Skip to main content

Is it possible to point different policy to the same endpoint if I have multiple environment? I have a Prod and a Test Environment. At the moment, I install the Production Package Manager on endpoint 1 if I want to deploy the prod policy but if I want to do a test or play around with some policies from Test environment, I have to uninstall the Prod app installed on endpoint 1 and install it the Test instance definition for the Test PkgMgr.

 

Is there an easier way to do this instead of doing the uninstall/reinstall pkg? I have seen one time from the vendor support showing me two different policies running from one machine. You can view this when you refresh your BT policy and it showed the two different Active policies at the top. I believe that would be adding the policy xml on the same folder where it sits inside the DPC Cache folder.

The EPM Client for Windows can handle multiple policies, but the only solution that would allow stacking of Policies would be if managed by GPO or BeyondInsights (on-prem), yet you can still use and apply a local, GPO policy in addition.

In the registry, this determines what policies are enabled, but not the order of how they apply.
\HKLM\SOFTWARE\Avecto\Privilege Guard Client\
PolicyEnabled REG_SZ BEYONDINSIGHT,WEBSERVICE,GPO,LOCAL,EPO

To determine what policy applies first, we need to use a similar registry. Left to right, left has first priority etc.
\HKLM\SOFTWARE\Avecto\Privilege Guard Client\
PolicyPecedence REG_SZ WEBSERVICE,LOCAL,GPO,BEYONDINSIGHT

 

If you manage your clients in PM Cloud and you want another policy to apply, just create a second group, apply the second policy to that group and move the computers from group A - B and it will get another policy.

For more info related to PolicyPrecedence use the link below.

https://docs.beyondtrust.com/epm-wm/docs/gpo-windows-policies#windows-policy-configuration-precedence

Jens


Reply