Access the Policy Summary Screen from the Policy Catalog

To access the Policy Summary Screen, click a Privilege Management for Windows policy from the Policy Catalog home page in ePO Server 5.9 or select Edit in ePO Server 5.10.

Privilege Management for Windows policies are applied to one or more endpoints. The Policy Summary screen summarizes the number of Workstyles, Application Groups, Content Groups, Messages, and Custom Tokens in the policy. If this is a blank policy, all summaries display 0. Clicking on any of the numbers allows you to jump to that section to view and edit information within the policy.

The Policy Summary screen summarizes the number of Workstyles, Application Groups, Content Groups, Messages, and Custom Tokens in the policy.

The Utilities button allows you to perform various tasks for all operating systems, such as import BeyondTrust template policies.

The Licenses button allows you to view and edit the BeyondTrust Privilege Management license keys for all operating systems.

Policy Approval

ePO Server 5.10 introduced new functionality called Policy and Task approval.

Privilege Management ePO Extension 5.3 SR1 and later support this functionality for Privilege Management for Windows policies.

To enable the policy approval workflow, navigate to Server Settings > Approvals from the ePO server menu. Click Edit and then check the User needs approval for policy changes box and click Save. You can then use the Policy Management permission to either grant users permission to approve their own policies and others, or to ensure all policies must be approved by an ePO server administrator or a user with the appropriate permissions.

If you don't check this box, the policy approval Workflow is not enabled. This is the default behavior for ePO server 5.9 and earlier.

If you are using ePO server 5.9 or earlier, with Privilege Management ePO Extension 5.3 SR1 or later, you need to click Submit in the policy editing screens when you've made a change. Clicking Submit does not save the policy; instead, it redirects you to the Policy Summary page, where you can save your Privilege Management for Windows policy.

If you are using ePO server 5.10 or later, with Privilege Management ePO Extension 5.3 SR1 or newer, you need to click Submit in the policy editing screens when you've made a change. Clicking Submit does not save the policy, instead; it redirects you to the Policy Summary page where you can save or submit your Privilege Management for Windows policy for review depending on the ePO server Approvals setting and the permissions assigned your user.

Policy Approval Potential Scenarios

Server Settings > Approvals for Policy Changes not enabled:

All users can save their policies.

Server Settings > Approvals for Policy Changes enabled and Permission Sets > Policy Management set to Approver Permission for your user or you're an ePO Administrator:

  • You can save your policy
  • You can approve other users' policies

Server Settings > Approvals for Policy Changes enabled and Permission Sets > Policy Management set to No Permission for your user:

  • You can submit your policy for approval
  • You cannot approve other users' policies

If you are using ePO server 5.10 or later, with Privilege Management ePO Extension 5.3 GA or earlier, the Trellix policy approval process is not supported for Privilege Management for Windows policies. Click Save on the Policy Summary screen to save it.

For more information, please see Policy and Task approval feature with ePolicy Orchestrator 5.10.0.