Skip to main content

Windows & MacOS

A localized space to talk about EPM, specifically for Windows And Mac OS's.

  • 131 Topics
  • 401 Replies
131 Topics
P
BeyondTrust Employee
Phillip LBeyondTrust Employee
published in Windows & MacOS
Customer Success Quarterly - 2025-Q1 - EPM

 Greetings! I'm Phillip Lehner, the Senior Director of Education at BeyondTrust, and I'm thrilled to lead our efforts in delivering exceptional learning experiences. I'm excited to share how we're elevating your journey with a new, streamlined method of accessing training: Success Included with BeyondTrust University.      At BeyondTrust University, we believe our customers deserve nothing short of excellence in the tools they use. That’s why we’ve launched 'Success Included' — to elevate your learning experience and ensure you achieve success with BeyondTrust’s solutions.  Success Included is an education program that makes foundational knowledge accessible to customers at no additional cost. It features easy-to-follow, self-paced eLearning courses that empower system administrators to configure and manage BeyondTrust products using industry best practices. Our goal is to equip learners with the knowledge needed to maximize the value of their investment with BeyondTrust. Because your

520
P
BeyondTrust Employee
A
AdamSaNewcomer
posted in Windows & MacOS
Best Practices of application policies - macOS

Hello! First time poster here, hope everyone’s doing well.I have a couple of questions regarding the macOS application policies, hopefully someone can lend me a hand and help out :) My BT EPM for Mac is currently set to ‘listening mode’ - it reports back on our users application usage [what’s installed, what’s opened, what’s being used etc.]. I want to use it to create policies on applications that should be ‘allowed’ or ‘disallowed’ based on different factors. The questions are as follows:When adding a policy based on a reported application, the in-built ‘add to policy’ button gives me two automatically assigned arguments: URI and Publisher. Could someone explain, what an URI is? Is it ok to use that as an argument regarding if an application should be allowed for usage? My first though was that it’s the applications unique ID - the bundle ID - but that’s not it after further insight. Is there a way to have an argument that uses the Bundle ID of an application? for example: com.micros

111
M
C
ChaseApprentice
posted in Windows & MacOS
EndpointUtility.exe and Trellix

Our company utilizes a full Trellix stack of products (unfortunately) in addition to Endpoint Privilege Management.  We have recently upgraded from our On-Prem ePO managed Privilege Management solution to the new SaaS PMC.  One thing we have learned is that when using the EndpointUtility.exe tool to gather logs, is that the Endpoint Utility wants to grab all of the McAfee ProgramData logs even though we have just finished fully migrating over from on-prem ePO managed to SaaS.It seems Trellix Self-Protection is causing a permissions error at the very end of the log capturing process. After working with support and confirming there is no CLI available in this tool, we are basically forced to disable all of self-protect in order to gather logs, McAfee logs at that, that aren’t even necessary.Making this post as a means to communicate our findings in case others coming from on-prem ePO to SaaS experience this problem.  It would be extremely beneficial if there were baked in CLI arguments t

153
C
B
bt101Veteran
asked in Windows & MacOS
access denied error while installing dinocapture app

Hello, I am seeing access denied error while installing below app. The policy allows child processes with Full Admin token. In EPM Analytics I see that child processes are getting the token assigned. https://www.dinolite.us/download/  Dinocapture 2.0 In Process Explorer it shows only 4 child processes. These are getting Full Admin assigned per PMC logs.I couldn’t see any processes accessing the said files from error screenshot when checked in handle.exe.Attaching the logs , in case anyone has seen similar errors in other apps and got any pointers to troubleshoot further. The install works fine with local admin user. 

193
N
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Apr 14 - Apr 21)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022205 - EPM-W MSI install command flags KB0022215 - Privilege Management for Mac client app bundle continually verifiying package

60
GloriaB
BeyondTrust Employee
M
mikey
asked in Windows & MacOS
Issues with elevating MSI's

Hello, I can start with saying that we do have a support case open at the moment. But just curious is anyone else has encountered this. After updating to 25.2.11 some MSI’s fail directly after launch or mid through the installations.  They get errors like these:2738, Could not access VBScript run time for custom action [2]. 2739, Could not access JScript run time for custom action [2].to solve this one should run regsvr32 jscript.dll or regsvr32 VBScript.dll however after installing 25.2.11 we are no longer able to edit HKEY_CURRENT_USER\Software\Classes\CLSID\{Any CLSID Folder}.If I downgrade BTPM towards 23.9.261.0 the MSI’s does not fail and im able to read the content of HKEY_CURRENT_USER\Software\Classes\CLSID\{Any CLSID Folder}.regardsMichael

26510
N
M
MichaelDRising Star
asked in Windows & MacOS
Process Start Time - Client local time and TimeZone

Question on the various times used in logging. We are sending our on-prem UVM logs to a SIEM and they are seeing a field of “TimeCreated” which is Date / Time. To confirm, is this the time of the local client when this event was created?  If so, can we have a timezone option with this? It would be very beneficial when incidents arise and we need to investigate that all of our times match up.  If not, which date/time field should be lookedat?  there are a several TimeCreate, FirstOccurence, LastOccurence  

111
MikeK
B
bt101Veteran
asked in Windows & MacOS
app parameters for PRA - BT Desktop Agent based app launch and cred injection

Hello! is there any documentation that includes example parameters/strings that should be used while launching apps using PRA BT desktop agent. Admin guide has details of configuration options but nothing further e.g. example strings. I am able to connect to RDP using first set of  credentials , at one time was able to launch web browser but later started seeing error in chat windows that says file name/path could not be found. 

181
MikeK
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Apr 7 - Apr 14)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022184 - ServiceNow ticket for JIT request does not show username in 'Caller' field KB0022206 - NVDA screen reader does not correctly activate on Secure Desktop KB0022207 - JAWS screen reader does not narrate 'Select Reason' drop-down KB0022208 - QuickStart Template Changes Regarding Microsoft Narrator KB0022209 - JAWS and NVDA screen reader compatibility with EPM-W KB0022210 - Use of .NET COR_PROFILER with EPM-W and suggested actions KB0022214 - Is Privilege Management for Windows Web Policy Editor affected by CVE-2025-24813?

50
GloriaB
BeyondTrust Employee
C
Chris MorganApprentice
asked in Windows & MacOS
Privilege Management Package Manager fails install

When trying to install Beyond Trust package manager the installer will make it to installing services and then fail / rollback all actions.We have checked the installer script and it is the same one we use as a standard, but the installer continuously fails when we try manual installation.  Has anyone else seen this or have suggestions? 

502
MikeK
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Mar 31 - Apr 7)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022167 - EPM Cloud 25.3 change - Admin role required to edit API accounts KB0022181 - Endpoint Privilege Management Cloud rules not applying when using the type criteria KB0022186 - Warning occurs when copying files to Azure File Share when EPM-W is running

180
GloriaB
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Mar 24 - Mar 31)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022121 - EPM Policy Editor issue - Opening more than one instance, or browser tab, causes it to become unresponsive KB0022135 - EPM Cloud (SaaS) client, adapter and Package Manager FAQ KB0022165 - Application group rule filter is not working for EntraID groups

150
GloriaB
BeyondTrust Employee
H
HillaryZNewcomer
asked in Windows & MacOS
PowerShell Install-Module issue

We're running BT EPM Cloud. We have some users that need to be able to install some PowerShell modules that require administrative rights. They can successfully run powershell.exe or powershell_ise.exe via the on-demand. When the run the commands for like`install-module ExchangeOnlineManagement -force -verbose`it appears to do all the file downloading of the module, but does NOT actually copy the downloaded modules into `C:\Program Files\WindowsPowerShell\Modules directory`. We have rules for allowing the various modules.For example:- Type: Executable- File/Folder Name: matches contains *powershell*.exe- Command Line: matches contains *module *ExchangeOnlineManagement*- Publisher: matches contains Microsoft Windows- Production Description: matches contains Windows PowerShell*- Application Requires Elevation (UAC) We have tried with and without the option- Treat child processes in the same way if the child process: matches <Any Application> The allowed powershell modules are in th

912
C
BeyondTrust Employee
G
GregoryApprentice
asked in Windows & MacOS
settings.json Corrupted

We have an existing script rule that uses a settings.json file. We recently noticed that any attempt to edit (download/upload) the settings.json using the Web Policy Editor corrupts the file contents. Even just downloading the file, and immediately re-uploading it causes the issue, so we know it is not related to any text editor. Any ideas on what could be the root cause or where we could find a log, etc. within BeyondInsight that might give an idea of what is going wrong?

484
C
BeyondTrust Employee
D
dennedyApprentice
asked in Windows & MacOS
Proxy PAC file for EPM-W (cloud)

Does anyone know for the proxy settings for EPM described in https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sys_kb_id=ef0fc35b47534654b77b3ddbd36d43f8 , specifically the per user section, can a URL to a PAC file be used? I saw another KB about configuring the local Windows system account to use a script based proxy. https://beyondtrustcorp.service-now.com/csm?sys_kb_id=455587d0476f02d4b77b3ddbd36d43d1&id=kb_article_view&sysparm_rank=3&sysparm_tsqueryId=e7573b9847582e5cb77b3ddbd36d439f I think we’d prefer the first one as we know it will only affect the cloud adapter and not all services running as system.

1907
Paul
BeyondTrust Employee
B
bt101Veteran
asked in Windows & MacOS
ai.exe - bad Image error Managed Hook Exclusions

Hi All, we are seeing DLL related error pop-ups on multiple machines windows 10, 11 when users try to open MS Office apps - PowerPoint, excel , word they see ai.exe - Bad Image. We have managed hook exclusion for ai.exe as well as full path:  Xyz:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AI\ai.exe.EPP agent 24.3 . Is anyone else seeing these and were able to fix it.I had posted similar error for msedgewebview2.exe We still see that error but for ai.exe with increased copilot usage a lot many users are seeing this now 

592
B
J
jbwood919Apprentice
asked in Windows & MacOS
JIT Admin request UI

It doesnt appears its possible to remove access to this from the user EPM app menu but just wanted to verify thanks.

1713
J
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Mar 10 - Mar 17)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022120 - DLL registration policies cause failures with error "The module was loaded but the call to dllregisterserver failed with error code 0x80070005" KB0022121 - EPM Policy Editor issue - Opening more than one instance, or browser tab, causes it to become unresponsive

400
GloriaB
BeyondTrust Employee
tclowater
BeyondTrust Employee
tclowaterBeyondTrust Employee
posted in Windows & MacOS
Bulk move computers to different computer groups with API methods

OverviewThis document provides guidance on how to use the Swagger UI for a no-code solution to moving computers to computer groups. IntroductionFor those who want to be able to bulk move computers in EPM SaaS, there is no GUI-provided way to do so. That said, we do provide the API method to assign computers to a group ID either as a one-off or in bulk via a CSV. As support will not provide break/fix support on troubleshooting code choices. The guidance here is based on using the Swagger UI provided with EPM - available with BeyondInsight on-prem, and EPM SaaS. Remember, with great API power comes with great API risks: Test. Test. Take snapshots of where things were for faster roll-back (e.g. download CVE of computers pre-change). Test before bulk moving production. Please. If the API isn’t returning the anticipated data or if the documentation is followed with challenging results? Yes, contact support. Want help structuring your code? No, that is outside the scope of support. Materials

634
Josh Bristow
M
MichaelDRising Star
asked in Windows & MacOS
CIS Benchmark guides?

Hi all - we are starting to align more closely with Security around our EPM solution.  Is there a hardening guide around EMPfW/M? CIS benchmarks often do this around various products (Windows, mac, ubuntu, Browers etc); is there a guide that exists around EPM?  This would help us document our defined Technical Controls more easily than going through setting by setting and also ensure we are following security best practices around EMP.  

534
Paul
BeyondTrust Employee
M
ManasviApprentice
asked in Windows & MacOS
Unable to Uninstall EPM Client

Hi Team,We are unable to uninstall EPM client on the endpoint getting an error while uninstalling the client.(Installed client using the Package Manager) Followed KB0017295 for the uninstallation process still getting the same error Is there any solution for how to uninstall client from endpoint? 

983
P
BeyondTrust Employee
P
BeyondTrust Employee
PACBeyondTrust Employee
posted in Windows & MacOS
BT25-01 advisory for EPM for Windows

Regarding CVE-2025-0889https://nvd.nist.gov/vuln/detail/CVE-2025-0889A vulnerability has been discovered in Privilege Management for Windows that allows for a local authenticated attacker to elevate privileges.Prior to 25.2, a local authenticated attacker can elevate privileges via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process. Further details about this CVE can be found here:https://www.beyondtrust.com/trust-center/security-advisories/bt25-01 There is also a Support KB, How can the BT25-01 advisory for EPM-W be addressed?, here:https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0022083 

1364
P
BeyondTrust Employee
Y
Yuvaraj NApprentice
asked in Windows & MacOS
How to block UAC prompt while installing or uninstalling an application?

We have whitelisted the applications under low flexibility. When tried to install or uninstall any whitelisted application, UAC is prompted. Suggest any step to stop UAC prompt.

684
Y
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in Windows & MacOS
Endpoint Privilege Management (Windows/Mac) - Knowledge Article Publications (Feb 24 - Mar 3)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022066 - Files able to be moved to paths not defined in EPM-W content control KB0022077 - EPM Cloud not authenticating after changing OIDC settings from Azure B2B to another provider KB0022079 - Unable to connect to Hyper-V virtual machines while using EPM-W policy KB0022084 - EPM-M JIT application request stuck in pending status

320
GloriaB
BeyondTrust Employee
MikeK
MikeKTrailblazer
posted in Windows & MacOS
EPM and Windows Autopilot

As technology advances so must we advance with it.My organization recently started down the path of Windows Autopilot for device enrollment into EntraID.Its been an interesting journey so far and we are only still in the development phase and internal closed testing. I’ve noticed a few things that might just be configurational issues with how we have Autopilot currently configured. One key thing that I’ve noticed recently was the EPM Token Elevation isn’t currently being elevated on my test system. After some googling there appears to be some enhanced lockdown and least privileged access that Autopilot does, which also affects the token elevation. I am curious what others have seen or noticed when going down this route and leveraging both systems.

732
MikeK

Badge Earners

  • BCA: Endpoint Privilege Management - Windows
    Hakasehas earned the badge BCA: Endpoint Privilege Management - Windows
  • BCA: Endpoint Privilege Management - Mac
    Hakasehas earned the badge BCA: Endpoint Privilege Management - Mac
  • BCA: Remote Support
    Hakasehas earned the badge BCA: Remote Support
  • BCA: Endpoint Privilege Management - Mac
    joselopezhas earned the badge BCA: Endpoint Privilege Management - Mac
  • BCA: Password Safe
    gnajerahas earned the badge BCA: Password Safe
Show all badges
Terms & ConditionsCookie settings