Why BeeKeepers?
Hi guys, I’ve been assigned a case to block portable apps on a Windows desktop using EPM-W. What is the best way to target any portable apps on Windows? I have a portable application (FreeCommanderPortable.exe - this is just for testing, real-world apps can be anything) with the following criteria:It has a valid digital signature The .exe file can be originated from USB stick, internet download, or file sharing The .exe file can be moved to another folder/drive It doesn’t trigger UAC when run The file name can be changed to anythingI tried creating an application group rule that targets any application ("*"), but there were many false positives, as some legitimate applications sometimes depend on each other.The best configuration I can think of is to target if the publisher or the app name contains the string 'portable'. But not all portable applications have this string (e.g., if renamed).Has anyone faced a similar scenario?
users which are inactive in Active Directory but in Password Safe it's showing Active, I don’t know how it’s possible!!
Sometimes in organization there is requirement of providing access to one user of only server for specific time period only.How it is possible to automate the process of on demand access using smart rule in Password Safe?This is the biggest challenge as we have to create a separate managed account, group and smart rule for such access.I need a process where I can define that after specific time the access is revoked automatically and there is no dependency of password safe administrators.
When downloading dump of assets from Asset tab in passwordsafe there are different column like AssetID AssetName DomainName Type WorkGroupName DnsName CreateDate CreatedByUserID etc. All columns have data except CreatedByUserID it contains 0 only. Is there any fix available for this or any settings needed to be changed in PasswordSafe?
Hi everyone,With ON-PREM BI/EPM-W it is my understanding that the WPE is generally planned to replace the MMC policy editor at some point, but that point hasn’t yet occurred. This is unlike PMCloud where MMC policy editor is deprecated and no longer supported.My organization uses CERT_MODE=2 to require the clients to only recognized code-signed policies. This is seen as a valuable control to reduce risks related to internal or external bad actors plausibility reverse engineering corporate policy XMLs and creating their own (overly permissive or malicious) policy.To the best of my knowledge BeyondTrust does not have a plan or timeline to add WPE-based code-signing. I figured policy signing would be added to WPE but now ~2 years after it’s introduction I see no indication of it coming.As CERT_MODE=2 only recognizes code-signed policies and WPE cannot provide code signing, this makes WPE unusable for my organization.BeyondTrust, respectfully - do you plan to add code-signing to WPE or do
Leverage swiftDialog to display a user-friendly message about the health of BeyondTrust Endpoint Privilege Management for Mac, while capturing various under-the-hood settings behind-the-scenesInspirationDuring a recent case with BeyondTrust Support, we were asked to obtain the output of several elevated Terminal commands from the affected user’s Mac.Having previously written a similar solution for CrowdStrike Falcon, creating a health inspector for BeyondTrust EPM seemed like the obvious solution.Continue reading …
Working on a solution using WMI filters and trying to test on non-persistent VMs with a test policy - but not finding the VMs are showing up under assets (under today versus last 90 days). Names of the VMs are reused so am seeing stale instances - but not current session. The VMs are destroyed upon log off and re-created once they are logged into again. We currently deploy XML files with the images to ensure policies are applied immediately. Have tried using command line updates to force check in - but perhaps there is a better way?
After moving to MacOS 15 I had a user notice that their Privacy and Security > Screen & System Audio Recording permissions for Microsoft Edge were disabled. This is a High Flex user, but they are unable to re-enable those permissions for Edge in the Screen & System Audio Recording settings page. They get a stock MacOS Admin prompt popup when they attempt to do so, and no record of the event in Analytics. Does anyone know how to allow High Flex users to edit settings in Privacy and Security > Screen & System Audio Recording? Edit: Not sure how to delete posts yet but turns out EPM wasn’t working at all after MacOS 15 because the admin accounts required for EPM to work were removed during the update. Repushing the client fixed the problem.
How to whitelist the two events below on Windows Medium Flex policy?
Running: Privileged Remote AccessI have this issue where Jump Clients randomly go offline. The when going to the apps and features the app is gone and has been uninstalled. For instance, Saturday (9/14) I upgraded the appliance From 24.1.4 to 24.2.3Strangely 60 machines were still connected and upgraded the jump client to the new version automatically. 40 were offline. The 40 offline showed that 21.1.4 had been uninstalled. The new version never got installed. What is really quit frustrating is that when I redeploy the jump client, it shows up as a new machine. Now I have the same machine in there twice, one online and one offline. Because its a new machine, I have to re-add the machine to 5 jump groups, I lose all my logging and recordings, I have to reset the password vault matching. Its a real pain. Why cant beyondtrust match MAC addresses or serial numbers or something so that when I have to redeploy it matches the machine already in my system. I tried to restart the appliance, but
As per the BeyondTrust Docs, Oracle scan credential supports IP address range and CIDR notation in the Host field. I tried multiple scenarios with IP address range or CIDR notation, discovery scan never worked. It works fine with single IP address and named host but not with IP address range or CIDR notation.Please advise on how to make discovery scan works with IP address range or CIDR notation?Create Oracle Credentials in BeyondInsight (beyondtrust.com) Thanks
Are there any documentation/KB available for the mass deployment of EPM-W Package Manager?
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.