Manual Deployment of Endpoint Privilege Management for Windows

Endpoint Privilege Management for Windows can optionally be deployed manually using any Windows Installer compatible third-party deployment system. The Endpoint Privilege Management for Windows package is available as both an MSI package and self-installing executable package from BeyondTrust.

Prerequisites

Endpoint Privilege Management for Windows must be installed in ePO Mode, either by selecting the Trellix ePolicy Orchestrator Integration option when installing Endpoint Privilege Management for Windows, or by using a command-line option if installing the client via a deployment system. This install additional components required to communicate with the Trellix Agent.

To install the client MSI package silently in ePO Mode, use the following command line:

MSIEXEC.exe /i PrivilegeManagementForWindows_x(XX).msi /qn EPOMODE=1

To install the client MSI package silently in ePO Mode with logging enabled:

MSIEXEC.exe /i PrivilegeManagementForWindows_x(XX).msi /qn EPOMODE=1 /sv “C:\PMFWInstallLog.txt”

To install the client executable silently in ePO Mode, use the following command line (the double quotes are required):

PrivilegeManagementForWindows_x(XX).exe /s /v" /qn EPOMODE=1"

In the command lines above, (XX) represents 86 or 64 in relation to the 32-bit or 64-bit installation, respectively.

The syntax above must be copied exactly for the install to work as designed, including all spacing.

If you are deploying Endpoint Privilege Management for Windows using Trellix ePO, then ePO Mode is automatically enabled.

Disable ePO Mode

Once installed in ePO Mode, Endpoint Privilege Management for Windows sends events to the Trellix Agent, and also raises events to the Application event log. If you want to disable ePO mode at any time, set the following registry key:

HKEY_LOCAL_MACHINE\Software\Avecto\Privilege Guard Agent\
DWORD "EPOMode"=0

To re-enable ePO Mode, set the above DWORD value to 1.