Recently active topics

BeyondTrust CommunicationsCommunity Manager

Monthly Buzz - May - Entitle

Create and Review Birthright Policies with a More Guided and Flexible Setup The Birthright policy setup experience has been redesigned to be more structured and easier to review. You can now select roles across integrations, resources, and roles in a guided flow and view all selected roles in one place before creating the policy. Bundles are now easier to understand and manage, with each bundle displaying its associated approval workflow and the number of roles it contains. This makes it clearer what access will be granted when adding bundles to a policy. These changes make it easier to create, verify, and manage policies, especially in larger or more complex environments. Continue reading HERE Customer Case Studyivision: How ivision Simplifies and Scales Identity Security with BeyondTrust Latest Available VersionsEntitle February 2026 BeeKeepers Hot TopicsEntitle – Knowledge Article Publications (Mar 30 – Apr 6)Click here for the most popular articles In our Beekeepers Community Upcom

110

Monthly Buzz - May - Endpoint Privilege Management - Unix Linux

BeyondTrust CommunicationsCommunity Manager

Linux / Unix

How to onboard Linux or Unix servers and local Linux or Unix accountsThis article outlines the steps to deploy Linux or Unix systems and local Linux accounts. Pre-deployment steps to be done on the Linux or Unix machine You must create an account to be used as the functional account. This account can be a local account or an Active Directory account that can login to the Linux or Unix system. A functional account must be set up to change passwords and have elevated privileges. Elevated privileges can be set up for the functional account to use sudo, pbrun or pmrun. For information on sudo setup, refer to How to configure and test Sudo elevation account to be used as a Functional Account. For information on configuring pbrun, refer to How to integrate EPM-UL and use PBRUN for elevation.For information on configuring pmrun, please contact the vendor. You will need to create a scan account. Check the machine to see if there are any custom prompts or banners with the prompt character in

120

BeyondTrust CommunicationsCommunity Manager

Monthly Buzz - May - Endpoint Privieldge Management

Mastering the Modern Attack Surface: A Recap of Identity Security Insights Innovation in Q1 Enhanced speed and visibility at the identity perimeter As the first quarter of 2026 came to a close, the identity landscape continued to evolve at breakneck speed, highlighting the BeyondTrust Identity Security Insights® team’s imperative to keep innovating and evolving our offerings. For us, the mission continues to be clear: providing unprecedented visibility and radical simplification. From the launch of our first AI security assistant, to deeper Active Directory visibility and regional expansions, we’re giving security teams the tools to move from reactive defense to proactive mastery. Here is a comprehensive look at the major Identity Security Insights innovations delivered in Q1 2026. Continue reading Blog HERE Customer Case Studyivision: How ivision Simplifies and Scales Identity Security with BeyondTrust Latest Available VersionsEPM for Windows and Mac (Cloud and Pathfinder) v26.1.1495

200

BeyondTrust CommunicationsCommunity Manager

Monthly Buzz - May - ADB

Kerberos Caches How to clear Kerberos Credentials CachesAD Bridge (ADB) does not support clearing Kerberos cache files (typically stored in /tmp as krb5cc_xxxxx). However, since these files reside in /tmp, they are automatically removed upon system restart. Additionally, they can be manually deleted without impacting the functionality of ADB, provided that Kerberos and AD Bridge are functioning correctly. The cache will regenerate automatically when needed. /opt/pbis/bin/kdestroy Adding the following to /etc/bash.bash_logout will remove the current user's cache file at logoff. The below command to delete the current user's cache file, or with -c username to delete another user's (with root permission): /opt/pbis/bin/kdestroy Refer to Kerberos commands in ADB for more information. Customer Case Studyivision: How ivision Simplifies and Scales Identity Security with BeyondTrust Latest Available VersionsAD Bridge 26.1 - May 2026AD Bridge 25.2 – December 2025 BeeKeepers CommunityClick her

150

BeyondTrust CommunicationsCommunity Manager

Monthly Buzz - May - Privileged Remote Access

Geopolitics and Cybersecurity: Why Attackers Go After Identities and Privileged Access First Geopolitics and the 2026 Cybersecurity Landscape: Cybersecurity must no longer just focus on protecting against zero‑day vulnerabilities or malware. Increasingly, geopolitical instability is the motivation behind attacks, spilling global tensions into corporate environments. In many cases, attackers are going after the privilege pathways that real users rely on every day, like usernames and passwords, high‑level access rights, and paths into sensitive systems that are not well monitored or watched. How PASM+ Strengthens Your Cyber Defenses: Total PASM+, which amplifies Privileged Account and Session Management (PASM) capabilities with the cross-domain visibility and risk intelligence of BeyondTrust Identity Security Insights™, helps make these best practices a reality across your environments. Instead of leaving critical entry points unmonitored, Total PASM+ helps teams control and secure the

BeyondTrust CommunicationsCommunity Manager

Monthly Buzz - May - Password Safe

Geopolitics and Cybersecurity: Why Attackers Go After Identities and Privileged Access First Geopolitics and the 2026 Cybersecurity Landscape: Cybersecurity must no longer just focus on protecting against zero‑day vulnerabilities or malware. Increasingly, geopolitical instability is the motivation behind attacks, spilling global tensions into corporate environments. In many cases, attackers are going after the privilege pathways that real users rely on every day, like usernames and passwords, high‑level access rights, and paths into sensitive systems that are not well monitored or watched. How PASM+ Strengthens Your Cyber Defenses Total PASM+, which amplifies Privileged Account and Session Management (PASM) capabilities with the cross-domain visibility and risk intelligence of BeyondTrust Identity Security Insights™, helps make these best practices a reality across your environments. Instead of leaving critical entry points unmonitored, Total PASM+ helps teams control and secure the th

BeyondTrust CommunicationsCommunity Manager

Monthly Buzz - May - Remote Support

Defending Against Identity Threats: A Privilege-Centric Approach to Service Desk Security Overcoming Cyberattacks Against Service Desks Attacks targeting service desks are on the rise, with over half (51%) of organizations reporting that social engineering attacks on the help desk / service desk are their most significant risk. Threat actors understand that compromising a service desk identity with access to accounts and standing privileges can give them the “keys to the kingdom”. Because service desks have the authority to perform high-risk actions, such as resetting passwords or disabling multi-factor authentication (MFA), they have become an attack vector used to bypass technical security controls. Support teams are often targeted through sophisticated social engineering, phishing, and even deepfakes. Weak verification processes, shared administrative accounts, and broad VPN access only widen the attack surface. To turn the tide, organizations must treat service desk solutions as a

ThienTRising Star

Some Computers does not show current analytics logs

Hi,i have got the issue, that i have some computers that don’t show an current logs in the analytics Audits. The Date is about 8 Days off but when i look in the Computer Section last connected is today as example.Do i have to configure something somewhere? I dont have the issue on all computers. Thank you kind Regards Thien

19 hours ago

cmscottTrailblazer

PRA integration Client support for Azure SQL

The supported platform matrix for the PRA Integration Client only goes up to SQL Server 2022. Is their a roadmap/timeline for supporting for Azure SQL PaaS offering (@2025), or is there a configuration on it which can be made to make it supportable? ThanksChris

19 hours ago

Richas2513Apprentice

Acive passive configuration failing with error in BT password safe 24.1

Initial Pairing ConfigurationSetting up the pairing takes a few steps.Test sequence was resetTest heartbeat communication passedTest file transfer from Active to Passive failed. TEST FAILED - Error occurred during test steps: Doing ensure file doesn''t exist on target... "" ERROR on test: sending file to remote system The request channel timed out while waiting for a reply after 00:01:00. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ERROR on test setup: trying to get file from remote system The request channel timed out while waiting for a reply after 00:01:00. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. This error is coming when configuring active and passive HA configuration on vmware workstation. Ple

325

1 day ago

JosmayApprentice

Access Console installer macOS to .pkg format

Good afternoon community,I would like to ask a question regarding the installation of BeyondTrust Access Console on macOS devices.Currently, the Access Console installer for macOS is only available for download in .dmg format. We contacted BeyondTrust directly, and they confirmed that there is currently no native .pkg version officially available.However, they also mentioned that some customers have successfully created their own conversions to .pkg format for corporate deployments, although BeyondTrust does not provide support for that process.I would like to know if anyone in the community has previously completed this process and could share any recommendations, experiences, or best practices for correctly generating the .pkg file and deploying it while avoiding corruption issues or installation failures.I look forward to your comments, and thank you very much in advance.

202

2 days ago

Prudhvi KeertipatiGuru

TOTP for Managed Accounts - Password Safe

Hi everyone,Has anyone tested or enabled TOTP for the Managed Accounts, new feature released in v25.3.0.1996? Could you share your experience, is it a good feature to consider for high risk accounts?When I try to enable, I noticed Secret Key should be in a format of “Valid Base32 Secret” or “otpauth://URI”. Looking for more information on the Secret Key integration. Couldn’t find a dcumetation related to this. Thank you

392

2 days ago

kmazziniApprentice

Error connecting to the Remote Support Client after reinstalling the OS and the client.

Hello!We have a recurring issue. There are end-user endpoint devices with the RS client installed. After reinstalling the OS and reinstalling the client, the client no longer connects. Could this be related to an issue with the installed client? We have already performed network tests and everything appears to be working correctly at that level. There are no visible errors; the client simply does not connect.Thanks in advance

172

Daniel SchoemanNewcomer

Restrict Jump Client Installer to One-Time Install or to specific Endpoints

Is it possitble to generate a Jump Client Installer, that can only be installed once, or that is restricted to specific endpoint? I think the answer is no, but a client really wants this.

101

Rodrigo MattosApprentice

KiskMode is not working

I need to execute MSEDGE in kioskmode but the INI configuration only works when I test in the Remote Server, when I try to open the published application the browner opens in regular mode.I'm testing using the same command lines configured in the application.What am I doing wrong?

263

meetmrsahaNewcomer

After Beyondtrust EPM Deployment Intune Enrolled devices stopped syncing

We are currently using BeyondTrust EPM for Windows and macOS under a cloud subscription.On every device where the BT Agent and Adapter have been deployed, the devices stopped reporting back to Intune and the sync services are no longer functioning.Is anyone else experiencing this issue? We would greatly appreciate input from anyone who has faced a similar situation and can share guidance on resolving it as soon as possible.

291

bt101Veteran

EPM Cloud - package Manager Update

Hello! Does the EPM W Package Manager automatically update itself or we can control it . I see we can control the adapter and client version while using the Package Manager but don’t see a setting to control the version of PM .

292

edwinb77Rising Star

Force the closure of windows that were opened during the session

We are interested in enabling this option: Force the closure of windows that were opened during the session. We expect that it will close any opened command prompts that are elevated from run as etc. But will it also close other applications that are open done by the user like word/outlook etc. The explanations found on internet and the bt documentation don't say much and would like to know more on this, or if anyone else has enabled it and can tell me what exactly is happening with all the apps that are open when the engineer jumps onto the machine does his bit and jumps off again. We also don't see an option to test it or assign it to a test group to experience the behaviour as it seems to be an all or nothing setting.

291

immi563Trailblazer

RDP file downloaded shared with other users

Hi AllI need to verify below query In our production environment , under global setting , session initialization timeout is set to 60 sec. We need to change it to 90 seconds to meet customer requirement .However we need clarity that , if when user tries to access Windows server and if the downloaded RDP file it is shared with other user, will other user be able to access the server if the time span is less than 90 sec?Does BT has any algorithm that check the RDP file should only be accessible from machine from where it is originated ?Any pointer on this will be very helpful. Any supporting KB article will surely help Thanks in advance .Regards,Imran

384

Prudhvi KeertipatiGuru

Password Safe - FedRamp Version

Hi,Is the FedRamp version of Password Safe is same as the Password Safe Cloud with Recourse Brokers or Is it a Password Safe On-Prem hosted and maintained by UberEther in their FedRamp environment?If anyone has deployed Password Safe FedRamp, Could you please share your experience, Is it a true Password Safe Cloud?

281

kdogra1Newcomer

Report retention generated via Subscription in BeyondTrust Password Safe

Hi All,I want to check how long the a generated report via subscriptions on password safe Cloud is retained in the password safe. Post generation the report is available on the “Download Reports” tab / page. Thanks in advance.

221

GloriaBBeyondTrust Employee

Remote Support - Knowledge Article Publications (May 18 - May 25)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022430 - Can SAML users be migrated to another provider in Remote Support or Privileged Remote Access? KB0022436 - Support session shows: Waiting for reconnect. The customer has disconnected. The session will resume if the customer reconnects soon. KB0022453 - What is the retention for RS and PRA Vault password history? KB0022455 - Is it possible to automatically add the user's name as a tag during Jump Client deployment? KB0022457 - Do RS or PRA Cloud sites use a static IP address? KB0022461 - How long are recordings saved for in RS and PRA? KB0022727 - Remote Support and Privileged Remote Access Atlas certificate requirements KB0023340 - Provide credentials option missing during elevation after upgrade KB0023503 - Canned PowerShell scripts invoking Microsoft COM objects fail KB0023

GloriaBBeyondTrust Employee

Privileged Remote Access - Knowledge Article Publications (May 18 - May 25)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022430 - Can SAML users be migrated to another provider in Remote Support or Privileged Remote Access? KB0022453 - What is the retention for RS and PRA Vault password history? KB0022455 - Is it possible to automatically add the user's name as a tag during Jump Client deployment? KB0022457 - Do RS or PRA Cloud sites use a static IP address? KB0022461 - How long are recordings saved for in RS and PRA? KB0022727 - Remote Support and Privileged Remote Access Atlas certificate requirements KB0023593 - Can NSS files be installed on Remote Support or Privileged Remote Access Cloud? KB0023601 - Create button missing in the Representative or Access Console KB0023602 - Jump Clients failing with error "Couldn't wrap message" KB0023605 - Endpoints for local accounts are shown incorrectly in Vault

GloriaBBeyondTrust Employee

Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (May 18 - May 25)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021615 - Policy is not recieved from BI after incorrect install order of EPM-M KB0022408 - Not able to validate settings for ServiceNow in JIT Access Settings KB0022429 - MSI installs using Package Manager fail "Error 1618 (Another installation is already running)" KB0022879 - Package Manager not preserving proxy settings KB0023599 - EPM with BI integration - refresh groups fails with message KB0023606 - Policy message header text remains visible in dialog boxes even after the "Show Header Text" option is disabled KB0023607 - Login delay from hibernate with EPM-W installed KB0023609 - Child matched events using Any Application or have missing data KB0023614 - Endpoint utility - Endpointutility explanation of commands (EPM-M)

110