Skip to main content

Recently active topics

71
K
kgujasApprentice
 General
Active/Active Password Safe Configuration

Hi. I need to configure an Active Active PS configuration. I have installed the managament node and connect it to external SQL database and everything is OK for this. Now I start to configure the worker node and I need to connect this nod to the same SQL database but after I put in the credentials and the crypto key from managament node I am getting this error when click on test > Connection test failed. Could not connect to existing database. Can anyone, please, help me with this...what is the problem, what is the right way to configure an Active/active configuration 1managament/1workernode.

1465
N
A
AmirdhaNewcomer
 Buzz Board
New One to BeyondTrust - Help with Learning

Hi Everyone,Hope everyone are doing well. I am completely new to BeyondTrust and interested in learning BeyondTrust PAM. I am not familiar with the names of the product that BeyondTrust offers as well. I do have experience on other PAM product but wanted to expand my knowledge. Please help me with how to learn BeyondTrust PAM as well what products are offered by BeyondTrust and their Names.  

10
A
T
tmontagueNewcomer
 General
Automatically linking multiple managed accounts to managed systems based on services

I’m trying to figure out if this is even possible.  I feel like it is, but I’m probably missing how to accomplish it.So we have 60 something Windows servers running SQL server.  We have 20 something AD accounts that run SQL on these various servers.  Ideally what I’d like to do is build a rule that adds the appropriate linked managed system to each managed account that is running the SQL services on those systems. So the end result would be I could go into each account, and see the system or systems that it is running SQL on.I’d really like this to work automatically so that any time a new server is added, or an account is added to another system, it automatically gets added to the list of linked systems for that account.    I can easily create rules to get a list of all of these servers running sql.  I can also easily create a rule that shows me all of these accounts (they all start with the same thing).  But is there a way to then just link each account to the appropriate server with

30
T
J
Jens HansenVeteran
 Windows & MacOS
Weekly New and Updated Knowledge Base.

Thanks for adding the new KB’s on the weekly basis, it makes it so much easier to keep track on things.A request to also add when we updates old KBs would be nice 

2273
P
M
Mohan UpadhayaNewcomer
 General
PRA Blank Screen

Hi All, I am seriosly Stumped here and not sure if anyone has been througth this experience.  we have PS and PRA integrated. when I jump into a Server, I get the session started successfully but nothing displays on screen that looks like windows. All I get is a blank white screen, with the session running in the backgrround. I tested this on two different machines plus a cloud PC. we use Beyond Trust CLoud products. I have looked through FW and any other point where the traiffc could be blocked, but I dont see issues with the network . nothin seems obvious but I get a blank screen for any VM I conenct to . 

91
Prudhvi Keertipati
C
Carlos MendonçaTrailblazer
 General
Password Safe - Managed Account

Hello,Please, how do I synchronize user accounts in the domain to managed accounts? To have visibility of all user accounts and rotate the password if necessary.  

394
C
P
PowNewcomer
 General
PRA Jump Approval - User can still self-approve by mail

Hi everyone,I have an problem when configuring Jump Approval in my PRA and I would like to know if it’s a bug or if I missed something.I've created a Jump Policy requiring users to request approval to access machines.In the approvers, I've set up a team called the “IT Team” and I've indicated that they can't approve their own requests.There are two members in “IT Team”.When one of the members tries to connect to a machine, a form asks him to enter a reason and a duration. In the Remote Access Console, the user who made the request does not see any notification and cannot self-approve. The second team member can. It works in the other way round.The problem here is that the user who made the request, who normally can't self-approve, still receives an approval link by e-mail, and this link works. The parameter is half-operational, so. Please note that these are Entra users and not local users of the solution (I'm pointing this out even though I don't think it's related).

90
P
L
lineVeteran
 General
Functionnal account and RDS Apps

Hi, I set the functionnal account for application (using RDS) for many users, I have one RDS Server on which i install all the apps. I can see that when one users launch the apps, the functionnal account disconnect on the other person that was using the apps, why? Is there any setting i missed? The functionnal account is suppose to work at the same time, for many users. Best,

101
H
BeyondTrust Employee
Prudhvi Keertipati
Prudhvi KeertipatiVeteran
 General
Password Safe Appliance - Oracle Cloud Infrastructure (OCI)

Has any one deployed BeyondInsight Password Safe Appliance on Oracle Cloud Infrastructure (OCI)? If yes, which appliance image was used?  Is deploying the appliance on OCI supported by BeyondTrust?

171
H
BeyondTrust Employee
P
prakash.rRising Star
 General
Caching Issue with Web Applications via Password Safe and Microsoft Remote Desktop on MacOS

Hi,{This issue is only applicable to MacOS environments}Is anyone facing an issue where, when launching a web application (using PSautomate) via Password Safe in MacOS using the Microsoft Remote Desktop application, there is some sort of caching issue? For example, let’s say I download the RDP file for a web application at "https://app1.example.com"; the Microsoft Remote Desktop will prompt an “RDP certificate warning,” and the user will click "Continue," allowing the browser and web application to launch successfully. Example of “RDP Certificate Warning” However, once they close this web application browser (browser only and not the entire Microsoft remote desktop app) and launch another web application session (such as "https://app2.example.com") using a new RDP file downloaded from the Password Safe portal, it doesn’t prompt the “RDP certificate warning” and instead launches the old web application ("https://app1.example.com") session instead of the new one, even though we clearly l

281
J
BeyondTrust Employee
S
SFATrailblazer
 General
Anyone know what is this error related to when doing custom platform plugin?

Anyone know what is this error related to when doing custom platform plugin?    

123
S
S
SFATrailblazer
 General
how to run powershellscript to change password

Hi I have application API to change password , how can I use it to trigger password change via PAM. For using application host, I am unable to use WINDOWS system . I found this link here-Resource Kit SDK Plugin for PowerShell Scripts -Should I go with above? or propagation action? If using propagation action, what needs to be the platform? I mainly want to do trigger generation of password based of password policy, update it just in the BT DB and not try to apply in system account. I have a windows system with the script and want to trigger change of password from BT .  

593
Prudhvi Keertipati
A
AmilaKRising Star
 General
RDS CAL Licenses for Application Sessions

Hi Guys,How can we calculate RDS user CAL licenses for below use case for password safe.One PAM user (requestor) is having concurrent 3 applications with one functional account.Do we required 3 RDS CAL licenses or 1 RDS CAL license ?    

2576
J
BeyondTrust Employee
B
bt101Veteran
 General
Password Safe onboarding and rotating Linux local accounts

Hello,  We have Linux desktops which have non-root account which is in sudoers. This account has a common password while imaging which gets rotated every n days outside Passwordsafe (PS)I see that we need a functional account that has ability to rotate other local accounts , which should be used to onboard these accounts to Passwordsafe. As this non-root account has a fixed initial password for each newly imaged desktop , can we use it as a Functional account in PasswordSafe and check the option “ Use Own Credentials” to Manage/Rotate password in smart rule. I am assuming that this will work as initial password of non-root account will be used by PS to onboard the account and then it will change its own password when smart rule is processed. Is my understanding correct ? am I missing anything that could result in any issues

181
Paulo144
Prudhvi Keertipati
Prudhvi KeertipatiVeteran
 General
BeyondInsight / Password Safe Cloud - Smart Card Authentication

Hello everyone. Need your inputs with enabling the Smart Card Authentication in Password Safe Cloud. I have configured it as below.when I try to access the url http://hostname.ps.beyondtrustcloud.com/RetinaCSSC and I’m getting 403 - Forbidden error.   

101
Paulo144
P
pphung301Apprentice
 Windows & MacOS
unnapproved Updates to Microsoft Teams

Hi, I am getting a prompt of an unapproved app and after looking into it in Analytics, it seems to be from Microsoft Teams updates which does not carry a Publisher so its unsigned.  Whats the best way to allow this since there is no signed info for this?   ApplicationApp DescriptionPublisherOn DemandNoApplication TypeInstaller PackageFile PathExecutable Pathc:\program files\windowsapps\msteams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teamsupdate.exeCommand Line"C:\Program Files\WindowsApps\MSTeams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teamsupdate.exe" -EnsureTmaInstallation -AppSessionGUID 9e3e64d2-2229-4fc7-90dd-70234b468a6b -Trigger EnsureTmaAtStartupApp NameApp VersionFile VersionHash SHA1Hash SHA256Hash MD5File Owner NameProduct CodeUpgrade Code{97F40CEA-BEDE-40ED-A9A3-9354C8E64392}Download URLBeyondTrust ZoneDrive TypeElevation MethodAdmin accountPolicyApplication DescriptionAny MSI Installer PackageApplication Group Name(Default) Any Signed UAC PromptMatched as Child Proce

815
J
J
JackNewcomer
 Windows & MacOS
EPM Feature Requests

Hi Beyond Trust community,I have a couple of Beyond Trust - Endpoint Privilege Management suggestions that I would like to share please: We recently found many devices had become disconnected from the EPM Console due to them being deleted. This was likely due to inactivity, where many machines were built in advance of a laptop migration and kept in storage. From the machines, it was not obvious there was a problem until some devices started to show symptoms that were fixed in an earlier policy revision. When the machine is checked, it still had an old policy revision listed. This means even our latest block rules were not working on these devices. To mitigate this issue, we would find the following agent features extremely useful:Feature Request: Ability to check policy name and revision in the Windows Registry / file or WMI etc.Reason: We can keep an active deployment that checks for the revision and if it falls behind we can have an automatic remediation.How we are currently evaluati

312
P
BeyondTrust Employee
P
prakash.rRising Star
 General
How to enable "Automatic Password Change" for local Linux servers?

Hi all,I’m in the process of onboarding over 100 local Linux servers into BeyondTrust Password Safe, and I’m looking for a more efficient way to handle FA (Functional Account) assignment during setup.Steps I’ve taken so far: Added all 100+ servers to an Address Group Created an asset-based Smart Rule Set the assets within the Smart Rule to be Managed by Password Safe However, when I try to enable Automatic Password Change Options, I’m only able to assign one FA (From smart rule). Since each server requires a unique FA, manually creating individual Smart Rules for each server would be highly inefficient.Question:Is there a way to automate or bulk assign one FA per server without having to create a separate Smart Rule for each one?Thanks in advance for your help!

334
Paul Dann
BeyondTrust Employee
A
AyanWSTrailblazer
 General
Extended RDP session - 2-4 days

Team,I am curious to know whether it’s possible to extend/allow RDP session for more than 2 days. Concern team wants to perform a job and they might need to keep the session active for about 2 days at least. Is it something we can leverage from BI console? Please suggest.

572
A
P
prasadp87Trailblazer
 General
How to add scanned account as Managed account

Hello All,I have quick question about Beyond trust discovery scan accounts. We have configured scanning for certain servers accounts. When I look into scanned asset, I am able to convert “unmanaged” account from General data section but I dont see option to convert “Users” shown in Scan data section. Does anyone know how we can get these users in Managed account list.   

191
H
BeyondTrust Employee
T
Tina_KTrailblazer
 General
Session gets lost if remote computer is offline too long

Hello again,sometimes a support session gets lost or “broken” if the remote computer is offline for too long. (For example because it is making a BIOS Update that takes very long… or the user does not return to reboot for a while) The supporter can only End the session in this case and has to make a new one if the customer returns. Screen sharing controls turn grey and only “close” is available.Is there a way to set the timeout for “customer left session” higher so the session does not get lost?I did not find anything in the admin console or the knowledge base...

312
T
A
Anil ReddyApprentice
 General
virtual appliance deployment on vm for passwordsafe on prem

HI All, Planning to configure on prem virtual appliance on VM new server to deploy the BI and passwordsafe.Can you share any one the article to start the deployment step onwords ,how we can go head to complete this new setup for testing purpose we are planning to deploy only one appliance. Thanks 

374
Prudhvi Keertipati
P
prasadp87Trailblazer
 General
Can NTLM be disabled for Beyond Trust.

Hello Team,  We have received a requirement from our security team to disable NTLM for Beyond Trust. We are using Beyond Insight Password safe and U series appliance.I have seen few of the topic which discuss about same but not sure if we still can disable NTLM and it won't break anything.  Some of the reference topics are -Endpoint Privilege Management - Can EPM policy be configured to deactivate NTLM ?BeyondInsight / Password Safe - NTLM is being deprecated; can it be removed from U-Series appliances? Please suggest. Thanks,Prasad 

1085
P
B
bpkothariApprentice
 Secrets and Non Human Identities
Password Aging in Password Safe Secret Safe

We are facing a common challenge in password vaulting systems where the password age isn't directly tracked, and the password hash changes even when unrelated attributes are modified. This makes it difficult to determine when the password was last changed.Problem SummaryNo dedicated timestamp for password change. Password hash changes even when non-password attributes are modified. You need to detect passwords older than 2 years to raise a security finding. How to solve this in secret safe?

223
B
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
 General
Monthly Buzz - June - Privileged Remote Access

What’s New in BeyondTrust Privileged Remote Access 25.1: Enhanced Security & Stability for Privileged Access Everywhere BeyondTrust continues to raise the standard for privileged access security. Version 25.1 of BeyondTrust Privileged Remote Access (PRA) delivers critical behind-the-scenes upgrades, doubling down on BeyondTrust’s mission to deliver the most dependable, secure privileged remote access platform on the market. This maintenance release focuses on providing stronger security, improved reliability, and more seamless control of privileged sessions. Version 25.1 rolls up recent security patches, runs them through an exhaustive regression test suite, and layers in targeted stability improvements and key performance refinements for both cloud and on-prem environments. This update is available whether you run a cloud or on-prem deployment of Privileged Remote Access. Cloud users receive updates automatically. On-prem customers can download and apply version 25.1 from the appl

130
B
Community Manager

Badge Earners

  • BCA: Endpoint Privilege Management - Mac
    Enrique-Corehas earned the badge BCA: Endpoint Privilege Management - Mac
  • BCA: Password Safe
    Yuvaraj Nhas earned the badge BCA: Password Safe
  • BCA: Password Safe
    naidu_jstshas earned the badge BCA: Password Safe
  • BCA: Privileged Remote Access
    NectarNinjahas earned the badge BCA: Privileged Remote Access
  • BCIE: Password Safe
    MrMileshas earned the badge BCIE: Password Safe
Show all badges
Terms & ConditionsCookie settings