Unanswered questions

Hello Everyone, Is it possible to use the file transfer option via Remote VNC?

How do you manage Microsoft Edge browser updates on RDS servers used for web applications?Do we need to allow continuous internet access for Edge updates and WebDriver checks, or do you manage updates in a controlled/whitelisted manner?  What are the best practices to follow ?

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and incomplete. Reddit has been the mos

Hi All,I have got the PWS to PRA connection working, I can see my managed test account in PRA but when I try and use the cred store to connect, I get the following error. (Could not find a schedule to use with this release request)I have followed the guide (BeyondInsight / Password Safe - Unable to pull Password Safe Credential via ECM. Error: "Could not find a schedule to use with release request".)Any ideas where I can start to look? log? or have I missed something simple?

I’d like to understand the recommended approach for onboarding local Linux dedicated accounts. Additionally, from a Linux server perspective, is there a recommended method to configure these accounts so that sudo does not prompt for a password? Thank you.

we have 2 PRA appliance in cluster.  The primary appliance was initially deployed as stand alone in 2020 and only in 2022 ,the second appliance was deployed. So, in secondary appliance, we can see the data encryption is already enabled but in Primary , this is not enabled and says we need to free up space. we needed a confirmation, if we fail over to current secondary, will we face issue in this scenario with one appliance data encrypted and other not?  Also, in the documents and in KB, it says secret store is required to be added but since in secondary its already enabled without external secret store, we can assume the encryption keys are stored locally? since only AWS is supported for external secret store, we are unable to add external secret store.  

What is the recommended approach for securely managing and remotely accessing macOS systems using a password safe? Specifically, does a managed application for a VNC client support this use case, and is there an implementation guide? Thank you.

I would like to connect to a specific computer by hostname to perform queries via API. The problem I’m running into is the API requires the jump client ID, not the host name. And there is no server side filtering for the hosts to find the jump client ID. I then tried to pull a list of all hosts and jump client IDs to filter on my end, but the maximum number of results I get is 13. I have extensively consulted with chatgpt and it came to this conclusion:Ah — that clarifies things. The reason your earlier scripts didn’t work is the Command API only supports listing all connected clients; it does not support a server-side filter by hostname. That’s why trying to query a single host returns nothing — the API only gives batches of connected clients, and without paging through, your host might not be in the first page.Ah — now it’s clear why you’re still only seeing 13 Jump Clients: the BeyondTrust Cloud Command API get_connected_client_list does not return all connected clients at once. On

Hello everyone,I am currently encountering an issue when performing a managed account password change on F5 BIG-IP. I would like to describe the issue as follows:On the F5 BIG-IP device, I created a user named "btfunctional" and configured this user in PAM as a Functional Account (FA). I performed a Test Functional Account, and it completed successfully. However, when I attempt to change the password of another managed account, I encounter the following error:[btfunctional@ltm01:Active:Disconnected] ~ # Thread was interrupted from a waiting state. Password change failed.I would greatly appreciate your support and assistance with this issue.Thank you very much.

Hi Team, is there any way to clean/flush the password  stored in clipboard “when you do a copy of credentials from password safe , it does not get cleared automatically from your clipboard. The clipboard storers the credentials rather than clearing the clipboard after a short period of time”

Hi,Anyone else have a need to keep password history for more than one year? A problem we face is if we need to restore a windows server from more than a year ago, we won’t be able to log in via the local administrator password as it will be unknown. I know there are some workarounds where you can reset if it is an AzureVM, but having history more than a year is needed.Anyone have any smart ways to work around this limitation?Someone has already logged an idea for this if you want to vote.Allow Password History For More Than 360 | All Product Ideas - PublicThanks

Hello!We are running version 24.3.4 and have observed multiple Jump Clients going offline intermittently. Upon investigation, most affected clients show that the service has stopped.We’ve been using PRA for several years and have performed multiple upgrades from 20.x versions. This issue started appearing after the last 1–2 upgrades. Based on the support KBs, our current version does not appear to be impacted by any documented known issue.I’ve opened a support ticket and will provide logs, but the behavior is random and difficult to predict when it will occur again.Other users seem to have reported similar issues, and a scheduled service restart is suggested as a workaround. However, this approach is not scalable for us since we manage thousands of endpoints and have 24/7 user activity, which could negatively impact user experience. I also noticed recommendations to restart the site software. Fresh re-install will be a pain.Is there a known root cause for this issue? Has anyone success

Good morning.I'm trying to inject the credentials of a Linux system into a domain that's password safe, but it connects using PRA.In PRA, when I inject the credentials, it does so without the domain.If I manually enter the username, domain, and credentials, it connects.I'd like to know how to inject the username with the full domain.Regards.

Hi,just a short question. Is there a need/ recommendation for the “recommended exclusions from 3rd party anti-virus - KB0017099 ” in combination with Microsoft Defender for Endpoint?We are asking this because at the moment we do not have set these exclusions and for us the Defender is not a typical “3rd party av”. Regards,Jens

Hi  I would like to see if we can block commands in CMD for Windows Platform.If yes, how can we do a sample would help for building it.RegardsNaveen

hi guys, is there a way to get a list of AD managed systems without linked accounts? thank you

Hi All,I'm new to PS but have been running RS for over a year now, we export syslog via webhooks on RS and PRA to our Rapid7 SIEM and it is working well, but I cannot seem to get it to work with PS. Any ideas?

Hello,we just started with PRA and Vendors, and i wanted to add a new vendor group. When i want to choose the according group policy, i cannot pick the one i want ( it does not appear in the drop down menu). And there is that warning that states:Group Policies that grant administrative permissions are not available for Vendors.What is regarded a administrative permission? How can i find out what to change?Best regards,Sven

Can we scan the servers that are hosted in azure using the Master key rather than asking user to create individual accounts for discovery. If Yes what is the process?

Can BeyondTrust Password Safe support strict logical segregation between two departments (Network Division and IT Security Division) within the same Password Safe deployment, ensuring no visibility of assets, accounts, users, or sessions across divisions? Component Network Division IT Security Division PAM Admin Network PAM Admin Security PAM Admin Assets Network devices Security infrastructure Accounts Network privileged accounts Security privileged accounts Users Network engineers Security engineers Policies Network-specific Security-specific Reports Network only Security only Configuration Network Only Security Only

Hi all,Im currently exploring the features and benefits of the EPM solution, and I came across the TAP functionality. I have a quick question regarding this.What is the difference between TAP configured under a Workstyle created in Enhanced Security and the TAP policy templates found under Utilities > Template Policies? I could not find any clear explanation in the documentation, or I may have missed it.I would appreciate it if someone could clarify this for me. Thanks. TAP under Workstyle created TAP template policies under Utilities > Template Policies