Chat now with support
Chat with Support

Safeguard Privilege Manager for Windows 4.7.1 - Release Notes

Safeguard Privilege Manager for Windows

Safeguard Privilege Manager for Windows

Release Notes

Version 4.7.1

26 September 2024, 13:48

These release notes provide information about the Safeguard Privilege Manager for Windows release. For the most recent documents and product information, see Online product documentation.

About this release

Safeguard Privilege Manager for Windows 4.7.1 is a patch release with security improvements.

NOTE: Customers upgrading from previous versions of Safeguard Privilege Manager for Windows (such as 3.x and earlier) are required to obtain a new license file. For additional information, see Product licensing.

NOTE: The security status of the installation file can become "blocked" after download, inhibiting the ability of the product to be properly installed. For information on detecting and resolving this issue, see KB4268094.

Resolved issues

The following is a list of issues addressed in this release.

Table 1: General resolved issues
Resolved Issue Issue ID
General security improvements. 465206

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 2: General known issues
Known Issue Issue ID

Some log files are still being created and maintained on the system drive even when Safeguard Privilege Manager for Windows has been installed to a non-system drive.

618

Some duplicate records exist in the database and could be optimized.

624

Error 1920 encountered during a PM Client installation repair (initiated from Add/Remove Programs), if the PM Client was manually installed.

Workaround: Instead of performing a repair, manually uninstall, then reinstall the Client.

721

CSEHostEngine.log grows quickly.

824

Table 3: Installation and Upgrade known issues
Known Issue Issue ID

There is an issue with sending data from clients to the database installed with the Safeguard Privilege Manager for Windows Console if there is an older Privilege Authority or Safeguard Privilege Manager for Windows Client running on the network.

Workaround: Ensure the following:

  • The Client Data Collection Settings in the Advanced Policy Settings for the relevant Group Policy Object (GPO) are enabled.

  • The Safeguard Privilege Manager for Windows Server information is correct.

  • The Privilege Authority clients are upgraded to the current version.

1568

Some files may still exist on your computer even after the Console or Client are uninstalled.

1837

After uninstalling the Safeguard Privilege Manager for Windows Console from a computer that also has the Safeguard Privilege Manager for Windows Client installed, the Start menu shortcut to the Safeguard Privilege Manager for Windows User Guide will fail to open the guide. Instead, the shortcut prompts the user for the location of the PAClient.msi file.

Workaround: Uninstall and re-install the Client. Alternatively, reinstall the Console.

1960

Table 4: Licensing known issues
Known Issue Issue ID

Applying a Professional license fails to prevent a rule with an expiration date from expiring.

Workaround: After you apply the license, open a rule that is going to expire, make your changes, and save the rule.

932

Applying a Professional license to an installation with an expired trial license can result in the loss of previously saved policies.

535

Table 5: Server known issues
Known Issue Issue ID

Sometimes when configuring the reporting feature, the connection to the web service fails on the last step of the wizard.

Workaround

Try again by clicking Previous, then Next again.

834

If you select a remote Safeguard Privilege Manager for Windows Server on a computer with a firewall enabled, you may encounter a Database Connection error when using the Reporting or Discovery and Remediation functions.

Workaround: Add the following firewall exceptions to the remote Safeguard Privilege Manager for Windows Server:

  • SQL Server Browser Service:

    %ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlbrowser.exe
  • SQL Server <ServerName>: %ProgramFiles%\Microsoft SQL Server\MSSQL10.PAREPORTING\MSSQL\Binn\sqlservr.exe

1105

If Windows Firewall is configured to deny connections (the Don’t allow exceptions and Block all connections options are chosen in all other operating systems), Safeguard Privilege Manager for Windows does not automatically override the settings when configuring firewall exceptions during the Safeguard Privilege Manager for Windows Server setup.

Workaround: Add an exception to the firewall manually for %ProgramFiles(x86)%\One Identity\Safeguard Privilege Manager for Windows\Console\Data Collection Service\PADataCollectionWinSvc.exe.

1657

If the administrator is prompted to reboot the computer after installing a prerequisite while using the Privilege Manager Server Setup wizard:

Once the computer is rebooted and setup wizard continues, the administrator must click the Back button to reenter any of the Server Email Notification Configuration settings they entered prior to the reboot.

1980

If the administrator is changing the selected Safeguard Privilege Manager for Windows Server that the Console points to by setting up a Server on the local computer:

After the wizard and Safeguard Privilege Manager for Windows Server Configuration are closed, the administrator may have to reopen the dialog. If the reporting screens still appear to be pulling data from the previously selected server, the administrator has to make sure the newly configured Safeguard Privilege Manager for Windows Server is the currently selected server.

1981

Table 6: Self-Service Elevation known issues
Known Issue Issue ID

The Self-Service Elevation Request Prompt does not appear for an MSI Windows installer file.

Workaround: Launch the Self-Service Elevation Request Form via the Elevate! button. You must configure the corresponding Self-Service Elevation Request settings.

1311

Some processes do not trigger the Self-Service Elevation Request Prompt even though they trigger User Account Control (UAC).

1674

On Windows Server 2012 R2, if your client is running on a system with UAC turned off:

When you right-click the Safeguard Privilege Manager for Windows icon in the Windows system tray and select the View status of advanced features dialog, the Self-Service Elevation Request and Self-Service Elevation Request (ActiveX installations) options should display as N/A (Not Applicable). Instead, it will incorrectly display an Enabled status.

1865

Table 7: Rules known issues
Known Issue Issue ID

A login failure occurs when connecting to the database and web service if you are using a SQL Server from an untrusted domain.

Workaround: Use the database server on the same trusted domain network environment.

698

When configuring reporting to use an existing SQL Server, clicking Previous in the Configure Database and Services step navigates you to an incorrect wizard step.

Workaround

To navigate to the Select an Existing SQL Server step, click Next.

832

Sometimes changing settings on the Advanced Policy Settings tab of a Group Policy Settings page results in the Network path was not found error once you save the changes to the Group Policy Object (GPO).

Workarounds:

  • Restart the Safeguard Privilege Manager for Windows Console.

  • Check that the changes you made on the Advanced Policy Settings tab of the Group Policy Settings page have been saved. If not, re-apply your changes and save the GPO.

1671

Currently, Safeguard Privilege Manager for Windows displays no feedback message when a user is denied run privileges due to a Blacklist setting.

124

Table 8: Reporting known issues
Known Issue Issue ID

The Elevation Activity Report does not display correctly when exported to an .rtf file.

Workaround: Export your Elevation Activity Reports to different file formats.

728

The Console report shows the event time according to the current local time zone. 948

Some reports exported in Excel contain columns that do not display on the generated report page in the Safeguard Privilege Manager for Windows Console.

1738

Resultant Set of Policy (RSoP) output is empty or blank.

For a workaround if the client is installed on your computer and RSoP is failing

  1. Install .NET 3.5 Service Pack 1 (SP1).

  2. Install GPMC, which is part of the Remote Server Administration Tools.

  3. Open a command prompt and change the directory to where the client files are installed, such as the following on an x64 computer: C:\Program Files (x86)\Common Files\One Identity\Safeguard Privilege Manager for Windows\Client

  4. Run the following command: %WINDIR%\Microsoft.NET\Framework\v2.0.50727\regasm.exe" "PrivilegeManager.Reporters.dll" /tlb /nologo /codebase

    RSoP should now work for Safeguard Privilege Manager for Windows.

1881

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating