Manual Deployment of Endpoint Privilege Management for Windows

Endpoint Privilege Management for Windows can optionally be deployed manually using any Windows Installer compatible third party deployment system. The Endpoint Privilege Management for Windows package is available as both an MSI package and self-installing executable package, from the BeyondTrust product archive.

Prerequisites

Endpoint Privilege Management for Windows must be installed in ePO Mode, either by selecting the McAfee ePolicy Orchestrator Integration option when installing Endpoint Privilege Management for Windows, or by using a command line option if installing the client using a deployment system. This will install additional components required to communicate with the McAfee Agent.

To install the client MSI package silently in ePO Mode, use the following command line:

MSIEXEC.exe /i PrivilegeManagementForWindows_x(XX).msi /qn EPOMODE=1

To install the client MSI package silently in ePO Mode with logging enabled:

MSIEXEC.exe /i PrivilegeManagementForWindows_x(XX).msi /qn EPOMODE=1 /sv “C:\PMFWInstallLog.txt”

To install the client executable silently in ePO Mode, use the following command line (the double quotes are required):

PrivilegeManagementForWindows_x(XX).exe /s /v" /qn EPOMODE=1"

Where (XX) represents 86 or 64 in relation to the 32-bit or 64-bit installation respectively.

The syntax above must be copied exactly for the install to work as designed, including all spacing.

If you are deploying Endpoint Privilege Management for Windows using McAfee ePO, then ePO Mode is automatically enabled.

Disable ePO Mode

Once installed in ePO Mode, Endpoint Privilege Management for Windows will send events to the McAfee Agent, as well as raising events to the Application Log. If you want to disable ePO mode at any time, set the following registry key:

HKEY_LOCAL_MACHINE\Software\Avecto\Privilege Guard Agent\DWORD "EPOMode"=0

To re-enable ePO Mode, set the above DWORD value to 1.