Secret Server

6.2.000013

Main Focus: Bug fixes

• Fixed bug where Folders would not be visible in Unlimited Admin Mode.
• Fixed bug when adding a new domain with a non-Administrator account.
• Fixed bug that caused Active Directory synchronization to crash if an AD user could not be accessed.
• Fixed bug that would enable an AD user that was disabled in AD but not in synch group.
• Fixed bug related to Remember Me value and Inactivity Timeout.

6.2.000012

Main Focus: Responding to customer requests

• Added support for child domain users being members in parent domain groups.
• Remote Desktop Preferences for the Launcher
  • Copy to clipboard, admin/console, attach drives, share printers
• Ability to Delete IP Address Ranges
• Embedded mode to Hide Headers and Footers
  • http://support.thycotic.com/KB/a67/running-secret-server-in-embedded-mode.aspx?KBSearchID=0
• Improved support for Database access through Windows Authentication to have the background thread run with identity of the site instead of AppPool
• Added Permission and confirmation for force expiring secrets on the User Audit Report.
• Added Full Path to folder in Secret View and Edit alerts.
• Improved the performance on the Domain Synchronization for selecting AD groups.
• Made Favorites click through to its own bookmarkable page.
• Terminology Change: "Owner" permission replaces "Share."
• Improved and fixed bugs in Backup:
  • Backup respects setting for not sending failure emails to Administrators
  • Fix scheduled backup inconsistencies for some users
  • Limited to 3 retries
• Added better support for incomplete language files, so defaults to English if item is not found.
• Increased folder performance for renaming and editing permissions.
• Updated Domain Synchronization to set the DisplayName for new users and support username changes in Active Directory.
• Updated display issues with listboxes being too small on the Group Edit page and Domain Synchronization page.

6.2.000006

• Fixed bug with the Role Assignment screen showing duplicate groups.
• Fixed bug where the Everyone group was not appearing in the Group assignment dropdownlist on the permission screens.

6.2.000005

Main Focus: Remote Password Changing enhancements and performance tuning

Features and Enhancements

• Disabled autocomplete on the Next Password textbox for Remote Password Changing.
• Service account credentials in these formats are now found by the dependency finder:
  • username@fulldomainname
  • username@shortdomainname
  • shortdomainname\username
  • fulldomainname\username
• Updated the Expired Secret log to include when the Secret is not changed due to the expiration time schedule.
• Performance improvements when using Unlimited Administrator Mode.
• Performance improvements on the Folder edit page.

Bug fixes

• Remote Password Changing will no longer fail when a privileged account on a dependency is not set. Instead, it will attempt to use the credentials on the Secret.

6.2.000004

• Fixed minor bug that incorrectly displayed encrypted values after saving a Secret.

6.2.000003

Main Focus: Usability and Workflow

Features and Enhancements

• Streamlined the Secret creation process
  • Single click for folder selection
  • Remembers last selected folder
  • Allow changing Secret Template on the Create page
  • Combined Search and Browse last selected Folder
• Option to allow Secrets to require approval for access
  • Email Notifications to approvers and requesters
  • Audit is kept of all approve and deny actions
  • Secret Access Request Manager page

Bug fixes

• Fixed the missing folder indentation in IE 6.0

6.2.000000

Main Focus: Responding to customer requests

Features and Enhancements

• Users can now reset their login password through a password reset email.
• Added configuration option to AD synchronization to prevent enabling and disabling users during synchronization.
• Added ability to synchronize email addresses for AD users.
• Added “LockedOut” feature so that failed authentication attempts locks out a user instead of disabling them.
• Added ability to specify whether or not Windows Service dependencies should restart after a password is changed remotely.
• Added ability to handle AD hierarchies that contain cycles in their groups.
• Added several new webservice methods to support the new Secret Server iPhone application.
• Added a password migration tool for Password Corral (See the Tools page in Secret Server for more details).
• Added option to enable a Keep Alive thread so that the ASP.NET worker process never gets shut down.
• Added an audit record for when the launcher is used.

Bug fixes

• Fixed bug where inactivity timeout did not work correctly.
• Fixed bug that allowed users to delete folders containing Secrets when the "Require folder for Secret" option was turned on.
• Fixed bug where Windows Integrated Authentication through AD did not work for domains not hosting Secret Server.
• Fixed bug where some AD hierarchies that had root folders with no users in them could cause null reference exceptions.
• Fixed bug where JavaScript was not getting cleared from cache on upgrades.
• Fixed bug that allowed users to view folders and their audits without the appropriate permission setting.
• Fixed bug where a Secret could be created from an inactive Secret Template if the query string was entered.
• Fixed webservices to observe IP address restrictions.
• Fixed bug where inactive roles were being displayed on Admin Role Assignment pages.

6.1.000002

Main Focus: Minor updates to 6.1

Features and Enhancements

• Introduced the Failover Partner on Step 3 of the installer to support mirrored database environments.
• Added the use of the legacy Search / Browse functionality before 6.1 as a preference.
• Added an option to allow Browse to also include the subfolders.
• Added a Diagnostics page to assist troubleshooting Secret Server.

Bug fixes

• Fixed bug where certain operating system settings would prevent users from being able to create a Doublelock password.
• Fixed bug where the Launcher application did not start correctly.
• Fixed bug where URLs contained in email alerts did not contain the right link.
• Fixed link to a Knowledge Base article on the Backup Configuration page due to KB article restructuring.
• Fixed minor security issue where creating a user with a special sequence of characters would cause unexpected behavior.

6.1.000000

Main Focus: DoubleLock for sensitive Secrets and bug fixes

Features and Enhancements

• Implemented DoubleLock to provide an additional security layer for sensitive Secrets
• Enhanced performance for Active Directory authentication
• Separated the "Search" and "Browse" functions on the Home screen
• HTML now renders using “standards mode” (may affect user customized themes)

Bug Fixes

• Passwords generated for expired Secrets now meet domain credential requirements
• Fixed bug pertaining to an infinite redirect loop related to session expiration and password expiration
• Fixed bug where exception occurred on SecretGet webmethod when user has no permission to a particular secret
• Fixed bug with bulk operations where progress was not reported to the user
• Fixed bug where file attachments with spaces in their names didn't download properly
• Fixed bug where folder name appeared outside of the dialog when viewing a folder
• Fixed bug where multiple PIN codes were sometimes sent when using Windows Integrated Authentication
• Fixed bug to not allow Checkout to be enabled when Remote Password Changing is disabled
• Fixed broken Upgrade link in Firefox
• Fixed bug where users with permanent cookies disabled were always redirected to LogoutAnotherLocation screen
• Fixed bug to prevent users disabling Autochange on Secrets that require Checkout
• Fixed bug where IOException was occasionally thrown during installation due to file permissions
• Fixed bug in client-side JavaScript on installer
• Fixed bug that caused NullReferenceException when inactivating a Secret without the required role permission
• Fixed bug that occurred in user auditing when using an IPv6 address
• Fixed UI layout on the dependencies tab related to the explain link
• Fixed bug on Minimum Password Age validation when all fields are zero and checkbox is unchecked
• Fixed bug when unmasking passwords that have XML special characters

6.0.000001

Main Focus: Minor Updates to 6.0

Features and Enhancements

• Added support for encrypted connections to SQL Server.
• Changed installer to not overwrite customized configuration files in future releases.
• Extended password length to 127 characters on AD credential used for AD Synchronization.

Bug fixes

• Fixed bug where expired password and expired license caused redirects.
• Fixed bug where user with an expired local password could still use webservices.
• Improved stability of AD Synchronization capabilities.

6.0.000000

Main Focus: Remote Password Changing and user experience

Features and Enhancements

• Enhanced Remote Password Changing to allow setting a specific date and time schedule for changing service account passwords and their dependencies.
• Dependent Windows Services are now automatically restarted when a service account credential is changed.
• Added Remote Password Changing support for Oracle accounts.
• Users can now specify their preferred date/time format.
• Added new role permission to use the launcher feature without being able to view the password on the Secret.
• Added AJAX support to various features to enhance the user experience.
• Disabled the 'Search by Active Secrets' option for users without the 'View Inactive Secrets' permission.
• Improved performance of initial AD sync page load.
• Updated Russian Localization to support new features.

Bug fixes

• Fixed bug where content was not correctly displayed on the 'Expired Secret' report page.
• Fixed intermittent JavaScript error related to the scroll position on pages.

Compatibility:

• Secret Server 6.0 no longer supports Windows 2000 due to our upgrade to the Microsoft .NET Framework 3.5.

5.1.000001

Minor Updates to 5.1

• Changed link on Administration pages, from "Languages" to "Language Maintenance"
• BUG: Fixed issues with URL case sensitive localization causing mixed languages to be displayed.

5.1.000000

Main Focus: New email alerts and support for PuTTY

Features and Enhancements

• Added support for launching PuTTY for UNIX-based secrets
• Added ability to receive email alerts when secrets are viewed
• Added ability to receive email alerts when a dependency fails to update on an automatic password change
• Added new role permission for searching/viewing inactive secrets
• Changed folder creation/movement to only require edit permissions on the parent folder
• Added support for Remote Desktop launcher with Windows Integrated Authentication
• Added new bulk operations for deactivating and setting autochange on secrets
• All pages now maintain scroll position on postback
• Added a Languages page for Administrators to update and translate content to their language of choice
• Added an OK button to the top of the Folder picker
• Added additional folder management buttons to the top of the Folder Administration screen
• Added functionality to make Secret Server 64 bit compatible
• Searching on all fields no longer splits words up by periods

Bug fixes

• Fixed bug on Login where a minimum password age error was shown when creating a local user
• Fixed bug with Windows Service Dependency Changers when using Windows Accounts due to a missing prefix of the machine name
• Fixed bug related to unlimited setting on Remember Me
• Fixed null reference bug on Secret Audit when user does have “View Secret” role permission
• Fixed bug where an incorrect validation message was displayed when password history was set to 'all'

5.0.000002

Main Focus: Minor enhancements to 5.0

• Improved database indexes for search functionality.
• BUG: Fixed issue that intermittently occurred in older Secret Server instances when upgrading.
• BUG: Fixed to not send alerts when search indexing.
• BUG: Fixed Secret Template to not allow search indexing on file attachments.
• Fix: Cleaned up the CSS and layout on several pages.

5.0.00000

Main Focus:Changing Passwords for Scheduled Tasks and Service Accounts

Features and Enhancements:

• Enhanced Remote Password Changing to update dependent Scheduled Tasks, IIS AppPools and Windows Services.
• Added Checkout option to provide accountability for the use of a secret - the password gets changed automatically on checking.
• Enhanced search functionality to allow users to search by all fields.
• Implemented 'Change Password Remotely' feature to allow users to immediately change a password on a remote server.
• Added new default theme to enhance the readability of the UI.
• Export by folder now includes all child folders.
• Added the SecretID field to SSwebservices to provide integration for custom development.
• Administrators can now force local user password expiration.
• Added configurable minimum password age requirements for local user passwords.
• Added password history configuration options to prevent users from using past local user passwords.
• Webservices and Secret Assistant usage now creates view audit records.
• SSH Remote Password Changing now works for "root" accounts.
• Added ability to automatically delete excess database backups on the application server.

Bug fixes

• Fixed bug that occurred when trying to access the Administer Groups page with no active local groups.
• Fixed unlimited remember me bug with Secret Assistant.
• Fixed bug when trying to create a new secret from a Secret Template with no fields.
• Fixed bug where SSH remote password changing left open connections.
• Fixed bug where Secret Assistant would return inactive secrets.

4.3.000000

• Implemented SSH for password changing on Linux accounts.
• Fixed bug with Active Directory Synchronization when pulling users and groups from an organizational unit.
• Fixed issue with the 'next password' component of Remote Password Changing.

4.2.000000

Main Focus: Enhancing Folder Functionality and Security

Features and Enhancements:

• Added configuration option to allow Secrets to inherit folder permissions by default.
• Added configuration option so that a user must have view permission on a folder to see it.
• Users can now create and manage their own folders without them being visible to all users.
• User now requires Edit permission on a folder to be able to add secrets to it.
• Added a new 'Everyone' group to include each existing user for easier management and legacy folder permission support.
• Tightened folder restrictions to require share permission on a parent folder in order to add a child folder.
• Implemented audit records for when Groups are created, made inactive/active within Secret Server.
• Implemented audit records for when users and groups are created or made active/inactive from Active Directory.
• Renamed two Role Based Security permissions: Administer Roles is now Administer Role Permissions and Administer Group Roles is now Administer Role Assignment.
• Secret Types are now labeled as Secret Templates.
• Added an 'Evaluation Expiry' notice to alert users when their evaluation is about to expire.

Bugs:

• Fixed bug when users were made inactive when Secret Server could not connect to Active Directory.
• Fixed bug where Backup did not work properly if a database name contained certain characters.
• Fixed error that occurred on the AdminGroupByGroup page when no groups exist.
• Fixed error when trying to import folders with line breaks in a Secret field.
• Fixed issue with Password Type configuration not saving correctly in certain situations.

4.1.000000

Main Focus: Addressing Role Based Access Control

Features and Enhancements:

• Implemented Role Based Access Control (Role Based Security) to set granular, assignable permissions for users.
• Added the ability to launch Remote Desktop from a secret.
• Added the ability to import secrets by folder.
• Secrets can now be exported with a folder name.
• Added ‘Run Now’ button to the Remote Password Changing screen.
• Implemented a visual keyboard on the login screen to thwart keyloggers.
• Added the ability to create custom web.config files to override the default impersonation settings that will not be overwritten on upgrades.
• Added a dropdown on the results screen for users to define the amount of secrets to display.
• Created a Security Hardening Report that displays the security level of your system’s installation.
• Created the SecretTypeSetActive.aspx page for quickly setting the active status on Secret Types
• Improved the ‘Help’ documentation.
• Groups deleted from Active Directory will now be disabled.
• Improved performance by adding caching for theming.
• Specific passwords can be set on the Remote Password Changing - AutoChange feature.
• Added a preference for showing a full folder path on the home search grid.
• Implemented robot.txt file to stop search engines from indexing Secret Server installations.
• Folder creation and editing is now an assignable permission.
• Added a search textbox to the Users screen.
• All cookies are now HTTP only for additional security.
• Added ‘Save and Add New’ button SecretView.aspx.
• Increased the visual size of the notes field.

Bug Fixes:

• Fixed bug where an exception was thrown when invalid information was entered in the ‘minimum password length’ configuration option.
• Fixed bug where the folder picker modal did not work properly when Secret Server was viewed inside a frame.
• Fixed error where Secret Type export XML format was incorrect.
• Fixed bug where notification emails did not contain the full URL for the installation.
• Fixed bug where Integrated Authentication was not setting last login.
• Fixed bug where permission checkboxes were being displayed when the secret was set to inherit permissions from folder.
• Fixed bug where duplicate users appeared in the Active Directory synchronization preview.

4.0.000003

Main Focus: Improving permission inheritance and bug fixes.

Features and Enhancements:

• Bulk operations now supports enabling folder inheritance on a secret.
• Deleted Synchronized Active Directory groups are now disabled within Secret Server.
• Added support for automatic backups on servers at different locations.

Bug Fixes:

• Fixed bug when editing folder permissions that include a disabled user.
• Fixed padding error for secret item history for very large values on secrets.
• Fixed bug in Remote Password Changing due to new column for inherited permissions.
• Fixed broken "unmask password" image on 'Secret Edit' page.
• Fixed 'Remember Me' bug due to .NET 2.0 migration.
• Fixed 'Close' image on dialog.
• Fixed paging problem on AdminExport grid.
• Fixed bug where expiration date did not decrease on old secrets.