Privilege Management Policies and Templates

Template Policies can be imported into your Privilege Management for Mac settings. You can choose to merge them into your existing policy; if not merged, the template overwrites the existing policy.

To Import a Privilege Management XML Configuration

  1. Select the Utilities node and click Import Privilege Management Policy.
  2. Browse to the location of the XML file to import.
  3. If you want to merge the imported settings with the settings already contained within the policy, check Merge imported settings. If you want to overwrite the existing policy with the imported policy, uncheck Merge imported settings.
  4. Click Load Configuration to complete the import.

Create a Privilege Management Policy

  1. Click New Policy and enter the following information:
  2. Field Meaning
    Category Select the category you want the policy to belong to. By default, this will be Policies.
    Create a policy based on this existing policy You need to base the new policy on an existing policy. BeyondTrust Privilege Management Blank Policy is supplied for this purpose. Alternatively, you choose a different policy to base the new policy on.
    Policy Name Enter a name for the new policy. This should be as descriptive as possible. You can edit it later.
    Notes Enter any notes for the policy. You can edit this later.
  3. Click OK to save your policy or Cancel to discard it. Your new policy is shown in the Policy Catalog page. The next step is to edit the policy.

For the steps to edit the policy, please see Edit Privilege Management Policies.

Edit Privilege Management Policies

On the ePO Policy Catalog page, ensure BeyondTrust Privilege Management <version number> is selected from the list of products in the Products tab. Click the Edit link for the policy you want to edit from the list.

For ePO 5.9 and earlier, in Policy Catalog, ensure BeyondTrust Privilege Management <version number> is selected from the Product dropdown and click the policy you want to edit from the list.

This takes you to the Policy Summary screen. From here you can edit any of the following components that make up a policy. You can also access the Licenses and Utilities functionality.

The Policy Summary screen, where you can access the Licenses and Utilties functions.

The Utilities button allows you to perform various tasks for all operating systems, such as importing BeyondTrust template policies.

The Licenses button allows you to view and edit the Privilege Management license keys for all operating systems.

 

Mac Policies

You can edit the following components of a policy:

  • Workstyles
  • Application Groups
  • Messages

Privilege Management for Mac Policy

A Privilege Management for Mac policy is built up with the following optional components:

  • Workstyles: A Workstyle is part of a policy. It is used to assign Application Rules for users. You can create Workstyles by using the WorkStyle Wizard or by importing them.
  • Application Groups: Application Groups are used by Workstyles to group applications together to apply certain Privilege Management for Mac behavior.
  • Messages: Messages are used by Workstyles to provide information to the end user when Privilege Management for Mac has applied certain behavior that you've defined and need to notify the end user.

After you change the policy, click Submit and then Save to save the policy. In ePO 5.10 and later, if you have McAfee Approvals workflow enabled, this workflow can be modified to change the Save button to Submit for Review based on user permissions.

Mac Policies are not applied to the root user.

BeyondTrust has produced a prebuilt QuickStart policy that is configured with Privilege Management and Application Control.