During BAU we receive tickets where policy changes are made but the user is still having issues doing x (whatever the change was) and it turns out the device is no longer syncing and therefore not receiving policy updates. This makes me think there’s probably many more out there that we don’t know about.
Are there any options when it comes to identifying devices that are no longer syncing with the cloud?
Hey Drew.
You can use the Settings under Configuration → Computer Settings → Computer Status here you can set X numbers of days before a client computer is considered Disconnected from PM Cloud.
In addition you can use the Management Rules to Archive and clean up, this would get you to the point of at least identify the client computers that has not spoken to the PM Cloud for X numbers of days.
unfortunately if the clients fails it can’t report back a status, but you likely have other tools that can be configured to check for Services Start and Stops and installed Software, that would be your cross section.
So combine client computers that have not spoken to your PM Cloud for X numbers of Days, then use your SIEM tool, or other tool to check for Services start stop in relation monitor for the “BeyondTrust Privilege Management Package Manager” AKA Package Manager Service, “BeyondTrust Privilege Management Cloud Adapter” AKA IC3Adapter and Avecto Defendpoint Service.
From here we should be able to identify what machines has a failed client, it does happen.
Consider duplicate hostname, reimaged computers, someone uninstalled etc. as a possible reason also.
Check Windows installer logs etc.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
