netwrix · hilram7 · Jan 22, 2026 · Jan 9, 2026 · Jan 14, 2026 · Jan 14, 2026
@@ -0,0 +1,212 @@
+---
+description: This article describes how to boot the Endpoint Protector On-Prem appliance into recovery mode to change the epproot user password and optimize the appliance configuration for Nginx, MySQL, and PHP-FPM. These steps apply only to on-premises deployments.
+keywords:
+  - Endpoint Protector
+  - epproot password
+  - recovery mode
+  - GRUB
+  - appliance optimization
+  - Nginx
+  - MySQL
+  - PHP-FPM
+  - Ubuntu
+sidebar_label: How to Change epproot Password and Optimize Endpoint Protector On-Prem Appliance
+title: How to Change epproot Password and Optimize Endpoint Protector On-Prem Appliance
+knowledge_article_id: kA0Qk000000XXXXKAA
+products:
+  - endpoint-protector
+---
+
+| The procedures and instructions provided in this document are intended for use by experienced administrators. Proceeding with these steps is done entirely at your own risk. Netwrix is not responsible for any data loss, system instability, or other issues that may arise from following these instructions. Ensure that you have a complete backup of your system before making any changes. |
+|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+
+## Overview
+
+This article outlines the steps to boot the Endpoint Protector (EPP) On-Prem appliance into single-user (recovery) mode to change the `epproot` user password and optimize appliance performance. These steps apply only to **on-premises** deployments.  
+They do **not** work for appliances hosted in cloud environments.
+
+---
+
+## Instructions
+
+1. Go to your VM manager and **reboot** the EPP appliance.  
+   While it reboots, press the `Esc` key on your keyboard to access the **GRUB** boot menu, and select **Advanced options for Ubuntu**.
+
+   ![GRUB boot menu screenshot](./../0-images/43258ddd17f53d209349a9757595552d.png)
+
+2. Choose the first entry labeled **(recovery mode)**.
+
+   ![Recovery mode selection screenshot](./../0-images/cb6a560ea7bc3e35cd3c0a30978e4dc7.png)
+
+3. Press **Enter** when prompted.
+
+   ![Boot confirmation screenshot](./../0-images/221e2f00e49f44fffcf64957a74adf46.png)
+
+4. Change the password for the `epproot` user using the command:
+
+   ```bash
+   passwd epproot
+   ```
+
+   > **NOTE:** When requested, input the new password.
+
+5. Reboot the appliance with the command:
+
+   ```bash
+   reboot
+   ```
+
+6. Once the system restarts, connect to the appliance via **SSH** using your preferred application.
+
+7. To reduce the number of password prompts, elevate privileges to root using:
+
+   ```bash
+   sudo su
+   ```
+
+   > **NOTE:** When requested, use the password for the `epproot` user.
+
+8. Backup the **Nginx**, **MySQL**, and **PHP-FPM** configuration files:
+
+   ```bash
+   cp -p /etc/nginx/nginx.conf{,.bkp}
+   cp -p /etc/mysql/mysql.conf.d/mysqld.cnf{,.bkp}
+   cp -p /opt/alt/php56/etc/php-fpm.conf{,.bkp}
+   ```
+
+   > **NOTE:** The `{,.bkp}` syntax creates a copy of each file in the same location with `.bkp` appended, preserving metadata (permissions, ownership, and timestamps).
+
+9. Run the following command and note down the number of CPU cores and the memory assigned to the VM:
+
+   ```bash
+   htop
+   ```
+
+10. Edit the Nginx configuration file:
+
+    ```bash
+    vim /etc/nginx/nginx.conf
+    ```
+
+    - Press **Insert** to edit.  
+    - Set `worker_processes` to the number of CPU cores.  
+    - Change the values of `error_log` and `access_log` from `off` to `/dev/null`.  
+    - To save and quit, press **Esc**, type `:wq`, and press **Enter**.
+
+11. Edit the MySQL configuration file:
+
+    ```bash
+    vim /etc/mysql/mysql.conf.d/mysqld.cnf
+    ```
+
+    - Press **Insert** to edit.  
+    - Ensure or update the following parameters:
+
+      ```text
+      max_allowed_packet = 8M
+      thread_stack = 256K
+      read_buffer_size = 128K
+      read_rnd_buffer_size = 256K
+      join_buffer_size = 128K
+      key_buffer_size = 16M
+      tmp_table_size = 256M
+      sort_buffer_size = 2M
+      thread_cache_size = 64M
+      query_cache_type = 0
+      query_cache_limit = 1M
+      query_cache_size = 0
+      transaction_isolation = READ-COMMITTED
+      expire_logs_days = 5
+      max_binlog_size = 128M
+      ```
+
+    - Adjust `max_connections` based on system memory:
+
+      | **RAM** | **max_connections** |
+      |----------|---------------------|
+      | ≤4 GB    | 75                  |
+      | 8 GB     | 100                 |
+      | 16 GB    | 150                 |
+      | 32 GB    | 250                 |
+      | 64 GB    | 500                 |
+      | 128 GB   | 1000                |
+
+    - Set `innodb_buffer_pool_size` to ~60% of total memory.  
+      Example (72 GB RAM):
+
+      ```text
+      innodb_buffer_pool_size = 44236M
+      ```
+
+    - Set `innodb_log_file_size` to ~12.5% of the buffer pool size.  
+      Example (72 GB RAM):
+
+      ```text
+      innodb_log_file_size = 5G
+      ```
+
+    - Set `innodb_buffer_pool_instances` to the approximate number of gigabytes of buffer pool size.  
+      Example:
+
+      ```text
+      innodb_buffer_pool_instances = 43
+      ```
+
+    - Set `innodb_thread_concurrency` to the number of CPU cores.  
+      Example (8 cores):
+
+      ```text
+      innodb_thread_concurrency = 8
+      ```
+
+    - Ensure the following parameters exist or add them if missing:
+
+      ```text
+      innodb_file_per_table = 1
+      innodb_flush_log_at_trx_commit = 0
+      innodb_log_buffer_size = 16M
+      innodb_lock_wait_timeout = 300
+      innodb_flush_method = O_DIRECT
+      innodb_autoinc_lock_mode = 1
+      innodb_fast_shutdown = 1
+      innodb_max_purge_lag = 0
+      innodb_max_dirty_pages_pct = 60
+      ```
+
+    - To save and quit, press **Esc**, type `:wq`, and press **Enter**.
+
+12. Edit the PHP-FPM configuration file:
+
+    ```bash
+    vim /opt/alt/php56/etc/php-fpm.conf
+    ```
+
+    - Press **Insert** to edit.
+    - Update the following parameters based on total RAM:
+
+      | **Total RAM** | **pm.max_children** | **pm.start_servers** | **pm.min_spare_servers** | **pm.max_spare_servers** |
+      |---------------|--------------------|----------------------|--------------------------|--------------------------|
+      | ≤2 GB         | 10                 | 5                    | 1                        | 5                        |
+      | ≤4 GB         | 50                 | 6                    | 3                        | 8                        |
+      | ≤8 GB         | 100                | 8                    | 5                        | 12                       |
+      | ≤16 GB        | 200                | 12                   | 8                        | 20                       |
+      | ≤32 GB        | 400                | 20                   | 12                       | 40                       |
+      | ≤64 GB        | 800                | 28                   | 18                       | 70                       |
+      | ≤128 GB       | 1600               | 40                   | 28                       | 100                      |
+      | >128 GB       | Scale using the formula, then round down ~10–15% | — | — | — |
+
+    - To save and quit, press **Esc**, type `:wq`, and press **Enter**.
+
+13. Restart the services:
+
+    ```bash
+    systemctl restart nginx
+    systemctl restart mysql
+    systemctl restart alt-php56-fpm
+    ```
+
+14. If any of the services fail to start, review the relevant configuration files for errors.  
+
+    > **NOTE:** You can restore the backup files created in Step 8 if necessary.
+
+---
@@ -0,0 +1,157 @@
+---
+description: This article explains how to boot the Endpoint Protector On-Prem appliance into single-user (recovery) mode and safely expand disk space by resizing partitions and the file system after increasing virtual disk capacity.
+keywords:
+  - Endpoint Protector
+  - disk expansion
+  - increase disk space
+  - recovery mode
+  - single-user mode
+  - GRUB
+  - fdisk
+  - parted
+  - resize2fs
+  - on-prem appliance
+sidebar_label: How to Expand Disk Space on Endpoint Protector On-Prem Appliance
+title: How to Expand Disk Space on Endpoint Protector On-Prem Appliance
+knowledge_article_id: kA0Qk000000XXXXKAA
+products:
+  - endpoint-protector
+---
+
+| The procedures and instructions provided in this document are intended for use by experienced administrators. Proceeding with these steps is done entirely at your own risk. Netwrix is not responsible for any data loss, system instability, or other issues that may arise from following these instructions. Ensure that you have a complete backup of your system before making any changes. |
+|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+
+## Overview
+
+This article describes how to boot the Endpoint Protector (EPP) On-Prem appliance into **single-user (recovery) mode** and safely expand disk space after increasing the virtual disk size.  
+
+These instructions apply only to **on-premises** EPP appliances.
+
+---
+
+## Instructions
+
+1. **Shut down and increase the disk size**.
+
+   - In your VM manager, shut down the EPP virtual machine.  
+   - Increase the disk space (for example, from 100 GB to 200 GB).  
+   - Reboot the EPP appliance.  
+   - While it reboots, press the `Esc` key to open the **GRUB** boot menu, and select **Advanced options for Ubuntu**.
+
+   ![GRUB boot menu screenshot](./../0-images/43258ddd17f53d209349a9757595552d.png)
+
+2. Choose the first entry labeled **(recovery mode)**.
+
+   ![Recovery mode selection screenshot](./../0-images/cb6a560ea7bc3e35cd3c0a30978e4dc7.png)
+
+3. Press **Enter** when prompted.
+
+   ![Boot confirmation screenshot](./../0-images/221e2f00e49f44fffcf64957a74adf46.png)
+
+4. **Identify the last partition**.
+
+   Run the following command to list available partitions:
+
+   ```bash
+   fdisk -l
+   ```
+
+   Review the output and identify the **last partition** (typically `/dev/sda3` or `/dev/sda5`, depending on the server version).
+
+   ![Partition listing screenshot](./../0-images/a05c59666d4d5d06b571009b1e7309e5.png)
+
+   > **NOTE:** The last partition may vary depending on your environment.
+
+5. **Stop Endpoint Protector services**.
+
+   Stop all EPP-related services before resizing:
+
+   ```bash
+   service nginx stop
+   service cron stop
+   service mysql stop
+   service php-fpm stop
+   service alt-php56-fpm stop
+   service eppcloudsync stop
+   service awslogs stop
+   service syslog-ng stop
+   pkill -f run_workers.php
+   ```
+
+   > **NOTE:** If a service is not running, proceed to the next command.
+
+6. **Unmount the identified partition**.
+
+   ```bash
+   umount /dev/sda3
+   ```
+   or
+   ```bash
+   umount /dev/sda5
+   ```
+
+7. **Resize the partition**.
+
+   Open the partition manager:
+
+   ```bash
+   parted /dev/sda
+   ```
+
+   ![Parted utility screenshot](./../0-images/25e977352dd52f7cc1a0a099749039d7.png)
+
+   - Type `p` to display the current partition table and sizes.  
+     ![Partition table output](./../0-images/b811ee14df77d6d8e87b48fcd284db80.png)
+   - Resize the **last partition** to the maximum available space:
+     ```bash
+     resizepart 3 100%
+     ```
+     > **NOTE:** If prompted about available space, type `fix` to continue.
+   - Run `p` again to verify the new partition size:
+     ```bash
+     p
+     ```
+     ![New partition size screenshot](./../0-images/e82dd4c71e1388608816abea6c906ae2.png)
+   - Exit the partition manager:
+     ```bash
+     quit
+     ```
+   - Refresh the kernel partition table:
+     ```bash
+     partprobe
+     ```
+
+8. **Check the file system**.
+
+   Run a forced file system check (replace `sda3` with your actual partition if needed):
+
+   ```bash
+   e2fsck -f /dev/sda3
+   ```
+
+   ![Filesystem check screenshot](./../0-images/91cd45f8016ad9a0a33eed482d054fbf.png)
+
+9. **Resize the file system**.
+
+   ```bash
+   resize2fs /dev/sda3
+   ```
+
+   ![Filesystem resize screenshot](./../0-images/7aabf76b61247cd7022988b79a06e3e8.png)
+
+10. **Remount and verify disk size**.
+
+    ```bash
+    mount -a
+    df -h
+    ```
+
+    ![Disk usage check screenshot](./../0-images/866c775d49c0cbef0864bd4cf7b06015.png)
+
+11. **Restart the appliance**.
+
+    ```bash
+    reboot
+    ```
+
+    After restart, verify that the disk space increase is reflected in your EPP appliance.
@@ -14,8 +14,10 @@
         "deploy-the-client-on-macos-through-intune-with-full-disk-access.md",
         "download-the-intune-mdm-deployment-guide.md",
         "enable_full_disk_access_when_deploying_on_macos_using_kandji.md",
+        "how_to_change_root_password.md",
         "how_to_deploy_the_client_using_sccm_or_msiexec.md",
         "how_to_find_the_cososys_team_id_and_bundle_id_for_client_deployment_on_macos.md",
+        "how_to_increase_disk_space.md",
         "how_to_manually_uninstall_the_agent.md",
         "how_to_stage_the_endpoint_protector_server.md",
         "how-to-install-client-without-user-interaction.md",