Install the Endpoint Privilege Management Event Parser
Pre-Installation Tasks
Accounts
Before starting the Event Parser installation, we recommend that the following accounts be created. The installation steps in subsequent sections of this guide refer to these accounts.
Accounts Required for Installation
| Name | Details | Account Type | Permissions / Rights |
|---|---|---|---|
| ERInstaller | Use this account to install the Event Parser |
Windows account |
Windows permission - Local Administrator |
Accounts Required for Runtime
| Name | Details | Account Type |
Permissions / Rights |
|---|---|---|---|
|
EventParser |
Used by the Event Parser service to connect to the BeyondTrust database and write event data |
Windows Account |
SQL Server permission - Database write access Windows group member - Event Log Readers Windows permission - Network access (for remote SQL Server instance) |
If you are using a single server, as in Deployment Option 1, then you may want to run the Endpoint Privilege Management Event Collector service as the SYSTEM account. In this case, you can specify the SYSTEM account as part of the installation.
The SQL Server configuration must have TCP/IP communications enabled to allow the Event Parser Service to submit events to the database.
Event Parser Installation
Prerequisites
To install the Privilege Management Event Parser, the MS OLE DB v19 SQL Database Driver must be installed. The driver has a dependency on both the X86 and X64 versions of the Microsoft Visual C++ 2015-2022 Redistributable v14.34 (and later). Both components must also be installed.
The Privilege Management Event Parser EXE installer checks if the correct versions of the MS OLE DB driver and VC++ redistributable are already installed. If not, the components are automatically installed by the Privilege Management Policy Editor EXE installer.
If using the MSI to install the Privilege Management Event Parser, the prerequisites need to be manually installed if they don’t already exist on the machine where the installer is being run.
Visit the following websites to install these components separately.
For more information, see:
The installation of the Microsoft Visual C++ Redistributables can require a reboot. Plan the installation accordingly.
- If using the Privilege Management Event Parser EXE to install these components: If a reboot is required, there will be one request to reboot at the end of the installation.
- If installing the X86 and X64 versions of the Microsoft Visual C++ Redistributables separately: If a reboot is required, there may be a separate reboot request at the end of each of the installations.
To install Endpoint Privilege Management Event Parser, run the installation package with an account that has Installer privileges:
Systems must be 64-bit. Run PrivilegeManagementEventParser_x64.exe
- Run the installation package.
- Click Next to continue. The License Agreement dialog box is displayed.
- After reading the license agreement, select I accept the terms in the license agreement and click Next to continue. The Destination Folder dialog box is displayed.
- To change the default installation directory click Change and select a different installation directory.
- Click Next to continue. The Database Server dialog box is displayed.
- Enter the details of the database server.
- Click Next to continue. The Event Parser Service dialog box appears.
- Select the EventParser account for the Event Parser Service. Click the Browse button to select the account if desired.
This account is added to the Event Log Readers group on the Event Collector server. It is also granted the Log on as a service right on the Event Collector server.
- Click Next to continue. The Ready to Install the Program dialog box is displayed.
- Click Install to complete the installation. The Install Shield Wizard completed dialog box is displayed.
