Recently active topics

Hi Team,I am looking for creating the script to automate Application onboarding in Beyondtrust Password Safe. We are using Cloud version of Password Safe.  I am exploring BT API However I dont see any API to create application in BT. I only see API to get application or to remove application or assign application to Manage account . From this List , I dont see any api to create application into BT. Requesting help here to guide how application can be created in BT using API.Regards,Imran Aliyani

Hello!We are running version 24.3.4 and have observed multiple Jump Clients going offline intermittently. Upon investigation, most affected clients show that the service has stopped.We’ve been using PRA for several years and have performed multiple upgrades from 20.x versions. This issue started appearing after the last 1–2 upgrades. Based on the support KBs, our current version does not appear to be impacted by any documented known issue.I’ve opened a support ticket and will provide logs, but the behavior is random and difficult to predict when it will occur again.Other users seem to have reported similar issues, and a scheduled service restart is suggested as a workaround. However, this approach is not scalable for us since we manage thousands of endpoints and have 24/7 user activity, which could negatively impact user experience. I also noticed recommendations to restart the site software. Fresh re-install will be a pain.Is there a known root cause for this issue? Has anyone success

Good morning.I'm trying to inject the credentials of a Linux system into a domain that's password safe, but it connects using PRA.In PRA, when I inject the credentials, it does so without the domain.If I manually enter the username, domain, and credentials, it connects.I'd like to know how to inject the username with the full domain.Regards.

Hi  I would like to see if we can block commands in CMD for Windows Platform.If yes, how can we do a sample would help for building it.RegardsNaveen

Trying to get a handle on Microsoft Store installs. Microsoft Store apps can be blocked via GPO however there are many gaps around this. For example, using the web browser to go to Microsoft store. https://www.reddit.com/r/Intune/comments/1e44bkb/ms_store_block_bypassed_via_browser/Is there a way to block Msix files from installing in Beyond Trust? maybe prevent them from running from downloads folder? 

hi guys, is there a way to get a list of AD managed systems without linked accounts? thank you

The following articles were published last week. New Knowledge Base Articles: KB0022643 - Jump client add button is missing for administrators KB0023083 - How to deploy support buttons in Remote Support 25.1.2+ KB0023158 - Are video recordings of sessions included with Remote Support licensing?

The following articles were published last week. New Knowledge Base Articles: KB0022643 - Jump client add button is missing for administrators KB0023153 - Unable to create Jump Client using Pathfinder "Internal authorization error deploying to specified group: The user is not allowed to use Jump Item's public portal."

The following articles were published last week. New Knowledge Base Articles: KB0023150 - EPM-L fails to activate "Error activating"

The following articles were published last week. New Knowledge Base Articles: KB0022504 - Clicking update connector or create connector with the type SNMP results in an error: "Form is stale" KB0022561 - Service Account Usage Report showing duplicate service accounts - Service Account Usage Report missing managed service accounts KB0022739 - Functional Account test fails - Error 26: Error locating server/instance specified KB0022969 - BeyondInsight Configuration (rememconfig.exe) tool Start Service not working - Services not starting KB0023034 - TLS 1.3 support and future removal of TLS Client Renegotiation in Password Safe KB0023119 - Asset Smart Rule address group removed after upgrading to 24.3 KB0023135 - BI Password Safe configured with RAIDUS fails to login - AuthServiceResponse rejected logon KB0023157 - WPE freezes or shows a spinning loading circle when trying to edit a polic

The following articles were published last week. New Knowledge Base Articles: KB0023148 - Computers can't self-assign licenses.

I would to like to know the any limitation for copying file from  local to remote by using shell jumpafter updating the PRA 25.2.3 users are unable to copy the file from local to remote by using shell jump but vise versa it is possible.if file size is less than 32 kb its copying fine but it its bigger then its corrupted to 32kbI am using  Copy paste only.

Hi All,I'm new to PS but have been running RS for over a year now, we export syslog via webhooks on RS and PRA to our Rapid7 SIEM and it is working well, but I cannot seem to get it to work with PS. Any ideas?

Hello,we just started with PRA and Vendors, and i wanted to add a new vendor group. When i want to choose the according group policy, i cannot pick the one i want ( it does not appear in the drop down menu). And there is that warning that states:Group Policies that grant administrative permissions are not available for Vendors.What is regarded a administrative permission? How can i find out what to change?Best regards,Sven

Can we scan the servers that are hosted in azure using the Master key rather than asking user to create individual accounts for discovery. If Yes what is the process?

Can BeyondTrust Password Safe support strict logical segregation between two departments (Network Division and IT Security Division) within the same Password Safe deployment, ensuring no visibility of assets, accounts, users, or sessions across divisions? Component Network Division IT Security Division PAM Admin Network PAM Admin Security PAM Admin Assets Network devices Security infrastructure Accounts Network privileged accounts Security privileged accounts Users Network engineers Security engineers Policies Network-specific Security-specific Reports Network only Security only Configuration Network Only Security Only

Hi all,Im currently exploring the features and benefits of the EPM solution, and I came across the TAP functionality. I have a quick question regarding this.What is the difference between TAP configured under a Workstyle created in Enhanced Security and the TAP policy templates found under Utilities > Template Policies? I could not find any clear explanation in the documentation, or I may have missed it.I would appreciate it if someone could clarify this for me. Thanks. TAP under Workstyle created TAP template policies under Utilities > Template Policies 

Hello all!After numerous attempts, I finally managed to successfully deploy the BeyondTrust Jump Client (MSI x64) via Intune. To save others time and frustration, I’ve put together a step-by-step guide (attached) outlining the exact process I followed to get the Jump Client installed on managed devices through Intune.I hope this helps—feel free to reach out with any questions!

PRA requires a user to login a first time in order to be available in PRA for example to assign vault accounts.Unfortunately this is causing problems with new employees which are onboarded into PRA.Unless they have never logged in, administrators cannot assign personal vault accounts. If the user logs in, and does not see his/her vault account, they create tickets. This is a very large customer and it is difficult to orchestrate / communicate such a process and they would like to automatically provision new users (from AD). How do other customers provision users up-front and define vault accounts, etc. and not depend on a user’s first login?  

Jump SQL management studio with credential injection on PRA

I have multiple Database admins I need to give access to our database for. We have no resources for PAW or Internal Admin machines. Is it the purpose of Beyondtrust SQL server tunnels to be ran on BYOD device and have them tunnel SQL Studio traffic to my on prem SQL server? Has anyone done this? I believe I have the tunnel up. How do you use Management studio? My “Open datasource Client” is grayed out. How do the credentials work? Do the credentials I use for the tunnel work for everyone using the tunnel? Or do I need to create one tunnel per person? 

I have strange behavior in my PasswordSafe.I am using an application session, and when I try to start an RDP Session / Start Application Session: When using the option to run on a different system with the functional account, it works perfectly. When using the option to run on the current system with the user account, the RDP session does not start. It shows a black screen for some time and then closes. When I checked the logs in the second case, I found the following: INFO: Accepted RDP session 1234 for 1.2.3.4:1234 INFO: RDP Handler 1234 starting INFO: Found RDP certificate: My:.... INFO: Reading self signed cert INFO: (RDP server) Client Security: NLA:1 TLS:1 RDP:0 INFO: (RDP server) Negotiated Security: NLA:0 TLS:1 RDP:0 INFO: (RDP server) Server Security: NLA:0 TLS:1 RDP:0 ERROR: (RDP server) BIO_read returned a system error 0: No error ERROR: (RDP server) transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] ERROR: (RDP) BIO_should_retr

I can see several old sessions still appearing in the Active Sessions list in Password Safe, even though only today’s sessions should be showing. 

Hi everyone, have any of you implemented High Availability using a proxy server, or worked with customers who have deployed this setup? If so, I’d appreciate hearing about your experience, challenges, and overall results.Please share any relatable articles, would appreciate it. Thanks! 

Does anyone know how to implement this remediation - the instructions are very vague. BT23-08 | BeyondTrust