BeyondTrust requires administrative credentials

lassekivikas
New Contributor II

Hello,

I'm currently working to get BeyondTrust PAM working, and I am stuck with one thing.
Now first of all, everything works until after the PAM installation and configuration I restart the Mac.
In short version, as we are testing, he have settings that you get the PAM notification when you go System Preferences -> Energy Saver and click the lock to modify settings. When clicked OK, I get Macs own notification, requesting administrator's credentials.

This shouldn't be the case, as the PAM should exactly give this access, but as I said, the request screen is from Mac, not BeyondTrust.

The device is installed via DEP and enrolled to Jamf. I have tried to remove our configuration profiles which are our security baseline, and also tried to remove our local administrator account from the device, but still I haven't figured out why the Mac is asking the administrative accounts credentials.

I hope there is someone who could help me with this.

4 REPLIES 4

sdagley
Esteemed Contributor II

@lassekivikas How are you managing your PAM settings? Are you using the McAfee ePO system, or are you generating a static pguard.xml configuration file that you're installing with the PAM agent?

lassekivikas
New Contributor II

@sdagley We are using the static pguard.xml. I am not the one with access to the portal itself right now, it is currently with our customer.

sdagley
Esteemed Contributor II

@lassekivikas There's several possible reasons for the behavior you describe and a few of those are the license code embedded in the pguard.xml isn't valid (or present), the file permissions on the pguard.xml file aren't correct, or the agent wasn't restarted after the pguard.xml file was installed (it should take effect after restart if this was the issue however). If none of those turn out to be applicable I'd suggest you open support case with BeyondTrust, or ask in the #beyondtrust-priv-man channel in the MacAdmins Slack which has active participation from Beyond Trust staff.

lassekivikas
New Contributor II

@sdagley I have now checked the settings with BT and we haven't found anything that would give us the answer for this. At least it is positive now, that I know that the problem is somewhere within Jamf, because I tried fresh install without ADE, so just normal Mac installation. I installed all the parts of the BeyondTrust same way I have installed them, and everything works normally. Even after restarting the Mac. Like I mentioned earlier, I did remove all the configuration profiles that I thought would have some affect to it, but didn't make a difference.