DocumentationRelease Notes
Documentation

Configure Endpoint Privilege Management for Unix & Linux servers

Suggest Edits

Before you begin

Overview

The Endpoint Privilege Management for Unix & Linux Servers Configuration policy setting is designed to install a pb.conf file on target computers that are running Endpoint Privilege Management for Unix & Linux Servers as a Policy Server, enabling Endpoint Privilege Management for Unix & Linux Servers rules to function.

The given computer's /etc/pb.settings file determines the placement of the PowerBroker configuration policy file by using the two settings policyfile and policydir. These values indicate the file and path that the given Policy Server is configured to use for determining policy (typically /etc/pb.conf). If there is a previous file at the given location, it is backed up prior to being updated by the new policy configuration installed by Group Policy.

Prerequisites

Before Endpoint Privilege Management for Unix & Linux Servers rules can be deployed using Group Policy, you must define a Privilege Management for Unix & Linux Servers configuration file (pb.conf) that will be deployed to PB Masters.

There are several sources from which you can obtain a configuration file.

  • If you are already using Endpoint Privilege Management for Unix & Linux Servers, you can import your existing configuration file.
  • If you have not previously used Endpoint Privilege Management for Unix & Linux Servers or do not have a configuration file, you can import a copy of the default configuration file that is installed with AD Bridge. We recommend that you use this file without modification unless you are an advanced administrator of Privilege Management for Unix & Linux Servers.
  • If you are an advanced administrator of Endpoint Privilege Management for Unix & Linux Servers and familiar with Endpoint Privilege Management for Unix & Linux Servers syntax, you can import a copy of the default configuration file to serve as a template and modify it as needed to use advanced Privilege Management for Unix & Linux Servers functionality.

ℹ️

Note

If keystroke logging is enabled in an Endpoint Privilege Management for Unix & Linux Servers rule, keystrokes are logged to a separate file for each command instance. The path and file name format for these files are specified in the pb.conf file. The path and file prefix are defined in the iolog_file variable. The file name is defined by the iolog variable.

The default pb.conf file is installed in the AD Bridge software installation directory. This pb.conf file is designed to process the Endpoint Privilege Management for Unix & Linux Servers Policy Rules Data (/etc/pb/Policy.csv) that is created and maintained by the Create PowerBroker Server Policy Rules policy setting. It will apply all of the fields that the Privilege Management for Unix & Linux Servers Rule Editor supports when running on target PB Master computers.

Import a configuration file

  1. In Group Policy Management Console (GPMC), right-click an existing GPO and click Edit to open the Group Policy Management Editor.
  2. In the Group Policy Management Editor, expand Computer Configuration > Policies > Unix and Linux Settings > BeyondTrust Settings > PowerBroker Servers > PBUL Configuration.
  3. Double-click the Define PBUL Configuration file policy setting to open the Define PBUL Configuration file Properties dialog.
  4. Click Import to import a copy of an Endpoint Privilege Management for Unix & Linux Servers configuration file (pb.conf). The default pb.conf file is located in the AD Bridge software installation directory (typically C:\Program Files\BeyondTrust\PBIS\Enterprise\Resources\Configuration\pb.conf).

ℹ️

Note

You do not need to make any changes to the file. However, if you are an advanced administrator of PBUL who is familiar with PBUL syntax, you can edit the imported file on this dialog box.

  1. Optional To turn on monitoring for local pb.conf files, check the Monitor this policy setting box. If the Group Policy agent detects local tampering of the pb.conf file, audit event warnings are logged and the local file is replaced by the pb.conf file specified in this policy setting.
  2. Click OK.

ℹ️

Note

The pb.conf file that you have imported is a copy of the one installed in the AD Bridge software installation directory (typically C:\Program Files\BeyondTrust\PBIS\Enterprise\Resources\Configuration\pb.conf). If an administrator inadvertently alters the pb.conf file that has been imported, you can replace it by repeating this procedure to import a new copy of the default pb.conf file.

Updated about 1 month ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.