Manual Deployment of Privilege Management for Windows
Privilege Management for Windows can optionally be deployed manually using any Windows Installer compatible third-party deployment system. The Privilege Management for Windows package is available as both an MSI package and self-installing executable package from BeyondTrust.
Privilege Management for Windows must be installed in ePO Mode, either by selecting the McAfee ePolicy Orchestrator Integration option when installing Privilege Management for Windows, or by using a command-line option if installing the client via a deployment system. This install additional components required to communicate with the McAfee Agent.
To install the client MSI package silently in ePO Mode, use the following command line:
MSIEXEC.exe /i PrivilegeManagementForWindows_x(XX).msi /qn EPOMODE=1
To install the client MSI package silently in ePO Mode with logging enabled:
MSIEXEC.exe /i PrivilegeManagementForWindows_x(XX).msi /qn EPOMODE=1 /sv “C:\PMFWInstallLog.txt”
To install the client executable silently in ePO Mode, use the following command line (the double quotes are required):
PrivilegeManagementForWindows_x(XX).exe /s /v" /qn EPOMODE=1"
In the command lines above, (XX) represents 86 or 64 in relation to the 32-bit or 64-bit installation, respectively.
The syntax above must be copied exactly for the install to work as designed, including all spacing.
If you are deploying Privilege Management for Windows using McAfee ePO, then ePO Mode is automatically enabled.
Disable ePO Mode
Once installed in ePO Mode, Privilege Management for Windows sends events to the McAfee Agent, and also raises events to the Application event log. If you want to disable ePO mode at any time, set the following registry key:
HKEY_LOCAL_MACHINE\Software\Avecto\Privilege Guard Agent\
To re-enable ePO Mode, set the above DWORD value to 1.