Recently active topics

After success fully installed EPM windows application to the user machine still user unable get the elevated access properly.

The following articles were published last week. New Knowledge Base Articles: KB0022041 - After upgrade to RS or PRA version 24, outbound events for Service Now integration receive error: Maximum file exceeded KB0023270 - Are automatic product upgrades supported if appliances are configured in a failover pair or Atlas configuration? KB0023280 - What is the Activate Knox License setting in RS and PRA? KB0023281 - Copy and paste does not work in RDP Jump to Windows Server 2003 KB0023316 - Unable to install BT26-02-RS or BT26-02-PRA patch - Error: An error occurred installing this update.

The following articles were published last week. New Knowledge Base Articles: KB0022041 - After upgrade to RS or PRA version 24, outbound events for Service Now integration receive error: Maximum file exceeded KB0023270 - Are automatic product upgrades supported if appliances are configured in a failover pair or Atlas configuration? KB0023273 - Why do some users have access to the notification bell icon and others do not? KB0023274 - Can mobile access be enabled without the Privileged Remote Access web access console? KB0023280 - What is the Activate Knox License setting in RS and PRA? KB0023281 - Copy and paste does not work in RDP Jump to Windows Server 2003 KB0023288 - Launch "Infrastructure Access Mode" in PRA is missing after upgrade KB0023316 - Unable to install BT26-02-RS or BT26-02-PRA patch - Error: An error occurred installing this update.

The following articles were published last week. New Knowledge Base Articles: KB0021821 - PMR Database error - The database collation cannot be changed if a schema-bound object depends on it KB0022000 - Sophos blocks elevation of Remote Support via EPM-W - Sophos is terminating this process KB0023067 - SCCM Lawgic installation stuck at install in progress when EPM-W client is installed "The installation is in progress. Please wait" KB0023100 - BT26-01 CVE-2026-1232 Anti-Tamper bypass in EPM-W KB0023278 - Remote desktop not working with EPM-W after recent Microsoft patch - KB5073457. Error: an authentication error has occurred Code 0x80080005.

The following articles were published last week. New Knowledge Base Articles: KB0023260 - Which account does ps_automate use to download web drivers? KB0023264 - Password changes failing for local Linux managed accounts. Failure Details reports 'Authentication token manipulation failure' KB0023276 - Report is not being generated when selecting the option to download reports KB0023286 - Workforce Passwords credential save or fill options not appearing on some sites when logging in KB0023287 - Error when creating new AD Functional Account: "Unable to save the Functional Account" KB0023290 - Password Safe Enhanced Session Utility (ESA) install fails with error message "0x80072ee7 Unspecified error"

Installing the Linux Remote Support jumpclient in system mode breaks our GDM authentication configuration by installing the file /etc/dconf/profile/gdm with the contents:user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaultsRedHat systems configure gdm by default via the dconf site database. RedHat expects a confguration like:user-db:user system-db:local system-db:site system-db:distro By removing the local, site, and distro DBs you are completely breaking the standard RedHat configuration. This is completely irresponsible on your part to be modifying such a critical system configuration. This took most of my day to resolve and locked a couple of users out of their machines for a few hours.I had actually just decided to enable your automatic updating of Remote Support - but that is out the window now if you are going to be releasing stuff like this.

I am trying to move us away from the deprecated support button. My understanding is that the standby jump client should provide a user driven support request similar to support button. My question is what does the user do to initiate a support chat from the jump client? I have it installed on my computer, I can see my jump client in standby in the rep console. From the client my only options are to disable/uninstall or check-in. I was expecting an option to start a support chat.

Hi Team, Has anyone worked on onboarding sql developer application in Password safe? We are trying to onboard the SQL Developer application in password safe, However we are not able to click on connection which is already created in Sql Developer. I need help in understanding using AutoIT , how can I click on connection which is created. Once we can click on existing instance we will inject password on it .Need help here please .Regards,Imran

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and incomplete. Reddit has been the mos

We have seen an issue where in some scenarios, it may be possible to connect to a user’s screen without requiring their acceptance. When you initially establish a jump session and perform Shell work to fix an issue, users may have their screen locked or logged out.  Unfortunately, the session policies do not appear to re-evaluate, so whatever the status of the device was when you established the jump session is held throughout the session. A workaround would be to disconnect the jump session and establish a fresh session before you use the screenshare function, which would then pick up the user is logged on and present the prompt.For example:User reports an issue on desktop, walks away.The machine is connected to (Shell, System etc but not screen sharing).User returns and unlocks the machine.Screen sharing is started from the Rep Console.Due to the existing session already established (using Shell and System Information), no prompt for the user to accept is required, and it connects to

We are planning to migrate our BeyondTrust Password Safe On-Prem environment from Active‑Passive (A‑P) to Active‑Active (A‑A).We have already built the external SQL node, and our current Active node will be used as the Management Node, while the second Passive node will function as a Worker Node.Could you please confirm if any additional licenses are required for this migration from A‑P to A‑A?  

Hi everyone,I’m trying to use aca to block some commands after user switch to a root account using pbrun. But I’m not able to achieve it, below is the sample script I have. Please suggest the changes to effectively use aca to block commands.bash is an alias command to switch to root user. I can still run whoami command after switch to root.if (command == bash){aca("file", "/use/bin/whoami", "!all", "BLOCK");accept;} Thanks,

One of our customers are using UVM 2016 version in on Prem environment & servers were deployed in AWS which in A/P mode, what is the process of upgrading to UVM 2022 version. 

Hi All, Can someone suggest how we can migrate privileged passwords from one source password manager and cloud-based password manager to BeyondTrust Password Safe?

Hi all, In case it helps others who faced (or will face) the same issue in the future:We have deployed a Jumpoint on one of our premises and created a Web Jump Shortcut to a web server. The session opens fine, and you can reach the login prompt also just fine; however, the issue occurs after you sign in (succesfully) -- the web page just becomes blank with no further indication other than a long login callback URL on top. Checking on the SRA web logs, we observed the following log:20260121 18:12:26 85 sra-web.exe 7456:cef_ui(00000500) WEB:DBG1>cef console: Error during sign-in redirect callback. See also log-file or network traffic in browser for server side errors. Error: exp is in the past:1768982203@http://XXX/XXX/login-callback/login-callback.js:27 Issue was fixed after correcting the time on the server that hosts the Jumpoint (for some reason, it was about 2 hours late). Guess this can also occur with Jumpoints that must connect to web resources on another geographical region w

Hi all, On a Linux Jumpoint, in order for the Web Jump to work, there are a few dependencies that need to be corrected, most of which are included in the POST_INSTALLATION_NOTES text file, like the following:*** NOTE ***If the Web Jump feature is going to be used on Ubuntu 24.04+ or on a similarlyderived Linux distribution, then an AppArmor profile needs to be added by running:    sudo cp "/home/user/Jumpoint/apparmor-profile" /etc/apparmor.d/sra-jpt-1770209519    sudo apparmor_parser -r /etc/apparmor.d/sra-jpt-1770209519 Another dependency is the X11 driver, which is included in the KB for the installation of the Jumpoint (Install a Linux Jumpoint | RS). However, even after completing the above steps, I was getting the following error:/home/user/Jumpoint/sra-web failed with exit code 133 -- Likely the AppArmor configuration needs to be performed on the Jumpoint. See the POST-INSTALL-NOTES.txt in its installation folder for details. Checking the dmesg event logs, I detected the followi

Hi, We have an issue of manual policy from PMC console is not getting refreshed to latest version when trying to manually refresh the policy. Although all looks good on PMC console, if I try to manually refresh a policy on a machine in PMC console it will say that system is on latest assigned policy, I will also get a message that system is on latest revision but when I check in BT icon > right click the policy is still on older version.Automatic policy refresh works fine that is when system check-in with PMC console on its own the latest policy is applied without any issue.I have test policy group where the policy refresh is working perfectly fine only production policy group we are facing this issue.If anyone of you has encountered this issue, it will great help if you can suggest what could be the possible reason.  

HelloWe have a situation with the Web Jump where user needs to open a specific website which automaticaly downloads an instalation package. I was able to configure web jump but when user connects to it - it just displays the webpage. Is it possible to set web jump to auto download the file after connecting?Kind Regards

HelloWhen the password contain @ ,the password passed in the application session launched via ps automate tool is wrong, we have added sendkeysraw=1 as well and also tried "%p" in double quotes..but it's not passing password properly when it contains special character.when we set password without special character,the application session login was successful as well.kindly help in passing password with special character successfully.what needs to be done here?

I have a question regarding RDS CALs per user. If only one functional account is defined in the Application settings, then do I only need one RDS CALs because only that functional account is technically initiating the RDP session to the RDS server.

Hello,I need to upgrade the operating system from Windows Server 2016 to Windows Server 2019 on the servers hosting the BeyondInsight databases. These servers are part of a cluster, and all cluster nodes will be upgraded.My question is: how will this impact Password Safe operations? Will services return to normal automatically once the upgrade is completed, or are there any actions required from our side?Additionally, are there any notes or precautions that should be considered to avoid potential failures during or after the upgrade?

Can we onboard the functional account as a managed account? I can understand as per the best practices we can onboard it in functional account configuration section. but what if we add it as a managed account will it have any impact if we add the functional account as a managed account and disable the account rotation?

ps automate is not able launch chrome/edge browser sessionHi all i am facing  issue wherein ps automate is not able to launch the browser session. we are using password safe cloud 24.1 version and i downloaded the same version of ps automate. driver versions are also same .still browser session is not opening any idea how to get this issue resolved Awaiting response  RegardsImran