Skip to main content

Hi Beyond Trust community,

I have a couple of Beyond Trust - Endpoint Privilege Management suggestions that I would like to share please:

 

We recently found many devices had become disconnected from the EPM Console due to them being deleted. This was likely due to inactivity, where many machines were built in advance of a laptop migration and kept in storage. From the machines, it was not obvious there was a problem until some devices started to show symptoms that were fixed in an earlier policy revision. When the machine is checked, it still had an old policy revision listed. This means even our latest block rules were not working on these devices.

 

To mitigate this issue, we would find the following agent features extremely useful:

Feature Request: Ability to check policy name and revision in the Windows Registry / file or WMI etc.
Reason: We can keep an active deployment that checks for the revision and if it falls behind we can have an automatic remediation.

How we are currently evaluating the issue:

We have found that if the following file has a date modified that is older that the last policy revision creation date, then it most likely has this issue:

C:\ProgramData\Avecto\IC3 Adapter\Context\ConfigurationInfo.machine

 

Feature Request: Agent command line to reconnect a computer that has been deleted from the Console without needing to reinstall it or use other tools provided by Beyond Trust.
Reason: Needing to reinstall requires the user to reboot and using additional tools adds further complications. Having the ability to run a command which recreates the computer in the console without needing to reinstall means we can automate this without reinstalling if an issue is detected.

How we are currently working around the issue:

We have a deployment which targets the devices with old ConfigurationInfo.machine files. This deployment will reinstall the agent but we have found that it is not done cleanly sometimes unless we put reboots in between. These reboots mean we need to inform the user and is not ideal.

 

Summary
The main issue we have is that we mainly work outside of the EPM Console for remediation of workstation issues (for example with SCCM or Intune), so we need the ability to evaluate and perform the repair actions without checking the console. For other applications, we have seen this kind of auto-remediation built in, but for EPM it will remain broken until it gets manually remediated.

There are already features in place to help with this. Adapter Reset Tool
https://docs.beyondtrust.com/epm-wm/docs/package-manager#why-did-an-update-not-occur-on-my-installed-package-manager
 

Check connection to the PM Cloud:
"C:\Program Files\Avecto\Privilege Guard Client\EndpointUtility.exe" /pmc /p
/P is for policy, if it can’t update or throws an error check logs etc. and use the reset tool option.

Prior to those tools, I added a registry string using the Advanced Agent Settings, and just wrote the version of the policy in that string, which could be call using a script reading the value in the registry.

This could easily be done by BT.

Then make sure you get the new idea to the ideas portal, which this is not :-)
https://beyondtrust-public.ideas.aha.io/

 

 

Hello ​@Jack,

Thank you for your feedback.

In addition to the file you reference, the PM Cloud policy upon an endpoint is stored in the below location:

 

"C:\ProgramData\Avecto\Privilege Guard\DPC Cache\Machine\PrivilegeGuardConfig.xml"

 

Whilst it does not include the policy name from EPM-C, it is the same as the policy available to download from the portal, so can be referenced for file comparison, as an example.

In regards to your second request, there is already a utility within EPM that can reset the connection between an endpoint and the Cloud portal, the Endpoint Privilege Management Adapter Reset tool and Package Manager utility; further details on this utility can be found at the below links:

https://docs.beyondtrust.com/epm-wm/docs/package-manager#windows-adapter-reset-tool 

KB0020382 - Endpoint Privilege Management Adapter Reset tool and Package Manager utility
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020382 

Finally, as per ​@Jens Hansen, I would also like to draw your attention to our Product Ideas portal, in which customers can view all currently open ideas and their status:

https://beyondtrust-public.ideas.aha.io/ 

Reply


Badge Earners

  • BCA: Password Safe
    Yuvaraj Nhas earned the badge BCA: Password Safe
  • BCA: Password Safe
    naidu_jstshas earned the badge BCA: Password Safe
  • BCA: Privileged Remote Access
    NectarNinjahas earned the badge BCA: Privileged Remote Access
  • BCIE: Password Safe
    MrMileshas earned the badge BCIE: Password Safe
  • BCA: Password Safe
    Max ForeTechhas earned the badge BCA: Password Safe
Show all badges
Terms & ConditionsCookie settings