Upgrade Endpoint Privilege Management for Windows

The recommended order to upgrade EPM is:

• Upgrade the ePO Extension
• Install or upgrade the BT PM App
• Upgrade Endpoint Privilege Management Reporting (if in use)
• Upgrade EPM clients

If you have a requirement to upgrade BeyondTrust software in a different order, contact your BeyondTrust representative.

Upgrade the ePO Extension

When you are upgrading the extension, the newer version recognizes the existing installation and prompts you to upgrade. We recommend upgrading, as removing the installed ePO Extension deletes your settings.

To upgrade:

1. In ePO, go to Software > Extensions.
2. Upload the extension. ePO displays a message indicating the new version will replace the previous version.
3. Click OK. You do not need to restart ePO for the upgrade to take effect. Existing registered servers, client tasks, and server tasks are not affected.

Upgrade EPM Reporting (if in use)

To upgrade the Reporting database, you need to be on the server where the database is installed.

Use the following process to upgrade the Privilege Management Reporting database and event parser:

1. Stop the Trellix ePolicy Orchestrator Event Parser Service. Check that all events have finished being processed. Any events that are received after these tables are empty are queued on the ePO server until the service is restarted at the end of this process.

Query the following tables first to check that they are empty:

• dbo.Staging
• dbo.Staging_ServiceStart
• Stop
• dbo.Staging_UserLogon

Subsequently, query the following tables:

• dbo.StagingTemp
• dbo.StagingTemp_ServiceStart
• dbo.StagingTemp_ServiceStop
• dbo.StagingTemp_UserLogon

Once the tables are all empty all remaining events have been processed.

2. Disable the Copy from Staging task. The easiest way to do this is to use SQL Server Management Studio and navigate to Reporting database > Service Broker > Queues.
3. Right-click PGScheduledJobQueue and select Disable Queue.
4. Disable any of the ePO server tasks that rely on the Reporting database while you are upgrading it. For example, the Staging Server Task and Purge Server Task. These tasks will fail, as the database will be offline for a period of time.
5. Open SQL Server Reporting Configuration Manager and connect to the database. Navigate to the Reporting link and use the dropdown to delete the top level folder.
6. Run the Privilege Management database installer to upgrade the database. Ensure you point the installer to the existing database server and database name when prompted.
7. Enable any server tasks that you previously disabled, as they rely on the Reporting database.
8. Enable the Copy From Staging task. The easiest way to do this is to use SQL Server Management Server and navigate to Reporting database > Service Broker > Queues.
9. Right-click PGScheduledJobQueue and select Enable Queue.
10. Start the Trellix ePolicy Orchestrator Event Parser Service service. Any incoming events can now be processed.
11. You need to log off and on again to the ePO server to ensure the new database version is recognized. However, an ePO server restart is not required.

If you see the error message "Please stop CopyFromStaging from running before upgrading the database," make sure that no new events are being processed by querying the above tables and try again.

This upgrade path can be applied to both standalone Reporting configurations and to configurations across multiple machines.

Upgrade EPM Clients

• You can upload a newer version of the EPM client to ePO and deploy as required.
• Depending on the type of installation, a restart of the endpoint may be required. When installing in silent mode, a reboot occurs automatically.
• The ePO Extension maintains backwards compatibility with the EPM client. You can use a later version of the extension with an earlier version of the EPM client. However, not all features in the ePO Extension are supported with earlier versions of the client.