Recently active topics

Hello,We have a on-demand rule for Command prompt for a set of users . This rule allows running of child processes with Basic Admin token for Windows Command Prompt - Run-As-Admin action.For same set of users , when they try to install another application using Run-As-Admin option , based on quick-start rules it gets Admin token which gets applied to child processes as well. But at one point in installation Command Prompt is launched by the installer , this results in additional prompt for the user . Logs show that it is hitting the Command Prompt on-demand rule. I think as the application is triggering the Command Prompt and it has application name as parent process, it should ideally get the admin token and not hit the CMD on-demand rule ?

Hi All,I'm provisioning a new on-prem BeyondTrust Password Safe to test the reporting and analytics features on BeyondInsight 25.1.1.The issue is that the Domain section shows 'This list contains no data,' which prevents me from proceeding with report generation.Did I miss a necessary configuration step? Any help with this issue is appreciated.Thanks. 

Hi Everyone, Has everyone encountered any impact regarding the cached credential on Linux servers with AD Bridge installed? Particularly if the cached credential is managed by Password Safe and is being rotated regularly?  Thanks!

Hello Everyone,I’m working on password rotation for a custom (unsupported) application using the BeyondTrust Password Safe Cloud REST API. Before proceeding, I want to confirm whether such an application can be integrated for automated password rotation.Can someone clarify:What technical criteria or parameters must a custom application support in order to be compatible with Password Safe Cloud’s REST API-based password rotation?For example: Required authentication methods? Connectivity or protocol requirements? Ability to expose credentials or respond to rotation workflows? Any mandatory fields/settings needed in Password Safe for custom platforms? Any limitations or known restrictions for cloud API rotations? Any guidance or examples from your experience would be greatly appreciated.Thanks!

Hi All, I am onboarding Toad in BeyondTrust Password Safe. If anyone has done this before, could you please share the .ini or .au3 file you used for passing connection details? Thanks in advance. 

So, been getting repeated ongoing asks from our Compliance Team, and this is their ask: for a specific Managed Account, produce a report of every user that can access that credential? Anyone ever been able to pull that off? Using Analytics would be fine, just have not been able to find a report like that.

Hello, the company have started to use a OpenID Connect as a auth source on several JumpItems.I saw that per 25.2.1 version of PRA there is support for OpenID Connect as a security provider but that is for logging into the PRA? or can it be used to successfully login to a target system while using LDAPS as a security provider to login to the PRA?  

Hi everyone,Can you please help me understand how to create the custom reports for On-Prem Password Safe. I tried the Pivot Grids feature and it is not much helpful. Thanks,

I am getting an invalid credential when launching a web application. I tested the managed account and password is correct but when I inject this using the ps_automate, it comes up with an invalid credential. I have also added the “FixupPassword=1” under the General section since my password contains spaces. Anything I am missing here or should be trying out? 2025/11/04 13:56:52 [TaskSequence1] BEGIN2025/11/04 13:56:52 [Function] execute_task_sequence_webapp (TaskSequence1)2025/11/04 13:56:52 [TaskSequence1] [INI] WaitLoginWindowDelay=02025/11/04 13:56:52 [TaskSequence1] [INI] XPathElement=//*[@id="username"]2025/11/04 13:56:52 [TaskSequence1] [INI] XPathValue=%username%2025/11/04 13:56:52 [TaskSequence1] [INI] XPathAction=2025/11/04 13:56:52 [Function] insert_custom_strings (*MASKED*)2025/11/04 13:56:52 [Custom string] username2025/11/04 13:56:52 [TaskSequence1] END2025/11/04 13:56:54 [TaskSequence2] BEGIN2025/11/04 13:56:54 [Function] execute_task_sequence_webapp (TaskSequence2)2025/1

The following articles were published last week. New Knowledge Base Articles: KB0021820 - How to restrict access to /appliance KB0021831 - Receiving error DNS_PROBE_FINISHED_NXDOMAIN when accessing Public Portal KB0022976 - Jump Client features do not work as expected when laptop lid is closed KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute" KB0023028 - Unable to save entries typed in the Available Groups for OIDC providers KB0023032 - Support Buttons shows "Prompt Customer" instead of requesting representatives' credentials when elevating after upgrading to 25.2.1 KB0023076 - Connection lost after elevation attempt intermittently - Error: execution of the elevated process failed -- 5" KB0023077 - How to find the hash of a RS PRA Jump Client or Console KB0023083 - How to deploy support buttons in Remote S

The following articles were published last week. New Knowledge Base Articles: KB0021820 - How to restrict access to /appliance KB0022976 - Jump Client features do not work as expected when laptop lid is closed KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute" KB0023021 - SSH Jump error: Failed to start client connect KB0023028 - Unable to save entries typed in the Available Groups for OIDC providers KB0023037 - After upgrading PRA to 25.2.1 Jump items using injection or ECM are slow or fail KB0023072 - This Remote RDP Jump Shortcut is configured to use RDP Session Forensics, but the associated Jumpoint does not have an RDP Service Account configured KB0023074 - Jumpoint not connecting through Jump Zone Proxy KB0023076 - Connection lost after elevation attempt intermittently - Error: execution of the elevated

The following articles were published last week. New Knowledge Base Articles: KB0021510 - pblighttpd.service returns a failed state after it is stopped

The following articles were published last week. New Knowledge Base Articles: KB0022233 - Events not showing in Reports after PMR upgrade in an Active Passive setup KB0023075 - EPM-W icon missing from system tray after install KB0023082 - Preview of messages are missing the message header and OK and Cancel buttons

The following articles were published last week. New Knowledge Base Articles: KB0021802 - How can admins see the username and secret used within an integration configuration when it was first set up?

The following articles were published last week. New Knowledge Base Articles: KB0022381 - Scan account on Linux Sytems not finding local accounts KB0022607 - Password Safe session hanging issue. Error - Unexpected client message in state KB0022898 - How to set up a Resource Broker to ignore and not use proxy KB0023036 - Unable to authenticate app and run-as user verify the api registration ssl/tls settings and user permissions KB0023069 - BeyondInsight Process Daily Job error "Error occured while excuting job. If the problem persists, please contact administrator for assistance."

The following articles were published last week. New Knowledge Base Articles: KB0022197 - Default Packages in RHEL 9 and derivatives don't include perl modules - error when installing FindBin

We have a requirement in our environment wherein we want to restrict users from modifying certain registry keys/ hives. We want to know:whether we can enforce this using EPM policies or do we need to use group policies for this?Will EPM Policy be able to block users from modifying registry values within their respective endpoints? Can Avecto Defendpoint Service identify such events related to registry modifications i.e. will we see event logs (in Event Viewer and BT EPM cloud console) related to every unique registry key/ hive?

Hello,We are using the secret safe api to pull secrets and plug them into our applications. When testing our script in  PowerShell it works, however, in Python, we are seeing a 404 error. Any idea? Our RunAs user is a domain account. TIA!

We setup the System Event Viewer in the WebConsole for reviewing appliance logs centrally.After doing so, we saw the database balloon in size, it appears the purge settings were not operating successfully.Does anyone know how this purge is supposed to work?Is there a daily scheduled action that runs? A scheduled overnight job? Or is the purge expected to continually happen such that only the last X days of data is retained?

Hi team, We have one windows non domain joined server on which functional test is failing  password rotation of managed account is failing We are getting below error when password test is tried Error(64): The specified network name is no longer available. We tried to RDP managed server from Resource Broker using functional account and it is working fine . All relevant ports(3389,445, 135) for the server from resource broker is successful.  We have followed the KB article : KB0020487 and KB0020498 and all the recommended steps are in place. Functional account also have the admin permission as recommended by product. Still the issue persist.  If anyone has seen similar issue and was able to resolve, please let me know .  If any additional information is needed for this issue, please let me know .  Awaiting response. thank in advance.Regards,Imran Aliyani

Hi All, The /appliance page is stuck after entering admin credentials and hitting login. Is there any solution to it or troubleshooting steps that can be performed. Problem:/webconsole is working as expected, /appliance fails to load after entering credentials, the webpage is stuck on the login window. Checked below:1. Inspected Browser Network logs2. IIS Logs3. Appliance Gateway Service logs4. Performed IISRESET, didn't work.

Hi Beekepr ,  Does Password safe support password rotation base on managed asset /application session instead of time-based interval. Regards,Maulik

Hello, we have a need to create a known managed account ( this is a local account on system) for multiple systems along with password. We do not want to rotate this password and is same across these systems. (This will not be used unless break-glass scenarios and has approvals + alerting configured). I am looking for a way to automatically sync the password.  I am able to create the account on newly onboarded system using managed system smart rule but can’t set the password.For subscriber/sync accounts , I think it requires Auto Password Management enabled .To do it via API , I think I will need to fetch the cred and send it back from an endpoint running the script. We want to avoid this and manage it within PS or the appliance.Is there a way to trigger this via smart rules . The managed system will be created using API and account created using smart rule. 

Does anyone here have experience with this issue with the PasswordSafe service? After updating to BI version 25.1.1, all of a sudden the services were not able to start. I also check the event viewer, and it says there was a missing DLL. as shown in the screenshot: 

The screen recording allowance for BeyondTrust Remote Support has been popping up multiple times a day for myself and all test users that I’ve had update to macOS 15 Sequoia.Clicking “Allow for One Month” does not seem to function - as the pop ups continue.