Install the Privilege Management ePO Extension

The Privilege Management ePO Extension allows you to use McAfee ePolicy Orchestrator to manage your endpoint(s).

The Privilege Management ePO Extension is a ZIP file and includes the build number in its name. The ZIP file includes the Policy Editor and BeyondTrust Privilege Management Reporting, if you choose to configure it.

To install the Privilege Management ePO Extension extension:

Log on to McAfee ePO Orchestrator, clcik the Menu button and select Software > Extensions

  1. Log in to McAfee ePolicy Orchestrator and navigate to Menu > Software > Extensions.

 

  1. Click Install Extension in the top-left corner. The Install Extension dialog box appears.
  2. Enter or browse to the location of the Privilege Management server extension package Defendpoint_x_x_x_xx.zip and click OK.
  3. On the Install Extension summary screen, click OK in the bottom-right corner to proceed with the installation.

The BeyondTrust Privilege Management ePO Extension is now installed on your ePO server.

Configure ePO User Permission Sets

There are four permission sets in ePO by default. You can view these at Menu > User Management > Permission Sets, on the left menu. Installing the Privilege Management ePO Extension grants some privilege management permissions to the following default ePO permissions sets:

  • Executive Reviewer: Privilege Management Policy Permission: View and Change Settings

    This enables the user to access the policy catalog, but not to view or change the policy. The user requires Run permission for BeyondTrust Privilege Management under BeyondTrust Privilege Management to view policy.

  • Global Reviewer: Privilege Management Policy Permission: View Settings

    This enables the user to access the policy catalog, but not to view or change the policy. The user requires Run permission for BeyondTrust Privilege Management under BeyondTrust Privilege Management to view policy.

  • Group Admin: No Privilege Management permissions.
  • Group Reviewer: No Privilege Management permissions.

Users need to be members of the permission sets required for Privilege Management. Please refer to McAfee documentation for how to add users to permission sets.

Alternatively, you can create your own permission sets in ePO by selecting New Permission Set. After this is selected, you can name the permission set and assign users. Once you click Save, you can apply permissions.

If a user needs to view or change BeyondTrust policies, they require the Run permission for BeyondTrust Privilege Management permission under BeyondTrust Privilege Management and the View settings or View and change settings permission under BeyondTrust Privilege Management Policy.