Troubleshoot Privilege Management for Mac
Check Privilege Management
for Mac is installed and functioning
You can confirm whether Privilege Management for Mac is running by checking the Activity Monitor for the following processes:
Check Settings are Deployed
Assuming Privilege Management
ePO policies are stored by Privilege Management as an XML file in the following location:
%ProgramData%\Avecto\Privilege Guard\ePO Cache\Machine\PrivilegeGuardConfig.xml
Check that Privilege Management is Licensed
One of the most common reasons for Privilege Management not functioning is the omission of a valid license from the Privilege Management settings. If you create multiple policies, then you must ensure that the computer or user receives at least one GPO that contains a valid license. To avoid problems, it is simpler to add a valid license to every set of Privilege Management settings that you create.
Check Workstyle Precedence
Assuming that Privilege Management is functioning and licensed, most other problems are caused by configuration problems or Workstyle precedence problems. Please be aware that if you have multiple policies, these are evaluated in alphanumeric order.
Once an application matches an Application Group entry in the Application Rules or the On-Demand Application Rules, then processing does not continue for that application. Therefore, it is vital that you order your entries correctly:
- If you create multiple Workstyles, then Workstyles higher in the list have higher precedence.
- If you have multiple rules in the Application Rules and the On-Demand Application Rules sections of a Workstyle, then entries higher in the list have higher precedence.
Application Rules are applied to applications that are launched either directly by the user or by a running process. On-Demand Application Rules are only applied to applications that are launched from the Privilege Management shell menu (if enabled).
Certificate Error in McAfee Endpoint Security (ENS)
A certificate error is shown on the endpoint in the Event Log for McAfee Endpoint Security (ENS) if Privilege Management was installed prior to McAfee Endpoint Security.
Add the Certificate for Privilege Management:
- Navigate to Policy Catalog and select McAfee Endpoint Security from the Product dropdown menu.
- In the Self Protection section, navigate to the Certificates section and check the Allow box. This allows BeyondTrust processes to be trusted.
- Click Save.
This resolves the error encountered when using BeyondTrust Privilege Management and McAfee Endpoint Security software.