Skip to main content

Windows & MacOS

A localized space to talk about EPM, specifically for Windows And Mac OS's.

  • 16 Topics
  • 35 Replies
16 Topics
S
BeyondTrust Employee
Stephen Langford-JonesBeyondTrust Employee
posted in Windows & MacOS
EPM-M macOS Sequoia known issues

Hey everyone, with the official release of macOS Sequoia on September 16th, the question about Endpoint Privilege Management and macOS Sequoia support has come in. We are working hard to resolve the issues found. Below is a list of known issues for the macOS Sequoia operating system. Wrong description of endpoint in PMC as "macOS 15.0.0"The PM SaaS Adapter does not correctly identify the macOS Sequoia systems. As a result, the computer OS description will show as "macOS 15.0.0" instead of macOS Sequoia in the portal.Workaround: NoneResolution: We plan to resolve this in EPM-M 24.5 MR2, planned for late September. We are updating our adapter to send the correct description. Applications open in the backgroundApplications on Sequoia are not displayed in the foreground when the EPM-M dialog is not completed in a timely manner. We have informed Apple via Feedback Assistant and awaiting a response.Workaround: The application will launch, and the user can click on the application toolbar ico

0
S
BeyondTrust Employee
1 day ago
A
anorwoodNewcomer
asked in Windows & MacOS
Anyone working with non-persistent VMs?

Working on a solution using WMI filters and trying to test on non-persistent VMs with a test policy - but not finding the VMs are showing up under assets (under today versus last 90 days).   Names of the VMs are reused so am seeing stale instances - but not current session.   The VMs are destroyed upon log off and re-created once they are logged into again.  We currently deploy XML files with the images to ensure policies are applied immediately.  Have tried using command line updates to force check in - but perhaps there is a better way?  

1
P
BeyondTrust Employee
4 hours ago
John Trask
Community Manager
John TraskCommunity Manager
posted in Windows & MacOS
Community Sections Merged: EPM - Windows & Mac

Hi All,  We have heard your feedback and have merged the individual Windows and Mac sub-sections into one new combined Windows & MacOS sub-section. We have also created a few new Tags as well to help you classify your post.  New Tags: Windows, MacOS, Windows & MacOS Thank you all for the feedback!

5
Josh Bristow
4 hours ago
raymondus
raymondusApprentice
asked in Windows & MacOS
EPM Windows: How to target any portable apps?

Hi guys, I’ve been assigned a case to block portable apps on a Windows desktop using EPM-W. What is the best way to target any portable apps on Windows? I have a portable application (FreeCommanderPortable.exe - this is just for testing, real-world apps can be anything) with the following criteria:It has a valid digital signature The .exe file can be originated from USB stick, internet download, or file sharing The .exe file can be moved to another folder/drive It doesn’t trigger UAC when run The file name can be changed to anythingI tried creating an application group rule that targets any application ("*"), but there were many false positives, as some legitimate applications sometimes depend on each other.The best configuration I can think of is to target if the publisher or the app name contains the string 'portable'. But not all portable applications have this string (e.g., if renamed).Has anyone faced a similar scenario?

4
raymondus
8 hours ago
dan-snelson
dan-snelsonNewcomer
posted in Windows & MacOS
BeyondTrust EPM: Flexibilities

Easily assign macOS computers to a BeyondTrust Endpoint Privilege Management High, Medium or Low Workstyle Flexibility via a Jamf Pro Script ParameterWorkstyle FiltersWhile BeyondTrust Endpoint Privilege Management for Windows policy Workstyles can be filtered based on Microsoft Entra ID groups — as of this writing — macOS policy Workstyles cannot.For macOS, each users’ account must be added to an existing local group for every Mac in your fleet.Continue reading …

2
T
BeyondTrust Employee
9 hours ago
R
RJ.Apprentice
asked in Windows & MacOS
WPE policy signing (CERT_MODE=2)

Hi everyone,With ON-PREM BI/EPM-W it is my understanding that the WPE is generally planned to replace the MMC policy editor at some point, but that point hasn’t yet occurred. This is unlike PMCloud where MMC policy editor is deprecated and no longer supported.My organization uses CERT_MODE=2 to require the clients to only recognized code-signed policies. This is seen as a valuable control to reduce risks related to internal or external bad actors plausibility reverse engineering corporate policy XMLs and creating their own (overly permissive or malicious) policy.To the best of my knowledge BeyondTrust does not have a plan or timeline to add WPE-based code-signing. I figured policy signing would be added to WPE but now ~2 years after it’s introduction I see no indication of it coming.As CERT_MODE=2 only recognizes code-signed policies and WPE cannot provide code signing, this makes WPE unusable for my organization.BeyondTrust, respectfully - do you plan to add code-signing to WPE or do

2
R
1 day ago
dan-snelson
dan-snelsonNewcomer
posted in Windows & MacOS
BeyondTrust EPM: Racing Stripes

A collection of racing stripes for BeyondTrust Endpoint Privilege Management on macOS  Racing Stripes The following racing stripes proved helpful in our initial deployment and ongoing support of BeyondTrust Endpoint Privilege Management for macOS.Continue reading …

1
P
BeyondTrust Employee
1 day ago
dan-snelson
dan-snelsonNewcomer
asked in Windows & MacOS
BeyondTrust EPM: Inspector

 Leverage swiftDialog to display a user-friendly message about the health of BeyondTrust Endpoint Privilege Management for Mac, while capturing various under-the-hood settings behind-the-scenesInspirationDuring a recent case with BeyondTrust Support, we were asked to obtain the output of several elevated Terminal commands from the affected user’s Mac.Having previously written a similar solution for CrowdStrike Falcon, creating a health inspector for BeyondTrust EPM seemed like the obvious solution.Continue reading …

1
Lindsay Gallant
BeyondTrust Employee
1 day ago
M
MikeKApprentice
posted in Windows & MacOS
Leveraging EPM for elevation logs

Recently I began a to take a journey to leverage EPM as a logging method for those pesky “Workstation Admin Exceptions” for users who feel EPM agent gets in their way while doing work. Essentially, I have a policy that has everything set to Passive so that EPM can detect the elevations and log them for me, but not affect the end user’s ability to “Run as Administrator”. I am curious if anyone else has done something like this as well, and if I am going down the track.  I still have a few things to cover, but I wanted to get a feel what others have done to capture those delicate metrics to needed.

3
M
1 day ago
N
Nervous-EquivalentNewcomer
asked in Windows & MacOS
MacOS 15 - Screen & System Audio Recording

After moving to MacOS 15 I had a user notice that their Privacy and Security > Screen & System Audio Recording permissions for Microsoft Edge were disabled. This is a High Flex user, but they are unable to re-enable those permissions for Edge in the Screen & System Audio Recording settings page. They get a stock MacOS Admin prompt popup when they attempt to do so, and no record of the event in Analytics. Does anyone know how to allow High Flex users to edit settings in Privacy and Security > Screen & System Audio Recording? Edit: Not sure how to delete posts yet but turns out EPM wasn’t working at all after MacOS 15 because the admin accounts required for EPM to work were removed during the update. Repushing the client fixed the problem.

2
S
BeyondTrust Employee
1 day ago
P
postuserNewcomer
asked in Windows & MacOS
Whitelisting Onedrive & MS teams in Windows Medium Flex policy

How to whitelist the two events below on Windows Medium Flex policy?   

2
Paul
BeyondTrust Employee
1 day ago
J
JasperApprentice
asked in Windows & MacOS
iisreset.exe access denied error via elevated CMD

Anybody else encountered an issue with iisreset via commandline where the error coming up is “Access Denied” after running an elevated CMD?

8
Paul
BeyondTrust Employee
1 day ago
S
ssethurajanNewcomer
asked in Windows & MacOS
EPM-W PMC Package Manager

Are there any documentation/KB available for the mass deployment of EPM-W Package Manager?

2
N
BeyondTrust Employee
3 days ago
S
ssethurajanNewcomer
asked in Windows & MacOS
EPM-W Non Domain Joined

Does EPM-W support installing agents on non-domain joined machines?Currently, they use local personal accounts to login to the system -how to apply the policies to these specific users?

1
LukeV
BeyondTrust Employee
6 days ago
N
BeyondTrust Employee
NeilBeyondTrust Employee
posted in Windows & MacOS
Useful EPM-W Knowledgebase Articles

Hey everyone,I often find myself referring back to some of the same EPM-W KB articles over and over again, so I thought I'd share below some of my most commonly visited KBs to keep in your back pocket. EPM-W troubleshooting guide: https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0017077This one is a great starting point for any EPM-W related troubleshooting steps. EPM-W has three primary components to consider up front, each acting as a variable when troubleshooting an issue. These are:Defendpoint Service PGHook (user space) PGDriver (kernel space)While I plan to create a separate post in the future to review each of these components and what their roles are, the primary goal of this KB article is to help you with component isolation. In other words, which of the above three components is involved in the issue?If we can isolate which component of EPM is related to the issue at hand, we can focus our attention on the relevant piece and resolve the pro

1
Caleb Kershaw
BeyondTrust Employee
9 days ago
Sean Cashin
BeyondTrust Employee
Sean CashinBeyondTrust Employee
published in Windows & MacOS
BeyondTrust Quarterly Update - 2024-Q3 - Endpoint Privilege Management

Hello All,Leaning into the cliché, it’s hard to believe the year is half over already. As I'm sure is true for many of you, this has been a year of hard work and big changes at BeyondTrust. At the beginning of the year, I stepped into the role of Chief Customer Officer and welcomed both Mike Machado and Brett Thiess to the team as CISO and CMO, respectively. We also welcomed Ron Nissim and his team into the BeyondTrust family with the acquisition of Entitle, expanding BeyondTrust’s stance as an Identity Security leader! As the CCO, my passion and focus are on ensuring that our customers not only adopt but get real value from our products – securing their Identity landscape, minimizing the risk of threat actors, and limiting the blast radius of any incidents. Your thoughts and experiences are a key piece of guidance for us; from your NPS responses and feedback on your interactions with teams like support and services, to your engagement on changes we’ve made to products, we value the fe

480
Sean Cashin
BeyondTrust Employee
14 days ago

Badge Earners

  • BCIE: Privileged Remote Access
    Espihas earned the badge BCIE: Privileged Remote Access
  • BCA: Password Safe
    JesusCAhas earned the badge BCA: Password Safe
  • BCA: Password Safe
    Devon Gibsonhas earned the badge BCA: Password Safe
  • BCIE: Password Safe
    Devon Gibsonhas earned the badge BCIE: Password Safe
  • BCA: Endpoint Privilege Management - Linux
    pdannerhas earned the badge BCA: Endpoint Privilege Management - Linux
Show all badges
Terms & ConditionsCookie settings