Privilege Management for Windows 22.3 Release Notes

May 5, 2022

Requirements:

  • Microsoft .NET Framework 4.0 (required to use Activity Viewer, Power Rules, PowerShell audit scripts, and PowerShell API)
  • Microsoft .NET Framework 4.8 (required to use Multifactor Authentication with an OIDC provider)
  • PowerShell 3.0 (required to use Power Rules, PowerShell audit scripts, and PowerShell API)
  • Microsoft SQL Server Compact 4.0 (required on the endpoint that will run the Activity Viewer console)
  • McAfee Agent (required if you are installing the Privilege Management client with switch EPOMODE=1)
The executable version of the client package includes all necessary prerequisites (excluding .NET Framework) and automatically installs them as necessary. If you use the MSI or ZIP package, you must manually install any necessary prerequisites.

New Features and Enhancements:

Client

  • Support for keyboard shortcuts to force policy update from the tray icon.
  • Ability to remotely and silently execute PGCaptureConfig.

Policy Editor

  • Added new Basic Admin token to provide greater control over which privileges are granted when targeting rules at actions.
  • The new Basic Admin token does not provide the following privileges: SeDebugPrivilege, SeLoadDriverPrivilege. For actions where those privileges are needed, such as installers using MSIexec, then the Full Admin token should be selected instead.

    For more information, please see KB0016757 .

Issues Resolved:

  • Resolved issue in which authorization or challenge response prompts resulted in incorrect error messages.
  • Resolved issue in which languages set up in On-Demand Rules > Configure Languages defaulted to English if English was present in the list.
  • Resolved issue in which the Defendpoint service crashed intermittently.
  • Resolved issue in which apps were unable to be run as a Password Safe domain user.
  • Resolved issue in which Privilege Management Reporting did not report on Smart Card Authorizing User when using the option "Run As Authorizing User = Yes".
  • Resolved issue with an MSIEXEC filter in an application, which was doing the opposite of the setting.
  • Resolved PKI authentication issue that caused Specified login session does not exist error.
  • Resolved issue in which some remote PowerShell commands and WMI did not work.
  • Resolved issue in which elevating applications with an admin account using smart card authentication did not display application.
  • Resolved issue in which launching dsa.msc as a designating user with smart card authentication caused mmc.exe to fault.
  • Resolved issue in which Endpoint Privilege Management Reporting did not report on Smart Card with Run As Authorizing User.

Compatibility:

  • Privilege Management Policy Editor 22.3 (recommended), 5.6+
  • Privilege Management ePO Extension 21.2 (recommended), 5.2+
  • Privilege Management Console Windows Adapter 22.3 (recommended), 21.1
  • BeyondInsight/Password Safe 22.1 (recommended), 7.2
  • McAfee Agent 5.7 (recommended), 5.6+
  • McAfee ePO Server 5.10 (recommended), 5.9

Starting with Endpoint Privilege Management for Windows 22.1, release versions will be aligned with Endpoint Privilege Management Cloud to maintain a consistent experience.

Supported Operating Systems:

  • Windows 11
    • 21H2
  • Windows 10
    • 21H2
    • 21H1
    • 20H2
    • 1909
    • LTSB 2015
    • LTSB 2016
    • LTSC 2019
  • Windows 8 / 8.1
  • Windows 7
  • Server
    • 2022
    • 2019
    • 2016
    • 2012R2
    • 2012

For more information about compatibility, please see Privilege Management for Windows and Mac: Supported Versions and Operating System Compatibility.

Notes:

  • BeyondTrust will be ending support for all new versions of Privilege Management for Windows on Windows 7, effective on our next release so that we can concentrate on providing the best possible protection on supported versions of Windows10 and 11. If you have any concerns about this course of action please get in touch via your usual contact.
  • In version 22.3, the DiagnosticsCLI.exe has been renamed to EndpointUtility.exe as we prepare for expanding the capability of the tool. If you have any custom scripts or shortcuts that reference DiagnosticsCLI.exe, these will need to be updated to the new name.
  • Endpoint Privilege Management for Windows 22.3 supports upgrades from Endpoint Privilege Management for Windows 5.2+.