Switch from PMTerminal to TPC in CyberArk by updating the ExeName at the platform level

If you’re configuring CyberArk Sentry and need to switch from PMTerminal to TPC (Terminal Protocol Connector), there’s one lean, essential adjustment you can’t skip. The move isn’t about flipping a switch in the dashboard or updating a network rule; it’s about pointing the right executable at the platform level so the system talks the new language—TCP-based terminals rather than the old PMTerminal channel. In short: to use TPC, you adjust the ExeName parameter value at the platform level.

Let me explain why this tiny setting matters and how to approach it without turning your day into a maze of clicks.

Why switch to TPC, and what changes under the hood?

• What TPC does for you. TPC is designed to handle terminal connections in a way that aligns with newer, more secure, and more scalable session workflows. If your environment demands a different terminal protocol, TPC acts like the new, supported bridge between CyberArk Sentry and the target systems. The core benefit is compatibility and future-proofing—not a cosmetic tweak.

• The role of ExeName. Think of ExeName as the label on the tool that’s allowed to forge a session. It tells the platform which executable to launch when a session starts. If PMTerminal is the current label, the platform knows to spin up the PMTerminal engine. Swap that label to the TPC engine, and the platform will initiate sessions through the Terminal Protocol Connector instead. Simple concept, powerful outcome.

What exactly should you adjust?

• The exact knob to turn is straightforward: the ExeName parameter value at the platform level. Changing this value directs CyberArk Sentry to use the TPC executable for session creation, instead of the PMTerminal one. This is the crux of enabling TPC as the primary protocol for terminal connections.

• The other options listed in the scenario don’t directly enable the protocol switch. Switching interfaces, tweaking network security settings, or reconfiguring a dashboard won’t change which connector drives the session. Those moves may be useful for other reasons, but they don’t solve the core need to point to TPC via ExeName.

Where to find and how to update ExeName safely

• Locate the right place. In the platform’s settings, you’ll look for the platform-level configuration, then drill into the ExeName field. It’s not buried in a popup; it’s a fundamental platform property. If you manage several platforms, this step applies to each one that needs to use TPC.

• Make a precise change. Replace the current executable name (for example, the one tied to PMTerminal) with the TPC executable name. If your environment uses specific versioned names or a path, keep the syntax exact to avoid startup errors.

• Validate dependencies. After you update ExeName, ensure the TPC binary is accessible from the CyberArk host, has the right permissions, and matches the expected version. If the TPC binary lives on a network share or a protected path, confirm the path is reachable by the service account CyberArk uses.

• Restart or refresh as needed. Some platforms need a service restart or at least a refresh to pick up the new ExeName. Plan a short maintenance window if you’re in a high-availability environment, and watch for any startup messages in the logs.

A quick mental model you can carry with you

• The ExeName switch is like changing the engine under the hood. The dashboard and UI remain the same, but the actual drive comes from a different connector. You don’t rewrite routes or adjust firewalls to accommodate that change; you swap the motor, then test the ride.

• It’s a single point of truth. If you have multiple platforms or multiple entry points, each platform-level ExeName needs to reflect the intended protocol. Don’t assume a global change will propagate automatically.

What to test after you make the change

• Run a controlled session. Trigger a test connection to a known target. Observe whether the session is established using the TPC path. Most logging systems will show the executable or connector used; look for indicators that mention TPC as the session initiator.

• Check for errors. If the TPC startup fails, the logs will usually tell you why—missing binaries, permission denials, or an invalid path. These messages are your friends; they point you toward the exact fix, not guesswork.

• Verify security posture. With a new connector in place, skim for any new audit events or permission checks. It’s not just about getting a session working; it’s about making sure the session adheres to your security requirements and monitoring capabilities.

• Monitor performance and reliability. A smooth tunnel is quiet; you don’t want repeated reconnects or timeouts. If you notice instability, recheck the ExeName path, dependencies, and the target’s reachability.

Common missteps to avoid

• Forgetting about other platform entries. If you deploy the change on one platform but leave others on PMTerminal, you’ll see inconsistent behavior across the environment. Apply the ExeName update consistently where needed.

• Ignoring path correctness. A small typo or an incorrect directory can derail every session. Copy-paste the exact executable name and, if possible, its full path.

• Skipping a restart. Some systems pick up the change without a full restart, but others require it. If you don’t see the effect, a graceful restart can be the missing link.

• Underestimating permissions. The TPC executable must be executable by the CyberArk service account. If the account lacks rights, you’ll get denied or failed sessions even though the path is correct.

• Overlooking version compatibility. Ensure the TPC version is compatible with your CyberArk Sentry build and the target systems. A mismatch can cause subtle failures or degraded behavior.

A relatable analogy for the nerdy moment

Imagine you’ve been using PMTerminal as the main courier to deliver commands to your servers. It’s reliable enough, but the courier network is aging, and some destinations prefer a newer, faster courier service. TPC is that upgrade. You don’t rewire the routes or rewrite your entire logistics map; you just switch the courier’s label at the hub. Once the ExeName is updated, the hub knows to dispatch packages via the new courier. It’s cleaner, it’s safer, and it’s better aligned with modern infrastructure.

If you’re juggling multiple platforms, here’s a simple, reusable approach

• Create a small change log. Note which platform had ExeName updated, the exact value set, and the date of the change.

• Validate in a staged environment first. If you have a test platform, mirror the change there before touching production.

• Build a lightweight rollback plan. Keep a copy of the original ExeName value so you can revert quickly if something unexpected happens.

• Document the rationale. A sentence or two about why you moved to TPC helps future teams understand the choice without hunting through old tickets.

Bringing it all together

To leverage TPC instead of PMTerminal, the essential move is to adjust the ExeName parameter at the platform level. This single change is the doorway to using the Terminal Protocol Connector reliably, while the rest of your CyberArk setup—UI, dashboards, and even the network rules—stays intact. It’s tempting to chase a broader change, but in this case, precision wins. A careful tweak, a quick test, and you’re set to benefit from the newer terminal protocol without a complete rebuild.

If you’re currently evaluating what to switch and when, here’s the takeaway: focus on the platform-level ExeName. It’s the lever that actually shifts the conversation from PMTerminal to TPC. Everything else can stay as is, unless you have a specific reason to revisit it. And while we’re at it, it’s worth noting that good housekeeping helps here too—consistent entries, clear documentation, and a straightforward rollback plan pay off when you’re juggling multiple platforms.

Want a practical summary to keep handy?

• Identify the platform that needs TPC.

• Update the ExeName value from the PMTerminal executable to the TPC executable.

• Ensure the TPC binary is accessible, properly permissioned, and compatible with your CyberArk version.

• Restart if required, then test a session and review logs for confirmation.

• Repeat for other platforms if needed, keeping a short audit trail.

In the end, the path to a seamless switch is straightforward: point the platform at the right executable, test, and watch the system take the new tunnel. It’s a small adjustment with a big impact, especially when you’re aiming for a clean, secure, and reliable terminal session flow. If you keep that focus, you’ll navigate the transition with confidence and clarity, no drama, just the right connector doing its job.