Release Notes
May 2020
These release notes provide information about the KACE Privilege Manager for Windows release.
Topics:
Giving users administrator rights creates security risks but must be weighed against constant help desk calls for basic operations like updating Adobe Reader, Java, or simply changing the time zone on desktops.
Privilege Manager lets you grant selected privileges to users so they can update their own computers, reducing help desk calls while maintaining a secure network. By automating user privilege settings, Privilege Manager keeps users working; this enables you to focus on higher priority tasks, for exceptional resource and time savings.
As a system administrator, you can use Privilege Manager to elevate and manage user rights quickly and precisely with validation logic targeting technology. This provides administrators the ability to create rules that allow administrator-level access to specific applications for specifics users. You can also enable your end users to request elevated privileges for specific applications through Self-Service and Instant Elevation.
|
IMPORTANT: Customers upgrading from previous versions of Privilege Manager, such as 3.x and earlier, are required to obtain a new license file. Please refer to the Product licensing section of this document for additional information. |
|
IMPORTANT: The security status of the installation file can become "blocked" after download, inhibiting the ability of the product to be properly installed. Please see KB 262298 for information on detecting and resolving this issue. |
The following is a list of enhancements implemented in Privilege Manager for Windows 4.4.
Table 1: Console enhancements
Enhancement |
Issue ID |
---|---|
Added support for Privilege Manager Console to target existing MS SQL Server 2019 for database. | 932 |
Added support to install Privilege Manager on MS Windows Server 2019. | 930 |
Table 2: Client enhancement
Enhancement |
Issue ID |
---|---|
Added support to manage Windows Server 2019 as a Privilege Manager Client. | 931 |
The following is a list of issues addressed in this release.
Table 3: Console resolved issue
Resolved Issue | Issue ID |
---|---|
Fixed issue with Privilege Manager Console unnecessarily downloading Remote Server Administration Tools(RSAT). | 911 |
Table 4: Client resolved issues
Resolved Issue | Issue ID |
---|---|
Aplication filters for Executable Name and Publisher were not working in all cases for Self-Service. | 954 |
Process caching was working incorrectly on Instant Elevation and Self-Service functions. | 950 |
Fixed issue with process caching to improve performance. | 935 |
Fixed performance issue by disabling Client logging by default. |
913 |
Privilege Manager Client was incorrectly displaying the Elevated processes will be terminated message when setting was not selected. | 608 |
The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.
Table 5: General known issues
Known Issue | Issue ID |
---|---|
Some log files are still being created and maintained on the system drive even when Privilege Manager has been installed to a non-system drive. | 618 |
Some duplicate records exist in the database and could be optimized. | 624 |
No ability to perform a database cleanup of the records stored in the Privilege Manager database. | 623 |
With Data Collection enabled, possible startup delay on Windows 10 workstations (stuck at "please wait.." for an extended period of time) if the workstation is unable to resolve the DNS name of the currently configured Data Collection server. Workaround: Replace the configured Data Collection server name with the IP address for the Data Collection server. |
790 |
“Error 1920” encountered during a PM Client installation repair (initiated from Add/Remove Programs), if the PM Client was manually installed. Workaround: Instead of performing a repair, the Client can be manually uninstalled then re-installed. |
721 |
CSEHostEngine.log grows quickly. | 824 |
PM Client icon occasionally shows wrong wording when Windows Display Language is non-English. | 904 |
Table 6: Installation and Upgrade known issues
Known Issue | Issue ID |
---|---|
Privilege Manager may fail to install SQL Express correctly if the Privilege Manager Reporting setup reboots after the installation of Windows Installer v 4.5. | 586 |
Occasionally, SQL Server 2008 Express may fail to install. Workaround: Use a remote database or try to install SQL Server 2008 Express on your own. If you call Tech Support, please provide the SQL Server 2008 Express install logs (found at %ProgramFiles%\Microsoft SQL Server\100\Setup Bootstrap\Log). We'll try to solve the problem. |
658 |
There is a problem sending data from clients to the database installed with the Privilege Manager Console if there is an older Privilege Authority or Privilege Manager Client running on the network. Workaround: Ensure that the Client Data Collection Settings in the Advanced Policy Settings for the relevant GPO are enabled and that the Privilege Manager Server information is correct. Also, make sure that the Privilege Authority clients are upgraded to the current version. |
1568 |
Some files might still be present after the Console or Client are uninstalled. | 1837 |
Installing the Client on Windows 8.1 and Windows Server 2012 R2 operating systems using the Client Deployment Settings Wizard might take longer than installing the Client on previous versions of Windows. | 1939 |
After uninstalling the Privilege Manager Console from a computer that also has the Privilege Manager Client installed, the Start menu shortcut to the Privilege Manager for Windows User Guide will fail to open the guide and instead prompt the user for the location of the PAClient.msi file. Workaround: Either uninstall and the re-install the Privilege Manager Client, or re-install the Privilege Manager Console. |
1960 |
Applying a pro license to an installation with an expired trial license can cause the loss of previously saved policies. | 535 |
Server Upgrade from 2.5 - problem in msi upgrade from v2.5 (service being unregistered). | 1615 |
Rules in GPOs do not work after an upgrade from v 2.0.x. Workaround: To make your rules work after an upgrade, re-save them. Or force Gpupdate on your Client. |
653 |
Table 7: Licensing known issues
Known Issue | Issue ID |
---|---|
Applying a Professional license fails to prevent a rule with an expiration date from expiring. Workaround: After you apply the license, open a rule that is going to expire, make your changes, and save it. | 932 |
Table 8: Server known issues
Known Issue | Issue ID |
---|---|
Sometimes when configuring the reporting feature, the connection to the web service fails on the last step of the wizard. Workaround: Try again (click the Previous and Next buttons). |
834 |
If you select a remote Privilege Manager Server on a computer with a firewall enabled, you may encounter a "Database Connection" error when using the Reporting or Discovery and Remediation functions. Workaround: Add the following firewall exceptions to the remote Privilege Manager Server:
|
1105 |
Clients using SQL Server 2012 for their Privilege Manager database may fail to send their data. Workaround: Reinstall the server using the Privilege Manager Server Configuration Wizard. |
1655 |
If Windows Firewall is configured to deny connections (the “Don’t allow exceptions” and “Block all connections” options are chosen in all other operating systems), Privilege Manager does not automatically override the settings when configuring firewall exceptions during Privilege Manager Server setup. Workaround: Add an exception to the firewall manually for %ProgramFiles(x86)%\Quest\Privilege Authority\Console\Data Collection Service\PADataCollectionWinSvc.exe. |
1657 |
While using the Privilege Manager Server Setup wizard to download and install SQL Server Express on Windows 8.1, the user might receive a message that the computer needs to be rebooted. Workaround: Reboot the computer and then restart the Privilege Manager Server Setup wizard to complete the Server setup. |
1949 |
If the administrator is prompted to reboot the computer after installing a pre-requisite while using the Privilege Manager Server Setup wizard, once the computer is rebooted and setup wizard continues, the administrator will need to press the “Back” button to re-enter any of the “Server Email Notification Configuration” settings that they might have entered prior to the reboot. | 1980 |
If the administrator is changing the selected Privilege Manager Server that the Console points to by setting up a Privilege Manager Server on the local computer, once the wizard and Privilege Manager Server Configuration is closed, the administrator might need to re-open that dialog and make sure the newly configured Privilege Manager Server is the currently selected server if the reporting screens still appear to be pulling data from the previously selected server. | 1981 |
Table 9: Self-service Elevation known issues
Known Issue | Issue ID |
---|---|
The Self-Service Elevation Request Prompt does not display for a MSI Windows Installer file. Workaround: Launch the Self-Service Elevation Request Form via the Elevate! button. You must configure the corresponding Self-Service Elevation Request settings. |
1311 |
The Adobe Flash Player ActiveX control does not trigger the Self-Service Elevation Request Prompt. | 1555 |
Some processes do not trigger the Self-Service Elevation Request Prompt even though they trigger User Account Control (UAC). | 1674 |
On Windows 8.1 and Windows Server 2012 R2, if your client is running on a system with UAC turned off, when you right-click the Privilege Manager icon in the Windows system tray and select the "View status of advanced features" dialog, the Self-Service Elevation Request and Self-Service Elevation Request (ActiveX installations) should display as "N/A" (Not Applicable) but will incorrectly display a status of "Enabled." | 1865 |
When using Internet Explorer (IE) 11, ActiveX discovery and Self-Service requests are not sent to the server. Workaround: Follow these steps on the client computer:
Both of these steps can also be completed from the server using Microsoft Group Policy Object settings. |
1868 |
Table 10: Rules known issues
Known Issue | Issue ID |
---|---|
A login failure occurs when connecting to the database and web service if you are using a SQL Server from an untrusted domain. Workaround: Use the database server on the same trusted domain network environment. |
698 |
When configuring reporting to use an existing SQL Server, in the Configure Database and Services step to install prerequisites, create a database, and start the service, the user is brought to an incorrect wizard step when clicking Previous. Workaround: Click Next to go to the step on the wizard to Select an Existing SQL Server. |
832 |
Sometimes changing settings on the Advanced Policy Settings tab of a Group Policy Settings page results in the "Network path was not found" error once you save the changes to the GPO. Workaround:
|
1671 |
If a process is running from a Universal Naming Convention (UNC) or mapped drive, a rule which specifies the file version, file hash, product code or publisher might fail to match it because the security permissions set on the network resource prevent the account of the computer that the client is running on from accessing it. Workaround: Edit the rule and check the check box for "User’s context will be used to resolve system and resource access." This check box instructs the client to access the network resource under the security context of the user running the process. |
1677 |
No feedback message displayed when a user is denied execution access due to a Blacklist setting | 124 |
Attempting to edit a rule might display the message "Could not find the type of the file security" if the product was just upgraded from Privilege Authority v2.7 or older. | 1859 |
The Rule Type filter on the Instant Elevation Report mistakenly contains Privilege Authority v 2.7-related values. An Instant Elevation Report generated based on these values contain no data. Workaround: Use only file, ActiveX, Windows Installer, and script file filters. |
1743 |
Table 11: Reporting known issues
Known Issue | Issue ID |
---|---|
Under complex conditions, you may see this error in the Privilege Manager Console log (PAConsole_Log.txt) that results in a reporting configuration failure: "System.Data.SqlClient.SqlException: Cannot create file 'c:\Program Files\Microsoft SQL Server\MSSQL10.PAREPORTING\MSSQL\DATA\PAReporting.mdf' because it already exists. Change the file path or the file name, and retry the operation." The same error may display for the PAReporting_log.ldf file. Workaround: Manually remove the files to proceed with the web service configuration |
665 |
The Elevation Activity Report does not display correctly when exported to an RTF file. Workaround: Export to other file formats. |
728 |
The Console report shows the event time according to the current local time zone. | 948 |
Some reports exported in Excel contain columns that do not display on the generated report page in the Privilege Manager Console. | 1738 |
Resultant Set of Policy (RSoP) output is empty or blank. Workaround: If the client is installed on your computer and RSoP is failing, follow these steps:
RSoP should now work for Privilege Manager. |
1881 |
Table 12: Privileged Application Discovery known issues
Known Issue | Issue ID |
---|---|
When using the Privileged Application Discovery rules generation wizard, if the administrator “groups” the results on the “review” panel for a particular displayed column header, an exception error dialog will be presented if the administrator then attempts to view the details of one of the grouped rules. | 1967 |
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center