Recently active topics

Does anyone know how to implement this remediation - the instructions are very vague. BT23-08 | BeyondTrust

Hi All, I wanted to check if there is any API available that I can use to retrieve the password of account ? We are using cloud version of Password safe. With my initial analysis , I found there is any API available that can be used to Set password for account But want to understand if there is any API available to retrieve the password as well?Awaiting response .thanks in advance.

Dear colleagues,I have a bunch of feature requests on the ideas portal, which I would like to get some traction on.So, if you agree with me on any of these give them a vote so BT can start making things happen.https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-2180https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-2167https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-1922https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-2161https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-1813These are specific for just the PM Cloud.Kind regardsJens 

Hi,I’m trying to find a good way to secure these generic accounts and still to be able to use them as bt- and buadmin are used on a regular basis for updates and support cases. As I have 4 appliances to manage and have high security requirements I’d need to have individual passwords, with regular changes and changes after access for each of them. It would be a challenge to manage the regular changes and make performing regular tasks challenging.I had posted an idea to use the Enterprise Updater as SPOC (Single Point of Control) which would have it’s own credentials and would have an encrypted key based connection to all appliances. From the Updater one could create individual schedules for the updates and unlock/lock them centrally. This would make tracking, planning and handling of updates a lot easier and only one generic user (buadmin) would need to be secured. I’d prefer a personal account though and leaving the generic account as a breaking glas solution. This would only cover the

I would to like to know the any limitation for copying file from  local to remote by using shell jumpafter updating the PRA 25.2.3 users are unable to copy the file from local to remote by using shell jump but vise versa it is possible.if file size is less than 32 kb its copying fine but it its bigger then its corrupted to 32kbI am using  Copy paste only.

Hi everyone,The end users are experiencing delay and slowness when taking RDP sessions through Password Safe on-prem. Usually they have to read logs and commands and the slow and delayed screen output is becoming a hassle for them, resulting in a very poor user experience.After some researching, I found a commonality in the solution that it an issue with the client’s network, however, they are not ready to accept it.According to them, when they take RDP directly from the U-series appliance, the session is much better but from the Web UI, it’s very delayed and slow.Has anyone here encountered an issue like this, if yes, how did you solve it.Thanks in advance.

I have strange behavior in my PasswordSafe.I am using an application session, and when I try to start an RDP Session / Start Application Session: When using the option to run on a different system with the functional account, it works perfectly. When using the option to run on the current system with the user account, the RDP session does not start. It shows a black screen for some time and then closes. When I checked the logs in the second case, I found the following: INFO: Accepted RDP session 1234 for 1.2.3.4:1234 INFO: RDP Handler 1234 starting INFO: Found RDP certificate: My:.... INFO: Reading self signed cert INFO: (RDP server) Client Security: NLA:1 TLS:1 RDP:0 INFO: (RDP server) Negotiated Security: NLA:0 TLS:1 RDP:0 INFO: (RDP server) Server Security: NLA:0 TLS:1 RDP:0 ERROR: (RDP server) BIO_read returned a system error 0: No error ERROR: (RDP server) transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] ERROR: (RDP) BIO_should_retr

I can see several old sessions still appearing in the Active Sessions list in Password Safe, even though only today’s sessions should be showing. 

Hello All, We have created the custom Mainframe platform to onboard the Mainframe account under Password safe. This functionality is working fine . We have a requirement to onboard the shared Ids on the custom Platform wherein one Id will be accessed  by 8 users.  Here we are facing issue that when one user checks out the Id other user gets the error saying “The account is not available during requested time”. I have seen the below KB article which says concurrent session is not available on Custom/Generic platforms and it asks to change the platform type of system to Windows/Linux which is not possible for us .https://beyondtrustcorp.service-now.com/csm?sys_kb_id=cf6c24fc47a2669015c43e7d826d4394&id=kb_article_view&sysparm_rank=2&sysparm_tsqueryId=6c5caa3f47d436501bf1db37536d43b3 My requirement here is , is there any workaround available which we can use from which users can at least  view the password from Password safe for these shared ids ?.  If users can view the passwo

Hi everyone, have any of you implemented High Availability using a proxy server, or worked with customers who have deployed this setup? If so, I’d appreciate hearing about your experience, challenges, and overall results.Please share any relatable articles, would appreciate it. Thanks! 

Hi all,Good day. I have a question regarding the EPM agent for macOS. For this test case, I have two types of endpoints, one Windows and one macOS.I have learned about the agent installation for the Windows endpoint. This one is straightforward for my case since I only have one Windows endpoint for product evaluation. All I need to do is download the package manager and run the command to install it.But, I am still unsure about macOS. Please note that Im not familiar with macOS and this is my first time working with it for a product evaluation. My question is, for macOS, can I use the same method for the agent installation? I mean using a package manager similar to the Windows endpoint since I only have a single macOS machine.Appreciate it if someone could provide the proper guideline and advise on this.Thanks again.

Common challenges with PasswordSafe User Provisioning comes down to the confusion between Smart Rules and Smart Groups, and the concept that PasswordSafe groups are only provisioned if they have permissions assigned to them. You cannot give access to users who are in a group with no permissions.  📌 If you’re wanting an overall yes/no flow if a user can access PasswordSafe or a managed account, please see Whiteboard Workflow Diagrams for PasswordSafe Authentication and Permissions | Community In the effort to share the knowledge, I’m sharing the raw whiteboard notes I have around an approach to thinking about PasswordSafe User Provisioning. Whiteboards are my first step in understanding any system, and, quite frankly, I’ll never get this article posted if I were to transpose this into writing.  🚩 This is a general case. There are different ways of altering what a user is provisioned to access by using the PasswordSafe configurations.  PasswordSafe Users need a provisioned reasonPasswo

Hi Elevate registry and allow changes only to particular section in registry HKEY_LOCAL_MACHINE\SOFTWARE\xxx and nothing else. So we know we can elevate any .reg files but we need to control because anyone can add anything into the reg file and do changes in registry. So is there any way to do this?

Hi Team,How to block dmg file installation in EPM-M we are unable to block installation for dmg file as well as package installer. The blocking rule is ineffective for application installations, whereas the actions related to allowing or requesting installations are functioning as intended.

The following articles were published last week. New Knowledge Base Articles: KB0022933 - Option missing in Representative Console to deploy support buttons after upgrade KB0023084 - Unable to Jump to the unattended machine. Error "failed to lock session singleton... exiting" KB0023094 - Users can see other team reports despite "View their teams' sessions" policy being set

The following articles were published last week. New Knowledge Base Articles: KB0023016 - What is Session Forensics? KB0023084 - Unable to Jump to the unattended machine. Error "failed to lock session singleton... exiting" KB0023094 - Users can see other team reports despite "View their teams' sessions" policy being set KB0023101 - Do SQL tunnel Jumps record the SQL tunnel session?

The following articles were published last week. New Knowledge Base Articles: KB0023106 - RPMS error "Service:5: Failed to add dependency on @pblighttpd_after@, ignoring: Invalid argument" KB0023109 - How to upgrade EPM-UL using the BIUL U-series web console

The following articles were published last week. New Knowledge Base Articles: KB0021792 - Wrong application type displayed in Analytics reports - Executable instead of Management Console KB0023108 - Settings menu fails to load or crashes on Windows 11 25H2 using EPM-W

The following articles were published last week. New Knowledge Base Articles: KB0023110 - Birthright policy not assigning roles to a user in Entitle

The following articles were published last week. New Knowledge Base Articles: KB0021770 - EPM Policy removed from Smart Rule causing error - Failed to load smart rule element KB0022852 - Internal error 500 when logging into Password Safe after configuring EPM-W as the as the password rotation agent KB0022970 - Password Safe integrated WPE fails to create policy from template nothing happens when clicking use template KB0023107 - Unable to run through the A&R configuration. Error "There was an error connecting to the server" KB0023119 - Asset Smart Rule address group removed after upgrading to 24.3 KB0023120 - Login to U-Series Appliance from Asset Page in Web console not working - Unable to connect to this Appliance KB0023129 - AD Managed Account password change failed. Error: The server could not be contacted. The LDAP server is unavailable.

Hi All, I would like to know how a user is being assigned to local admin group, via which AD security group or direct. Is there any way we can find this information through password safe A&R reporting service. Current setup is BeyondInsight 24.3.0.1186 Cloud.Br,Mani

Hello Community! I guess at least one people had is problem.Some times depending on the environment (cloud or on-prem) when we are just navigating between the menus, when we click to go to configuration, smart rules or any other menu, simply the Webconsole gets logged out.Other scenario is when we are using the webconsole and stops to user for few seconds (and really is few seconds) and appears the message "will be logged out soon/extend session"Have someone get this case? If yes, exists a reason for that and consequently the fix for that?Obs: in System > Site Options > Session: the time for Session Timout is already on a high time.Regards,Felipe