Install the Privilege Management ePO Extension

The Privilege Management ePO Extension allows you to use McAfee ePolicy Orchestrator to manage your endpoint(s).

The Privilege Management ePO Extension is a ZIP file and includes the build number in its name. The ZIP file includes the Policy Editor and BeyondTrust Privilege Management Reporting, if you choose to configure it.

To install the Privilege Management ePO Extension extension:

Log on to McAfee ePO Orchestrator, clcik the Menu button and select Software > Extensions

  1. Log in to McAfee ePolicy Orchestrator and navigate to Menu > Software > Extensions.

 

  1. Click Install Extension in the top-left corner. The Install Extension dialog box appears.
  2. Enter or browse to the location of the Privilege Management server extension package Defendpoint_x_x_x_xx.zip and click OK.
  3. On the Install Extension summary screen, click OK in the bottom-right corner to proceed with the installation.

The BeyondTrust Privilege Management ePO Extension is now installed on your ePO server.

Configure ePO User Permission Sets

There are four permission sets in ePO by default. You can view these at Menu > User Management > Permission Sets, on the left menu. Installing the Privilege Management ePO Extension grants some privilege management permissions to the following default ePO permissions sets:

  • Executive Reviewer: Privilege Management Policy Permission: View and Change Settings

    This enables the user to access the policy catalog, but not to view or change the policy. The user requires Run permission for BeyondTrust Privilege Management under BeyondTrust Privilege Management to view policy.

  • Global Reviewer: Privilege Management Policy Permission: View Settings

    This enables the user to access the policy catalog, but not to view or change the policy. The user requires Run permission for BeyondTrust Privilege Management under BeyondTrust Privilege Management to view policy.

  • Group Admin: No Privilege Management permissions.
  • Group Reviewer: No Privilege Management permissions.

Users need to be members of the permission sets required for Privilege Management. Please refer to McAfee documentation for how to add users to permission sets.

Alternatively, you can create your own permission sets in ePO by selecting New Permission Set. After this is selected, you can name the permission set and assign users. Once you click Save, you can apply permissions.

If a user needs to view or change BeyondTrust policies, they require the Run permission for BeyondTrust Privilege Management permission under BeyondTrust Privilege Management and the View settings or View and change settings permission under BeyondTrust Privilege Management Policy.

Configure Additional Permissions

Other user permissions you, as an admin, may wish to consider granting include those below, in order to:

  • Modify deployment of the Privilege Management endpoint client
  • Access the System Tree tab
  • Edit the groups and systems within the System Tree
  • Wake and deploy agents
  • Assign policies or client tasks to a group
  • Create client tasks with the software or with the Software Catalog

To edit the permissions, navigate to Menu > User Management > Permission Sets and click the appropriate permission set in the menu on the left. Alternatively, you may create a new permission set by clicking the New Permission Set button. A list of settings you may edit appears in the right panel. Click Edit on the appropriate setting to edit it. Once finished, click Save.

McAfee Agent: Policy and McAfee Agent: Tasks

The Permission Set for the McAfee Agent

A user may need McAfee Agent permissions if they need to view or change client deployment tasks of Privilege Management for Windows or Privilege Management for Mac.

 

Systems

The Systems Permission Set

A user may need the Systems permission so they can access the System Tree tab, wake up agents, edit the groups and systems in the System Tree, and deploy agents.

 

System Tree

The Systems Tree Permission Set

A user may need the System Tree access permission if they need access to certain groups (assigning policies or client tasks to a group, for example).

 

Software and Software Catalog

User Management :: Permission Sets

A user may need the Software and Software Catalog permissions if they need to create client tasks with software.

 

User Management :: Permission Sets