Recently active topics

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and incomplete. Reddit has been the mos

Hi All,I have got the PWS to PRA connection working, I can see my managed test account in PRA but when I try and use the cred store to connect, I get the following error. (Could not find a schedule to use with this release request)I have followed the guide (BeyondInsight / Password Safe - Unable to pull Password Safe Credential via ECM. Error: "Could not find a schedule to use with release request".)Any ideas where I can start to look? log? or have I missed something simple?

I’d like to understand the recommended approach for onboarding local Linux dedicated accounts. Additionally, from a Linux server perspective, is there a recommended method to configure these accounts so that sudo does not prompt for a password? Thank you.

we have 2 PRA appliance in cluster.  The primary appliance was initially deployed as stand alone in 2020 and only in 2022 ,the second appliance was deployed. So, in secondary appliance, we can see the data encryption is already enabled but in Primary , this is not enabled and says we need to free up space. we needed a confirmation, if we fail over to current secondary, will we face issue in this scenario with one appliance data encrypted and other not?  Also, in the documents and in KB, it says secret store is required to be added but since in secondary its already enabled without external secret store, we can assume the encryption keys are stored locally? since only AWS is supported for external secret store, we are unable to add external secret store.  

What is the recommended approach for securely managing and remotely accessing macOS systems using a password safe? Specifically, does a managed application for a VNC client support this use case, and is there an implementation guide? Thank you.

I would like to connect to a specific computer by hostname to perform queries via API. The problem I’m running into is the API requires the jump client ID, not the host name. And there is no server side filtering for the hosts to find the jump client ID. I then tried to pull a list of all hosts and jump client IDs to filter on my end, but the maximum number of results I get is 13. I have extensively consulted with chatgpt and it came to this conclusion:Ah — that clarifies things. The reason your earlier scripts didn’t work is the Command API only supports listing all connected clients; it does not support a server-side filter by hostname. That’s why trying to query a single host returns nothing — the API only gives batches of connected clients, and without paging through, your host might not be in the first page.Ah — now it’s clear why you’re still only seeing 13 Jump Clients: the BeyondTrust Cloud Command API get_connected_client_list does not return all connected clients at once. On

The following articles were published last week. New Knowledge Base Articles: KB0023138 - Vault Password Safe discovery stuck in running status KB0023173 - Can canned scripts be run as the logged in user? KB0023183 - Can TLS 1.0 and 1.1 be disabled on the SRA appliance?

The following articles were published last week. New Knowledge Base Articles: KB0023138 - Vault Password Safe discovery stuck in running status KB0023183 - Can TLS 1.0 and 1.1 be disabled on the SRA appliance?

The following articles were published last week. New Knowledge Base Articles: KB0021900 - EPM-M and third party system extensions

The following articles were published last week. New Knowledge Base Articles: KB0023149 - Using Samba 4.21, unable to map a drive using AD credentials. Error: The target account name is incorrect

All our workstations are managed through Intune in User Mode, which means that there are no Admin rights on the workstations by default as part of our security hardening. Applications to be installed is dictated through the Company Portal. However we do have some apps that are very difficult to package for Company Portal deployment and BTRS is then the route to go through and through the session the engineer has the ability to elevate command prompt/powershell prompt to install the particular application. Also for admin elevated tasks, BTRS is the lifeline. Of course we do detect left and right that engineers “abuse” the rights and install apps without proper approval which in turn could be a security risk. Is there an “easy” way through any of the reports (haven't found any so far) to see who did elevation of command prompts/powershell prompts which can then be evaluated if it was correct use or abuse.  

Has anyone else experienced issues with Windows Search or indexing not functioning properly following the latest patch? We've observed that removing the PAM agent seems to restore search and indexing functionality.Has anyone else seen similar behavior or found a workaround?

The following articles were published last week. New Knowledge Base Articles: KB0021907 - Remote Support presentation feature missing from Rep Console

The following articles were published last week. New Knowledge Base Articles: KB0023181 - How to uninstall EPM-UL

The following articles were published last week. New Knowledge Base Articles: KB0023197 - How to add Entra ID groups or users in BI Password Safe integrated WPE

The following articles were published last week. New Knowledge Base Articles: KB0021853 - Deploying a SQL free or SQL-less U-Series appliance shows duplicate names for Session Agent and password changes not occurring KB0022527 - AWS marketplace U-Series appliance configuration wizard failing with error "Page Cannot be Displayed" KB0022767 - "Error 1722 there is a problem with this Windows installer package" when upgrading BeyondInsight Password Safe KB0022877 - Unable to view or create new installer activation key "No such host is known." http 500 errors KB0023137 - Secrets Cache Port listening error Rest Server Failed to listen on KB0023162 - Non-admin AD users cannot access PMR and EPM Policy Editor in the BI web console KB0023190 - RemoteApp sessions in Password Safe are not fully terminating which creates RDP session overlap risk KB0023198 - Web console administrator user not seeing

Hello everyone,I am currently encountering an issue when performing a managed account password change on F5 BIG-IP. I would like to describe the issue as follows:On the F5 BIG-IP device, I created a user named "btfunctional" and configured this user in PAM as a Functional Account (FA). I performed a Test Functional Account, and it completed successfully. However, when I attempt to change the password of another managed account, I encounter the following error:[btfunctional@ltm01:Active:Disconnected] ~ # Thread was interrupted from a waiting state. Password change failed.I would greatly appreciate your support and assistance with this issue.Thank you very much.

Hello everyone,We have encountered a challenging requirement during our discovery scans for a range of IP addresses. In the scan results, some assets appear with their asset names as IP addresses instead of hostnames.We need to filter out these assets and prevent them from being added to Password Safe. Does anyone know how we can filter out assets without hostnames that are still being added to Password Safe? Thank you,Prasad

Hello!We are using PRA Jump Client to rotate local account password on a workstation.  Is there a way to update it in auto-logon configuration . Preferably by running sysinternals auto-logon via a batch script. I think we can update the password in a service (log-on user) using PRA vault but not auto-logon .Is there a way to pass this vaulted password to a script via Endpoint automation ?

Hello Team, We have one requirement for deletion of 1000+ managed systems without any Managed account.Is there any easy way to delete them in bulk? Can someone help with API script or DB Query to do so. Thanks,Prasad

Hello! Is there any news or a roadmap regarding the implementation of Direct Connect within the Pathfinder portal? This feature would significantly reduce connection time and greatly improve productivity.Unfortunately, I don’t have access to the Ideas Portal to open a request about this, but if anyone knows anything, I would be very grateful.Thanks!

Hi Team, is there any way to clean/flush the password  stored in clipboard “when you do a copy of credentials from password safe , it does not get cleared automatically from your clipboard. The clipboard storers the credentials rather than clearing the clipboard after a short period of time”

The following articles were published last week. New Knowledge Base Articles: KB0021938 - API script containing start_session.ns call fails KB0022125 - Is Remote Support and Privileged Remote Access Affected by CVE-2025-27636 ? KB0022377 - Windows Clients going offline after upgrade from RS and PRA 22.1 or earlier KB0022574 - PRA and RS SaaS Google Cloud console next button not working on web jump KB0022583 - Unable to access the website for the cloud appliance KB0022748 - Local users are unable to log in to the Representative Console. Error "418 Failed to decrypt" KB0022808 - Jump Client Direct Download link does not work. Incorrectly prompts for Pathfinder authentication KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute" KB0023059 - LDAP security provider sync failed after upgrading to 25.2.1 or above "fail

The following articles were published last week. New Knowledge Base Articles: KB0022012 - Unable to RDP Jump when using diacritics with Linux Jumpoint - Authentication failed error KB0022037 - Web Jump no longer working with new VMWare versions when using "Enhanced Authentication Plugin" (EAP) KB0022125 - Is Remote Support and Privileged Remote Access Affected by CVE-2025-27636 ? KB0022377 - Windows Clients going offline after upgrade from RS and PRA 22.1 or earlier KB0022574 - PRA and RS SaaS Google Cloud console next button not working on web jump KB0022748 - Local users are unable to log in to the Representative Console. Error "418 Failed to decrypt" KB0022808 - Jump Client Direct Download link does not work. Incorrectly prompts for Pathfinder authentication KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute"