Secret Server Password Management Release Notes

Main Focus: Responding to customer requests

Features and Enhancements

• Users can now reset their login password through a password reset email.
• Added configuration option to AD synchronization to prevent enabling and disabling users during synchronization.
• Added ability to synchronize email addresses for AD users.
• Added “LockedOut” feature so that failed authentication attempts locks out a user instead of disabling them.
• Added ability to specify whether or not Windows Service dependencies should restart after a password is changed remotely.
• Added ability to handle AD hierarchies that contain cycles in their groups.
• Added several new webservice methods to support the new Secret Server iPhone application.
• Added a password migration tool for Password Corral (See the Tools page in Secret Server for more details).
• Added option to enable a Keep Alive thread so that the ASP.
NET worker process never gets shut down.
• Added an audit record for when the launcher is used.

Bug fixes

• Fixed bug where inactivity timeout did not work correctly.
• Fixed bug that allowed users to delete folders containing Secrets when the "Require folder for Secret" option was turned on.
• Fixed bug where Windows Integrated Authentication through AD did not work for domains not hosting Secret Server.
• Fixed bug where some AD hierarchies that had root folders with no users in them could cause null reference exceptions.
• Fixed bug where JavaScript was not getting cleared from cache on upgrades.
• Fixed bug that allowed users to view folders and their audits without the appropriate permission setting.
• Fixed bug where a Secret could be created from an inactive Secret Template if the query string was entered.
• Fixed webservices to observe IP address restrictions.
• Fixed bug where inactive roles were being displayed on Admin Role Assignment pages.

Main Focus: Minor updates to 6.1

Features and Enhancements

• Introduced the Failover Partner on Step 3 of the installer to support mirrored database environments.
• Added the use of the legacy Search / Browse functionality before 6.1 as a preference.
• Added an option to allow Browse to also include the subfolders.
• Added a Diagnostics page to assist troubleshooting Secret Server.

Bug fixes

• Fixed bug where certain operating system settings would prevent users from being able to create a Doublelock password.
• Fixed bug where the Launcher application did not start correctly.
• Fixed bug where URLs contained in email alerts did not contain the right link.
• Fixed link to a Knowledge Base article on the Backup Configuration page due to KB article restructuring.
• Fixed minor security issue where creating a user with a special sequence of characters would cause unexpected behavior.

Main Focus: DoubleLock for sensitive Secrets and bug fixes

Features and Enhancements

• Implemented DoubleLock to provide an additional security layer for sensitive Secrets
• Enhanced performance for Active Directory authentication
• Separated the "Search" and "Browse" functions on the Home screen
• HTML now renders using “standards mode” (may affect user customized themes)

Bug Fixes

• Passwords generated for expired Secrets now meet domain credential requirements
• Fixed bug pertaining to an infinite redirect loop related to session expiration and password expiration
• Fixed bug where exception occurred on SecretGet webmethod when user has no permission to a particular secret
• Fixed bug with bulk operations where progress was not reported to the user
• Fixed bug where file attachments with spaces in their names didn't download properly
• Fixed bug where folder name appeared outside of the dialog when viewing a folder
• Fixed bug where multiple PIN codes were sometimes sent when using Windows Integrated Authentication
• Fixed bug to not allow Checkout to be enabled when Remote Password Changing is disabled
• Fixed broken Upgrade link in Firefox
• Fixed bug where users with permanent cookies disabled were always redirected to LogoutAnotherLocation screen
• Fixed bug to prevent users disabling Autochange on Secrets that require Checkout
• Fixed bug where IOException was occasionally thrown during installation due to file permissions
• Fixed bug in client-side JavaScript on installer
• Fixed bug that caused NullReferenceException when inactivating a Secret without the required role permission
• Fixed bug that occurred in user auditing when using an IPv6 address
• Fixed UI layout on the dependencies tab related to the explain link
• Fixed bug on Minimum Password Age validation when all fields are zero and checkbox is unchecked
• Fixed bug when unmasking passwords that have XML special characters

Main Focus: Minor Updates to 6.0

Features and Enhancements

• Added support for encrypted connections to SQL Server.
• Changed installer to not overwrite customized configuration files in future releases.
• Extended password length to 127 characters on AD credential used for AD Synchronization.

Bug fixes

• Fixed bug where expired password and expired license caused redirects.
• Fixed bug where user with an expired local password could still use webservices.
• Improved stability of AD Synchronization capabilities.

Main Focus: Remote Password Changing and user experience

Features and Enhancements

• Enhanced Remote Password Changing to allow setting a specific date and time schedule for changing service account passwords and their dependencies.
• Dependent Windows Services are now automatically restarted when a service account credential is changed.
• Added Remote Password Changing support for Oracle accounts.
• Users can now specify their preferred date/time format.
• Added new role permission to use the launcher feature without being able to view the password on the Secret.
• Added AJAX support to various features to enhance the user experience.
• Disabled the 'Search by Active Secrets' option for users without the 'View Inactive Secrets' permission.
• Improved performance of initial AD sync page load.
• Updated Russian Localization to support new features.

Bug fixes

• Fixed bug where content was not correctly displayed on the 'Expired Secret' report page.
• Fixed intermittent JavaScript error related to the scroll position on pages.

Compatibility:

• Secret Server 6.0 no longer supports Windows 2000 due to our upgrade to the Microsoft .NET Framework 3.5.

Minor Updates to 5.1

• Changed link on Administration pages, from "Languages" to "Language Maintenance"
• BUG: Fixed issues with URL case sensitive localization causing mixed languages to be displayed.

Main Focus: New email alerts and support for PuTTY

Features and Enhancements

• Added support for launching PuTTY for UNIX-based secrets
• Added ability to receive email alerts when secrets are viewed
• Added ability to receive email alerts when a dependency fails to update on an automatic password change
• Added new role permission for searching/viewing inactive secrets
• Changed folder creation/movement to only require edit permissions on the parent folder
• Added support for Remote Desktop launcher with Windows Integrated Authentication
• Added new bulk operations for deactivating and setting autochange on secrets
• All pages now maintain scroll position on postback
• Added a Languages page for Administrators to update and translate content to their language of choice
• Added an OK button to the top of the Folder picker
• Added additional folder management buttons to the top of the Folder Administration screen
• Added functionality to make Secret Server 64 bit compatible
• Searching on all fields no longer splits words up by periods

Bug fixes

• Fixed bug on Login where a minimum password age error was shown when creating a local user
• Fixed bug with Windows Service Dependency Changers when using Windows Accounts due to a missing prefix of the machine name
• Fixed bug related to unlimited setting on Remember Me
• Fixed null reference bug on Secret Audit when user does have “View Secret” role permission
• Fixed bug where an incorrect validation message was displayed when password history was set to 'all'

Main Focus: Minor enhancements to 5.0

• Improved database indexes for search functionality.
• BUG: Fixed issue that intermittently occurred in older Secret Server instances when upgrading.
• BUG: Fixed to not send alerts when search indexing.
• BUG: Fixed Secret Template to not allow search indexing on file attachments.
• Fix: Cleaned up the CSS and layout on several pages.

Main Focus:Changing Passwords for Scheduled Tasks and Service Accounts

Features and Enhancements:

• Enhanced Remote Password Changing to update dependent Scheduled Tasks, IIS AppPools and Windows Services.
• Added Checkout option to provide accountability for the use of a secret - the password gets changed automatically on checking.
• Enhanced search functionality to allow users to search by all fields.
• Implemented 'Change Password Remotely' feature to allow users to immediately change a password on a remote server.
• Added new default theme to enhance the readability of the UI.
• Export by folder now includes all child folders.
• Added the SecretID field to SSwebservices to provide integration for custom development.
• Administrators can now force local user password expiration.
• Added configurable minimum password age requirements for local user passwords.
• Added password history configuration options to prevent users from using past local user passwords.
• Webservices and Secret Assistant usage now creates view audit records.
• SSH Remote Password Changing now works for "root" accounts.
• Added ability to automatically delete excess database backups on the application server.

Bug fixes

• Fixed bug that occurred when trying to access the Administer Groups page with no active local groups.
• Fixed unlimited remember me bug with Secret Assistant.
• Fixed bug when trying to create a new secret from a Secret Template with no fields.
• Fixed bug where SSH remote password changing left open connections.
• Fixed bug where Secret Assistant would return inactive secrets.

• Implemented SSH for password changing on Linux accounts.
• Fixed bug with Active Directory Synchronization when pulling users and groups from an organizational unit.
• Fixed issue with the 'next password' component of Remote Password Changing.

Main Focus: Enhancing Folder Functionality and Security

Features and Enhancements:

• Added configuration option to allow Secrets to inherit folder permissions by default.
• Added configuration option so that a user must have view permission on a folder to see it.
• Users can now create and manage their own folders without them being visible to all users.
• User now requires Edit permission on a folder to be able to add secrets to it.
• Added a new 'Everyone' group to include each existing user for easier management and legacy folder permission support.
• Tightened folder restrictions to require share permission on a parent folder in order to add a child folder.
• Implemented audit records for when Groups are created, made inactive/active within Secret Server.
• Implemented audit records for when users and groups are created or made active/inactive from Active Directory.
• Renamed two Role Based Security permissions: Administer Roles is now Administer Role Permissions and Administer Group Roles is now Administer Role Assignment.
• Secret Types are now labeled as Secret Templates.
• Added an 'Evaluation Expiry' notice to alert users when their evaluation is about to expire.

Bugs:

• Fixed bug when users were made inactive when Secret Server could not connect to Active Directory.
• Fixed bug where Backup did not work properly if a database name contained certain characters.
• Fixed error that occurred on the AdminGroupByGroup page when no groups exist.
• Fixed error when trying to import folders with line breaks in a Secret field.
• Fixed issue with Password Type configuration not saving correctly in certain situations.

Main Focus: Addressing Role Based Access Control

Features and Enhancements:

• Implemented Role Based Access Control (Role Based Security) to set granular, assignable permissions for users.
• Added the ability to launch Remote Desktop from a secret.
• Added the ability to import secrets by folder.
• Secrets can now be exported with a folder name.
• Added ‘Run Now’ button to the Remote Password Changing screen.
• Implemented a visual keyboard on the login screen to thwart keyloggers.
• Added the ability to create custom web.config files to override the default impersonation settings that will not be overwritten on upgrades.
• Added a dropdown on the results screen for users to define the amount of secrets to display.
• Created a Security Hardening Report that displays the security level of your system’s installation.
• Created the SecretTypeSetActive.aspx page for quickly setting the active status on Secret Types
• Improved the ‘Help’ documentation.
• Groups deleted from Active Directory will now be disabled.
• Improved performance by adding caching for theming.
• Specific passwords can be set on the Remote Password Changing - AutoChange feature.
• Added a preference for showing a full folder path on the home search grid.
• Implemented robot.txt file to stop search engines from indexing Secret Server installations.
• Folder creation and editing is now an assignable permission.
• Added a search textbox to the Users screen.
• All cookies are now HTTP only for additional security.
• Added ‘Save and Add New’ button SecretView.aspx.
• Increased the visual size of the notes field.

Bug Fixes:

• Fixed bug where an exception was thrown when invalid information was entered in the ‘minimum password length’ configuration option.
• Fixed bug where the folder picker modal did not work properly when Secret Server was viewed inside a frame.
• Fixed error where Secret Type export XML format was incorrect.
• Fixed bug where notification emails did not contain the full URL for the installation.
• Fixed bug where Integrated Authentication was not setting last login.
• Fixed bug where permission checkboxes were being displayed when the secret was set to inherit permissions from folder.
• Fixed bug where duplicate users appeared in the Active Directory synchronization preview.

Main Focus: Improving permission inheritance and bug fixes.

Features and Enhancements:

• Bulk operations now supports enabling folder inheritance on a secret.
• Deleted Synchronized Active Directory groups are now disabled within Secret Server.
• Added support for automatic backups on servers at different locations.

Bug Fixes:

• Fixed bug when editing folder permissions that include a disabled user.
• Fixed padding error for secret item history for very large values on secrets.
• Fixed bug in Remote Password Changing due to new column for inherited permissions.
• Fixed broken "unmask password" image on 'Secret Edit' page.
• Fixed 'Remember Me' bug due to .NET 2.0 migration.
• Fixed 'Close' image on dialog.
• Fixed paging problem on AdminExport grid.
• Fixed bug where expiration date did not decrease on old secrets.

Main Focus: Customizing the appearance (themes) and inheriting permissions on folders

Features and Enhancements:

• Added inheriting permissions on folders.
• Folders with identical names are now permitted.
• Added theming to allow customization of of all user interface elements.
• Added two new themes (Blue Chrome and Corporate).
• Made "Download Secret Assistant" a configuration setting.
• Strong name signing on all assemblies for improved security.
• Improved Access Denied message to give more detailed information on Step 3 of the installation process.
• Added a customizable Login Policy Statement for corporate environments.
• Added the ability to search by subfolder.
• Migrated from the Microsoft .NET Framework 1.1 to 2.0.
• The Admin Folder screen now displays your last selected folder.
• Improved the Active Directory Query for groups using .NET 2.0 to get past the 1,000 group limit.

Bug Fixes:

• Fixed bug in Bulk Edit Share that would not allow the removal of all permissions on a new secret.
• Fixed barchart issue to stop overlapping names.
• Fixed installation bug where first user is sometimes not created.
• Fixed bug in Configuration related to Update check. (yes/check earlier RN)
• Fixed bug in Two Factor when Active Directory is disabled.
• Fixed issue when using special characters in the database connection string.
• Fixed exception in Secret Type Designer when Secret Type has no fields.