BeyondTrust, formerly known as Bomgar, is an enterprise remote support appliance that allows the USGS Service Desk and local IT staff to provide remote support to any USGS end user as long as they have a connection to the Internet. BeyondTrust is unique in that it is capable of supporting clients who are connected to external networks such as a home or hotel network.
Establishing a BeyondTrust Representative Account
click here to close
Installing the Representative Console
Click here to download the current BeyondTrust Representative Console installer.Accept the EULA:
Enter your email address and your AD password and click Login:
Choose the appropriate installer for your platform (Windows x86, x64/Mac OSX/Linux x86, x64) from the drop-down menu and then click Download Representative Console:
As an Administrator, double-click the bomgar-rep-installer.exe installer and click Next at the welcome screen:
Accept the EULA and click Next:
Select the desired user setting and click Next:
It is recommended to install to the default folder location. Click Next:
Although optional, it is recommended to install the BeyondTrust Display Driver on the Representative Console to improve presentation performance. Click Install:
When installation completes you have the option of opening BeyondTrust immediately and running it at Startup. If you leave the Run at Startup box checked a Representative Console shortcut will be placed in the Startup folder under All Programs. Click Finish:
click here to close
Installing the Virtual Smart Card Driver
During a support session, a support representative may need to operate with administrative rights in order to effectively troubleshoot the remote computer. Within environments where security implementations require smart card use for authentication, BeyondTrust enables the representative to pass administrative credentials to the remote computer from a smart card resident on the representative’s local system. To utilize this functionality some prerequisites need to be met:
- The representative and customer computers must be running Windows 10 or newer or Server 2008R2 or newer.
- The representative’s computer must have a Bomgar virtual smart card driver installed.
- Each supported computer must have a Bomgar virtual smart card driver installed.
- Each supported computer must have the Bomgar elevation service installed.
The representative’s computer requires the Representative driver and all computers to be supported require the Customer driver. The Representative and Customer drivers cannot coexist on the same computer.
I. Manually Installing the Representative Virtual Smart Card Driver
Click here to download the current Representative virtual smart card driver installer and login with your email address and AD password.
Scroll down until you see Virtual Smart Card. Click the drop-down menu and select the VSC Representative Installer for the appropriate architecture for your workstation, then click Download Virtual Smart Card Installer:
Run the MSI installer as an Administrator on the representative’s workstation. Installation will commence:
Click Finish. It is recommended to restart the workstation:
In the list of services you will see Bomgar Representative Service now listed:
click here to close
II. Manually Installing the Customer Virtual Smart Card Driver
Click here to download the current Customer virtual smart card driver installer and login with your email address and AD password.
Scroll down until you see Virtual Smart Card. Click the drop-down menu and select the VSC Customer Installer for the appropriate architecture for your workstation, then click Download Virtual Smart Card Installer:
Run the MSI installer as an Administrator on the customer’s workstation. Installation will commence:
Click Finish. It is recommended to restart the workstation:
In the list of services you will see Bomgar Customer Service now listed:
click here to close
III. Deploying the Representative or Customer Virtual Smart Card Driver Using MECM
The Service Desk has worked with BWTST to create generic MECM packages for the versions of the Bomgar Elevation Service and Virtual Smart Card drivers to be used in production. As new versions of the Bomgar software is released, the Service Desk will update the source files for these packages and send an email to Tier 3 MECM administrators notifying them of the new versions. Tier 3 administrators can then re-run the advertisement to deploy the latest versions. Click here for more information on creating advertisements in MECM for these BeyondTrust packages.
Reminder – only the Customer or the Representative smart card driver may be installed on a computer at any given time; both cannot be installed at the same time.
click here to close
click here to close
Using a Virtualized Smart Card
Begin a screen sharing session, and then click the Smart Card button to access a drop-down of available smart card readers on your system.
If the smart card button does not appear in the screen sharing tool bar, make sure the representative smart card service is running on your local computer. If the smart card button is present but disabled, make sure the customer smart card service is running on the remote computer:
Select the reader you would like to share with the remote computer by clicking on it. Once the reader has been virtualized on the remote system, a message indicating that you have shared this reader is logged in the chat window. The smart card in the selected reader is now available to use on the remote computer, just as if it were physically present on the system being supported:
To disconnect a reader from a sharing session, simply click it again. The blue dot next to the reader will disappear indicating the reader has been disconnected:
click here to close
Automatic Elevation Service
By default, support sessions are created in a least privilege mode. This can cause issues when the support representative attempts to perform an administrative action because the User Account Control (UAC) prompt will be inaccessible from the representative console. The support session must be switched to elevated mode to allow the representative access to the UAC prompt. The Automatic Elevation Service (AES) facilitates this process for both the representative and the customer, and is now a built-in feature of Jump Clients. Separate installations of the AES and maintaining a registry hash are no longer required.
To initiate elevation from a screen sharing session, click the elevation button:
(Please note: the elevation button will not be available if the client computer also has the BeyondTrust representative console installed.)
The message below will appear after which elevation will occur:
click here to close
Enter your email address and your AD password and click Login:
Choose the appropriate installer for your platform (Windows x86, x64/Mac OSX/Linux x86, x64) from the drop-down menu and then click Download Representative Console:
As an Administrator, double-click the bomgar-rep-installer.exe installer and click Next at the welcome screen:
Accept the EULA and click Next:
Select the desired user setting and click Next:
It is recommended to install to the default folder location. Click Next:
Although optional, it is recommended to install the BeyondTrust Display Driver on the Representative Console to improve presentation performance. Click Install:
When installation completes you have the option of opening BeyondTrust immediately and running it at Startup. If you leave the Run at Startup box checked a Representative Console shortcut will be placed in the Startup folder under All Programs. Click Finish:
click here to close
- The representative and customer computers must be running Windows 10 or newer or Server 2008R2 or newer.
- The representative’s computer must have a Bomgar virtual smart card driver installed.
- Each supported computer must have a Bomgar virtual smart card driver installed.
- Each supported computer must have the Bomgar elevation service installed.
Click here to download the current Representative virtual smart card driver installer and login with your email address and AD password.
Scroll down until you see Virtual Smart Card. Click the drop-down menu and select the VSC Representative Installer for the appropriate architecture for your workstation, then click Download Virtual Smart Card Installer:
Run the MSI installer as an Administrator on the representative’s workstation. Installation will commence:
Click Finish. It is recommended to restart the workstation:
In the list of services you will see Bomgar Representative Service now listed:
click here to close
Click here to download the current Customer virtual smart card driver installer and login with your email address and AD password.
Scroll down until you see Virtual Smart Card. Click the drop-down menu and select the VSC Customer Installer for the appropriate architecture for your workstation, then click Download Virtual Smart Card Installer:
Run the MSI installer as an Administrator on the customer’s workstation. Installation will commence:
Click Finish. It is recommended to restart the workstation:
In the list of services you will see Bomgar Customer Service now listed:
click here to close
The Service Desk has worked with BWTST to create generic MECM packages for the versions of the Bomgar Elevation Service and Virtual Smart Card drivers to be used in production. As new versions of the Bomgar software is released, the Service Desk will update the source files for these packages and send an email to Tier 3 MECM administrators notifying them of the new versions. Tier 3 administrators can then re-run the advertisement to deploy the latest versions. Click here for more information on creating advertisements in MECM for these BeyondTrust packages.
click here to close
Select the reader you would like to share with the remote computer by clicking on it. Once the reader has been virtualized on the remote system, a message indicating that you have shared this reader is logged in the chat window. The smart card in the selected reader is now available to use on the remote computer, just as if it were physically present on the system being supported:
To disconnect a reader from a sharing session, simply click it again. The blue dot next to the reader will disappear indicating the reader has been disconnected:
click here to close
By default, support sessions are created in a least privilege mode. This can cause issues when the support representative attempts to perform an administrative action because the User Account Control (UAC) prompt will be inaccessible from the representative console. The support session must be switched to elevated mode to allow the representative access to the UAC prompt. The Automatic Elevation Service (AES) facilitates this process for both the representative and the customer, and is now a built-in feature of Jump Clients. Separate installations of the AES and maintaining a registry hash are no longer required.
To initiate elevation from a screen sharing session, click the elevation button:
(Please note: the elevation button will not be available if the client computer also has the BeyondTrust representative console installed.)
The message below will appear after which elevation will occur:
click here to close