Upgrade Endpoint Privilege Management for Windows

Recommended Steps

  • Step 1: Upgrade Application Groups to Match Publisher Name BeyondTrust Corporation
  • Step 2: Upgrade the Endpoint Privilege Management ePO Extension
  • Step 3: Upgrade Endpoint Privilege Management Reporting (if in use)
  • Step 4: Upgrade Endpoint Privilege Managementfor WindowsClients
  • Step 5: Delete Old Application Definitions (Upgrade from 5.4)

 

As of release 5.5, all releases of this product are signed with BeyondTrust Corporation, rather than Avecto, as the software publisher name. If prior to 5.5 you used the QuickStart Policy Template as a starting point, it is likely that your configuration includes Application Groups which target our own applications based on a publisher match to Avecto. An upgrade to 5.5 or beyond requires you to update your configuration so that it continues to match the versions of the applications and tools that you use. We recommend you add a copy of any existing application definitions that target Avecto and update those copies to target BeyondTrust Corporation instead; the presence of both sets of application definitions ensures they continue to match both new and existing versions during the implementation of 5.5. It is critical that you roll out your configuration changes before you update your Endpoint Privilege Management for Windows software to version 5.5 or later.

Step 1: Upgrade Application Groups to Match Publisher Name BeyondTrust Corporation

This section applies to upgrades to Version 5.5.

  1. Locate all Avecto matches:
    • In the policy tree, navigate to Utilities > Application Search.
    • Type Avecto into the Search applications box to filter.

Performing an application search in the Policy Catalog

  1. Create a copy of all definitions in each Application Group found that contain a publisher match on Avecto:
    • Make a note of the name of the application definition which contains a publisher match on Avecto, and click on its Application Group name in Application Search. This takes you to the Application Group.
    • Select the application definition and click Duplicate.

Duplicate the application definition found in the Application Group.

Rename one of the copies to OLD, so it’s easy to tell which to delete after the new application definitions take effect. OLD can be deleted once the 5.5 upgrade is complete.

  1. Update the new application definitions to match publisher BeyondTrust Corporation.
  2. Test the updated configuration against the new 5.5 applications.

At this point, you can continue with upgrading the remaining components.

The product code for Endpoint Privilege Management for Windows version 5 was updated from version 4. This means that the Endpoint Privilege Management ePO Extension must be upgraded before the Endpoint Privilege Management for Windows version 5 clients are installed.

ePO will not recognize Endpoint Privilege Management for Windows if you upgrade the Endpoint Privilege Management for Windows clients before the Endpoint Privilege Management ePO extension. In addition, ePO Threat events will be rejected if this order is not followed, although they can be recovered once the upgrade to the Endpoint Privilege Management ePO Extension has been completed.

Version 5 of the Endpoint Privilege Management ePO Extension is compatible with older Endpoint Privilege Management for Windows clients.

The recommended order to upgrade BeyondTrust Endpoint Privilege Management for Windows software is:

  • Upgrade the Endpoint Privilege Management ePO Extension
  • Upgrade Endpoint Privilege Management Reporting (if in use)
  • Upgrade Endpoint Privilege Management Clients

If you have a requirement to upgrade BeyondTrust software in a different order from that listed above, please contact your BeyondTrust representative.

Step 2: Upgrade the Endpoint Privilege Management ePO Extension

When you are upgrading, the newer version of the Endpoint Privilege Management ePO Extension recognizes the existing Endpoint Privilege Management ePO Extension installation and prompts you to upgrade it. We recommend upgrading, as removing the installed Endpoint Privilege Management ePO Extension deletes your settings.

To upgrade the Endpoint Privilege Management ePO Extension, you need to use ePO to install the latest extension from Software > Extensions. When you upload the new Endpoint Privilege Management ePO Extension, ePO prompts you that this newer version of the ePO Extension will replace the previous extension. Click OK to upgrade the Endpoint Privilege Management ePO Extension. You do not need to restart ePO for the upgrade to take effect. Existing registered servers, client tasks, and server tasks are not affected.

If you see an error message that states "Please stop CopyFromStaging from running before upgrading the database," make sure that no new events are being processed by querying the above tables and try again.

This upgrade path can be applied to both standalone Reporting configurations and to configurations spread over multiple machines.

Step 4: Upgrade Endpoint Privilege Management for Windows Clients

You can upload a newer version of the Endpoint Privilege Management for Windows client to ePO and deploy it as required.

Depending on the type of installation, a restart of the endpoint may be required. When installing in silent mode, a reboot occurs automatically.

The Endpoint Privilege Management ePO Extension maintains backwards compatibility with the Endpoint Privilege Management for Windows client. You can use a later version of the Endpoint Privilege Management ePO Extension with an earlier version of the Endpoint Privilege Management for Windows client. However, not all features in the Endpoint Privilege Management ePO Extension are supported with earlier versions of the client.

For more information, please see the Endpoint Privilege Management for Windows Administration Guide.

Upgrade the Reporting Database Using SQL Scripts

Use these instructions to upgrade the Endpoint Privilege Management Reporting database where you cannot use the installer or need to do a manual installation, for example, EPM in Azure. SQL scripts are provided to manage these upgrades.

To upgrade an Endpoint Privilege Management Reporting database using SQL scripts:

  1. The SQL scripts are provided as part of the Reporting installers. Alternatively, you can contact BeyondTrust Technical Support for them.

There is a README file provided in this directory to assist you.

  1. Run the following SQL query to find the current version of the database. This returns the version of the database.
    select * from DatabaseVersion

This SQL query works for Endpoint Privilege Management Reporting databases 4.5 and later.

  1. Execute the upgrade script where the name is the next version number and carry on applying these until the desired version is reached.

If your current database version is 4.3.16 and you want to upgrade to version 5.0.0, execute the following scripts in order:
  1. Script_4.5.0_Updates.sql
  2. Script_5.0.0_Updates.sql

Please check the SQL log for any errors and contact BeyondTrust Technical Support if necessary.