Recently active topics

The following articles were published last week. New Knowledge Base Articles: KB0020807 - Remote Support security scanner CSP directive issue - missing reporting-objective and form-action-objective KB0022221 - Privileged Remote Access and Remote Support with VDIs performance delays KB0022246 - Missing Login Prompt on Headless Linux System with Jump Client KB0023017 - How to gather ping and diagnostic stats via the Access or Representative Console KB0023434 - Unable to open Representative Console or Access Console "error reading license file" KB0023438 - Unable to select any Jump (Asset) Groups when creating Jump Client installer KB0023442 - Remote Support 26.1 navigation name changes KB0023445 - Dashboard shows no data or loses connection and states "The server is restarting" KB0023447 - Active session screen sharing stops working after several minutes KB0023460 -

The following articles were published last week. New Knowledge Base Articles: KB0022221 - Privileged Remote Access and Remote Support with VDIs performance delays KB0022246 - Missing Login Prompt on Headless Linux System with Jump Client KB0023017 - How to gather ping and diagnostic stats via the Access or Representative Console KB0023393 - Privileged Remote Access 26.1 navigation name changes KB0023434 - Unable to open Representative Console or Access Console "error reading license file" KB0023438 - Unable to select any Jump (Asset) Groups when creating Jump Client installer KB0023447 - Active session screen sharing stops working after several minutes KB0023460 - Error: An error occured installing this update [pre-upgrade-10] when upgrading to 26.1.1

The following articles were published last week. New Knowledge Base Articles: KB0022130 - Unable to use Sudo commands. Client licensing error - No space left on device

The following articles were published last week. New Knowledge Base Articles: KB0022215 - Privilege Management for Mac client app bundle continually verifiying package KB0022295 - How to create replacement definitions for PGNetworkAdapterUtil, PGPrinterUtil and PGProgramsUtil KB0023279 - EPM-M Defendpointd memory leak causing high RAM usage KB0023490 - Email notification settings for JIT requests

The following articles were published last week. New Knowledge Base Articles: KB0022241 - Password Safe tile Accounts Page explanation in Password Safe version 23.1 and higher KB0022286 - After failed hotfix, error messages received on password rotation and test KB0022313 - How can the Resource Broker be hardened? KB0022315 - Can alerts or emails be sent when Resource Brokers become unhealthy? KB0022316 - How to troubleshoot a single Resource Broker or find which node is being used KB0022318 - How to address regional connections with Resource Broker Zones KB0022406 - Analytics and Reporting Configuration wizard fails with error "System.Exception: Error in script 'CreateViews.sql' at line 6 executing" KB0022883 - No events showing for IIS App Pool service account propagation action in Password Safe KB0023261 - Managed Account "Add to Manual Smart Group" dropdown list loading s

The following articles were published last week. New Knowledge Base Articles: KB0021688 - Support package (pbis-support.pl) on AIX host fails to capture the packet capture KB0023472 - AD Bridge 26.1.0 machine account password encryption

You’re already securing credentials with Password Safe. But now it’s time to see and control how access is actually being used. That’s where Privileged Remote Access (PRA) and Insights take your security to the next level. Why you’ll love PRA + Insights:  Control access in real time – give just-in-time privileges to systems without slowing teams down   See everything that matters – monitor sessions, users, and non-human identities  Stay audit ready effortlessly – centralized visibility keeps compliance simple   Spot risks before they become problems – actionable detections and recommendations from Insights  With PRA + Insights, you get the best of both worlds. Full control and visibility over privileged access, all while keeping your credentials safe.  Curious how it works? Check out our PASM+ solution brief or sign up for our upcoming webinar, Privileged Access that Keeps Security and Teams in Sync.  Ready to level up your security? Request your personalized demo here. 

What is the best practice for configuring IP rules on APIs when the servers’ external IP addresses change frequently?

Hi. I have recently performed a detailed discovery scan against one asset, it completed successfully but I am not seeing any details for services, tasks etc etc. Scan was completed three hours ago.Is it normal to take a long time to get this information populated? Are there any logs I need to check to see why I am not seeing the details yet?   

Hello,I am working on creating a new BT EPM policy for our Win 10 and 11 system in our environment. I created an application group and added it under Low Flex workstyle. I am trying to create a policy that will block all the applications except the ones i have approved in SCCM Software Center and InTune. My problem is that i have a list of couple of hundred of approved apps and i don’t want to add them in the application group manually one by one. is there a way to import them from an excel list if i populate the excel with publisher and product name and whatever else i might need. or is there any API i can use for that.Thank You

Does anyone know if it is possible to include multiple domains in a management rule filter?  For an example, we need to setup rules to move multiple domains to single computer groups after a certain length of time.  Currently, I have over 20 management rules in place to do this functionality, however I would like to cut that down if possible.  

I have granted myself Recorded session reviewer and Active Session reviewer role but when I try to view completed sessions, I get this error:Unable to open the session. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Please contact your Password Safe administrator.Looking at the system event viewer, I am getting a certificate validation failure for host xxxxxxx MessageCertficate validation failed for host kbpdpammgt001.corp.bank.nzpfs.co.nz:443 on url https://hostnameFQDN/eEye.RetinaCS.Server/api/PMM/remotesessions/replayI have checked my certificate (Load balancer certificate) and confirmed that it does have the SAN pointing to this host. 

Has anyone else gotten the 26.1 agent upgrade yet? We have been waiting for a few weeks now, and it is still not available to us. I don’t know if we should put in a ticket to find out why it hasn’t been pushed to us yet, or if it is just taking that long.  We’re looking forward to the AAD refresh capability that’s built into it. 

On our systems we’ve deployed beyondtrust to, if I do a Microsoft sentinel or KQL search for local admin login events, I’m seeing a lot of accounts that start with lenovo_tmp. After some searching, it appears that these are used by the lenovo system updater software to run updates with elevated privileges when a user is not admin. This concerns me because it seems to violate the tamper protection of beyondtrust that disallows the creation of other admin accounts. (lenovo forum for context).Is anyone else seeing this? If you can run KQL advanced hunting queries, look at the DeviceLoginEvents table: DeviceLogonEvents| where IsLocalAdmin == true  

Hello,We are currently integrating credential injection from Password Safe into PRA for Cisco devices using the Shell Jump method.Users are able to successfully authenticate and access the devices with the injected credentials. However, when they attempt to enter "enable" mode to perform configuration changes, the system prompts for the password again.At this point, no credential injection prompt or window is displayed, so users are required to manually enter the password. Since the credentials were injected automatically during the initial login, the users do not have visibility of the password and cannot proceed.There is any feature or recommended approach that allows re-injecting or reusing the credentials once inside the shell session (for example, when escalating to enable mode).Thank you.

Hi  I have configured PRA where I have jump client and a RDP for a windows Server, when I am accessing I strangely started noticing that Over the Mouse there is a black dot which keeps moving along with the Mouse Arrow cursor. the problem is that they are not in sync, there is a kind of lag, is there a way to fix the Mouse having that black dot., can we remove it.

We’re currently using BeyondTrust Password Safe to manage SSH access to a large number of Linux servers (100+), where users authenticate using their AD accounts.Access to the servers works fine through Password Safe, but we’re running into an issue when users need to elevate privileges. When they run sudo su, the system prompts for a password, but since password retrieval is disabled, users can’t proceed.We want to avoid enabling password retrieval or exposing any credentials to users, but still allow them to perform privileged operations when required.At the same time, managing sudo access directly on each server (e.g., updating /etc/sudoers individually or using NOPASSWD per user) isn’t really practical at this scale.So I wanted to check with the community:Is there a way to handle sudo password injection through Password Safe for SSH sessions? How are others managing privilege escalation in similar environments without exposing credentials? Any recommended best practices for scaling

We have Cimplicity Webspace in our environment, which is web based. The main dashboard does not have a login screen, but each page off of the main page is an embedded IDE object that has its own authentication. We are trying right now to run the application as a Web Jump, but Web Jump does not see the authentication fields because they are in the embedded IDE and not HTML fields.Has anyone found a way to use Cimplicity Webspace with PRA?

Hello All, We have one new BeyondTrust setup. It seems option ‘Use SAML Authentication’ on login page is not visible for somehow.We have configured AD domain, and it shows in dropdown option but the link for SAML authentication is not showing up.Can you help if any settings need to be updated?  Thanks,Prasad

Hello Team,We are currently running BeyondTrust Password Safe version 23.3 in our environment and are planning an upgrade to version 25.1.We would like guidance on the recommended upgrade path:Can we upgrade directly from 23.3 to 25.1, or Is it required/recommended to upgrade first to 24.x and then to 25.1?Additionally, it would be helpful if someone could share:Any prerequisites or constraints for this upgrade path Known issues or best practices based on previous upgrades High‑level steps or documentation references for performing the upgradeYour insights and recommendations will help us plan this upgrade.

We have enabled Log "Run As" Special Action Commands in the Session Reports, but is there a way to extract just this specific details to see on which devices this has been run? I've checked back and forth the reportings, exported many reports, but none seem to have this data..

We are interested in enabling this option: Force the closure of windows that were opened during the session. We expect that it will close any opened command prompts that are elevated from run as etc. But will it also close other applications that are open done by the user like word/outlook etc. The explanations found on internet and the bt documentation don't say much and would like to know more on this, or if anyone else has enabled it and can tell me what exactly is happening with all the apps that are open when the engineer jumps onto the machine does his bit and jumps off again. We also don't see an option to test it or assign it to a test group to experience the behaviour as it seems to be an all or nothing setting.  

Hello!I am curious to know what type of filtering and packet inspection controls are typically recommended/used for on-prem PRA/RS appliances. As typical use cases (e.g. remote users, vendor access etc.) require the appliance to be external network facing , it is not feasible to restrict access to IP ranges. Based on KB articles SSL Offloading is not supported for client to appliance communication.Question: What typical network security controls are recommended apart from restricting the outbound from appliance, blocking known-bad source IPs, and segmentation.Anyone using Web App Firewalls , NGFWs or IDPS effectively ? Are there any resources available that can help identifying know benign traffic vs malicious traffic ?

The following articles were published last week. New Knowledge Base Articles: KB0022194 - How to create a registered app for Remote Support and Privileged Remote Access Vault KB0022195 - Error: This account has expired when trying to log into the administrative interface KB0022251 - Vault account fails to check in post-use, becomes unusable KB0022254 - Upload Update option removed in Remote Support and Privileged Remote Access Cloud 25.1.1 KB0022265 - How many characters can the password value field contain in Vault? KB0022266 - How many generic Vault accounts can be created? KB0022271 - Which ports are required for the discovery and rotation of Vault accounts? KB0022272 - Is it possible to exclude credentials from an Asset (Jump Item)? KB0022283 - Can old sessions more than 90 days be restored for auditing? KB0023427 - Can VNC tokens be used for injection?

The following articles were published last week. New Knowledge Base Articles: KB0022194 - How to create a registered app for Remote Support and Privileged Remote Access Vault KB0022195 - Error: This account has expired when trying to log into the administrative interface KB0022251 - Vault account fails to check in post-use, becomes unusable KB0022254 - Upload Update option removed in Remote Support and Privileged Remote Access Cloud 25.1.1 KB0022265 - How many characters can the password value field contain in Vault? KB0022266 - How many generic Vault accounts can be created? KB0022271 - Which ports are required for the discovery and rotation of Vault accounts? KB0022272 - Is it possible to exclude credentials from an Asset (Jump Item)? KB0022283 - Can old sessions more than 90 days be restored for auditing? KB0022289 - Can a distribution list be used for approver