Secret Server

7.0.000040

Remote Password Changing

• Added Cisco password changing support (SSH and legacy Telnet).
• Added Unix Root Account password changing using separate Secret for login.
• Added the Remote Password Changing tab for configuring options on a Secret (moved AutoChange checkbox to this tab).
• Password change can be set up for Active Directory and Windows accounts using a privileged account instead of the account changing its own password.
• Added the ability to create configurable command sets for handling different platforms and operating systems to do password reset using SSH or Telnet (including using credentials from other Secrets).
• Added the ability to test Password Reset and Verify from an admin dialog.
• Added the ability to specify the port for password changes when using SSH and Telnet.
• Added button to allow cancellation of Change Password Remotely.

Heartbeat

• Secret Heartbeat will test the credentials stored in Secret Server on a periodic basis to ensure they are still valid.
• Receive email alerts when a Secret fails the Heartbeat.
• Supports all Remote Password Changing templates and Password Verify.

Web Launcher

• Web Launcher to automatically login to websites using credentials stored in Secret Server.
• Web Launcher bookmarklet for single click login from the browser (supports all browsers).
• Note: Secret Assistant is being retired in favor of the Web Launcher and bookmarklet (Secret Assistant is still supported but no longer recommended).
• Automatic download option for the latest Web Launcher settings for commonly used sites from thycotic.com.

Search

• Made extended Search Indexer split indexed terms into 3-12 character segments instead of just 3 character segments.
• Made extended Search Indexer not split the search term before searching.
• Improved order of search results. Exact matches on name will be on the top, followed by 'like' matches in the name (ordered by name) and then secret item hash matches (ordered by name).

More

• Added webservice to use Integrated Windows Authentication to allow scripts to run without having embedded username/password and retrieve passwords from Secret Server.(see KB article)
• Updated Active Directory synchronization to support Child, Parent, and Sibling Domain Credentials.
• Changed all random number generation to use System.Cryptography.RandomNumberGenerator for improved security.
• Increased the hash iterations on both local user passwords and DoubleLock passwords to provide additional security against brute force attacks on the hashes.
• Extended IP Address Range restrictions to work for class A and B networks.
• Added Maximum Offline Minutes feature so that mobile devices can only cache data for a limited time.
• Added a Generate Password button to the "Change Password Remotely" page.
• Split Unlimited Administrator role into "Administer Unlimited Admin Configuration", "Unlimited Administrator", and "View Unlimited Admin Configuration".
• Changed minimizing on Copy to Clipboard to be a per user preference.

Bug fixes:

• Fixed “No process is at end of pipe” SQL exception that occasionally occurred after doing an iisreset.
• Added email addresses to all users during Active Directory synchronization even if disabled in Secret Server.
• Fixed URL field on Secret to open correctly if http:// is not included.
• Fixed SSH issues when changing passwords on SUSE Linux.
• Fixed the ActivityDirectorySynchronization page, the AvailableGroups listbox no longer displays Groups that have been removed in AD.
• Added saving of the ADGuid for new groups when Save button clicked on the Group Synchronization page (instead of waiting for first AD sync).

7.0.000001

Features and Enhancements

• Added the ability to specify the characters to separate on when building the Search Index. Note: On upgrade the current search index will be rebuilt.
• Updated Dependency Finder to allow the user to manually specify the machine names to search.
• Disabled the trace and debug settings from the Web.config by default.
• BUG: Fixed Administration Export for IE when SSL is enabled.
• BUG: For XP machines, fixed the unsupported hash algorithm error for both the Email Pincode process and the Search Indexer.
• BUG: Updated RADIUS login to process passwords greater than 16 characters long to support Yubikeys.

7.0.000000

Main Focus: Custom reports, support for RADIUS, and more

Features and Enhancements

• Add-ons are now Professional and Enterprise Editions (explain Editions)
• Reporting
  • Reports page allows administrators to view standard reports, or to create reports with SQL and charting options. Reports can use a variety of 2D or 3D charts.
  • Reports can be displayed with all their associated data points (grid).
  • Reports can be placed into categories, and these categories and their reports can be organized using drag and drop.
  • Reports can have rows with different colors based on data values
  • Reports can be created using parameters such as start date, end date, and user ID.
• Added support for RADIUS integration to authenticate to Secret Server. This will work with AuthAnvil tokens, RSA tokens, and any other authentication scheme that supports RADIUS.
• Secret Server now uses FIPS 140 compliant algorithms and operates normally when limited to FIPS 140 only under Windows Security/Group Policy.
• Auto-complete added to Secret search textbox.
• Terminology change - renamed "inactive" to "deleted" for Secrets.
• Added scrollbars to Search and Browse tabs in homepage – makes it easier when you have lots of folders.
• Added icons to permission grids to indicate person or group.
• Groups in permission grid are clickable, which shows the list of users in the group.
• Date time picker works with the user’s preferred date/time format.
• Added "copy to clipboard" support for Chrome and Safari.
• The layout of the Configuration page is now categorized into tabs for better organization.
• Added IP address logging for all failed authentication attempts. Previously, only attempts that caused lockouts were logged.
• Improved localization so that messages that do not exist in the localized XML file are rendered as "Resource Not Found:”.
• Changed the inactivity timeout timer to reset on partial postbacks. This means that users will not get redirected due to inactivity when browsing folders or searching for secrets on the home page.
• Added on-screen notification for support license expiration.
• Added Configuration settings for an instance level default Time and Date format.
• Added separate page (DBConnectionReset.aspx) to allow users to change their database connection information without going through the installer.
• Added the ability to reset a forgotten DoubleLock password.
• Added Folder Search to the Folder picker.
• Added Folder Templates to support Folder (default), Customer, and Computer.
• Greatly improved Home page performance for running BulkOperations for larger instances.
• Improved the Change Password screen to give instructions for the password complexity guidelines.
• Improved System log to support having a maximum number of rows and to alert administrators when the log is truncated (by 50%).
• Updated the Launcher to support having a domain for local accounts.
• Updated the Launcher to support credentials for launching into multiple hosts. The user will be prompted to enter the Machine or Host before the RDP or Putty instance is opened when wired to the field.
• Added a User and Group picker to replace the dropdownlist for user and group assignment for large instances.
• Updated the User create process to automatically assign the “User” Role by default.
• Added a grid of the user's Roles on the user view page.
• Webservice additions & updates:
  • Added FolderId to the Secret get methods
  • Added the ability to specific the folder on Secret Create and Update
    • Added Folder webservices for Get, Create, Update, and Search
• Added support for RPC support for Sybase databases.
• Added the ability to migrate a local user to an Active Directory user and maintain the existing groups and permissions.
• Added the full Folder Path on the folder edit and create pages.
• Search Indexer will split by newline.
• Added icon for NATO phonetics translation of Secret field on Secret View page for reading information verbally.
• Added Login form to the “Logged in at another location” page.
• Update the Resource Provider to support changing a single element with custom resource such as the Help link.
• Session Timeout has been moved to external config file to prevent overriding settings on upgrade.
• Added folder picker and "include subfolders" option to the User Audit report.
• Added "Last Date" column to the user audit report page.
• Added "Save to File" functionality for many grids.
• Added common table expression functionality to folder database queries to improve performance on SQL Server 2005 and SQL Server 2008.
• Updated code signing certificate for Launcher.

Bug fixes

Fixed bug that caused Dependency Finder to time out prematurely for some systems.

Changed “lock out” for Web Services to be consistent with logging in through the Web interface.

Removed unnecessary validation when entering a new domain that required the domain account to have reset password permissions.

Fixed issues with Admin Secret Export for some browsers.

Fixed Dependency to show all computers found in Active Directory.

Fixed the Keep Alive thread and other background threads to avoid spamming the system log when thread cannot be stopped.

Fixed the Active Directory Group Synchronization page to display the listboxes with a proper width for all Browsers.

Expanded the SQL timeout on backups to support large instances.

Updated Active Directory synchronization to properly assign membership for groups made up of both child and parent domain users.

Fixed the display of login policy to fit inside the box.

Turned off autocomplete for password textboxes on the “Secret Edit” screen.

6.2.000013

Main Focus: Bug fixes

• Fixed bug where Folders would not be visible in Unlimited Admin Mode.
• Fixed bug when adding a new domain with a non-Administrator account.
• Fixed bug that caused Active Directory synchronization to crash if an AD user could not be accessed.
• Fixed bug that would incorrectly enable an AD user that exists in AD and Secret Server but are not in a synch group.
• Fixed bug related to Remember Me value and Inactivity Timeout.

6.2.000012

Main Focus: Responding to customer requests

• Added support for child domain users being members in parent domain groups.
• Remote Desktop Preferences for the Launcher
  • Copy to clipboard, admin/console, attach drives, share printers
• Ability to Delete IP Address Ranges
• Embedded mode to Hide Headers and Footers
  • http://support.thycotic.com/KB/a67/running-secret-server-in-embedded-mode.aspx?KBSearchID=0
• Improved support for Database access through Windows Authentication to have the background thread run with identity of the site instead of AppPool
• Added Permission and confirmation for force expiring secrets on the User Audit Report.
• Added Full Path to folder in Secret View and Edit alerts.
• Improved the performance on the Domain Synchronization for selecting AD groups.
• Made Favorites click through to its own bookmarkable page.
• Terminology Change: "Owner" permission replaces "Share."
• Improved and fixed bugs in Backup:
  • Backup respects setting for not sending failure emails to Administrators
  • Fix scheduled backup inconsistencies for some users
  • Limited to 3 retries
• Added better support for incomplete language files, so defaults to English if item is not found.
• Increased folder performance for renaming and editing permissions.
• Updated Domain Synchronization to set the DisplayName for new users and support username changes in Active Directory.
• Updated display issues with listboxes being too small on the Group Edit page and Domain Synchronization page.

6.2.000006

• Fixed bug with the Role Assignment screen showing duplicate groups.
• Fixed bug where the Everyone group was not appearing in the Group assignment dropdownlist on the permission screens.

6.2.000005

Main Focus: Remote Password Changing enhancements and performance tuning

Features and Enhancements

• Disabled autocomplete on the Next Password textbox for Remote Password Changing.
• Service account credentials in these formats are now found by the dependency finder:
  • username@fulldomainname
  • username@shortdomainname
  • shortdomainname\username
  • fulldomainname\username
• Updated the Expired Secret log to include when the Secret is not changed due to the expiration time schedule.
• Performance improvements when using Unlimited Administrator Mode.
• Performance improvements on the Folder edit page.

Bug fixes

• Remote Password Changing will no longer fail when a privileged account on a dependency is not set. Instead, it will attempt to use the credentials on the Secret.

6.2.000004

• Fixed minor bug that incorrectly displayed encrypted values after saving a Secret.

6.2.000003

Main Focus: Usability and Workflow

Features and Enhancements

• Streamlined the Secret creation process
  • Single click for folder selection
  • Remembers last selected folder
  • Allow changing Secret Template on the Create page
  • Combined Search and Browse last selected Folder
• Option to allow Secrets to require approval for access
  • Email Notifications to approvers and requesters
  • Audit is kept of all approve and deny actions
  • Secret Access Request Manager page

Bug fixes

• Fixed the missing folder indentation in IE 6.0

6.2.000000

Main Focus: Responding to customer requests

Features and Enhancements

• Users can now reset their login password through a password reset email.
• Added configuration option to AD synchronization to prevent enabling and disabling users during synchronization.
• Added ability to synchronize email addresses for AD users.
• Added “LockedOut” feature so that failed authentication attempts locks out a user instead of disabling them.
• Added ability to specify whether or not Windows Service dependencies should restart after a password is changed remotely.
• Added ability to handle AD hierarchies that contain cycles in their groups.
• Added several new webservice methods to support the new Secret Server iPhone application.
• Added a password migration tool for Password Corral (See the Tools page in Secret Server for more details).
• Added option to enable a Keep Alive thread so that the ASP.NET worker process never gets shut down.
• Added an audit record for when the launcher is used.

Bug fixes

• Fixed bug where inactivity timeout did not work correctly.
• Fixed bug that allowed users to delete folders containing Secrets when the "Require folder for Secret" option was turned on.
• Fixed bug where Windows Integrated Authentication through AD did not work for domains not hosting Secret Server.
• Fixed bug where some AD hierarchies that had root folders with no users in them could cause null reference exceptions.
• Fixed bug where JavaScript was not getting cleared from cache on upgrades.
• Fixed bug that allowed users to view folders and their audits without the appropriate permission setting.
• Fixed bug where a Secret could be created from an inactive Secret Template if the query string was entered.
• Fixed webservices to observe IP address restrictions.
• Fixed bug where inactive roles were being displayed on Admin Role Assignment pages.

6.1.000002

Main Focus: Minor updates to 6.1

Features and Enhancements

• Introduced the Failover Partner on Step 3 of the installer to support mirrored database environments.
• Added the use of the legacy Search / Browse functionality before 6.1 as a preference.
• Added an option to allow Browse to also include the subfolders.
• Added a Diagnostics page to assist troubleshooting Secret Server.

Bug fixes

• Fixed bug where certain operating system settings would prevent users from being able to create a Doublelock password.
• Fixed bug where the Launcher application did not start correctly.
• Fixed bug where URLs contained in email alerts did not contain the right link.
• Fixed link to a Knowledge Base article on the Backup Configuration page due to KB article restructuring.
• Fixed minor security issue where creating a user with a special sequence of characters would cause unexpected behavior.

6.1.000000

Main Focus: DoubleLock for sensitive Secrets and bug fixes

Features and Enhancements

• Implemented DoubleLock to provide an additional security layer for sensitive Secrets
• Enhanced performance for Active Directory authentication
• Separated the "Search" and "Browse" functions on the Home screen
• HTML now renders using “standards mode” (may affect user customized themes)

Bug Fixes

• Passwords generated for expired Secrets now meet domain credential requirements
• Fixed bug pertaining to an infinite redirect loop related to session expiration and password expiration
• Fixed bug where exception occurred on SecretGet webmethod when user has no permission to a particular secret
• Fixed bug with bulk operations where progress was not reported to the user
• Fixed bug where file attachments with spaces in their names didn't download properly
• Fixed bug where folder name appeared outside of the dialog when viewing a folder
• Fixed bug where multiple PIN codes were sometimes sent when using Windows Integrated Authentication
• Fixed bug to not allow Checkout to be enabled when Remote Password Changing is disabled
• Fixed broken Upgrade link in Firefox
• Fixed bug where users with permanent cookies disabled were always redirected to LogoutAnotherLocation screen
• Fixed bug to prevent users disabling Autochange on Secrets that require Checkout
• Fixed bug where IOException was occasionally thrown during installation due to file permissions
• Fixed bug in client-side JavaScript on installer
• Fixed bug that caused NullReferenceException when inactivating a Secret without the required role permission
• Fixed bug that occurred in user auditing when using an IPv6 address
• Fixed UI layout on the dependencies tab related to the explain link
• Fixed bug on Minimum Password Age validation when all fields are zero and checkbox is unchecked
• Fixed bug when unmasking passwords that have XML special characters

6.0.000001

Main Focus: Minor Updates to 6.0

Features and Enhancements

• Added support for encrypted connections to SQL Server.
• Changed installer to not overwrite customized configuration files in future releases.
• Extended password length to 127 characters on AD credential used for AD Synchronization.

Bug fixes

• Fixed bug where expired password and expired license caused redirects.
• Fixed bug where user with an expired local password could still use webservices.
• Improved stability of AD Synchronization capabilities.

6.0.000000

Main Focus: Remote Password Changing and user experience

Features and Enhancements

• Enhanced Remote Password Changing to allow setting a specific date and time schedule for changing service account passwords and their dependencies.
• Dependent Windows Services are now automatically restarted when a service account credential is changed.
• Added Remote Password Changing support for Oracle accounts.
• Users can now specify their preferred date/time format.
• Added new role permission to use the launcher feature without being able to view the password on the Secret.
• Added AJAX support to various features to enhance the user experience.
• Disabled the 'Search by Active Secrets' option for users without the 'View Inactive Secrets' permission.
• Improved performance of initial AD sync page load.
• Updated Russian Localization to support new features.

Bug fixes

• Fixed bug where content was not correctly displayed on the 'Expired Secret' report page.
• Fixed intermittent JavaScript error related to the scroll position on pages.

Compatibility:

• Secret Server 6.0 no longer supports Windows 2000 due to our upgrade to the Microsoft .NET Framework 3.5.

5.1.000001

Minor Updates to 5.1

• Changed link on Administration pages, from "Languages" to "Language Maintenance"
• BUG: Fixed issues with URL case sensitive localization causing mixed languages to be displayed.

5.1.000000

Main Focus: New email alerts and support for PuTTY

Features and Enhancements

• Added support for launching PuTTY for UNIX-based secrets
• Added ability to receive email alerts when secrets are viewed
• Added ability to receive email alerts when a dependency fails to update on an automatic password change
• Added new role permission for searching/viewing inactive secrets
• Changed folder creation/movement to only require edit permissions on the parent folder
• Added support for Remote Desktop launcher with Windows Integrated Authentication
• Added new bulk operations for deactivating and setting autochange on secrets
• All pages now maintain scroll position on postback
• Added a Languages page for Administrators to update and translate content to their language of choice
• Added an OK button to the top of the Folder picker
• Added additional folder management buttons to the top of the Folder Administration screen
• Added functionality to make Secret Server 64 bit compatible
• Searching on all fields no longer splits words up by periods

Bug fixes

• Fixed bug on Login where a minimum password age error was shown when creating a local user
• Fixed bug with Windows Service Dependency Changers when using Windows Accounts due to a missing prefix of the machine name
• Fixed bug related to unlimited setting on Remember Me
• Fixed null reference bug on Secret Audit when user does have “View Secret” role permission
• Fixed bug where an incorrect validation message was displayed when password history was set to 'all'

5.0.000002

Main Focus: Minor enhancements to 5.0

• Improved database indexes for search functionality.
• BUG: Fixed issue that intermittently occurred in older Secret Server instances when upgrading.
• BUG: Fixed to not send alerts when search indexing.
• BUG: Fixed Secret Template to not allow search indexing on file attachments.
• Fix: Cleaned up the CSS and layout on several pages.

5.0.00000

Main Focus:Changing Passwords for Scheduled Tasks and Service Accounts

Features and Enhancements:

• Enhanced Remote Password Changing to update dependent Scheduled Tasks, IIS AppPools and Windows Services.
• Added Checkout option to provide accountability for the use of a secret - the password gets changed automatically on checking.
• Enhanced search functionality to allow users to search by all fields.
• Implemented 'Change Password Remotely' feature to allow users to immediately change a password on a remote server.
• Added new default theme to enhance the readability of the UI.
• Export by folder now includes all child folders.
• Added the SecretID field to SSwebservices to provide integration for custom development.
• Administrators can now force local user password expiration.
• Added configurable minimum password age requirements for local user passwords.
• Added password history configuration options to prevent users from using past local user passwords.
• Webservices and Secret Assistant usage now creates view audit records.
• SSH Remote Password Changing now works for "root" accounts.
• Added ability to automatically delete excess database backups on the application server.

Bug fixes

• Fixed bug that occurred when trying to access the Administer Groups page with no active local groups.
• Fixed unlimited remember me bug with Secret Assistant.
• Fixed bug when trying to create a new secret from a Secret Template with no fields.
• Fixed bug where SSH remote password changing left open connections.
• Fixed bug where Secret Assistant would return inactive secrets.

4.3.000000

• Implemented SSH for password changing on Linux accounts.
• Fixed bug with Active Directory Synchronization when pulling users and groups from an organizational unit.
• Fixed issue with the 'next password' component of Remote Password Changing.

4.2.000000

Main Focus: Enhancing Folder Functionality and Security

Features and Enhancements:

• Added configuration option to allow Secrets to inherit folder permissions by default.
• Added configuration option so that a user must have view permission on a folder to see it.
• Users can now create and manage their own folders without them being visible to all users.
• User now requires Edit permission on a folder to be able to add secrets to it.
• Added a new 'Everyone' group to include each existing user for easier management and legacy folder permission support.
• Tightened folder restrictions to require share permission on a parent folder in order to add a child folder.
• Implemented audit records for when Groups are created, made inactive/active within Secret Server.
• Implemented audit records for when users and groups are created or made active/inactive from Active Directory.
• Renamed two Role Based Security permissions: Administer Roles is now Administer Role Permissions and Administer Group Roles is now Administer Role Assignment.
• Secret Types are now labeled as Secret Templates.
• Added an 'Evaluation Expiry' notice to alert users when their evaluation is about to expire.

Bugs:

• Fixed bug when users were made inactive when Secret Server could not connect to Active Directory.
• Fixed bug where Backup did not work properly if a database name contained certain characters.
• Fixed error that occurred on the AdminGroupByGroup page when no groups exist.
• Fixed error when trying to import folders with line breaks in a Secret field.
• Fixed issue with Password Type configuration not saving correctly in certain situations.

4.1.000000

Main Focus: Addressing Role Based Access Control

Features and Enhancements:

• Implemented Role Based Access Control (Role Based Security) to set granular, assignable permissions for users.
• Added the ability to launch Remote Desktop from a secret.
• Added the ability to import secrets by folder.
• Secrets can now be exported with a folder name.
• Added ‘Run Now’ button to the Remote Password Changing screen.
• Implemented a visual keyboard on the login screen to thwart keyloggers.
• Added the ability to create custom web.config files to override the default impersonation settings that will not be overwritten on upgrades.
• Added a dropdown on the results screen for users to define the amount of secrets to display.
• Created a Security Hardening Report that displays the security level of your system’s installation.
• Created the SecretTypeSetActive.aspx page for quickly setting the active status on Secret Types
• Improved the ‘Help’ documentation.
• Groups deleted from Active Directory will now be disabled.
• Improved performance by adding caching for theming.
• Specific passwords can be set on the Remote Password Changing - AutoChange feature.
• Added a preference for showing a full folder path on the home search grid.
• Implemented robot.txt file to stop search engines from indexing Secret Server installations.
• Folder creation and editing is now an assignable permission.
• Added a search textbox to the Users screen.
• All cookies are now HTTP only for additional security.
• Added ‘Save and Add New’ button SecretView.aspx.
• Increased the visual size of the notes field.

Bug Fixes:

• Fixed bug where an exception was thrown when invalid information was entered in the ‘minimum password length’ configuration option.
• Fixed bug where the folder picker modal did not work properly when Secret Server was viewed inside a frame.
• Fixed error where Secret Type export XML format was incorrect.
• Fixed bug where notification emails did not contain the full URL for the installation.
• Fixed bug where Integrated Authentication was not setting last login.
• Fixed bug where permission checkboxes were being displayed when the secret was set to inherit permissions from folder.
• Fixed bug where duplicate users appeared in the Active Directory synchronization preview.

4.0.000003

Main Focus: Improving permission inheritance and bug fixes.

Features and Enhancements:

• Bulk operations now supports enabling folder inheritance on a secret.
• Deleted Synchronized Active Directory groups are now disabled within Secret Server.
• Added support for automatic backups on servers at different locations.

Bug Fixes:

• Fixed bug when editing folder permissions that include a disabled user.
• Fixed padding error for secret item history for very large values on secrets.
• Fixed bug in Remote Password Changing due to new column for inherited permissions.
• Fixed broken "unmask password" image on 'Secret Edit' page.
• Fixed 'Remember Me' bug due to .NET 2.0 migration.
• Fixed 'Close' image on dialog.
• Fixed paging problem on AdminExport grid.
• Fixed bug where expiration date did not decrease on old secrets.