||July 31, 2014
• Added: Application launcher – launch any application on a local system.
• Added: Application launcher – launch any application on a bastion host / jump server.
• Added: Application security for launched applications (hash, digital signing, etc.).
• Added: Application launcher automatic application push.
• Added: Session recording for applications via bastion host / jump server.
• Added: SSH Key support for Linux/UNIX password management.
• Added: SSH Key support for Linux/UNIX application launch.
• Added: SSH proxy capability for launched applications to Linux/UNIX hosts.
• Added: Support for RDP 6.x+ fat client (support for NLA and app launching).
• Added: Tools to build and develop web login connectors.
• Added: Tools to build and develop fat client login connectors.
• Added: CLR connector capability for web only based management.
• Added: Dynamic list creation for custom account stores; website system type filters.
• Added: Added support for SHA2 SSH algorithms.
• Added: Console delegation for most functions in the administrative console (FR-345).
• Added: Database tuning options for SQL 2014.
• Added: User controllable (persistent) settings for SSH console access when using MindTerm SSH component.
• Added: Web site will recall last system type filter when logging in or navigating back to previously viewed pages.
• Added: Password change job constraint option to not allow repeated characters (FR-422).
• Added: Comment for auto-RDP and auto-SSH launch (FR-457).
• Added: More mapping options for remotely connected systems (RDP, SSH) (FR-503).
• Added: Ability to rename shared credential lists (FR-517).
• Added: Exposed Account masks management in web service (FR-522).
• Added: Pre-run notifications for scheduled jobs (FR-523).
• Added: File size limiting for File Vault in website configuration (FR-529).
• Changed: Verbiage in website delegations to match that of the selected permissions (FR-586).
• Changed: Arbitrary elevation in PowerShell used its own settings rather than global settings (FR-553).
• Changed: Removal of automatic refresh of dialog for many dialogs which did not require it (FR-559).
• Changed: Web Activity and account activity now use a consistent time zone for activity time stamps as displayed in the website.
• Changed: Restricted systems list is no longer case sensitive.
• Updated: Upgraded to IPWorks v9
• Removed: tempura.org from WCF service (FR-530).
• Fixed: Directory Services Restore Mode (DSRM) would cause asserts during password change
• Fixed: DSRM password change did not work.
• Fixed: Account rename during password change on 2008 and newer would generate errors.
• Fixed: ServiceNow! Ticket integration did not work.
• Fixed: WebSphere password changes could hang indefinitely if login password was out of synch.
• Fixed: Web Logic password changes could hang indefinitely if login password was out of synch.
• Fixed: SAP password changes could hang indefinitely if login password was out of synch.
• Fixed: MySQL accounts did not appear in the website.
• Fixed: When the website option to “Display available options” was not enabled, low powered login accounts would receive the extra permission to view password history.
• Fixed: Fixed: When the website option to “Display available options” was not enabled, low powered login accounts would receive the extra permission to view account activity.
• Fixed: The global “Recover Password” permission combined with per account delegations to “Recover Password” would grant the low powered user access to “Change” and “Remove” password options (B-673).
• Fixed: The global “Recover Password” permission combined with per management set delegations to “Recover Password” would grant the low powered user access to “Change” and “Remove” password options (B-687).
• Fixed: Opening the self-recovery permissions dialog and attempting to close the identity selection dialog without selecting an identity would cause an application crash (B-674).
• Fixed: Attempting a Cisco password change job using Telnet (rather than SSH) could cause ERPM to crash (B-676).
• Fixed: Password extension for non-Windows accounts extends beyond platform specific extension settings (B-677).
• Fixed: ERPM console incorrectly displays job type affinity for zone processors (B-678).
• Fixed: Various typos and formatting problems.
• Fixed: Component error when both a system name and NetBIOS name filter are filled out on the systems page (B-684).
• Fixed: Job set to run every N days did not retain set schedule following an interactive run (B-689).
• Fixed: Permission restriction by schedule not working as expected (B-690).
• Fixed: Low powered users without proper permission could create a shared credential list (B-692).
• Fixed: Jobs set to run after the 28th day of the month would repeatedly run in February (B-693).
• Fixed: Management of MS SQL databases using SQL Authentication where the login account included a semi-colon in the password could cause password change job operations to fail (B-695).
• Fixed: Bad Active Directory paths on management set properties would stop subsequent enumeration of Active Directory paths for the same management set (B-703).
• Fixed: Custom account store jobs break if the login account information is changed for a job (B-706).
• Fixed: Deleting self recovery rules caused asserts.
• Fixed: Exporting of encryption key via Windows REG function did not maintain proper formatting.
• Fixed: Option to use a custom schema was not remembered when using the SQL Native client (B-711).
• Fixed: SQL Server database instances were not displaying properly when using the system name filter (B-714).
• Fixed: Windows service propagation could fail if service dependency buffer size grew too large (B-716).
• Fixed: SQL Reporting Services discovery would fail when more than once instance of SSRS was present on a target systems (B-717).
• Fixed: SQL Reporting Services management would fail when more than one instance of SSRS was present on target systems (B-717).
• Fixed: Password checkout duration would use Windows platform extension setting rather than platform specific settings (B-719).
• Fixed: Using console launch impersonation when UAC was enabled could cause application crash (B-720).
||April 11, 2014
- Fixed: PowerShell CMDlet New-LSSharedCredential would report success on uploading a new shared credential even when the upload failed
- Fixed: Event Sink output to a Syslog (SIEM) system did not report a user’s login name during a login event when 2 Factor Authentication was used
- Fixed: File store could grant access to any file a user had “View” rights for if a request for a file was approved for any other file
|| October 4, 2013
- Added:Support for SQL Native Client (SQLNCLI) using ODBC. Permits use of SQL Mirroring in HA mode.
- Added: Phone Factor two factor authentication via local agent
- Added: Phone Factor two factor authentication via cloud service
- Added: SafeNet two factor authentication
- Added: Generic RADIUS support for two factor authentication
- Added: Support for SafeNet hardware security module (HSM)
- Added: Additional compliance reports to the web interface, now in parity with the console.
- Added: Additional compliance reports to the console, now in parity with the web interface.
- Added: New explicit option to define which attribute should be pulled from Active Directory when querying for systems (FR‐261).
- Added: New default page option for new users logging into the website.This is configured through the web application settings.
- Added: Option for the secure file store to pre‐define what permissions to define for a file when uploaded(FR‐508).
- Added: Option to hide password is the password recovery page until shown (FR‐476).
- Added: New response file for Palo Alto devices.
- Added: New response file for Tandem systems.
- Added: New response file for Fortigate systems.
- Added: New response file for CiscoPriv15 login accounts.
- Changed: When performing an auto‐RDP sessions via the website, the target system will go full screen to the entire desktop resolution when the full screen option is selected.
- Changed: When logging into the website and integrated authentication is enabled, website will deselect the integrated authentication automatically if a different user account name is provided in the username field.
- Changed: When configuring the web application global delegation rules,the permissions will be auto‐applied when the highlighted identity loses focus or the user clicks OK.
- Changed: Management set will automatically ignore NULL values when using a DB query to discover systems.
- Changed: Default response file now uses all types of encryption (BlowFish still not supported).
- Changed: Default response file has new settings for changing non‐enable accounts.
- Changed: Various UI elements for date/time reporting.
- Updated: RSA enVision Package includes the 6000 series event sink IDs.
- Fixed: Memory leak in data access layer that could cause the deferred processing service to stop or produce “out of resources” messages.
- Fixed:Memory leak in data access layer that could cause the web site COM object to stop or produce“out of resources” messages.
- Fixed: Memory leak in data access layer that could cause the management console to produce “out of resources” messages.
- Fixed: Per account delegations did not work for anything other than Windows or Linux systems (B‐640).
- Fixed: Website would product function block errors if ‘Block password check‐in if password is in use’ was selected and user checked in a Linux system.
- Fixed: Website would product ‘500’errors if ‘Block password check‐in if password is in use’ was selected and ‘Log all password check‐outs to system’s event log’ were selected and user checked in a Windows system (B‐651).
- Fixed: SCSM ticket integration would not always properly verify ticket status.
- Fixed: HPSM ticket integration would not always properly verify ticket status.
- Fixed: BMC ticket integration would not always properly verify ticket status.
- Fixed: ServiceNow ticket integration would not always properly verify ticket status.
- Fixed: Website deployment bug that could cause the website deployment to fail when the .net framework was not properly registered on the target web server.
- Fixed: Website verification could fail when website was installed to a virtual directory that was not the default name.
- Fixed: Various typos in the website.
- Fixed: Various typos in the management console.
- Fixed: Improper username case comparison ‐ If user logged in as user X and checked out password,then checked logged back in as User x, he could not re‐view the same password.
- Fixed: Audit Logs exported with a .asp extension instead of .zip.
- Fixed: Scheduled refresh job comments do not persist in the jobs queue dialog.
- Fixed: Checkout to Group disallows checkout extension for subsequent users.
- Fixed: Possibility for account lockout when a connection uses a cached credential for Windows authentication(different than alt‐admins or integrated authentication).
- Fixed: Checkout to Group disallows checkout extension for subsequent users.
- Fixed: SDK Login Procedure Fails When Using Integrated Authentication.
- Fixed: Password compartments cannot be edited from the dialog.
- Fixed: For compartmentalized passwords, the Show/Check in Password option for a password that is already checked out always re‐prompts the user to reenter their password recovery reason.
- Fixed: When using compartmentalization with check out to group, after the user recovers their segment of the compartmentalized password and checks it out to a group, no user can use the Extend Checkout or Check In buttons.
- Fixed: Account elevation ‐automatic de‐elevation occurs immediately when multiple zone processors are present.
- Fixed: Bug where disabled jobs could get re‐enabled.
- Fixed: Errors and asserts listed when ERPM configured with a bad AD /LDAP path.
- Fixed: Manual installation of web service had incorrect web service DLL.
- Fixed: Web.config files for web service had incorrect parameter when using SSL.
- Fixed: Numerous PowerShell CMDlets did not work.
- Fixed: Numerous web service calls did not return data as expected.
- Fixed: Web service calls to add various databases did not properly apply encryption to the password.
- Fixed: ERPM task discovery fails when target task was set to run as SYSTEM (B‐658).
- Fixed: Incorrect permissions applied when using per account permissions for multiple accounts on the same system (B‐660).
- Fixed: IPMI node would not display more than 100 devices (B‐657).
- Fixed: Built‐in administrator password change job would not rename the administrator account – when elected to do so – until after the password was changed resulting in bad information in the website(B‐654).
- Fixed: Discovery of SQL Server instances was overwriting system information which resulted in alt‐admin information being incorrect (B‐653).
- Fixed: If retry policy is set to ‘STOP’, jobs that fail will never retry (expected) and never get rescheduled for next run time (unexpected) (B‐650).
- Fixed: Shared credentials list doesn’t send email notification on password recovery (B‐649).
- Fixed: Last login column in Windows Accounts view does not sort in chronological order (B‐647).
- Fixed: App crash could occur when using alternate administrators to manage an untrusting domain (B‐642).
- Fixed: Console delegation could permit users to bypass delegation rules (B‐641).
- Fixed: IIS reset happening when managing SharePoint even if no account usage was found (B‐639).
- Fixed: Personal password store would permit empty entries to be added to the list (B‐638).
- Fixed: RADIUS authentication not working all the time (B‐636, B‐637).
- Fixed:System rename would produce asserts (B‐635).
Click This Link for Complete Revision History