Configure Privilege Management Endpoints

You need to install Privilege Management on the target operating system as well as the PMC adapter.

 

Install the Privilege Management client first and then the adapter. Failure to do so in this order results in specific events not being generated which PMC needs. Should you happen to install the client and the adapter out of order, you can restart the adapter service to force it to detect the client.

The adapters poll every 60 minutes by default. An additional delay is applied based on the CPU load of the node that the adapter is connected to. The minimum supported adapter poll time is 5 minutes.

For more information on the management of your endpoints using PMC, please see the PMC Administration Guide.

Install the Mac Adapter for PMC On-Premises

The PMC client adapter installers can be found in the AdapterInstallers folder of the PMC deployment. You need to use the Terminal to install the Mac PMC Adapter.

You can install and automatically authorize Mac machines to connect to PMC using the command line.

You must uninstall any existing PMC Mac Adapter prior to installing a new Mac adapter for PMC.

There are six parameters, two of which are optional:

  • TenantID

For more information on getting this GUID for Microsoft Azure authentication, please see Create the Microsoft Azure AD Tenant.

  • InstallationID. You get this from PMC. Click AdministrationAgent Installation. Copy the Installation ID for this script.
  • InstallationKey. You get this from PMC. Click AdministrationAgent Installation. Copy the Installation Key for this script.
  • ServiceURI. This is the URL for your PMC portal.

There is no port number or slash on the end of this URL. For example, https://test.pmc.avecto.com/ or https://test.pmc.avecto.com:8080/ will not work.

  • GroupID (Optional). If supplied, this will auto authorize the endpoint and assign it to the specified group. If that group doesn't exist the computer will remain in the pending state. You obtain this from PMC. Click the Group you want to use. The Group ID is shown in the Summary page. Copy the Group ID for this script.
  • Cacertificateid (Optional). If you are using a Root CA certificate that is trusted by a global provider, you do not need to add this parameter. If it's not, the Root CA certificate must be added to the System keychain (not Login). The Root CA certificate must also be set to Trusted in the System keychain. The SHA-1 thumbprint of the Root CA certificate is the required value for the field.

To install adapters:

Include the GroupID to automatically group and authorize the endpoint.

  1. Navigate to the location of the Adapter installer. By default, this is the AdapterInstallers folder.
  2. Mount the DMG and run the following command line from the Terminal. Once the Adapter installer launches, proceed through the installation wizard as required.

Below is an example command line. The line breaks must be removed before you run the script.

sudo /Volumes/PrivilegeManagementConsoleAdapter/install.sh tenantid="750e85d1-c851-4d56-8c76-b9566250cf1d" installationid="95a10760-2b96-4a0e-ab65-ed7a5e8f1649" installationkey="VGhpcyBzZWNyZXQgaTYzIGJlZW4gQmFzZTY0IGVuY29kZWQ=" serviceuri="https://test.ic3.avecto.com" groupid="fcc4022e-12fa-4246-87w8-0de9a1483a68" cacertificateid="b36b7345ff30aa7fb15fcd985fe2989c3e11aba7"

The computers with Privilege Management for Mac client and the PMC adapter installed with the Installation ID and Installation Key will now appear in the Computers grid in PMC.