Privilege Management Policies and Templates

Template Policies can be imported into your Privilege Management for Windows settings. You can choose to merge them into your existing policy; if not merged, the template overwrites the existing policy.

To Import a Privilege Management XML Configuration

  1. Select the Utilities node and click Import Privilege Management Policy.
  2. Browse to the location of the XML file to import.
  3. If you want to merge the imported settings with the settings already contained within the policy, check Merge imported settings. If you want to overwrite the existing policy with the imported policy, uncheck Merge imported settings.
  4. Click Load Configuration to complete the import.

Create a Privilege Management Policy

  1. Click New Policy and enter the following information:
    CategorySelect the category you want the policy to belong to. By default, this will be Policies.
    Create a policy based on this existing policyYou need to base the new policy on an existing policy. BeyondTrust Privilege Management Blank Policy is supplied for this purpose. Alternatively, you choose a different policy to base the new policy on.
    Policy NameEnter a name for the new policy. This should be as descriptive as possible. You can edit it later.
    NotesEnter any notes for the policy. You can edit this later.
  2. Click OK to save your policy or Cancel to discard it. Your new policy is shown in the Policy Catalog page. The next step is to edit the policy.

For the steps to edit the policy, please see Edit Privilege Management Policies.

Edit Privilege Management Policies

On the ePO Policy Catalog page, ensure BeyondTrust Privilege Management <version number> is selected from the list of products in the Products tab. Click the Edit link for the policy you want to edit from the list.

For ePO 5.9 and earlier, in Policy Catalog, ensure BeyondTrust Privilege Management <version number> is selected from the Product dropdown and click the policy you want to edit from the list.

This takes you to the Policy Summary screen. From here you can edit any of the following components that make up a policy. You can also access the Licenses and Utilities functionality.

The Policy Summary screen, where you can access the Licenses and Utilties functions.

The Utilities button allows you to perform various tasks for all operating systems, such as importing BeyondTrust template policies.

The Licenses button allows you to view and edit the Privilege Management license keys for all operating systems.


Windows Policies

You can edit the following components of a policy:

  • Workstyles
  • Application Groups
  • Messages
  • Content Groups
  • Custom Tokens

Privilege Management for Windows Policies

A Privilege Management for Windows policy is built up with the following optional components:

  • Workstyles: A Workstyle is part of a policy. It is used to assign Application Rules for users. You can create Workstyles using the WorkStyle Wizard, or you may import them.
  • Application Groups: Application Groups are used by Workstyles to group applications together to apply certain Privilege Management for Windows behavior.
  • Content Groups: Content groups are used by Workstyles to group content together to apply certain Privilege Management for Windows behavior.
  • Messages: Messages are used by Workstyles to provide information to the user when Privilege Management for Windows has applied certain behavior that you've defined and need to notify the user.
  • Custom Tokens: Custom Tokens are used by Workstyles to assign custom privileges to content or Application Groups.

After you change the policy, click Submit and then Save to save the policy. In ePO 5.10 and later, if you have Trellix Approvals workflow enabled, this workflow can be modified to change the Save button to Submit for Review based on user permissions.

BeyondTrust has produced a pre-built QuickStart policy that is configured with Privilege Management for Windows and Application Control.