立即与支持人员聊天
与支持团队交流

KACE Privilege Manager for Windows 4.4 - Release Notes

Release Notes

KACE Privilege Manager for Windows 4.4

Release Notes

May 2020

These release notes provide information about the KACE Privilege Manager for Windows release.

Topics:

About this release

Giving users administrator rights creates security risks but must be weighed against constant help desk calls for basic operations like updating Adobe Reader, Java, or simply changing the time zone on desktops.

Privilege Manager lets you grant selected privileges to users so they can update their own computers, reducing help desk calls while maintaining a secure network. By automating user privilege settings, Privilege Manager keeps users working; this enables you to focus on higher priority tasks, for exceptional resource and time savings.

As a system administrator, you can use Privilege Manager to elevate and manage user rights quickly and precisely with validation logic targeting technology. This provides administrators the ability to create rules that allow administrator-level access to specific applications for specifics users. You can also enable your end users to request elevated privileges for specific applications through Self-Service and Instant Elevation.

  • Privilege Manager for Windows 4.4 is a minor release, with new enhancements and resolved issues. See Enhancements and Resolved issues.

IMPORTANT: Customers upgrading from previous versions of Privilege Manager, such as 3.x and earlier, are required to obtain a new license file. Please refer to the Product licensing section of this document for additional information.

 

IMPORTANT: The security status of the installation file can become "blocked" after download, inhibiting the ability of the product to be properly installed. Please see KB 262298 for information on detecting and resolving this issue.

Enhancements

The following is a list of enhancements implemented in Privilege Manager for Windows 4.4.

 

Table 1: Console enhancements

Enhancement

Issue ID
Added support for Privilege Manager Console to target existing MS SQL Server 2019 for database. 932
Added support to install Privilege Manager on MS Windows Server 2019. 930

Table 2: Client enhancement

Enhancement

Issue ID
Added support to manage Windows Server 2019 as a Privilege Manager Client. 931

Resolved Issues

The following is a list of issues addressed in this release.

Table 3: Console resolved issue

Resolved Issue Issue ID
Fixed issue with Privilege Manager Console unnecessarily downloading Remote Server Administration Tools(RSAT). 911

 

Table 4: Client resolved issues

Resolved Issue Issue ID
Aplication filters for Executable Name and Publisher were not working in all cases for Self-Service. 954
Process caching was working incorrectly on Instant Elevation and Self-Service functions. 950
Fixed issue with process caching to improve performance. 935

Fixed performance issue by disabling Client logging by default.

913
Privilege Manager Client was incorrectly displaying the Elevated processes will be terminated message when setting was not selected. 608

 

Known Issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 5: General known issues

Known Issue Issue ID
Some log files are still being created and maintained on the system drive even when Privilege Manager has been installed to a non-system drive. 618
Some duplicate records exist in the database and could be optimized. 624
No ability to perform a database cleanup of the records stored in the Privilege Manager database. 623

With Data Collection enabled, possible startup delay on Windows 10 workstations (stuck at "please wait.." for an extended period of time) if the workstation is unable to resolve the DNS name of the currently configured Data Collection server.

Workaround: Replace the configured Data Collection server name with the IP address for the Data Collection server.

790

“Error 1920” encountered during a PM Client installation repair (initiated from Add/Remove Programs), if the PM Client was manually installed.

Workaround: Instead of performing a repair, the Client can be manually uninstalled then re-installed.

721
CSEHostEngine.log grows quickly. 824
PM Client icon occasionally shows wrong wording when Windows Display Language is non-English. 904

 

Table 6: Installation and Upgrade known issues

Known Issue Issue ID
Privilege Manager may fail to install SQL Express correctly if the Privilege Manager Reporting setup reboots after the installation of Windows Installer v 4.5. 586

Occasionally, SQL Server 2008 Express may fail to install.

Workaround: Use a remote database or try to install SQL Server 2008 Express on your own. If you call Tech Support, please provide the SQL Server 2008 Express install logs (found at %ProgramFiles%\Microsoft SQL Server\100\Setup Bootstrap\Log). We'll try to solve the problem.

658

There is a problem sending data from clients to the database installed with the Privilege Manager Console if there is an older Privilege Authority or Privilege Manager Client running on the network.

Workaround: Ensure that the Client Data Collection Settings in the Advanced Policy Settings for the relevant GPO are enabled and that the Privilege Manager Server information is correct. Also, make sure that the Privilege Authority clients are upgraded to the current version.

1568
Some files might still be present after the Console or Client are uninstalled. 1837
Installing the Client on Windows 8.1 and Windows Server 2012 R2 operating systems using the Client Deployment Settings Wizard might take longer than installing the Client on previous versions of Windows. 1939

After uninstalling the Privilege Manager Console from a computer that also has the Privilege Manager Client installed, the Start menu shortcut to the Privilege Manager for Windows User Guide will fail to open the guide and instead prompt the user for the location of the PAClient.msi file.

Workaround: Either uninstall and the re-install the Privilege Manager Client, or re-install the Privilege Manager Console.

1960
Applying a pro license to an installation with an expired trial license can cause the loss of previously saved policies. 535
Server Upgrade from 2.5 - problem in msi upgrade from v2.5 (service being unregistered). 1615

Rules in GPOs do not work after an upgrade from v 2.0.x.

Workaround: To make your rules work after an upgrade, re-save them. Or force Gpupdate on your Client.

653

 

Table 7: Licensing known issues

Known Issue Issue ID
Applying a Professional license fails to prevent a rule with an expiration date from expiring. Workaround: After you apply the license, open a rule that is going to expire, make your changes, and save it. 932

 

Table 8: Server known issues

Known Issue Issue ID

Sometimes when configuring the reporting feature, the connection to the web service fails on the last step of the wizard.

Workaround: Try again (click the Previous and Next buttons).

834

If you select a remote Privilege Manager Server on a computer with a firewall enabled, you may encounter a "Database Connection" error when using the Reporting or Discovery and Remediation functions.

Workaround: Add the following firewall exceptions to the remote Privilege Manager Server:

  • SQL Server Browser Service: %ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlbrowser.exe
  • SQL Server<ServerName>: %ProgramFiles%\Microsoft SQL Server\MSSQL10.PAREPORTING\MSSQL\Binn\sqlservr.exe
1105

Clients using SQL Server 2012 for their Privilege Manager database may fail to send their data.

Workaround: Reinstall the server using the Privilege Manager Server Configuration Wizard.

1655

If Windows Firewall is configured to deny connections (the “Don’t allow exceptions” and “Block all connections” options are chosen in all other operating systems), Privilege Manager does not automatically override the settings when configuring firewall exceptions during Privilege Manager Server setup.

Workaround: Add an exception to the firewall manually for %ProgramFiles(x86)%\Quest\Privilege Authority\Console\Data Collection Service\PADataCollectionWinSvc.exe.

1657

While using the Privilege Manager Server Setup wizard to download and install SQL Server Express on Windows 8.1, the user might receive a message that the computer needs to be rebooted.

Workaround: Reboot the computer and then restart the Privilege Manager Server Setup wizard to complete the Server setup.

1949
If the administrator is prompted to reboot the computer after installing a pre-requisite while using the Privilege Manager Server Setup wizard, once the computer is rebooted and setup wizard continues, the administrator will need to press the “Back” button to re-enter any of the “Server Email Notification Configuration” settings that they might have entered prior to the reboot. 1980
If the administrator is changing the selected Privilege Manager Server that the Console points to by setting up a Privilege Manager Server on the local computer, once the wizard and Privilege Manager Server Configuration is closed, the administrator might need to re-open that dialog and make sure the newly configured Privilege Manager Server is the currently selected server if the reporting screens still appear to be pulling data from the previously selected server. 1981

 

Table 9: Self-service Elevation known issues

Known Issue Issue ID

The Self-Service Elevation Request Prompt does not display for a MSI Windows Installer file.

Workaround: Launch the Self-Service Elevation Request Form via the Elevate! button. You must configure the corresponding Self-Service Elevation Request settings.

1311
The Adobe Flash Player ActiveX control does not trigger the Self-Service Elevation Request Prompt. 1555
Some processes do not trigger the Self-Service Elevation Request Prompt even though they trigger User Account Control (UAC). 1674
On Windows 8.1 and Windows Server 2012 R2, if your client is running on a system with UAC turned off, when you right-click the Privilege Manager icon in the Windows system tray and select the "View status of advanced features" dialog, the Self-Service Elevation Request and Self-Service Elevation Request (ActiveX installations) should display as "N/A" (Not Applicable) but will incorrectly display a status of "Enabled." 1865

When using Internet Explorer (IE) 11, ActiveX discovery and Self-Service requests are not sent to the server.

Workaround: Follow these steps on the client computer:

  1. Enable the GPE ActiveX Installer inside the IE plugin screen because by default IE 11 requires the user to enable or disable any newly loaded IE toolbar extension.
  2. Uncheck the Enable Enhanced Protected Mode check box on the Advanced tab, under Security, of the Internet Options dialog.

Both of these steps can also be completed from the server using Microsoft Group Policy Object settings.

1868

 

Table 10: Rules known issues

Known Issue Issue ID

A login failure occurs when connecting to the database and web service if you are using a SQL Server from an untrusted domain.

Workaround: Use the database server on the same trusted domain network environment.

698

When configuring reporting to use an existing SQL Server, in the Configure Database and Services step to install prerequisites, create a database, and start the service, the user is brought to an incorrect wizard step when clicking Previous.

Workaround: Click Next to go to the step on the wizard to Select an Existing SQL Server.

832

Sometimes changing settings on the Advanced Policy Settings tab of a Group Policy Settings page results in the "Network path was not found" error once you save the changes to the GPO.

Workaround:

  • Restart the Privilege Manager Console.
  • Check that the changes you made on the Advanced Policy Settings tab of the Group Policy Settings page have been saved. If not, re-apply your changes and save the GPO.
1671

If a process is running from a Universal Naming Convention (UNC) or mapped drive, a rule which specifies the file version, file hash, product code or publisher might fail to match it because the security permissions set on the network resource prevent the account of the computer that the client is running on from accessing it.

Workaround: Edit the rule and check the check box for "User’s context will be used to resolve system and resource access." This check box instructs the client to access the network resource under the security context of the user running the process.

1677
No feedback message displayed when a user is denied execution access due to a Blacklist setting 124
Attempting to edit a rule might display the message "Could not find the type of the file security" if the product was just upgraded from Privilege Authority v2.7 or older. 1859

The Rule Type filter on the Instant Elevation Report mistakenly contains Privilege Authority v 2.7-related values. An Instant Elevation Report generated based on these values contain no data.

Workaround: Use only file, ActiveX, Windows Installer, and script file filters.

1743

 

Table 11: Reporting known issues

Known Issue Issue ID

Under complex conditions, you may see this error in the Privilege Manager Console log (PAConsole_Log.txt) that results in a reporting configuration failure: "System.Data.SqlClient.SqlException: Cannot create file 'c:\Program Files\Microsoft SQL Server\MSSQL10.PAREPORTING\MSSQL\DATA\PAReporting.mdf' because it already exists. Change the file path or the file name, and retry the operation." The same error may display for the PAReporting_log.ldf file.

Workaround: Manually remove the files to proceed with the web service configuration

665

The Elevation Activity Report does not display correctly when exported to an RTF file.

Workaround: Export to other file formats.

728
The Console report shows the event time according to the current local time zone. 948
Some reports exported in Excel contain columns that do not display on the generated report page in the Privilege Manager Console. 1738

Resultant Set of Policy (RSoP) output is empty or blank.

Workaround: If the client is installed on your computer and RSoP is failing, follow these steps:

  1. Install .NET 3.5 Service Pack 1 (SP1).
  2. Install GPMC, which is part of the Remote Server Administration Tools for Windows 8.1.
  3. Open a command prompt and change the directory to where the client files are installed, such as the following on an x64 computer: C:\Program Files (x86)\Common Files\Quest\Privilege Manager\Client
  4. Run the following command: "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\regasm.exe" "PrivilegeManager.Reporters.dll" /tlb /nologo /codebase"

RSoP should now work for Privilege Manager.

1881

 

Table 12: Privileged Application Discovery known issues

Known Issue Issue ID
When using the Privileged Application Discovery rules generation wizard, if the administrator “groups” the results on the “review” panel for a particular displayed column header, an exception error dialog will be presented if the administrator then attempts to view the details of one of the grouped rules. 1967
   
自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级