Unanswered questions

Hi everyone,I was trying to automate credential injection for Kaspersky Security Center and apparently PS_Automate does not support applications in .msc format.Is there a workaround to get this application successfully automated with credential injection through password safe. Thank you.

Hi there,We have set up MFA-Messages to authenticate admins when installing software on a client. This also needs to be done on “user-clients”. The problem is that you actually can use the admin mfa session to access various ressources such as microsoft admin portal if youre not actively sign out or do the authentication in private-tab.I already tried to use the following in my entra application, but this does not seem to work: Has anyone setup an MFA-Authentication in Messages for EPM-W and may assist?Many Thanks!

Like the title says, I have a couple of non-domainjoined windows VMs, which I would like to be able to use multisessions on, credential injection works fine obviously for the Jump point object, meaning the local account credentials are managed in PRA, but Remote RDP doesn’t seem to support it, unless I’m missing something.We do not use Password Safe, only the built in credential Vault.

Hi, is there a way in PRA console to identify which Jumpitems are being used by user to stablish connection to end points? Just want to make sure all my 4 jumpitems are being used.

Hello,I would like guidance on recommended best practices for Smart Group to User Group mapping.Requirement:Multiple teams will access dedicated managed accounts.We are evaluating the following design approaches:Option 1:Maintain only two common user groups globally: Read-Only Users Read-Write Users Map all dedicated account Smart Groups across teams to these shared groups.Option 2:Maintain separate user groups for each team, even if permissions are identical. Example: Team A – RO / RW Groups Team B – RO / RW Groups We would appreciate guidance on:Recommended best practices for large scale deployments. RegardsGB

Hi,Has anyone successfully implemented automated credential injection for the pgAdmin application?There are no usable keyboard shortcuts, and TAB navigation doesn’t allow selecting “Add New Server”.I also tried simulating key sequences (Alt → Right Arrow → Enter → Enter → Enter), but it doesn’t open the “Register Server” window. AutoIt-based automation attempts haven’t worked either.If anyone has found a way to automate this, please let me know.

Hi everyone, I’m quite new to BeyondTrust and am completing the Privileged Remote Access - BCIE course.I wanted to know the difference between a Remote RDP Jump Item vs Remote Jump Item.Is Remote RDP Jump similar to using a VM session?Thanks in advance!

has EPM-W in BeyondInsight Software, Now its eol.We need to migrate to UVM based appliance in Active Active with DC-DR, I need assistance in understanding what all should be considered before the migration.1. How do i make sure the software based deployment which has DB should be moved to the new UVM deployment in Active active.2. How do I make sure I deploy UVM in Active Active in DC & DR where I should deploy 3 UVM in DC and 3 UVM in DR so I get them running active active all the time.3. How many maximum machines do we can connect using this kind of deployment for EPM-W4. Also Wanted to understand for EPM what the load Balancer configuration should be.

Hello,We are currently integrating credential injection from Password Safe into PRA for Cisco devices using the Shell Jump method.Users are able to successfully authenticate and access the devices with the injected credentials. However, when they attempt to enter "enable" mode to perform configuration changes, the system prompts for the password again.At this point, no credential injection prompt or window is displayed, so users are required to manually enter the password. Since the credentials were injected automatically during the initial login, the users do not have visibility of the password and cannot proceed.There is any feature or recommended approach that allows re-injecting or reusing the credentials once inside the shell session (for example, when escalating to enable mode).Thank you.

Does anyone know how to get BeyondTrust Jump Client or Customer Client working with interactivity on Intune Multi-App Kiosk machines? We have our Jump Client installed but there’s no interactivity in Kiosk mode. And Customer Client simply gets blocked. Part of the issue with whitelisting apps with AssignedAccess seems to be the multiple EXEs to whitelist and not allowing dynamic paths. E.g. I think bomgar-scc.exe needs to be whitelisted but it lives in C:\Program Files\BeyondTrust\bomgar-scc\*\ bomgar-scc.exe 

I am trying to configure my SNMP connector but the guides I am seeing (SNMP Trap and Syslog Event Forwarding | BI) have outdated screenshots and new features are not on the details.Has anybody implemented the SNMP event connector yet on their environment? Was wanting to know what are the recommended Authentication protocols and the privacy protocols are.

Greetings all I have a developer who is using AWS Secrets Manager for his code. However, he is passing the username and password from Active Directory over to the secret in AWS Secrets Manager and calling that JSON from Secrets Manager.Ideally, yes, he should be calling it from BT and not AWS Secrets Manager but that would involve a lot of code rewrite for him on a production system.We are looking at adding the secret in Secrets Manager as a synced account with the service account so that when we rotate the password on the service account, it would also rotate the password on the AWS Secrets Manager secret to the same password.What he needs though, complicates it. He is storing this in his AWS secret{"binddn":"cn=ldapauth_account,OU=Service,OU=Accounts,OU=company,DC=domain,DC=com","password":"abcabc"}When BT rotates the password on the service account in AD, it writes the password to the secret in AWS wiping out everything so he ends up with something like newpassword instead of the wh

Trying to install BeyondTrust during a Windows Autopilot deployment, the application installs, but it's not fully setup to handle elevation prompts until after a considerable amount of time and a reboot. Is there a guide on how to install Beyond Trust EPM during Autopilot that improves this experience?

Hi All, We are working on a use case where we are observing password change failures due to multiple reasons, to eliminate funtional account failure and get the systems where it is failing, we need either an API or a way where we can test it.  Any idea on how we can do it for bulk systems?Account Type:Local account on Windows Functional account:Domain account on the domain where the servers are hosted Regards,Neha

We’re currently using BeyondTrust Password Safe to manage SSH access to a large number of Linux servers (100+), where users authenticate using their AD accounts.Access to the servers works fine through Password Safe, but we’re running into an issue when users need to elevate privileges. When they run sudo su, the system prompts for a password, but since password retrieval is disabled, users can’t proceed.We want to avoid enabling password retrieval or exposing any credentials to users, but still allow them to perform privileged operations when required.At the same time, managing sudo access directly on each server (e.g., updating /etc/sudoers individually or using NOPASSWD per user) isn’t really practical at this scale.So I wanted to check with the community:Is there a way to handle sudo password injection through Password Safe for SSH sessions? How are others managing privilege escalation in similar environments without exposing credentials? Any recommended best practices for scaling

We are currently facing a challenge in securely providing users with sudo/root access. Our requirement is to allow users to log in to servers and perform tasks with elevated permissions without retrieving or exposing the root password.Currently, when users launch a PuTTY session, it does not prompt for additional permissions initially. However, once they attempt to execute commands using sudo (the user is LDAP-authenticated with sudo privileges), the system requests a password.We have enabled password retrieval from  Password Safe. Our concern is that enabling password retrieval for such access would violate our internal security policies. We are looking for a secure solution that allows users to perform sudo tasks during the PuTTY session without compromising password security. 

Hi Team, Last week ,we upgraded the BeyondTrust Password Safe version from 23.3 to 25.1. However, post-upgrade, we encountered an issue while accessing the web console, where it displayed the error “Resource cannot be found.” (Please find below the screenshot for your reference )    This is the error message  Server Error in '/' Application.The resource cannot be found.Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.Requested URL: /Eye_RetinaCSAMLSAMLAssertionConsumerService.aspx  We reviewed all relevant Knowledge Base articles for troubleshooting. Additionally, a P1 support ticket was raised with BeyondTrust; however, we did not receive a timely response.Due to time constraints and the dependency of other CRs on Beyond Trust, we have roll back the change. Now we have planned the same activity on 3

has anybody ever done any load testing on the appliances to generate some logs? My main purpose is to get a baseline of the logs so I can create monitor alerting out of it. And since I have not seen any logs of such sort yet, I have to generate it so I can do a query based criteria to target such threshold failures.

Hi Everyone,I have a query regarding session archiving.If a 90-day retention period is configured for session recordings, the recordings are moved to the archive location after 90 days. Later, if the retention period is changed to 30 days, will this new setting apply only to newly generated recordings, while the existing recordings continue to follow the original 90-day retention? Kind Regards,

Hi Team,  We have below requirements from our customer, how it can be achieved in the BTPS. Appreciate your quick response.“For Functional IDs, we’re looking to see if BT’s password manager is capable of basic username/password storage. I believe items 1 and 2 are the only “required” features. When you can, please send me whatever KBs, info sheets you have for BeyondTrust’s Secure Safe. Contain the following fields Unique identifier: Username: ideally, would like to be alerted if the username already exists. Password: Notes: a notes or custom field that allows Copy/Paste feature without showing the password. Ideally copy password option would clear from copy/paste cache after a limited time (30 secs/1 mins) Password Generator – allows creation of 25 character complex password. This is optional but preferred. Optional features, not required Autofill option without showing password Show/identify weak password. ”Thanks and regards,Billa Shivateja.

Hi,I have a problem with the Avecto Defendpoint Service (client version 25.8.12.0).When I restart a Windows 11 notebook, the service is running, but EPM does not work correctly.To resolve the issue, I have to restart the Avecto Defendpoint Service manually, after which everything works as expected.If I set the service startup type to Delayed Start, it starts after about two minutes and then works fine.Has anyone else experienced this issue?Thank you.Kind regards,Thien

Hello All,Is there a way to notify (some sort of pop up) the users that the JIT request has been approved via BT EPM app/agent for a better user experience ? PMC has been integrated with SNOW.

Hi all,Just want to check, does anyone have the official slide deck for the BeyondTrust Password Safe solution from BeyondTrust?Thanks.

Hi AllI have onboarded multiple applications in Beyondtrust password. We are using cloud version of password safe.  All the thick client application like winscp, sql developer,toad etc are not getting launched using functional account. Web application using same function account gets launched. I am able to access the application from session host from cmd. however from password safe it is failing. All ports are open and Functional account test is also passing Does anyone has any idea whats the problem.. any pointers will surely help.Regards Imran

I can log into the portal but when I click on links for KB articles or cases nothing happens. If I use a direct link to a KB article I get a message that it was not found. Is anyone else experiencing problems or do I need to look for issues on my ends?