Quest® Password Manager
version 4.6.0

Release Notes

December 7, 2009

Contents

Welcome to Quest Password Manager
What's New
Resolved Issues and Enhancements
Known Issues
System Requirements
Global Operations
Getting Started
For More Information

Welcome to Quest Password Manager

Quest Password Manager provides users and help desk support with the ability to easily and securely manage their passwords, thus eliminating the need for assistance from high-level administrators and reducing help desk workload.

Back to Top

What's New

The following new features have been included into Quest Password Manager version 4.6.0:

  • Support for Windows Server 2008 R2 - Password Manager can now be installed and used on computers running Windows Server 2008 R2.
  • Support for Microsoft SQL Server 2008 and SQL Server 2008 Reporting Services - Password Manager uses Microsoft SQL Server to allow administrators to capture and store the application activity information in a SQL Server 2008 database and build application usage reports using SQL Server 2008 Reporting Services.
  • Support for the Windows 7 Logon Architecture - The self-service functionality of Password Manager now is available from the Windows 7 logon screen.
  • Support for Windows Internet Explorer 8.0 browser - Password Manager allows users, administrators, and helpdesk operators  to access the Password Manager sites using the Windows Internet Explorer 8.0 browser.
  • CAPTCHA Image to Prevent Bot Attacks - Now administrators can have the Self-Service site display a picture with characters and require the user to enter the characters on the picture to prevent automated attacks.
  • HelpDesk Site Integration into ActiveRoles Server Web Interface - You can easily and seamlessly integrate the HelpDesk site of Password Manager into the ActiveRoles Server Web Interface thus providing your helpdesk operators with the ability to comfortably verify user identity, reset or change user passwords, assign passcodes for users, unlock user accounts, and manager user Questions and Answers profiles without leaving the familiar user interface.
  • Extended Integration with Quest Defender - Administrators can configure Password Manager to be used with Defender for authenticating users not only when they reset their passwords or unlock their accounts, but also when they change their passwords and manage Questions & Answers profiles.
  • Granular Password Age Policies - With the Password Manager 4.6.0, you can configure different password age policies for different user groups.
  • Integration with Quest Quick Connect - Quest Password Manager is capable of integrating with Quick Connect to leverage its functionality and enable users, helpdesk operators, and administrators to more efficiently manage passwords across multiple data sources in the enterprise.

Back to Top

Resolved Issues and Enhancements
 

This section provides a list of issues that were resolved in Password Manager 4.6.0 (as compared to version 4.5.1). Each item in the list includes a unique ID (TFS number) and a brief description of the problem.

TF00058141
Fixed: You may not be able to add a group to the list on the “Policy Scope” tab on the policy settings page of the Administration site, when Password Manager is installed on a server running 64-bit version of Microsoft Windows.

TF00063357
Fixed: If you leave the “Search for” field empty on the “Add Policy Scope” page of the Administration site and click “Find Now”, Password Manager may not return the list of all possible objects as expected.

TF00063592
Fixed: If you attempt to create a new native Windows 2008 password policy containing the slash sign (/) in its name on the “Create New Native Windows 2008 Password Policy” page of the Administration site, Password Manager would not return an error as expected, but nonetheless would fail to create the policy.

TF00064743
Fixed: The users may receive the invitation notification requiring the users to register with Password Manager in English instead of local language as expected.

TF00069660
Fixed: After selecting Chinese (Traditional) as the preferred user interface language on Self-Service site, users may still receive e-mail notifications in English.

TF00069672
Fixed: The Self-Service site may display placeholder macros, for instance the "$(PropList)" text, instead of a property list.

TF00069810
Fixed: When attempting to install the 32-bit version of Password Manager on the computer running a 64-bit Windows 2008, you may receive the following error message: “Microsoft Internet Information Server 5.0 or later required.”

TF00081467
Fixed: When opening Self-Service site by clicking a button added by Password Manager on the Windows logon screen on a computer on which Microsoft Windows Multilingual User Interface (MUI) Pack with a default language other then English is installed, the Self-Service site may be displayed in English instead of the local language.

TF00092791
Fixed: Secure Password Extension may display a script error window, which can be exploited by an attacker to take control of the system without logging on to the system.

TF00097381
Fixed: A vulnerability in Secure Password Extension could allow a user to browse local hard drive and to modify, rename or execute the files on the local drive without logging on to the system.

TF00097763
Enhancement: Secure Password Extension may not allow users to log into the computer, if the "Enforce user registration" option is enabled and no Password Manager server is available or registration state cannot be obtained.

TF00100586
Fixed: When attempting to reset password in an environment with Password Manager server configured to support only IPv6, users may receive the 80040310 error.

TF00108454
Fixed: Intermittently, users may experience disruptions in receiving of e-mail notifications, despite the administrator configured Password Manager to send such notifications every day.

TF00109555
Fixed: When you extract the Password Manager files from the distribution package to your local disk, and then run the Setup program to install Password Manager, you may encounter the following problem: Setup is unable to continue. This problem occurs if the local path to the extracted files is longer than 259 characters.

TF00109560
Fixed: When using the prm_gina.adm Administrative Template to specify custom labels for Secure Password Extension buttons (such as the "Manage My Password," "Forgot My Password," or "Usage Policy" button), you may encounter the following problem: Your custom labels do not fit on the buttons.

Back to Top

Known Issues

This section provides a list of the currently known issues that customers may experience with the 4.6.0 release of Quest Password Manager. For each issue, the list includes a unique identifier (TFS number), a brief description of the problem, and a workaround, if any exists, for the problem.

TF00009751
Password Manager does not update the list of MIIS agents when the set of agents is updated in MIIS.

WORKAROUND
Disconnect MIIS and connect it again.

TF00009762
If you install Password Manager to non-default virtual directory, you may encounter the following behavior: when trying to open the Self-Service site, you are redirected to non-existent location.

WORKAROUND
1. Open the following file using Notepad: %ProgramFiles%\Quest Software\Quest Password Manager\web\cmp\3.x\main.asp
2. Replace the following substring:
"/QPM/User/"
with
"/<your_virtual_directory>/User/"
where <your_virtual_directory> is the name of the Password Manager virtual directory.
3. Save the file and close Notepad.

TF00051736
When one or more Managed Domains become unavailable, the Self-Service site takes much longer that expected to perform ordinary password management tasks in available Managed Domains.

WORKAROUND
Disconnect unavailable Managed Domains from Password Manager. You may reconnect them when they become available, all per-domain settings will be preserved.

TF00053948
When installing Password Manager on Windows 2008 or Vista OS, you may encounter a message box with the following error: “Windows installer has stopped working.”

WORKAROUND
Close the message box by clicking the "Close Program" button and continue installation process normally.

TF00055525
When importing policy created by Password Manager version 4.0, you may encounter the “Invalid format” error.

WORKAROUND
1. Open the policy text file in Notepad.
2. Remove any blanks (spaces, linefeeds, and carriage returns) in the end of the document.
3. Save file in the Unicode format.
4. Import the policy.

TF00108962
If you add a domain group into one of the group listed on the “Groups” tab of the Managed Domain property page on the Administration site and then rename the group using standard Active Directory management tools (for instance, the “Active Directory Users and Groups” console), Password Manager may not rename the group on the “Groups” tab of the Administration site.

WORKAROUND
Remove the group from the list on the “Groups” tab and add it again.

TF00109553
When you attempt to implement password management in a domain that was earlier managed by using Password Manager or another password management application, you may encounter the following error: "8004030F (The new password for DOMAIN\__PRM_svc_user001__ does not comply with the password policy.)"

WORKAROUND
Prior to implementing password management in such domain, create a user account in that domain with the user logon name (pre-Windows 2000) set to __PRM_svc_user001__.

TF00109463
With the "Honor Password History" check box selected in security options for a domain, every single change of a password adds two records to password history. As a result, the password history feature does not work as expected. For example, if password history is configured so that a user must use 10 unique passwords before reusing a previous password, Password Manager actually allows a user to reuse a password after a series of only 5 unique passwords.

WORKAROUND
Configure password history to retain information on two times larger number of password changes.

TF00109455
When registering with Password Manager, members of the Domain Admins group may encounter the following error: "Error saving your Questions and Answers profile." The problem is observed because members of protected groups, such as Domain Admins, do not inherit permissions from parent containers. For more information, refer to Microsoft's article "Delegated permissions are not available and inheritance is automatically disabled": http://support.microsoft.com/?id=817433

WORKAROUND

Method 1

Avoid registering members of protected groups with Password Manager.

Method 2

Modify the account that Password Manager uses to access the Managed Domain, so that the account has the following rights:
- Membership in the 'Domain Users' group
- Membership in the 'Group Policy Creator Owners' group
- The Read permission for all attributes of user objects
- The Write permission for the following attributes of user objects: 'pwdLastSet', 'comment', and 'userAccountControl'
- The right to reset user passwords
- The right to create user accounts in the Users container
- The Read permission for all attributes of the 'domainDNS' object
- The Read permission for all attributes of 'organizationalUnit'
- The Write permission for the 'gpLink' attribute of the 'domainDNS' object
- The Write permission for the 'gpLink' attribute of 'organizationalUnit' objects

TF00109461
When configuring your Questions and Answers profile, you may encounter the following problem. If you have selected the "Hide my answers for security purposes" check box, you cannot input double-byte character set (DBCS) characters in the text boxes where you specify your answers.

WORKAROUND
Clear the "Hide my answers for security purposes" check box.

Back to Top

System Requirements

Before installing Quest Password Manager, ensure your system meets the following minimum hardware and software requirements:

Platform 800 MHz or higher Intel Pentium®-compatible CPU
Memory At least 128 MB RAM (256 MB recommended)
Hard Disk Space 80 MB
Operating System Microsoft® Windows Server™ 2003 (32-bit edition) with Service Pack 1 or later
Microsoft® Windows Server™ 2003 (64-bit edition) with Service Pack 1 or later
Microsoft® Windows Server™ 2008 (32-bit edition) with Service Pack 1
Microsoft® Windows Server™ 2008 (64-bit edition) with Service Pack 1
Microsoft® Windows Server™ 2008 R2
Internet Information Server Microsoft® Internet Information Server 6.0
-OR-
Microsoft® Internet Information Server 7.0
-OR-
Microsoft® Internet Information Server 7.5

It is strongly recommended that you use HTTPS with Quest Password Manager. For more information, see Quick Start Guide.
Browser Microsoft® Internet Explorer 6.0 or 7.0
SQL Server

Microsoft® SQL Server™ 2005
-OR-
Microsoft® SQL Server 2008

Report definitions included with Quest Password Manager 4.6 are designed to support functionality of Microsoft SQL Server 2008 Reporting Services, and Microsoft SQL Server 2008 Reporting Services.
Windows Installer Windows Installer 3.1 or later.

Windows Installer 3.1.4000.2435 is included with Quest Password Manager distribution package. You must install Windows Installer on computers running Windows 2000 before installing Quest Password Manager.
Microsoft .NET Framework Microsoft® .NET Framework 3.5.

Microsoft® .NET Framework 3.5 is included with the Quest Password Manager distribution package. You must install .NET Framework 3.5 before you install Quest Password Manager.
Acrobat Reader Acrobat® Reader® 5.0 or later.

Acrobat Reader 7.0 is included with the Quest Password Manager distribution package.

Quest Password Manager works with Windows® 2000, Windows® 2003, and Windows® 2008 domains, including domains operating in a mixed mode.

Ensure that each of the client computers meets the following minimum software requirements:

Browser Microsoft® Internet Explorer 6.0, 7.0, and 8.0
-OR-
Mozilla® Firefox® 1.0, 1.5, 2.0, 3.0
-OR-
Apple® Safari® 3.1
-OR-
Google® Chrome® 3.0

To be able to implement password policies in an Active Directory domain managed by Password Manager, you must deploy the Quest Password Policy Manager component on all domain controllers in the managed domain.

The domain controllers where you plan to install the 32-bit or 64 bit- version of Quest Password Policy Manager component must meet the following requirements:

Operating System Microsoft® Windows® 2000 Service Pack 4
-OR-
Microsoft® Windows Server™ 2003 (32-bit or 64-bit edition)
-OR-
Microsoft® Windows Server™ 2008 (32-bit or 64-bit edition)
-OR-
Microsoft® Windows Server™ 2008 R2
Hard Disk Space 5 MB of free hard disk space

To allow password resets from the Windows logon screen, you must deploy the Quest Secure Password Extension on all target computers in the managed domain. The target computers must meet the following minimum software requirements:

Operating System

Microsoft® Windows® 2000 Server Service Pack 4
-OR-
Microsoft® Windows Server™ 2003
-OR-
Microsoft® Windows Server™ 2008
-OR-
Microsoft® Windows Server™ 2008 R2
-OR-
Microsoft® Windows® 2000 Professional Service Pack 4
-OR-
Microsoft® Windows® XP Professional Service Pack 2 or later
-OR-
Microsoft® Windows® Vista
-OR-
Microsoft® Windows 7™

Browser Microsoft® Internet Explorer 6.0, 7.0, or 8.0

We do not recommend use of any plug-ins for Microsoft Internet Explorer on computers where you plan to deploy Quest Secure Password Extension, since the plug-ins extend Internet Explorer functionality and could pose security threats.

Quest Password Manager supports integration with the following products:

  • Quest Defender 5.2
  • Quest Enterprise Single Sign-on (QESSO) 8.0.2
  • Quest InSync 6.5
  • Quest ActiveRoles Web Interface 6.5.0
  • Quest Quick Connect 4.5
  • Microsoft Identity Integration Server 2003 Service Pack 1
  • Microsoft Identity Lifecycle Manager 2007 Feature Pack 1
  • HP ProtectTools Authentication Services 3.1

Back to Top

Global Operations

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any character set. It supports simultaneous operation with multilingual data. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan.

The release is localized to the following languages: Chinese (Simplified), Chinese (Traditional), Danish, Dutch, French, German, Japanese, Korean, Portuguese (Brazil), Portuguese (Portugal), Russian, and Spanish.

Back to Top

Getting Started

Contents of the Release Package
 

The Quest Password Manager Release Package contains the following products:
  • Quest® Password Manager 4.6.0, 32-bit version
  • Quest® Password Manager 4.6.0, 64-bit version
  • Quest® Password Policy Manager, 32-bit version
  • Quest® Password Policy Manager, 64-bit version
  • Quest® Secure Password Extension, 32-bit version
  • Quest® Secure Password Extension, 64-bit version
  • Product Documentation, including:
    • What's New
    • Quick Start Guide
    • Administrator Guide
    • User Guide
  • Adobe® Acrobat Reader 7.0
  • Windows Installer 3.1 Redistributable (v2)
  • Microsoft .NET Framework Version 3.5 Redistributable Package

Installation Procedure
 

You can use the following steps to get started with Quest Password Manager:

  1. Ensure that the computer, on which you plan to install the solution, meets the system requirements.
  2. To install Quest Password Manager, click Setup in the CD autorun window, and then click Password Manager. For more information on how to install this product, see Quick Start Guide.
  3. To read the product documentation, click Documentation in the CD autorun window, and then click a document name. Adobe Acrobat Reader is required to read the documents. You can install it by clicking Adobe Acrobat Reader in the Redistributables section of the CD autorun window.

Back to Top

For More Information

Contacting Quest Software:

Email info@quest.com
Mail: Quest Software, Inc.
World Headquarters
5 Polaris Way
Aliso Viejo, CA 92656
USA
Web site: http://www.quest.com/

Please refer to our Web site for regional and international office information.

Contacting Quest Support

Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract. Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com

From SupportLink, you can do the following:

  • Quickly find thousands of solutions (Knowledgebase articles/documents).

  • Download patches and upgrades.
  • Seek help from a Support engineer.
  • Log and update your case, and check its status.

View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures. The guide is available at: http://support.quest.com/pdfs/Global Support Guide.pdf

This document contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software, Inc.

© 2009 Quest Software, Inc. ALL RIGHTS RESERVED.

Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix, AppAssure, Benchmark Factory, Big Brother, BusinessInsight, ChangeAuditor, ChangeManager, DeployDirector, DirectoryAnalyzer, DirectoryTroubleshooter, DS Analyzer, DS Expert, ERDisk, Foglight, GPOADmin, Imceda, IntelliProfile, InTrust, Invirtus, iToken, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin, MessageStats, Monosphere, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Quest Central, Quest vToolkit, Quest vWorkSpace, ReportADmin, RestoreADmin, SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon, Tag and Follow, Toad, T.O.A.D., Toad World, vAutomator, vControl, vConverter, vFoglight, vOptimizer Pro, vPackager, vRanger, vRanger Pro, vSpotlight, vStream, vToad, Vintela, Virtual DBA, VizionCore, Vizioncore vAutomation Suite, Vizioncore vBackup, Vizioncore vEssentials, Vizioncore vMigrator, Vizioncore vReplicator, Vizioncore vTraffic, Vizioncore vWorkflow, WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.

If you have any questions regarding your potential use of this material, contact:

Quest Software World Headquarters
LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656

Web:    http://www.quest.com
e-mail:  legal@quest.com

Disclaimer

The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.

Back to Top