Feature

Elevation Control

Elevate applications and processes

Airlock Digital Elevation Control helps organizations reduce standing administrative access by applying administrative-equivalent privileges to approved applications and processes. 

Elevation Control allows approved applications and processes to run with administrative-equivalent privileges when they meet defined policy conditions. This gives security and IT teams a tightly scoped way to support approved administrative tasks without granting users broad administrator rights across the endpoint. 

How Elevation Control Works

Application-Level Elevation
Elevate approved applications and processes without granting users broad administrative rights across the endpoint.
Policy-Driven Control
Use Airlock Digital Allowlist Metadata Rules to define when elevation applies, including publisher, path, parent or grandparent process, and user context conditions.
Least Privilege by Design

Apply elevated privileges only to approved applications and processes that meet your defined criteria. 

Cross-Platform Support
Support application-level elevation across Windows, Linux, and macOS with platform-specific elevation behavior.
Simple End-User Experience
Approved applications can run with elevated privileges based on policy-defined conditions, helping users complete approved tasks without requiring broad administrative rights.
Command-Line Support
 Enable controlled elevation for terminal-based workflows across supported operating systems. 

More Control.
Less Administrative Exposure.

Traditional approaches to administrative access often elevate a user account for a session or period time. This can give every process launched during that period access to elevated privileges, increasing risk if the session or credentials are misused. 

Application-level elevation helps organizations reduce standing administrative exposure while still allowing users and administrators to complete approved tasks. 

Put simply: Elevation Control helps you elevate the action, not the user.

Operational Benefits

Reduce Standing Administrative Rights

Limit the need to grant persistent local administrator access for routine tasks, administrative tools, installers, and approved support workflows. 

Reduce Attack Surface Exposure

Restrict elevation to approved applications and processes under defined conditions, reducing opportunities for attackers to abuse broad user-level administrative access. 

Preserve Operational Flow

Allow approved tools to run with the privileges they need while users continue working without disruption. 

Support Least-Privilege Initiatives

Apply elevated privileges only where needed, helping organizations reduce unnecessary administrative access while maintaining productivity. 

Simplify Elevation Management

Reduce reliance on user-level administrator access, manual exceptions, and alternative elevation workflows. 

Maintain Visibility and Auditability

Endpoints record when a process is executed with elevated privileges, giving teams visibility into elevation activity.

Elevation Control FAQs

Elevation Control is Airlock Digital’s application-level elevation capability. It allows approved applications and processes to run with administrative-equivalent privileges through policy-defined conditions without broadly elevating the user or session. 

Administrators create or update an Allowlist Metadata Rule, define the required match criteria, and enable “Elevate process upon match.” Once deployed, matching processes run elevated automatically.

Applications and running processes can be elevated, such as installers, admin tools, cmd.exe, or powershell.exe.

Keep Exploring

Airlock Digital Application Control Datasheet

Read Now

Talk to an Expert

Book a Meeting