Skip to main content

Recently active topics

94
T
Tina_KTrailblazer
 General
What is the average time to establish a session in Remote Support?

Hello!I wanted to ask the community how long the average time is to establish a session in Remote Support in your environments. From clicking on jump to getting a session window (not just the entry in the queue, but the real window).What things can influence this establishing time except virus scan?Thank you in advance.

5411
T
C
Carlos MendonçaTrailblazer
 General
PRA - AWS

Hi, how are you?We're having trouble registering discovery for the AWS domain. Is there AWS support for Vault Discovery or only Microsoft? If so, what guidance or documentation is available, please provide.  

71
P
BeyondTrust Employee
R
RaviKumarJApprentice
 General
Password Safe Functional Account Permissions on RDS Server to Launch Application

Hello Experts,Can anyone please suggest what least privileges to have for a Functional Account (FA) just to launch an application from RDS Servers.As of now I could find the below (please feel free to correct if the below is incorrect) are their any other additional requirements, if so please do let me know:FA should be part of Local Administrator on the RDS Server FA to have interactive logins allowed to RDS Server FA can be set to auto-managed instead as a Password Safe Managed Account (as this will cause issues with password management functionality). 

111
frank.colvin
S
Sathiya.KApprentice
 General
Password Safe – Documentation on retention policies and session recording log storage duration

Hi Team, Could you please share the retention policy document and specify how long session recording logs are stored? Regards,K.Sathiya

353
frank.colvin
B
bt101Veteran
 General
PasswordSafe SSH Session - auto-login to sudo mode

Hello! Is there a way to achieve auto-login to sudo mode without  entering the password when logging in via PasswordSafe.I see there is a different workflow for login-account where commands & password are injected after SSH session is initiated e.g. Launch ssh session as login-account and then switch to root . Is there any way to configure PasswordSafe such that a managed-account logs in over SSH and a predefined sudo command is run , Passwordsafe injects the password for same account so that user doesn’t have to go back to browser where PasswordSafe is open , go back to open request or create one for password, copy the password, make sure they clicked inside SSH session, and then paste the password. I see an alternative is to allow sudo commands to run passwordless on managed systems. I think this is less secure approach than the above.  

251
J
BeyondTrust Employee
S
SFATrailblazer
 General
Onboard more than 300 plus users into Workforce

Hi how can we bulk onboard 300 AD users into a BT group which has the workforce related feature enabled? I checked the BT REST API and there is API to onboard AD user into BI but not to add them into an existing BT group as well.  Is the only other option to ask the system team to add in AD? The thing is the management of users who have access to workforce is to be done by the BT administrator and not the system team, so we need to bulk onboard into BT user group . is there any way to do this?

181
B
BeyondTrust Employee
M
MassimoGApprentice
 Cloud and SaaS
Azure VDI Support for PRA

Hello, I would like to know if anyone is using Azure VDI through BeyondTrust PRA.Since RDP is not available for AVD, we need to access it through Web Jump, and the performance is a nightmare.If anyone has similar experience or ideas, it would be great to share them. 

203
T
BeyondTrust Employee
M
MassimoGApprentice
 General
Advanced web access Feature

Hi,Could anyone explain how the Advanced Web Access feature in BeyondTrust PRA actually works?Additionally, what are the practical and technical differences between using Advanced Web Access and a traditional WebJump item for accessing web consoles or administration portals? 

273
R
BeyondTrust Employee
J
JackRising Star
 Windows & MacOS
EPM install issue in Autopilot build since July 2025 Windows patches

Hi all, has anyone seen the following issue we have been experiencing?Autopilot pre-provisioning has problems in the final stages if the EPM agent is installed during the Hybrid build and the OS level is Windows 11 23H2 July 2025.The Avecto driver (PGDriver.sys) seems to be clashing with the Autopilot final OOBE stage preventing the device from finishing on the correct Windows logon screen

6069
Caleb Kershaw
BeyondTrust Employee
E
edwinb77Apprentice
 General
beyondtrust active license usage - how to read

I'm looking to see if I'm correct in how to read the Active Client licenses.When I look in our BTRS consol dasbhoard we see the amount of Client Agents purchased under: Total Active Jump Clients AllowedLet's say this amount is 20000 licenses.Now when I scroll down in this same page, I see a usage under: Remote Support Active Jump ClientLet's say this amount is 4500 licenses.When I navigate to the BeyondTrust Representative Consol I see at the bottom: 18000 Jump clients Total / 4500 online / 13500 offline.Would this mean I have only 2000 licenses left to use out of 20000, or do we have 15500 licenses left to use, ignoring how many installations we have, meaning for all we know, we can have 50000 Jump clients total installed, but we should never exceed 20000 online.

291
P
BeyondTrust Employee
N
naidu_jstsTrailblazer
 General
PG4Admin App Password Safe Application

HI  Has anyone worked on PG4Admin App to launch and inject credentials. This is an app where there are no short cut keys. how do you think it can be done, using Auto IT does not give full fledge as we need to store and allow using mouse click. How on the earth can we get this working and use through Password Safe Applicaitons. regardsNaveen

91
H
BeyondTrust Employee
P
prasadp87Trailblazer
 General
API to get UserGroup details

Hello Everyone,We are currently developing API scripts to automate some functionalities within BeyondTrust. As part of this effort, we seek guidance on an API script that can provide comprehensive information about a user group.We are aware of the "GET UserGroups" API, but it does not include details about assigned users, Smart groups, and enabled features. Although we know there are separate calls to retrieve this information individually, we are looking for a way to obtain all this data in a single call. Thanks,Prasad

272
J
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
 General
Remote Support - Knowledge Article Publications (Sep 8 - Sep 15)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021581 - How to capture ACH logs for Remote Support and Privileged Remote Access KB0022274 - Cannot jump to certain computers. Location for endpoints leverages a Jumpoint Proxy. Error - The operation timed out KB0022848 - Can NTLMv2 be turned off for RS or PRA? KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0022861 - Desktop Console keeps crashing

10
GloriaB
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
 General
Privileged Remote Access - Knowledge Article Publications (Sep 8 - Sep 15)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021581 - How to capture ACH logs for Remote Support and Privileged Remote Access KB0021589 - Restart options missing in Remote Support or Privileged Remote Access KB0022274 - Cannot jump to certain computers. Location for endpoints leverages a Jumpoint Proxy. Error - The operation timed out KB0022845 - Unable to connect to a Jump Item with "MFA required" Jump Policy applied. Error "authentication failure" KB0022846 - Unable to connect to MySQL database. Error "#42000: Unsupported plugin offered from server" KB0022848 - Can NTLMv2 be turned off for RS or PRA? KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0022861 - Desktop Console keeps crashing KB0022868 - Loss of mouse control and black dot on remote sessions after upgrade to

50
GloriaB
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
 Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Sep 8 - Sep 15)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021603 - Meta Oculus install fails with EPM-W 24.3 and higher KB0021609 - Visual Studio NVIDIA installs fail when EPM-W admin token is used KB0021617 - Unable to run client project in debug mode after updating to Xcode 16 KB0022874 - How to downgrade EPM-W for troubleshooting KB0022878 - Access Denied when elevating some COM classes with EPM-W KB0022881 - Cloud Adapter is logging more events after upgrade to 25.5 or higher

80
GloriaB
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
 General
BeyondInsight / Password Safe - Knowledge Article Publications (Sep 8 - Sep 15)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021500 - U-Series SQL server 2019 updates for July 2024 - Failed to install KB0021529 - BeyondTrust Updater stuck on checking for updates when installing a dependency KB0021975 - How to onboard VMware vSphere ESXi Web API into Password Safe KB0022835 - Unable to perform local password rotation on Windows host. "Problem with MA. Managed Account does not exist on the system." KB0022872 - How to change the cold spare backup location KB0022877 - Unable to view or create new installer activation key "No such host is known." http 500 errors

40
GloriaB
BeyondTrust Employee
N
BeyondTrust Employee
NeilBeyondTrust Employee
 Windows & MacOS
Using JIT Admin

Howdy folks, It’s been a little over a week since the new JIT Admin feature was released and so I wanted to share a little bit of what I’ve learned while using it.  What is JIT Admin?JIT Admin is a new feature in EPM (SaaS) 24.7, where a standard user can submit a JIT Admin request directly to the Privilege Management Console. Once approved, the standard user is put directly into the BUILTIN\Administrators group on their system, becoming a ‘true’ admin for a specified amount of time.This feature is available on both Windows and Mac.  How do I enable JIT Admin?​@Jens Hansen made a nice GIF in his post here which is probably the quickest way to see how simple it is to enable JIT admin within PMC. I’ll add documentation at the bottom, but at a high level, enabling JIT admin requires three things:“JIT Admin Access Integration” is enabled under Configuration > Just-in-Time (JIT) Access Settings > Admin Access tab JIT admin is activated on a workstyle via policy OS > Workstyles >

5993
M
MichelB
BeyondTrust Employee
MichelBBeyondTrust Employee
 Technology Alliances & Integrations
Agentic AI and privileged credentials governance: Google Vertex AI and Password Safe example

Context Google Cloud provides Vertex AI and other services to allow organizations to create AI Agents, including Conversational Agents. During operations, AI Agents may need access to tools and associated credentials.  This example show how Password Safe can be used to allow the AI Agents to access the privileged credentials they need at runtime. Here is the flow for the demo video:1- The Agent retrieves Password Safe credentials from Google Secret Manager2- The Agent uses Password Safe credentials to check-out ServiceNow credentials3- The Agent uses the ServiceNow credentials to create a new ServiceNow incident.  Configuration The ServiceNow password must be stored in a Managed Account. Optionally, the ServiceNow Custom Plugin can be used to manage the value in ServiceNow. API Registration is required for Google Cloud, together with IP range. Note:  You can access Configuration/User Audits to see if the Google Cloud source IP is blocked. We need to create an Application User and assig

240
MichelB
BeyondTrust Employee
mcencienzo
mcencienzoRising Star
 General
Issue: PS Automate - Chrome Browser not opening

Hi Everyone, Is there someone also experience browser not opening upon running PS_Automate using the latest Chrome Browser as of today? We are on BeyondInsight 24.2.0.1324 and uses Enhanced Utility Tool with the same version. I have deployed this on my RDS server last January and was able to work this out. But as of today, I built again a Windows Server 2022 with RDS role however as of the moment, the PS_Automate does not work. I have to test this again due to my colleagues reported that they couldn’t make it work on their environment and some of their implementations. See sample screenshot below: I can’t find any reliable KB articles to resolve this and I have already created a ticket support for this and unfortunately, the action items provided by the support is questionable and no certainty that it will work.  Regards,Fellow BCIE

38016
L
A
AdamSaNewcomer
 Windows & MacOS
BeyondTrust EPM policy - Asking credentials even if 'Allowed'

Hi!Making changes to some of my policies inside BeyondTrust EPM. Could someone help me understand, because I feel lost. I have a policy, that comes from the Quick Start Template - regarding system settings options ['Authorize - System Preferences']. I checked the easiest one for testing - date and time settings. I set it up to be allowed + message 'Allow Message (Audit)'. Unfortunately, my test device still requires admin credentials when trying to change the 'Set time and date automatically' for example, as seen on the screenshot... Is there something I'm doing wrong? Using Sequoia 15.6.1  

232
J
A
AnilreddyRising Star
 General
From On prem to password safe cloud migration

HI All, Good dayDo you have any document/article to migrate from on-prem to password safe cloud. Thanks and looking for your response

19411
A
James4hand
BeyondTrust Employee
James4handBeyondTrust Employee
 Buzz Board
New! Showcase Your Skills with BTU Certification Badges and Achievements here in BeeKeepers

 We’re excited to introduce a new way you can demonstrate your product knowledge in BeeKeepers and celebrate your BeyondTrust university learning journey: Achievements. Achievements are in-application badges for passing a certain number of Success Included courses, number of product specific courses, Instructor-led workshops, or events that display a certain level of product knowledge.Our Certification Badges via Credly have also been given a bold new design. These digital credentials are verifiable and designed to help you showcase your proficiency both inside and outside your organization. Not to be confused with achievements, these badges prove administration level knowledge of a BT Solution based on completion of a BT product training and the successful completion of a dynamic certification exam.Whether you're validating your expertise or highlighting your commitment to continuous growth, there's now a badge for that. Why Credly? Official & Verifiable: Each badge includes built

290
James4hand
BeyondTrust Employee
I
immi563Rising Star
 Windows & MacOS
Run as different user is not giving EPM Prompt

Hi AllWe are facing one issue in our policy for windows assets. our requirement is1.when user will try to elevate itself by executing any exe file using "run as different user" (shift+right click+run as different user) user should get the EPM message asking for reason.2. We have created on application group and rule and added it high flexibility work style.3. when user is trying to run the CMD file as different users, user is not getting EPM message to ask for reason. here what I did on my LAB.create on application group and added eclipse.exe in it create the rule under high flex policy , and used the group. I have placed this rule at top so that it gets enforced and not overridden by other rules . Placed it above Add Admin -High flex I have added below rulesmessage : All Message(yes/no),Access Token : Add Basic Admin Rights,Raise event : on Enabled: Enable When I am opening eclipse , by double clicking , I am getting EPM prompt asking Yes/No this is working as expected. However when I

516
J
S
BeyondTrust Employee
Stephen Langford-JonesBeyondTrust Employee
 Windows & MacOS
EPM-M macOS Tahoe Known issues

Given macOS Tahoe is around the corner, I thought I'd create a post to share any known issues we've found so far. We have been testing EPM with all macOS Tahoe betas which we have available to us as a member of the Apple Developer Program. During this testing, we’ve identified a few minor issues. Below, you’ll find details of the problems, workarounds (where available), and planned resolutions.Issue 1: Incorrect OS Name and Version Displayed in PM CloudDescription: In PM Cloud, the macOS Tahoe version is reported incorrectly. Where to See: Home → Computer → Details → OS → the “Name” and “Version” fields show incorrect values. Workaround: None. Resolution: This will be fixed in 25.8 release, where the OS will correctly display as macOS Tahoe (26.0).Issue 2: Refresh Button Flicker and Freeze in BT.appDescription: When users click the Refresh button in BT.app, the button flickers. If “Pending” data is present, selecting Refresh causes the dialog to become unresponsive, and the “Pending” s

890
S
BeyondTrust Employee
R
rpollock_tgApprentice
 General
Deploying MacOS jump clinet via Intune

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and incomplete. Reddit has been the mos

564
P
BeyondTrust Employee

Badge Earners

  • BCA: Password Safe
    Chouaib Berrahhas earned the badge BCA: Password Safe
  • BCSE: Privileged Remote Access
    adamhas earned the badge BCSE: Privileged Remote Access
  • BCIE: Privileged Remote Access
    adamhas earned the badge BCIE: Privileged Remote Access
  • Core Concepts -Endpoint Privilege Management - Windows and Mac
    Aaron Bratenhas earned the badge Core Concepts -Endpoint Privilege Management - Windows and Mac
  • BCIE: Privileged Remote Access
    Powhas earned the badge BCIE: Privileged Remote Access
Show all badges
Terms & ConditionsCookie settings