Recently active topics

Apologies in advanced if this is common knowledge, I mainly support our Windows environment but I’m wanting to learn more about EPM on Mac.  Most of our Mac end users utilize an Active Directory group that we grant elevated privileges with.  A discussion came up recently about Homebrew, and I asked our support techs the current process for when they swap out machines for developers on Mac.  What I’m being told, is that possibly in the past EPM used to be able to allow standard users to install Homebrew via EPM for Mac however I’m being told Homebrew is incompatible with EPM for Mac.  End users are being added as local admin as part of the process which I’m not understanding why.If anyone has documentation, KB, or first-hand knowledge of using EPM for Mac and utilizing Homebrew without having to add users to local admin, it would be much appreciated.Example of what I’m being told from my End User Computing support team about the troubleshooting cadence of Homebrew for elevated privilege

While I was going through documentation looking to find out some specific information regarding Computer Logs vs Command Logs and trying to determine how they might be useful to troubleshoot issues with various machines from what I’m seeing on a select few vs that of the many machines in the same group, I came across this part. One thing I have noticed that is different than what is written, there does not appear to be any means to download “Command Logs” like the write-up states. And to that point, the only “Command” I have ever seen listed in this tab is when I Request Computer logs from a machine. Are there other types of “Commands” that show up here?  As to “Request Logs” from the Computer Logs section, you only really get 2 files.AvectoiC3Adapter25.8.840.msi-Installation-11-02-2026-0905.log PrivilegeGuardClient25.8.12.0.msi-Installation-11-02-2026-0906.logI think the documentation could use some improvement in this regard, to give a little more information as to what to expect or

Hi All,Please correct me if I am wrong. Based on the architecture diagram (refer to the part highlighted in red), does this mean that the Resource Broker server requires an RDS CAL license for users to start a proxy session through the resource broker server (on port 4489 or port 4422) to the managed system like windows server, linux server and network devices?Thanks again.  

Hi All,In PRA, we have a SAML security provider configured for user authentication and provisioning. User will only be provisioned when they first-time logged in.Is there anyway we can pre-provision the users by LDAP/AD Group synchronization similar functionality as Password Safe (without using SCIM). Thanks, 

Hi All, We are moving to Workforce Passwords for our individual password vaults, but the IT team also has a shared vault, we are required to keep an offline backup of this shared vault for DR purposes.  From what I can see the only way to back this up is via the API? can anyone confirm?

Hi Team, Has anyone worked on onboarding sql developer application in Password safe? We are trying to onboard the SQL Developer application in password safe, However we are not able to click on connection which is already created in Sql Developer. I need help in understanding using AutoIT , how can I click on connection which is created. Once we can click on existing instance we will inject password on it .Need help here please .Regards,Imran

Hello, how are you?Has anyone else encountered problems importing a .csv file and received this message?I tried downloading credentials directly from the vault and then tried importing them to another folder within the vault.The profile already has a Workforce license.I also tried with the administrator profile without success.I also used the documentation without success.https://docs.beyondtrust.com/bips/docs/secrets-safe-configure-bi-cloud The import could not be performed. 

Hi all! Hope you are doing well.I’ve encountered an issue regarding installation of BT RS. Currently I have about 60 users that have the Jump Client installed on their device. I wanted to update the clients, and it seems like the .dmg file now says sra-scc-<uid>.dmg, and not bomgar-scc-<uid>.dmg (I believe this is not the issue though).Right now, when I prepared the package to be deployed from Jamf Pro (our MDM), the package installs, it shows the BT RS icon on the top-menu bar for a split second (it’s crossed), and then disappears. I can’t see the newly installed jump client in my representative console, so basically it’s like it installed for a moment, then uninstalled or is not present on the machine. I’ve followed the ‘mass deploy on macOS’ instruction, so have all the PPPC settings as well. I have also included the xattr command into the deployment script, but it looks like it does not matter whether it is included or not, the same situation keeps happening on both set

Hi Everyone, I know we have PSAutomate tool that we can use for automating different kind of applications. However as for a more complex automation, we usually use a different tool. As for me, we use nodeJS to automate the login sequence for all web applications. The question here is, does anyone of you also use the same tool that I use? If yes, are you guys currently experiencing an issue after updating the nodeJS version and puppeteer to latest version? Like when opening a web application via PS Remote App, it automatically close, and if we set the Remote App to disabled and check the behavior, it shows an error like this below?Tried this between PSAutomate and NodeJS however this error only happens to NodeJS after upgrading. I know some of you will say that “use PSAutomate” or “revert back to the working version”, but the reason I upgraded my NodeJS and puppeteer is because of a specific web app “FortiAnalyzer”, due to incompatibility issue to the latest version of FortiAnalyzer and

I am trying to move us away from the deprecated support button. My understanding is that the standby jump client should provide a user driven support request similar to support button. My question is what does the user do to initiate a support chat from the jump client? I have it installed on my computer, I can see my jump client in standby in the rep console. From the client my only options are to disable/uninstall or check-in. I was expecting an option to start a support chat.

Hello, I am trying to setup an Azure SQL Database for a new AA BT PWS environment. Is there any way to use a serverless SQL with own key material for TDE?Right now the installer just gets stuck and although I can run the connection check I get a small window stating “validation failed” after I click next on the database configuration step.Any recommendations?  Thanks!

ps automate is not able launch chrome/edge browser sessionHi all i am facing  issue wherein ps automate is not able to launch the browser session. we are using password safe cloud 24.1 version and i downloaded the same version of ps automate. driver versions are also same .still browser session is not opening any idea how to get this issue resolved Awaiting response  RegardsImran

Hi everyone,I’m trying to use aca to block some commands after user switch to a root account using pbrun. But I’m not able to achieve it, below is the sample script I have. Please suggest the changes to effectively use aca to block commands.bash is an alias command to switch to root user. I can still run whoami command after switch to root.if (command == bash){aca("file", "/use/bin/whoami", "!all", "BLOCK");accept;} Thanks,

Hello,I need to upgrade the operating system from Windows Server 2016 to Windows Server 2019 on the servers hosting the BeyondInsight databases. These servers are part of a cluster, and all cluster nodes will be upgraded.My question is: how will this impact Password Safe operations? Will services return to normal automatically once the upgrade is completed, or are there any actions required from our side?Additionally, are there any notes or precautions that should be considered to avoid potential failures during or after the upgrade?

We are planning to migrate our BeyondTrust Password Safe On-Prem environment from Active‑Passive (A‑P) to Active‑Active (A‑A).We have already built the external SQL node, and our current Active node will be used as the Management Node, while the second Passive node will function as a Worker Node.Could you please confirm if any additional licenses are required for this migration from A‑P to A‑A?  

After success fully installed EPM windows application to the user machine still user unable get the elevated access properly.

The following articles were published last week. New Knowledge Base Articles: KB0022041 - After upgrade to RS or PRA version 24, outbound events for Service Now integration receive error: Maximum file exceeded KB0023270 - Are automatic product upgrades supported if appliances are configured in a failover pair or Atlas configuration? KB0023280 - What is the Activate Knox License setting in RS and PRA? KB0023281 - Copy and paste does not work in RDP Jump to Windows Server 2003 KB0023316 - Unable to install BT26-02-RS or BT26-02-PRA patch - Error: An error occurred installing this update.

The following articles were published last week. New Knowledge Base Articles: KB0022041 - After upgrade to RS or PRA version 24, outbound events for Service Now integration receive error: Maximum file exceeded KB0023270 - Are automatic product upgrades supported if appliances are configured in a failover pair or Atlas configuration? KB0023273 - Why do some users have access to the notification bell icon and others do not? KB0023274 - Can mobile access be enabled without the Privileged Remote Access web access console? KB0023280 - What is the Activate Knox License setting in RS and PRA? KB0023281 - Copy and paste does not work in RDP Jump to Windows Server 2003 KB0023288 - Launch "Infrastructure Access Mode" in PRA is missing after upgrade KB0023316 - Unable to install BT26-02-RS or BT26-02-PRA patch - Error: An error occurred installing this update.

The following articles were published last week. New Knowledge Base Articles: KB0021821 - PMR Database error - The database collation cannot be changed if a schema-bound object depends on it KB0022000 - Sophos blocks elevation of Remote Support via EPM-W - Sophos is terminating this process KB0023067 - SCCM Lawgic installation stuck at install in progress when EPM-W client is installed "The installation is in progress. Please wait" KB0023100 - BT26-01 CVE-2026-1232 Anti-Tamper bypass in EPM-W KB0023278 - Remote desktop not working with EPM-W after recent Microsoft patch - KB5073457. Error: an authentication error has occurred Code 0x80080005.

The following articles were published last week. New Knowledge Base Articles: KB0023260 - Which account does ps_automate use to download web drivers? KB0023264 - Password changes failing for local Linux managed accounts. Failure Details reports 'Authentication token manipulation failure' KB0023276 - Report is not being generated when selecting the option to download reports KB0023286 - Workforce Passwords credential save or fill options not appearing on some sites when logging in KB0023287 - Error when creating new AD Functional Account: "Unable to save the Functional Account" KB0023290 - Password Safe Enhanced Session Utility (ESA) install fails with error message "0x80072ee7 Unspecified error"

Installing the Linux Remote Support jumpclient in system mode breaks our GDM authentication configuration by installing the file /etc/dconf/profile/gdm with the contents:user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaultsRedHat systems configure gdm by default via the dconf site database. RedHat expects a confguration like:user-db:user system-db:local system-db:site system-db:distro By removing the local, site, and distro DBs you are completely breaking the standard RedHat configuration. This is completely irresponsible on your part to be modifying such a critical system configuration. This took most of my day to resolve and locked a couple of users out of their machines for a few hours.I had actually just decided to enable your automatic updating of Remote Support - but that is out the window now if you are going to be releasing stuff like this.

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and incomplete. Reddit has been the mos

We have seen an issue where in some scenarios, it may be possible to connect to a user’s screen without requiring their acceptance. When you initially establish a jump session and perform Shell work to fix an issue, users may have their screen locked or logged out.  Unfortunately, the session policies do not appear to re-evaluate, so whatever the status of the device was when you established the jump session is held throughout the session. A workaround would be to disconnect the jump session and establish a fresh session before you use the screenshare function, which would then pick up the user is logged on and present the prompt.For example:User reports an issue on desktop, walks away.The machine is connected to (Shell, System etc but not screen sharing).User returns and unlocks the machine.Screen sharing is started from the Rep Console.Due to the existing session already established (using Shell and System Information), no prompt for the user to accept is required, and it connects to