management tools that focus solely on user rights and roles, ThreatLocker Elevation Control is application-centric.
Administrators can precisely specify which applications are allowed to run with elevated privileges.
This approach provides deeper control over application execution and significantly reduces the attack surface.
Restricting elevated application execution to only when truly necessary greatly enhances cybersecurity.
While classic EPM solutions require complex authentication that can hinder user productivity, ThreatLocker eliminates this friction in operational workflows.
This solution is designed for maximum user convenience: authorized users can run applications with elevated rights without having to repeatedly enter credentials.
ELEVATION CONTROL CAPABILITIES
Complete Visibility of Administrative Privileges
Gain the ability to approve the execution of specific applications with administrator rights—even if the user does not have local admin privileges.
Simplified Privilege Elevation Requests
Users can submit requests to run applications with elevated privileges and attach files or explanations to justify the need.
Flexible Access Level Management
Configure the duration of elevated privileges: temporary or permanent access to specified applications under full IT department control.
Secure Application Integration
The ringfencing mechanism prevents unauthorized access to other related applications on the network after privileges are granted.
FAQ
Can We Restrict Elevated Application Execution to Specific Users?
Yes, ThreatLocker allows you to create Elevation Control policies with user or group filters to limit who can run specific applications with administrator privileges.
How Is Elevation Control Different from Other Privileged Access Management (PAM) Tools?
The main difference lies in the integration with Ringfencing technology.We can grant elevated privileges to a single application while preventing it from interacting with other programs, thereby minimizing the attack surface.
What exactly gets elevated privileges: the user or the process?
Elevation Control elevates privileges only for the process, not the entire user.
This approach avoids granting full system access.What notifications do users see when Elevation Control is enabled?
Instead of the standard Windows UAC prompt, users see a customized request from ThreatLocker.
This prompt allows them to request administrative access or provide a reason for the privilege elevation policy.Do notifications work in Learning Mode?
Yes, Learning Mode (Application Control Learning Mode) does not affect the appearance of Elevation Control notifications.
How Does Privilege Elevation Work?
Privilege elevation can be granted for a specific process, an entire application, or even the whole machine by using the scheduled Elevation Maintenance Mode.
Can Temporary (Just-in-Time) Privilege Elevation Be Set?
Yes, policies can be time-restricted. After the expiration period, privileges are automatically revoked.
Is Elevation Management Available via Mobile App?
Yes, the ThreatLocker mobile app allows you to approve elevation requests just like through the web portal, including support for VDI environments.
Is It Necessary to Create Separate Local Administrator Accounts?
No. ThreatLocker allows you to remove local administrator accounts by providing controlled access only to the necessary applications.
Fill out the form to receive a personalized consultation on testing within your IT infrastructure: