|| October 4, 2013
- Added:Support for SQL Native Client (SQLNCLI) using ODBC. Permits use of SQL Mirroring in HA mode.
- Added: Phone Factor two factor authentication via local agent
- Added: Phone Factor two factor authentication via cloud service
- Added: SafeNet two factor authentication
- Added: Generic RADIUS support for two factor authentication
- Added: Support for SafeNet hardware security module (HSM)
- Added: Additional compliance reports to the web interface, now in parity with the console.
- Added: Additional compliance reports to the console, now in parity with the web interface.
- Added: New explicit option to define which attribute should be pulled from Active Directory when querying for systems (FR‐261).
- Added: New default page option for new users logging into the website.This is configured through the web application settings.
- Added: Option for the secure file store to pre‐define what permissions to define for a file when uploaded(FR‐508).
- Added: Option to hide password is the password recovery page until shown (FR‐476).
- Added: New response file for Palo Alto devices.
- Added: New response file for Tandem systems.
- Added: New response file for Fortigate systems.
- Added: New response file for CiscoPriv15 login accounts.
- Changed: When performing an auto‐RDP sessions via the website, the target system will go full screen to the entire desktop resolution when the full screen option is selected.
- Changed: When logging into the website and integrated authentication is enabled, website will deselect the integrated authentication automatically if a different user account name is provided in the username field.
- Changed: When configuring the web application global delegation rules,the permissions will be auto‐applied when the highlighted identity loses focus or the user clicks OK.
- Changed: Management set will automatically ignore NULL values when using a DB query to discover systems.
- Changed: Default response file now uses all types of encryption (BlowFish still not supported).
- Changed: Default response file has new settings for changing non‐enable accounts.
- Changed: Various UI elements for date/time reporting.
- Updated: RSA enVision Package includes the 6000 series event sink IDs.
- Fixed: Memory leak in data access layer that could cause the deferred processing service to stop or produce “out of resources” messages.
- Fixed:Memory leak in data access layer that could cause the web site COM object to stop or produce“out of resources” messages.
- Fixed: Memory leak in data access layer that could cause the management console to produce “out of resources” messages.
- Fixed: Per account delegations did not work for anything other than Windows or Linux systems (B‐640).
- Fixed: Website would product function block errors if ‘Block password check‐in if password is in use’ was selected and user checked in a Linux system.
- Fixed: Website would product ‘500’errors if ‘Block password check‐in if password is in use’ was selected and ‘Log all password check‐outs to system’s event log’ were selected and user checked in a Windows system (B‐651).
- Fixed: SCSM ticket integration would not always properly verify ticket status.
- Fixed: HPSM ticket integration would not always properly verify ticket status.
- Fixed: BMC ticket integration would not always properly verify ticket status.
- Fixed: ServiceNow ticket integration would not always properly verify ticket status.
- Fixed: Website deployment bug that could cause the website deployment to fail when the .net framework was not properly registered on the target web server.
- Fixed: Website verification could fail when website was installed to a virtual directory that was not the default name.
- Fixed: Various typos in the website.
- Fixed: Various typos in the management console.
- Fixed: Improper username case comparison ‐ If user logged in as user X and checked out password,then checked logged back in as User x, he could not re‐view the same password.
- Fixed: Audit Logs exported with a .asp extension instead of .zip.
- Fixed: Scheduled refresh job comments do not persist in the jobs queue dialog.
- Fixed: Checkout to Group disallows checkout extension for subsequent users.
- Fixed: Possibility for account lockout when a connection uses a cached credential for Windows authentication(different than alt‐admins or integrated authentication).
- Fixed: Checkout to Group disallows checkout extension for subsequent users.
- Fixed: SDK Login Procedure Fails When Using Integrated Authentication.
- Fixed: Password compartments cannot be edited from the dialog.
- Fixed: For compartmentalized passwords, the Show/Check in Password option for a password that is already checked out always re‐prompts the user to reenter their password recovery reason.
- Fixed: When using compartmentalization with check out to group, after the user recovers their segment of the compartmentalized password and checks it out to a group, no user can use the Extend Checkout or Check In buttons.
- Fixed: Account elevation ‐automatic de‐elevation occurs immediately when multiple zone processors are present.
- Fixed: Bug where disabled jobs could get re‐enabled.
- Fixed: Errors and asserts listed when ERPM configured with a bad AD /LDAP path.
- Fixed: Manual installation of web service had incorrect web service DLL.
- Fixed: Web.config files for web service had incorrect parameter when using SSL.
- Fixed: Numerous PowerShell CMDlets did not work.
- Fixed: Numerous web service calls did not return data as expected.
- Fixed: Web service calls to add various databases did not properly apply encryption to the password.
- Fixed: ERPM task discovery fails when target task was set to run as SYSTEM (B‐658).
- Fixed: Incorrect permissions applied when using per account permissions for multiple accounts on the same system (B‐660).
- Fixed: IPMI node would not display more than 100 devices (B‐657).
- Fixed: Built‐in administrator password change job would not rename the administrator account – when elected to do so – until after the password was changed resulting in bad information in the website(B‐654).
- Fixed: Discovery of SQL Server instances was overwriting system information which resulted in alt‐admin information being incorrect (B‐653).
- Fixed: If retry policy is set to ‘STOP’, jobs that fail will never retry (expected) and never get rescheduled for next run time (unexpected) (B‐650).
- Fixed: Shared credentials list doesn’t send email notification on password recovery (B‐649).
- Fixed: Last login column in Windows Accounts view does not sort in chronological order (B‐647).
- Fixed: App crash could occur when using alternate administrators to manage an untrusting domain (B‐642).
- Fixed: Console delegation could permit users to bypass delegation rules (B‐641).
- Fixed: IIS reset happening when managing SharePoint even if no account usage was found (B‐639).
- Fixed: Personal password store would permit empty entries to be added to the list (B‐638).
- Fixed: RADIUS authentication not working all the time (B‐636, B‐637).
- Fixed:System rename would produce asserts (B‐635).
||May 17, 2013
- Added: Web Service Interface, exposes hundreds of functions via SOAP & WSDL
- Added: Powershell CMDLets to make use of new web service interface and functions
- Added: Password Compartmentalization - 4-Eyes password retrieval (FR 379, 380)
- Added: Standalone zone processor installer (FR 309)
- Added: Certified McAfee EPO integration - EPO can consume information from ERPM
- Added: Certified Qualys Integration
- Added: Service Now help desk system integration - event sinks and ticket verification
- Added: Support for customized SAP database - database information not at default/expected location
- Added: Cisco node now handles VTY and alternative login credentials (FR 465)
- Added: Password check-out to a group (FR 354)
- Added: Support for SQL native client - adds support for OLEDB and high availability database mirroring (FR 441)
- Added: ObserveIT integration point within password retrieval website
- Added: Additional heartbeat monitoring to handle more RPC timeout cases for unhealthy systems
- Added: Auto-Index support for MS SQL 2012
- Added: Log archiving
- Added: Each platform now has own default password checkout limits
- Changed: TN3270 node types now use Linux logic - old answer files and process will not work
- Changed: Cached database connection handling to account for intermittent database unavailability
- Changed: Oracle password change no longer automatically attempts an account unlock; option is selected on password settings tab at job creation
- Changed: Audit logs are exported as a zip file rather than a potentially large CSV file
- Updated: Cisco node and response files to reflect new password change options
- Updated: Handling of propagation subsystem code to better handle memory leaks found in O/S stack
- Updated: Oracle connection code for better scaling
- Updated: Oracle connection pool handling
- Updated: Oracle DB algorithms to improve performance when using an Oracle backend
- Updated: Dashboards now use .NET framework 4 (do not use .NET 3.5 SP1)
- Updated: Updated license checks algorithm to improve program start time
- Updated: Handling of string replacement propagation when field became too large
- Fixed: TN3270 support was broken
- Fixed: SAP support was broken
- Fixed: Account Elevation jobs could immediately de-elevate when multiple deferred processors were active (Case 629)
- Fixed: Sybase ASE would not use a custom defined (non-default) port (Case 628)
- Fixed: Auto-SSH functionality would not work when passwords contained custom characters (Case 609)
- Fixed: Microsoft System Center Service Manager integration was not working for SCSM 2010
- Fixed: HP Service Manager integration was not working
- Fixed: File Store accessibility via SDK was not working as expected
- Fixed: IPMI scan was not properly associating credentials used during an IPMI scan when devices were found
- Fixed: IPMI did not commit IP address change when IP was changed on an existing device
- Fixed: System memory leak which led to system instability
- Fixed: System handle leak which led to system instability
- Fixed: Sorting the job queue could cause asserts
- Fixed: Function block error when checking in a non-Windows password and "Check if password in use option" enabled
- Fixed: Function block error when checking in a non-Windows password and "Log to application log if password in use option" enabled
- Fixed: Heartbeat monitor was not killing outstanding threads when enabled to do so
- Fixed: Missing SharePoint 2010 icons caused asserts in program log
- Fixed: Missing SharePoint 2010 icons orphaned elements under the "All discovered uses node" of an account
- Fixed: Account elevation comment could cause URL string to become to long and cause an operation to fail
- Fixed: Generate Stats Fullscan was not running against all DB tables
- Fixed: User supplied names for custom propagations were not persisting when propagation was created
Click This Link for Complete Revision History