# KEPM Agent Commands ### Overview This section covers all the Keeper Commander commands for managing KEPM agents. Agents are installed on endpoints and communicate with the KEPM system to enforce privilege elevation policies. These commands allow administrators to view agent status, modify agent settings, and manage resource collections associated with agents. This section supports the following commands: * [**Agent List Command**](#agent-list-command) * [**Agent Edit Command**](#agent-edit-command) * [**Agent Delete Command**](#agent-delete-command) * [**Agent Collection Command**](#agent-collection-command) ### Usage `pedm agent command [--options]` OR `pedm a command [--options]` **Alias:** `a` *** ### Agent List Command View all registered KEPM agents with their details including agent UID, machine name, deployment assignment, status, and creation date. Provides an overview of all endpoints with installed KEPM agents.
DotNet CLI **Command:** `epm-agent list` **Example**: {% code expandable="true" %} ```bash My Vault > epm-agent list ``` {% endcode %} **Command**: `epm-agent view` **Parameters**: | Parameter | Type | Required | Default | Description | | -------------- | ------ | -------- | ------- | ----------- | | *(positional)* | String | Yes | — | Agent UID. | **Examples**: {% code expandable="true" %} ```bash My Vault > epm-agent view abc123uid ``` {% endcode %}
DotNet SDK **Function:** {% code expandable="true" %} ```csharp // Get all agents IEnumerable allAgents = plugin.Agents.GetAll(); // Get a single agent by UID EpmAgent agent = plugin.Agents.GetEntity(agentUid); ``` {% endcode %}
Power Commander **Command:** `Get-KeeperEpmAgentList` **Alias**: `kepm-agent-list` **Examples**: {% code expandable="true" %} ```ps1 PS > Get-KeeperEpmAgentList AgentUid MachineName Deployment Disabled Created Modified -------- ----------- ---------- -------- ------- -------- 3rbun_JdbTQ-LewN_pwS1g 0oWfLBXW5E6ERvpSPdTmOiaZ5rl83esyiFyO-E5NRgs ServiceNow False 2026-01-28 15:07:47 2026-02-03 07:13:44 680p8dW43xugzV_YSnGncg KENzZzzdr1PUB0ktHY9lZSU3zDyBqxw5EJ2yS1WrxYw KEPM Test Team False 2026-03-13 08:32:02 2026-03-26 09:34:40 A2kT6arXQc9YP9805zPXUw OIaS7LT8dyxy53P0jCTWrY1iKr-hKUQWLHz7biBo3SU Jira PEDM Command False 2025-11-10 11:06:38 2026-01-02 05:52:40 ``` {% endcode %} **Command**: `Get-KeeperEpmAgent` **Alias**: `kepm-agent-view` **Parameters**:
ParameterDescription
-AgentUidOrNameAgent UID or machine name (case-insensitive).
**Example**: {% code expandable="true" %} ```ps1 PS > Get-KeeperEpmAgent 3rbun_JdbTQ-LewN_pwS1g Agent: 0oWfLBXW5E6ERvpSPdTmOiaZ5rl83esyiFyO-E5NRgs UID: 3rbun_JdbTQ-LewN_pwS1g Status: Active Deployment: XUflUP3Utcr4j83o8sMRKg Created: 2026-01-28 15:07:47 Modified: 2026-02-03 07:13:44 ``` {% endcode %}
Python CLI **Command:** `pedm agent list` **Aliases:** `pedm a l`, `pedm a list` **Flags:** | Flag | Description | | --------------- | ---------------------------------------------------------------- | | `-v, --verbose` | Print verbose information including active status and properties | | `--format` | Output format - json, csv, or table | | `--output` | Save output to specified file | **Example:** ``` My Vault> pedm agent list Agent UID: agent_abc123 Machine Name: SERVER-001 Deployment: Production Disabled: False Created: 2024-10-20 ```
Python SDK **Function:** ```python from keepersdk.plugins.pedm import admin_plugin plugin = admin_plugin.PedmPlugin(enterprise_loader) agent_list = plugin.agents.get_all_entities() ```
### Agent Edit Command Modify KEPM agent configuration including enabling/disabling agents or moving them between deployments. This command allows administrators to update agent settings without reinstalling the agent on the endpoint.
DotNet CLI **Command:** `epm-agent update` **Parameters**:
ParameterDescription
(positional)One or more agent UIDs.
--deploymentDeployment UID to assign the agent(s) to.
--enableon to enable, off to disable the agent(s).
**Example**: {% code expandable="true" %} ```bash My Vault > epm-agent update abc123uid --enable off ``` {% endcode %}
DotNet SDK **Function:** {% code expandable="true" %} ```csharp public async Task ModifyAgents( IEnumerable updateAgents = null, IEnumerable removeAgents = null) ``` {% endcode %}
Power Commander **Command:** `Update-KeeperEpmAgent` **Alias**: `kepm-agent-edit` **Parameters**:
ParameterDescription
-AgentUidOrNameOne or more agent UIDs or machine names (case-insensitive). Accepts pipeline input.
-DeploymentUidDeployment UID to assign the agent(s) to.
-EnableUse on or off to enable or disable the agent(s).
**Examples**: {% code expandable="true" %} ```ps1 PS > Update-KeeperEpmAgent "wnEWtpyWjypIgPNCLkzLVg" -Enable off 1 agent(s) updated. Updated: wnEWtpyWjypIgPNCLkzLVg ``` {% endcode %}
Python CLI **Command:** `pedm agent edit [agent...]` **Aliases:** `pedm a e`, `pedm a edit` **Flags:** | Flag | Description | | -------------- | ------------------------------------------- | | `--enable` | Enable or disable agents (choices: on, off) | | `--deployment` | Move agent to specified deployment UID | | `agent` | Agent UID (required, can specify multiple) | **Example:** ``` My Vault> pedm agent edit agent_abc123 --enable on --deployment prod_deploy_123 Agent updated successfully ```
Python SDK **Function:** ```python from keepersdk.plugins.pedm import admin_plugin plugin = admin_plugin.PedmPlugin(enterprise_loader) agent_id = 'agent name or uid' deployment_id = 'deployment name or id' deployment = plugin.deployments.get_entity(deployment_id) agent = plugin.agents.get_entity(agent_id) update_agents: List[admin_types.UpdateAgent] = [] update_agents.append(admin_types.UpdateAgent( agent_uid=agent.agent_uid, deployment_uid=deployment.deployment_uid, disabled=disabled, )) response = plugin.modify_agents(update_agents=update_agents) ```
### Agent Delete Command Remove one or more KEPM agents from the system. This command permanently deletes agent registrations from the KEPM management system but does not uninstall the agent software from endpoints.
DotNet CLI **Command:** `epm-agent remove` **Parameters**:
ParameterDescription
(positional)Agent UID or machine name.
**Example**: {% code expandable="true" %} ```bash My Vault > epm-agent remove abc123uid ``` {% endcode %}
DotNet SDK **Function:** {% code expandable="true" %} ```csharp public async Task ModifyAgents( IEnumerable updateAgents = null, IEnumerable removeAgents = null) ``` {% endcode %}
Power Commander **Command:** `Remove-KeeperEpmAgent` **Alias**: `kepm-agent-delete` **Parameters**:
ParameterDescription
-AgentUidOrNameAgent UID or machine name (case-insensitive).
-ForceSkip confirmation prompt before delete.
**Example**: {% code expandable="true" %} ```ps1 PS > Remove-KeeperEpmAgent -AgentUidOrName m9nS3jj77zIr2i8YrqbNow Confirm Are you sure you want to perform this action? Performing the operation "Delete" on target "agent 'Q5XrmUiehExczpCJ70_fet3JFQ3PKZyi5MoLR5QWEgM'". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y Agent 'm9nS3jj77zIr2i8YrqbNow' removed. Removed: m9nS3jj77zIr2i8YrqbNow ``` {% endcode %}
Python CLI **Command:** `pedm agent delete [agent...]` **Aliases:** `pedm a delete` **Flags:** | Flag | Description | | --------- | ------------------------------------------ | | `--force` | Do not prompt for confirmation | | `agent` | Agent UID (required, can specify multiple) | **Example:** ``` My Vault> pedm agent delete agent_old123 --force Agent deleted successfully ```
Python SDK **Function:** ```python from keepersdk.plugins.pedm import admin_plugin plugin = admin_plugin.PedmPlugin(enterprise_loader) agent_id = 'agent name or uid' agent = plugin.agents.get_entity(agent_id) response = plugin.modify_agents( remove_agents=[agent.agent_uid]) ```
### Agent Collection Command View resource collections associated with a specific agent. This command displays all resource types (OS builds, applications, user accounts, etc.) that have been discovered and registered for the agent.
DotNet CLI **Command:** `epm-agent collection` Parameters:
ParameterDescription
(positional)Agent UID.
--typeCollection type number to filter results.
--verboseShow each collection's type, UID, and decoded JSON value instead of grouped counts.
**Collection Types:** | Value | Name | | ----- | ------------- | | 0 | OS Build | | 1 | Application | | 2 | User Account | | 3 | Group Account | | 4 | OS Version | **Examples**: {% code expandable="true" %} ```bash My Vault > epm-agent collection abc123uid ``` {% endcode %}
DotNet SDK **Function:** {% code expandable="true" %} ```csharp // Get collection UIDs linked to an agent (filter by CltAgent link type) var collectionUids = plugin.CollectionLinks .GetLinksForObject(agent.AgentUid) .Where(link => link.LinkType == (int)PEDM.CollectionLinkType.CltAgent) .Select(link => link.CollectionUid); // Resolve each collection UID foreach (var uid in collectionUids) { EpmCollection collection = plugin.Collections.GetEntity(uid); // collection.CollectionType → 0=OsBuild, 1=Application, 2=UserAccount, 3=GroupAccount, 4=OsVersion // collection.CollectionData → decrypted JSON bytes } ``` {% endcode %}
Power Commander **Command:** `Get-KeeperEpmAgentCollection` **Alias**: `kepm-agent-collection` **Parameters**:
ParameterDescription
-AgentUidAgent UID or machine name.
-CollectionTypeOptional collection type number to filter results.
-CollectionVerboseShow each collection's type, UID, and decoded JSON value instead of grouped counts.
**Collection Types**: | Value | Name | | ----- | ------------- | | 0 | OS Build | | 1 | Application | | 2 | User Account | | 3 | Group Account | | 4 | OS Version | **Example**: {% code expandable="true" %} ```ps1 PS > Get-KeeperEpmAgentCollection xerWlrlsaF_YLdHDx75c-g CollectionType Count -------------- ----- OS Build (1) 1 User Account (3) 137 Group Account (4) 164 ``` {% endcode %}
Python CLI **Command:** `pedm agent collection ` **Aliases:** `pedm a c`, `pedm a collection` **Flags:** | Flag | Description | | --------------- | ----------------------------------------------------- | | `-v, --verbose` | Print verbose information including collection values | | `--type` | Filter by collection type (integer) | | `--format` | Output format - json, csv, or table | | `--output` | Save output to specified file | | `agent` | Agent UID (required) | **Example:** ``` My Vault> pedm agent collection agent_abc123 Collection Type: OS_BUILD (1) Count: 3 Collection Type: APPLICATION (2) Count: 12 ```
Python SDK **Function:** ```python from keepersdk.plugins.pedm import admin_plugin plugin = admin_plugin.PedmPlugin(enterprise_loader) agent_id = 'agent name or uid' agent = plugin.agents.get_entity(agent_id) resource_uids = {x.collection_uid for x in plugin.storage.collection_links.get_links_by_object(agent.agent_uid)} collections = [plugin.collections.get_entity(x) or x for x in resource_uids] ```
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/keeperpam/commander-sdk/keeper-commander-sdks/sdk-command-reference/pedm-commands/pedm-agent-commands.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.