Recently active topics

Hello!We are using PRA Jump Client to rotate local account password on a workstation.  Is there a way to update it in auto-logon configuration . Preferably by running sysinternals auto-logon via a batch script. I think we can update the password in a service (log-on user) using PRA vault but not auto-logon .Is there a way to pass this vaulted password to a script via Endpoint automation ?

Hello everyone,I am currently encountering an issue when performing a managed account password change on F5 BIG-IP. I would like to describe the issue as follows:On the F5 BIG-IP device, I created a user named "btfunctional" and configured this user in PAM as a Functional Account (FA). I performed a Test Functional Account, and it completed successfully. However, when I attempt to change the password of another managed account, I encounter the following error:[btfunctional@ltm01:Active:Disconnected] ~ # Thread was interrupted from a waiting state. Password change failed.I would greatly appreciate your support and assistance with this issue.Thank you very much.

Hello Team, We have one requirement for deletion of 1000+ managed systems without any Managed account.Is there any easy way to delete them in bulk? Can someone help with API script or DB Query to do so. Thanks,Prasad

Hello! Is there any news or a roadmap regarding the implementation of Direct Connect within the Pathfinder portal? This feature would significantly reduce connection time and greatly improve productivity.Unfortunately, I don’t have access to the Ideas Portal to open a request about this, but if anyone knows anything, I would be very grateful.Thanks!

Hi Team, is there any way to clean/flush the password  stored in clipboard “when you do a copy of credentials from password safe , it does not get cleared automatically from your clipboard. The clipboard storers the credentials rather than clearing the clipboard after a short period of time”

The following articles were published last week. New Knowledge Base Articles: KB0021938 - API script containing start_session.ns call fails KB0022125 - Is Remote Support and Privileged Remote Access Affected by CVE-2025-27636 ? KB0022377 - Windows Clients going offline after upgrade from RS and PRA 22.1 or earlier KB0022574 - PRA and RS SaaS Google Cloud console next button not working on web jump KB0022583 - Unable to access the website for the cloud appliance KB0022748 - Local users are unable to log in to the Representative Console. Error "418 Failed to decrypt" KB0022808 - Jump Client Direct Download link does not work. Incorrectly prompts for Pathfinder authentication KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute" KB0023059 - LDAP security provider sync failed after upgrading to 25.2.1 or above "fail

The following articles were published last week. New Knowledge Base Articles: KB0022012 - Unable to RDP Jump when using diacritics with Linux Jumpoint - Authentication failed error KB0022037 - Web Jump no longer working with new VMWare versions when using "Enhanced Authentication Plugin" (EAP) KB0022125 - Is Remote Support and Privileged Remote Access Affected by CVE-2025-27636 ? KB0022377 - Windows Clients going offline after upgrade from RS and PRA 22.1 or earlier KB0022574 - PRA and RS SaaS Google Cloud console next button not working on web jump KB0022748 - Local users are unable to log in to the Representative Console. Error "418 Failed to decrypt" KB0022808 - Jump Client Direct Download link does not work. Incorrectly prompts for Pathfinder authentication KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute"

The following articles were published last week. New Knowledge Base Articles: KB0021758 - LDAP binding to Active Directory on EPM-UL fails with error - pbrun23.1.2-04[947719]: 3005 Request ended unexpectedly KB0021817 - Errors assigning EPM-UL license key - 3802.6 This host is not the Primary License server or 6025.78 Host is incorrect in the Registry Name Service Cache database KB0022177 - Unable to to use pbrun after upgrade to OEL 8.9 "8057.01 PAM SESSION Error: PAM session start failure"

The following articles were published last week. New Knowledge Base Articles: KB0021822 - Local passwords not rotating after upgrade to Endpoint Privilege Management for Mac 24.5.3 KB0021840 - How to add and use a local AD connector in EPM Cloud KB0021899 - How to block users from accessing Users & Groups with EPM-M KB0021937 - EPM-W block message replaced by Windows 11 message - This app has been blocked by your system administrator KB0022167 - EPM Cloud 25.3 change - Admin role required to edit API accounts KB0022181 - Endpoint Privilege Management Cloud rules not applying when using the type criteria KB0022905 - Incorrect OS name, description and version displayed in EPM Cloud for macOS Tahoe KB0023060 - Siemens Tia portal fails to install with EPM-W application rules - Setup Package's result file not found KB0023192 - EPM-M policy fails to update - PMCAdapter: Error d

The following articles were published last week. New Knowledge Base Articles: KB0021206 - Appliance self-signed certificate does not have Subject Alternate Name KB0021697 - Registering FIDO2 authenticator fails - Could not create credentials KB0021739 - Resource Broker SAML error - GetGroupForADUser for domain cred failed KB0021827 - Users are not able to ssh from Password Safe with AD account when using Centrify SSHD service KB0021846 - Onboarding Managed Accounts or Assets via a Smart Rule issue - Disassociation from DC when directory query is used KB0021872 - Secrets Cache pspca logs error "A timeout occurred" KB0021909 - What AD permissions should a bind account or directory credential have? KB0021972 - After upgrading, no accounts are showing in the Password Safe tile. KB0022073 - Pathfinder and Password Safe Cloud 24.3.1 - SAML user is removed from the local group in P

The following articles were published last week. New Knowledge Base Articles: KB0021857 - How to configure multiple GPOs to use specific scripts with AD Bridge KB0022132 - Domain join fails with Error: ERROR_BAD_CONFIGURATION [code 0x0000064a] KB0022411 - Error - sudo: fatal error, unable to load plugins

All our workstations are managed through Intune in User Mode, which means that there are no Admin rights on the workstations by default as part of our security hardening. Applications to be installed is dictated through the Company Portal. However we do have some apps that are very difficult to package for Company Portal deployment and BTRS is then the route to go through and through the session the engineer has the ability to elevate command prompt/powershell prompt to install the particular application. Also for admin elevated tasks, BTRS is the lifeline. Of course we do detect left and right that engineers “abuse” the rights and install apps without proper approval which in turn could be a security risk. Is there an “easy” way through any of the reports (haven't found any so far) to see who did elevation of command prompts/powershell prompts which can then be evaluated if it was correct use or abuse.  

Hi,Anyone else have a need to keep password history for more than one year? A problem we face is if we need to restore a windows server from more than a year ago, we won’t be able to log in via the local administrator password as it will be unknown. I know there are some workarounds where you can reset if it is an AzureVM, but having history more than a year is needed.Anyone have any smart ways to work around this limitation?Someone has already logged an idea for this if you want to vote.Allow Password History For More Than 360 | All Product Ideas - PublicThanks

Hello!We are running version 24.3.4 and have observed multiple Jump Clients going offline intermittently. Upon investigation, most affected clients show that the service has stopped.We’ve been using PRA for several years and have performed multiple upgrades from 20.x versions. This issue started appearing after the last 1–2 upgrades. Based on the support KBs, our current version does not appear to be impacted by any documented known issue.I’ve opened a support ticket and will provide logs, but the behavior is random and difficult to predict when it will occur again.Other users seem to have reported similar issues, and a scheduled service restart is suggested as a workaround. However, this approach is not scalable for us since we manage thousands of endpoints and have 24/7 user activity, which could negatively impact user experience. I also noticed recommendations to restart the site software. Fresh re-install will be a pain.Is there a known root cause for this issue? Has anyone success

Good morning.I'm trying to inject the credentials of a Linux system into a domain that's password safe, but it connects using PRA.In PRA, when I inject the credentials, it does so without the domain.If I manually enter the username, domain, and credentials, it connects.I'd like to know how to inject the username with the full domain.Regards.

Hi Team,I am looking for creating the script to automate Application onboarding in Beyondtrust Password Safe. We are using Cloud version of Password Safe.  I am exploring BT API However I dont see any API to create application in BT. I only see API to get application or to remove application or assign application to Manage account . From this List , I dont see any api to create application into BT. Requesting help here to guide how application can be created in BT using API.Regards,Imran Aliyani

Trying to get a handle on Microsoft Store installs. Microsoft Store apps can be blocked via GPO however there are many gaps around this. For example, using the web browser to go to Microsoft store. https://www.reddit.com/r/Intune/comments/1e44bkb/ms_store_block_bypassed_via_browser/Is there a way to block Msix files from installing in Beyond Trust? maybe prevent them from running from downloads folder? 

Hi,just a short question. Is there a need/ recommendation for the “recommended exclusions from 3rd party anti-virus - KB0017099 ” in combination with Microsoft Defender for Endpoint?We are asking this because at the moment we do not have set these exclusions and for us the Defender is not a typical “3rd party av”. Regards,Jens

Hi  I would like to see if we can block commands in CMD for Windows Platform.If yes, how can we do a sample would help for building it.RegardsNaveen

hi guys, is there a way to get a list of AD managed systems without linked accounts? thank you

The following articles were published last week. New Knowledge Base Articles: KB0022643 - Jump client add button is missing for administrators KB0023083 - How to deploy support buttons in Remote Support 25.1.2+ KB0023158 - Are video recordings of sessions included with Remote Support licensing?

The following articles were published last week. New Knowledge Base Articles: KB0022643 - Jump client add button is missing for administrators KB0023153 - Unable to create Jump Client using Pathfinder "Internal authorization error deploying to specified group: The user is not allowed to use Jump Item's public portal."

The following articles were published last week. New Knowledge Base Articles: KB0023150 - EPM-L fails to activate "Error activating"

The following articles were published last week. New Knowledge Base Articles: KB0022504 - Clicking update connector or create connector with the type SNMP results in an error: "Form is stale" KB0022561 - Service Account Usage Report showing duplicate service accounts - Service Account Usage Report missing managed service accounts KB0022739 - Functional Account test fails - Error 26: Error locating server/instance specified KB0022969 - BeyondInsight Configuration (rememconfig.exe) tool Start Service not working - Services not starting KB0023034 - TLS 1.3 support and future removal of TLS Client Renegotiation in Password Safe KB0023119 - Asset Smart Rule address group removed after upgrading to 24.3 KB0023135 - BI Password Safe configured with RAIDUS fails to login - AuthServiceResponse rejected logon KB0023157 - WPE freezes or shows a spinning loading circle when trying to edit a polic