Skip to main content

Windows & MacOS

A localized space to talk about EPM, specifically for Windows And Mac OS's.

  • 199 Topics
  • 533 Replies
199 Topics
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - August - Endpoint Privilege Management
Monthly Buzz - August - Endpoint Privilege Management

How to Prevent Insider Threats with Endpoint Privilege Management Security teams often focus on external threats, such as sophisticated phishing campaigns or zero-day exploits from unknown adversaries. But what about the dangers within your own organization? Insider attacks, carried out by individuals with legitimate access to your critical business systems, can be just as, if not more, devastating than an external attack.A major weakness exploited in both malicious and unintentional insider incidents often comes down to users having too many privileges on their devices. That's why Endpoint Privilege Management (EPM) is essential for insider threat protection and is key to a solid security strategy. Here, we'll dive into how BeyondTrust Endpoint Privilege Management helps you combat insider threats, secure critical systems, and simplify compliance. Why Insider Threats Pose One of the Biggest Cybersecurity Risks Before we explore the nuances of EPM, let’s quickly break down the differen

270
B
Community Manager
N
BeyondTrust Employee
NeilBeyondTrust Employee
posted in Windows & MacOS
Using JIT Admin

Howdy folks, It’s been a little over a week since the new JIT Admin feature was released and so I wanted to share a little bit of what I’ve learned while using it.  What is JIT Admin?JIT Admin is a new feature in EPM (SaaS) 24.7, where a standard user can submit a JIT Admin request directly to the Privilege Management Console. Once approved, the standard user is put directly into the BUILTIN\Administrators group on their system, becoming a ‘true’ admin for a specified amount of time.This feature is available on both Windows and Mac.  How do I enable JIT Admin?​@Jens Hansen made a nice GIF in his post here which is probably the quickest way to see how simple it is to enable JIT admin within PMC. I’ll add documentation at the bottom, but at a high level, enabling JIT admin requires three things:“JIT Admin Access Integration” is enabled under Configuration > Just-in-Time (JIT) Access Settings > Admin Access tab JIT admin is activated on a workstyle via policy OS > Workstyles >

5893
M
A
AdamSaNewcomer
asked in Windows & MacOS
BeyondTrust EPM policy - Asking credentials even if 'Allowed'

Hi!Making changes to some of my policies inside BeyondTrust EPM. Could someone help me understand, because I feel lost. I have a policy, that comes from the Quick Start Template - regarding system settings options ['Authorize - System Preferences']. I checked the easiest one for testing - date and time settings. I set it up to be allowed + message 'Allow Message (Audit)'. Unfortunately, my test device still requires admin credentials when trying to change the 'Set time and date automatically' for example, as seen on the screenshot... Is there something I'm doing wrong? Using Sequoia 15.6.1  

192
J
I
immi563Rising Star
asked in Windows & MacOS
Run as different user is not giving EPM Prompt

Hi AllWe are facing one issue in our policy for windows assets. our requirement is1.when user will try to elevate itself by executing any exe file using "run as different user" (shift+right click+run as different user) user should get the EPM message asking for reason.2. We have created on application group and rule and added it high flexibility work style.3. when user is trying to run the CMD file as different users, user is not getting EPM message to ask for reason. here what I did on my LAB.create on application group and added eclipse.exe in it create the rule under high flex policy , and used the group. I have placed this rule at top so that it gets enforced and not overridden by other rules . Placed it above Add Admin -High flex I have added below rulesmessage : All Message(yes/no),Access Token : Add Basic Admin Rights,Raise event : on Enabled: Enable When I am opening eclipse , by double clicking , I am getting EPM prompt asking Yes/No this is working as expected. However when I

476
J
S
BeyondTrust Employee
Stephen Langford-JonesBeyondTrust Employee
posted in Windows & MacOS
EPM-M macOS Tahoe Known issues

Given macOS Tahoe is around the corner, I thought I'd create a post to share any known issues we've found so far. We have been testing EPM with all macOS Tahoe betas which we have available to us as a member of the Apple Developer Program. During this testing, we’ve identified a few minor issues. Below, you’ll find details of the problems, workarounds (where available), and planned resolutions.Issue 1: Incorrect OS Name and Version Displayed in PM CloudDescription: In PM Cloud, the macOS Tahoe version is reported incorrectly. Where to See: Home → Computer → Details → OS → the “Name” and “Version” fields show incorrect values. Workaround: None. Resolution: This will be fixed in 25.8 release, where the OS will correctly display as macOS Tahoe (26.0).Issue 2: Refresh Button Flicker and Freeze in BT.appDescription: When users click the Refresh button in BT.app, the button flickers. If “Pending” data is present, selecting Refresh causes the dialog to become unresponsive, and the “Pending” s

170
S
BeyondTrust Employee
tclowater
BeyondTrust Employee
tclowaterBeyondTrust Employee
posted in Windows & MacOS
Bulk move computers to different computer groups with API methods

OverviewThis document provides guidance on how to use the Swagger UI for a no-code solution to moving computers to computer groups. IntroductionFor those who want to be able to bulk move computers in EPM SaaS, there is no GUI-provided way to do so. That said, we do provide the API method to assign computers to a group ID either as a one-off or in bulk via a CSV. As support will not provide break/fix support on troubleshooting code choices. The guidance here is based on using the Swagger UI provided with EPM - available with BeyondInsight on-prem, and EPM SaaS. Remember, with great API power comes with great API risks: Test. Test. Take snapshots of where things were for faster roll-back (e.g. download CVE of computers pre-change). Test before bulk moving production. Please. If the API isn’t returning the anticipated data or if the documentation is followed with challenging results? Yes, contact support. Want help structuring your code? No, that is outside the scope of support. Materials

1445
J
S
SanApprentice
posted in Windows & MacOS
Easiest way to Build custom policy for EPM Mac and Windows with parameters detailed below

Want to create 2 policies-one for Mac and one for  Windows users.Where All applications should be blocked from installation unless they're on a whitelist (using the publisher's information). However, users should still be able to change settings like Time, Region, and Network.When a user requests an application that's not on the whitelist, an email shd be sent to our Helpdesk. And a technician will then approve or deny the request.

291
J
J
JackRising Star
asked in Windows & MacOS
EPM install issue in Autopilot build since July 2025 Windows patches

Hi all, has anyone seen the following issue we have been experiencing?Autopilot pre-provisioning has problems in the final stages if the EPM agent is installed during the Hybrid build and the OS level is Windows 11 23H2 July 2025.The Avecto driver (PGDriver.sys) seems to be clashing with the Autopilot final OOBE stage preventing the device from finishing on the correct Windows logon screen

5648
M
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Sep 1 - Sep 8)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021490 - Analytics unlicensed event error - Details unavailable: Computer requires a licensed policy for event details KB0022817 - Analytics is slow or times out after upgrade to EPM Cloud 25.6 MR1

80
GloriaB
BeyondTrust Employee
D
David BubbApprentice
asked in Windows & MacOS
Agent Protection Causing Logon Performance Issues

Hi all,Has anyone else seen massive performance issues during logon with Agent Protection enabled (on Windows 11 endpoints in my case)?I have a customer that has been seeing problems for a while, and I also got my own environment set up and running in the last week and see the same thing.Basically, after a clean logon to the device (happening on multiple, not isolated to 1 or 2), it just takes forever to get a usable desktop. For me, it can take a minute or more for even the taskbar to show.To test, I created an identical EPM policy to my production policy, but with AgentProtectionState=0. When I flick my machine over to the associated Computer Group it is responsive again during logon (reboot, log on; taskbar loads almost instantly, apps load, desktop responsive…. normal operation).Running latest versions of agent and client (leveraging Package Manager for that and double-checked manually).The customer that raised it has been having issues for several months, so I feel this is a semi-

422
D
A
Anshuman PatidarNewcomer
asked in Windows & MacOS
Privilege Management Adapter install fails

getting error of failed to install performance counter while installing privilege management console adapter application. Does anyone know how to resolve this issue

264
MikeK
A
akelApprentice
asked in Windows & MacOS
Windows EPM Workstyle filter for BUILTIN\Administrator

Hi everyone! I am trying to filter a workstyle to only the built-in local admin.I dont think wildcards can be used in the SID field and using just the username is not super reliable.. but seems to be the only option...  Anyone done this and have any tips?

322
A
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Aug 25 - Sep 1)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021482 - Windows PowerShell (Admin) from start menu WinX menu does not match expected EPM-W on-demand rule KB0022376 - EPM-M limitation with Network Link Conditioner tool KB0022803 - Application definiton does not 'paste' after being successfully copied in Chrome KB0022810 - Windows Terminal prompts UAC instead of EPM-W message KB0022817 - Analytics is slow or times out after upgrade to EPM Cloud 25.6 MR1

50
GloriaB
BeyondTrust Employee
M
MichaelDVeteran
asked in Windows & MacOS
Microsoft Autopilot Release 2508 - Windows builds broken with EPMfW 24.3.334.0

Hi all -- MS released an update for Autopilot (2508) and since then, we are seeing our builds crash. If we remove EPMfW, build completes successfully. Is anyone else seeing this?  We just started seeing this on Monday, Aug. 25

995
M
J
jcundiffApprentice
asked in Windows & MacOS
Question about Beyond Trust On-Prem upgrade

Hi Everyone, We are an on-prem BeyondInsight appliance EPM customer for almost 2 years now and need to upgrade our agents as well as our server appliance.  Migrated over from Powerbroker. Someday in the future may go to cloud but not in the works yet.Currently on 23.9.225 for our agents and BI Server is at 23.1.0.2407.  I was told two different things by support, EPM support stated that the agent and server are independent of each other and can be updated separately whenever, and I was also told that the Server needed to updated first by BeyondInsight support.  Just looking for some guidance or experience on upgrading to the latest version on-prem.  We have close to 12,000 pc’s, so I would like it to go smoothly without much interruption.  Thanks for any help!

634
C
BeyondTrust Employee
R
RahulBApprentice
asked in Windows & MacOS
EPM Challenge/Response message issue with some applications for uninstallation.

Hello Everyone.This issue is related to the Challenge/Response option on the EPM message.When we enable the Challenge/Response option on the EPM message, we are not receiving the expected EPM prompt while uninstalling certain applications such as Forcepoint, Cisco, and Symantec.However, when the Challenge/Response option is not enabled, the EPM prompt appears correctly during the uninstallation process.have anyone faced the same issue? 

181
J
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Aug 18 - Aug 25)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021723 - HP PC Hardware Diagnostics prompts with UAC after EPM-W message KB0022759 - PMR Reports is missing or disappears after upgrade via BTUpdater to 25.1 KB0022795 - OneDrive errors when in EPM policy "OneDrive can't be run using full administrator rights" KB0022806 - Error upgrading EPM-W with Package Manager - Exit Code 1603, please check Installation logs. KB0022809 - EPM-W - Copy and Paste to secure location triggers UAC after upgrade to 25.4 and above

100
GloriaB
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Aug 11 - Aug 18)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022750 - How to upgrade EPM-W or EPM-M when in Pathfinder or Cloud KB0022760 - How are EPM workstyles and rules evaluated? - Examples of QuickStart policy logic KB0022763 - What is the best way to manage VDI or short lived endpoints in EPM Cloud or Pathfinder? KB0022769 - 1603 Error when upgrading via Package Manager on previously allowlisted Autodesk products KB0022778 - Poly Lens installation fails with error status 1603

120
GloriaB
BeyondTrust Employee
M
mike.wheelerApprentice
asked in Windows & MacOS
Managing Mac Local User Accounts

I’m working on a solution to onboard a local user account created during the Jamf provisioning of Mac assets to Password Safe Cloud. I have EPM-M installed on the endpoints and they are connected to Password Safe. When I run discovery scans on the endpoints, the local accounts are not discovered. I have looked over the KBs related, and nothing seems to explicitly say “Here is what you need to do” when it comes to local account management. To test, I added a test functional account to the local admin group on a test Mac. This is an Active Directory service account, and it fails to login. As far as I can tell, the account needs to actually log into the Mac in order to be locally cached and thus login as a functional account. But having to locally log into each asset is not scalable. Has anyone had success with an AD group being used for your functional account? What am I missing to complete this set up? 

563
Paul
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Aug 4 - Aug 11)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022522 - Unable to integrate AWS S3 Bucket SIEM into EPM Cloud results in error: Failed to validate Settings KB0022750 - How to upgrade EPM-W or EPM-M when in Pathfinder or Cloud KB0022754 - Package Manager not authenticating after install on macOS - Unauthorized, Invalid Request Header, 401 errors

120
GloriaB
BeyondTrust Employee
F
Firdaus JamaluddinRising Star
asked in Windows & MacOS
Question about BeyondTrust EPM On-Prem

Hi everyone,I have a question as I'm preparing for this. I've been looking into the BeyondTrust EPM on-prem solution, and it says that it pre-bundled if deployed through the UVM appliance. My question is, If I only want the on-prem EPM solution and don't want Password Safe at all, how can we achieve that? I know we can disable the Password Safe features, but that only disables the functionality, the Password Safe section still appears in the admin console. Do you have any other methods you can suggest, such as a way to completely remove or hide it? Thanks

776
MikeK
C
cmscottTrailblazer
asked in Windows & MacOS
Clear explaination on Global Priority

HelloOne feature of On-Prem EPM which I have not yet found a clear explanation in the documentation is how Global Priority actually works in on prem EPM. While I understand that it has to be configured when there is a default organization - a detailed explanation on  how it works (in relation to organizations) appears to be missing.

471
N
BeyondTrust Employee
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in Windows & MacOS
Monthly Buzz - July - Endpoint Privilege Management
Monthly Buzz - July - Endpoint Privilege Management

Hook Exclusions and Managed Hook Exclusions BeyondTrust is a Microsoft GOLD-certified ISV solutions provider and therefore must ensure that its products comply with Microsoft coding standards. BeyondTrust uses Microsoft’s only fully supported method of application hooking, a Microsoft solution called Detours (a reliable method for intercepting APIs in user mode, described here: Detours - Microsoft Research ). The product is designed to be compatible with other products that also use Detours, including some of Microsoft’s products.   What is a HookExclusion? BeyondTrust has built into its hooking technology the ability to “exclude” a process from being hooked. A common misconception about HookExclusions is that by applying an exclusion the hook is not injected into the process. This is incorrect, the EPM-W client will still inject the hook into the process, however, the hook will become dormant and will not communicate with the EPM-W service.BeyondTrust has deployed more than 4 million

450
B
Community Manager
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Jul 28 - Aug 4)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022715 - Where is the package manager adapter file downloaded from?

100
GloriaB
BeyondTrust Employee
K
KevinKApprentice
asked in Windows & MacOS
Auto Connect to Client

I just switched from a local server to a hosted solution. In the past I was able to install a Jump Client on machines and set it so I could connect without anyone accepting the connections. When I set it up not, I am missing something, and the client needs to accept before I can connect. Can someone tell me where I need to make the change so I can create a Jump Client that will allow me to connect without anyone accepting? Thanks for any help. Kevin

405
K

Badge Earners

  • 5 Courses Completed - Endpoint Privilege Management - Windows & Mac
    tverstratehas earned the badge 5 Courses Completed - Endpoint Privilege Management - Windows & Mac
  • 5 Courses Completed
    tverstratehas earned the badge 5 Courses Completed
  • BCA: Endpoint Privilege Management - Windows
    tverstratehas earned the badge BCA: Endpoint Privilege Management - Windows
  • BCA: Privileged Remote Access
    tverstratehas earned the badge BCA: Privileged Remote Access
  • BCA: Privileged Remote Access
    Dasitharanhas earned the badge BCA: Privileged Remote Access
Show all badges
Terms & ConditionsCookie settings