SecureDoc V7.1 SR4 Release Notes

すべて表示

Product/Feature Deprecation Pre-Notice

Please note that WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.

Important Note

WinMagic has done extensive work to improve, streamline and augment the security surrounding the initial deployment of Key Files during the process of installing the SecureDoc Client software, bearing in mind that many customers have widely divergent requirements relating to how devices are used during and after initial installation. Some customers install SecureDoc while the primary device user is on or will be on the machine, while others may need to protect new devices before the end-users of those devices have been defined, as well as other scenarios.
Please refer to the When SecureDoc server is upgraded to version 7.1 SR4 from previous versions (6.5 or earlier) and the Device Provisioning Rules sections under the Creating Installation Packages for Windows chapter in the SES User Manual to understand how these new settings work, in order to inform your own use of these new features, particularly as they operate in a way that cannot be easily migrated from the previous methodology to the new methodology. Upon upgrading from an earlier version, you will need to adjust each of your existing Installation Packages to reflect the deployment methodology that will meet your security design.

System Requirements

System requirements and supported devices, including tokens and SmartCards, for SecureDoc v7.1 SR4 are listed here.

Note: It is strongly recommended to initially install Full-Text Indexing feature (Full-Text Search) into the Database Engine, before performing an SES installation. More information can be found here: msdn.microsoft.com/en-us/library/ms143786(v=sql.100).ASPX

During the installation of SES, if Full-Text Indexing has not been installed, a message will appear indicating the absence of the Full-Text Indexing. This message will not allow the user to stop the installation of SES which will require retrofitting Full-Text Indexing into an existing SQL Server.

Note: Use of the SES Console will require the user to have at least local admin rights on the server or client device (e.g. Admin desktop) on which it runs, in order for the console to function properly.

New Features/Improvements

Note: SDOT for FileVault2 is now available for BETA. SecureDoc PreBoot is now supported on FileVault2 devices to support PreBoot network authentication as well as smartcard authentication. For more information, please see the SDOT FV2 beta guide found in this link http://downloads.winmagic.info/SD7.1SR4/Build_136/SDOTFV2_Beta.pdf

  
Reference Description

SD-11577

CAVP Certificates for the ANSI X9.31 and FIPS 186-2 PRNGs support after December 31st 2015


ANSI X3.91 PRNG has been replaced with a FIPS-approved DRNG that conforms to SP800-90A. All Certificates that had been based on the older PRNG must be replaced with new Certificates derived from the new DRNG.

SD-16400

Device’s SES folder can be defined in installation package

 

It is now possible to define, in the installation package, where a device should be stored in SES. The device can be placed in the registration folder, the owner’s folder or a specific other folder.

SD-16438

Windows login message now indicates if login failed because SmartCard/token is absent

 

This avoids user confusion. A new more focused error message will appear in the case that the smart card is removed. This message will read: No Smart Card or Token detected. Please insert a Smart Card or Token and re-try."

SD-18246

64-bit Linux-based Pre-Boot (PBL)  is now available as an alternative Pre-Boot Authentication option (PBA) within the V5 Pre-Boot environment

This was deemed necessary for selected devices where the existing PBL 32-bit is not functional. 

Note that this option should only be used on a very narrow range of devices for which 32-bit Pre-Boot does not work, and should NOT be considered a generic solution that will work on all 64-bit processors.  In all other cases the 32-bit Pre-Boot is the most suitable and recommended Pre-Boot environment.

SD-18314

When automatic encryption is selected, Mac users will no longer be able to cancel RME (removable media encryption)

 

The ability to cancel RME when automatic encryption with countdown is selected has been removed as it was seen as inappropriate in the context of mandated encryption.  If the user wishes to avoid encrypting a USB device during the countdown, he/she should simply remove the device from the USB port.

SD-18495

Add PBU/PBLU boot configuration profile option to permit force-booting directly into Windows

A new profile setting has been added to define the option of forcing direct boot to Windows – this applies to UEFI devices.

This new option can be found in the Advanced Options tab: Boot Configuration screen within the profile settings shows this new option, entitled: UEFI - Force Direct Boot to Windows.

SD-17588

For SecureDoc FileVault, the recovery account is now transparent to OS X upgrades

 

The accounts previously used (“.WinMagicPrimaryUserForFV”, a one-time boot hidden admin account, and “.WinMagicRecoveryUser", the boot recovery admin account) have been replaced with a new “WinMagicProprietyUserForFV" account that is transparent to Mac OS X upgrades. The 44 character randomly-generated password of this user stored in SES can be used after Mac OS X upgrade. Upgrading to this version of SecureDoc will cause the SecureDoc recovery/initial user’s password to be re-generated and re-sent to SES before enabling FileVault2.

SD-17590

SecureDoc automatically updates following Mac OS X update

On startup, SecureDoc detects the OS X version in use and updates SecureDoc appropriately.

SD-18047 

SecureDoc File Vault installation streamlined

 

Instead of requiring the user to choose the appropriate installation package, the installer itself now chooses the appropriate package, making installation easier.

SD-18782

Mac devices with SDOT FileVault2 installed can be identified under the Encryption Type column

The SES Console shows devices with SecureDoc installed that are currently using SDOT, which is the preferred combination of SecureDoc’s powerful and flexible Pre-Boot Authentication on a device whose disk encryption is handled by FilevVault. Information shown includes the typical client information (deployed state, OS version, encryption type, etc.).

SD-18783

SDOT FV2 supports PBN AutoBoot

SES can be used to enable PBN AutoBoot for machines using SDOT, allowing them to bypass pre-boot if they are connected to the network and are permitted to do so based on rules within the SES Server.

SD-18784

SDOT FV2 supports CryptoErase 

SES can be used to send a crypto erase command to machines using that have the combination of the SecureDoc Pre-Boot and BitLocker Disk Encryption (SDOT), allowing them to be crypto-erased once Mac OS X has loaded.

SD-18788

User authentication to SecureDoc Pre-Boot on FileVault2-encrypted devices (SDOT) is now possible with locally-cached credentials

SecureDoc users can authenticate to the SecureDoc Pre-boot (SDOT) on devices that are encrypted using FileVault2, using locally-cached SecureDoc credentials and thereafter boot into OSX with FileVault2 enabled.

SD-18789

PBN Support for SDOT FV2 devices

This is possible when PBConnex rights are set up properly on the server and the profile allows PBConnex, with the "boot into OSX with FileVault2" option enabled.

SD-18799

The WinMagicProprietyUserForFV recovery account now survives OSX upgrades

In previous versions of SecureDoc for FileVault2, the special account(s) used to protect against disabling FileVault2 and for recovery would be removed or disabled during an upgrade of the OS X operating system. 

This version’s solution corrects this, and this new special account will survive an OS X upgrade.

SD-18792

All new installation of SecureDoc for FV2 clients on different OSX can be installed with one script

In order to guarantee successful installation (through the InstallMe script) the underlying PKG files are no longer visible, and therefore cannot be installed directly (e.g. bypassing the InstallMe script).

SD-18797

Upgrades to OSX on machines with FileVault 2/SDOT FileVault 2 installed will automatically upgrade the FileVault version

This applies only when using a version of SecureDoc that has the package for the new OSX version.

SD-18844

7.1SR4 Compatibility offers compatibility with OS X El Capitan version 10.11.6

This release is compatible with OS X El Capitan v10.11.6.

SD-19022

Additional smartcards are now supported for Two-FactorAuthentication to devices protected with the SecureDoc Pre-Boot “on top” of FileVault2 (SDOT FV2)

The following smart cards are now supported:

  •        ·      Gemalto Cyberflex Access 64K v2
  •        ·      Gemalto 128kv2 (DOD CAC)
  •        ·      Gemalto IDPrime.net
  •        ·      Entrust Entrust PIV
  •        ·      Safenet DataKey 330 PDI Smartcard
  •        ·      Oberthur ID-One PIV (Type A) Large D

RSA SID800

SD-19040

Microsoft Windows 10 RedStone RS1 is now supported under SecureDoc 7.1  SR4

This 7.1SR4 release is compatible with the Windows 10 RedStone RS1 version.

Please note: For upgrading SecureDoc-encrypted devices to Windows 10 Redstone please follow a procedure documented in our KB article 1518.

SD-19095

New ability to add new users to SDOT FV2 machines, so those new users can authenticate at Pre-Boot

SES can be used to add users to SDOT FV2 machines so those new users can authenticate at Pre-Boot.

SD-19197

Password for Mac FileVault now supports all allowed characters of OS X.

Previously, only upper case letters were supported. This new version opens this up to permit passwords to contain any characters that OS X can recognize.

SD-19459

PBLUx64 Message at boot screen

 

Profile setting added for forcing direct boot to Windows. The Advanced Options tab (Boot Configuration screen) of profile settings shows this new option: UEFI - Force Direct Boot to Windows.   

SD-19510

New cryptographic engine

SecureDoc now utilizes a FIPS-approved Digital Random Number Generator (DRBG) that is compliant with NIST SP800-90A specification. The new DRBG is delivered on Windows and MacOS X platforms, with the SecureDoc Cryptographic Engine 7.2 re-validated under NIST CMVP.

 

Resolved Issues

  
Reference Description
SD-16288

Wireless connectivity does not work in PBConnex

 

Issue: On Lenovo M93p devices with SecureDoc installed, wireless networks are not detected. The devices are not attempting to obtain an IP address.

This has been resolved

SD-16704

Surface Pro 3 does not connect to wireless via shared access point

 

Issue: This has been reported on Microsoft Surface Pro 3 devices where a SecureDoc installation package is deployed with the Linux pre-boot for UEFI (PBLU) boot loader option.

This has been resolved.

SD-16942

Sc Control command line command fails

Issue: The command appears to work, but does not. This issue has been reported on a Windows 8 machine in a SES 7.1 SR1 environment, where the client was configured with the "hide SecureDoc icon" option enabled.

This issue has been resolved.

SD-17207

Cannot authenticate at pre-boot with eToken Pro 4100 connected to a USB Alcor Micro Cardreader

Issue: The message "No smart card detected in card reader.(0x7751)" appeared when using this combination of token and cardreader.

This issue was reported in SES 6.3, SES 6.5 SR3, SES 7.1 SR1, and SES 6.4 SR3.

This issue has been resolved. This combination of token and card reader now works.

SD-17463

Cannot apply SecureDoc software encryption to OPAL E-drives, even if those drives have never been encrypted

Issue: Drives accidentally activated as OPEN E-drives could not have software encryption applied to them. The issue has been reported on SecureDoc machines in an SES 7.1 HF2 environment.

This issue has been resolved. SecureDoc Software encryption can be used on any plaintext/unlocked drive regardless of whether it is active or not, if "Force SWE on SED..." is enabled in the SD profile.

SD-17981

On configuring OSA on a device with 2 Opal disks, only one disk was unlocked after successful Pre-Boot Authentication under the Linux-based (V5) Pre-Boot environment

Issue: On a computer with OSA installed and two Opal disks, the second disk did not unlock after successful login at PBL. This issue has been reported on Dell Precision M4700 machines with the Ubuntu operating systems on both disks, in an SES 7.1 SR1 and SES 6.5 SR3 HF2 environment.

This issue has been resolved. Both disks are now bootable in a configuration of this type.

SD-18056

Windows does not load following V5 Pre-Boot  on HP 840G1\HP 840G2 devices

 

Issue: After logging on with the Linux-based V5 Pre-Boot (PBL) on these devices, a black screen with a blinking cursor appears and Windows does not load. Depending on whether or not PBConnex is enabled, a “Wireless Network Device Not Found” message may also appear.

This has been resolved.

SD-18075

Integrated card reader on Dell KB813 keyboard not detected at preboot

Issue: This issue was reported in SES 7.1 and SES 6.5 SR3 environments. The integrated card reader could not be read and an error message appeared.

The issue has been resolved and these integrated card readers now work successfully.

SD-18082

, SD-18421

SES Web Console performs slowly

Issue: This issue affected Web Console usage, with occasional "Error 500" errors, long waits to log in, and slow navigation (and even timeout) when navigating around the console interface. It was reported in SES 7.1 SR2a.

The issue has been resolved.

SD-18096

Attempting to login to the V5 Linux-based Pre-Boot (PBL) with a PIV card freezes the device

Issue: This has been reported on a Dell e7470, which cannot proceed with checking the local keyfile.

This issue has been resolved: all PIDS for the new ControlVault2 have been added. eToken 4100 only works with readers supporting LIBCCID. Please find a list of smart card readers supporting LIBCCID: http://pcsclite.alioth.debian.org/ccid/supported.html

SD-18104

Unable to log on to device using eToken 4100 smart card and SafeNet eToken PRO Java smart card

Issue: Error code 0x100 or 0x7730 (No private key in token) appeared when using this combination of smart cards on a Windows 7 machine. It was reported for SES 6.5 SR1, SES 6.5 SR3 HF2. Authenticating with PBConnex produced error code 0x100. Attempting to log in from the smart card produced the error code "No private key in token(0x7730)"

This issue has been resolved. Logging on is now possible with this combination of smart cards.

SD-18280

Activating Autoboot automatically logs on to Windows desktop

Issue: Right-clicking on an Autoboot-enabled device in SES activates Autoboot, then logs the user onto the Windows desktop via SSO. It was reported for SES 7.1 SR2a.

This issue has been resolved. This function now presents the regular Windows login screen.

SD-18281

When the “Force user to input User ID at login” option is used in a profile, the device using that profile fails to auto-boot

Issue: Setting the “Force user to input User ID at login” option in a profile results in the device receiving that profile not being able to auto-boot.

The issue has been resolved. Autoboot now works correctly when this option is enabled.

SD-18351

Encrypted devices are shown as not encrypted in the Web Console.

Issue: Encrypted devices continue to be shown with an encryption status of unknown (white) in the SES console. It was reported in SES 7.1 SR2a with devices having FFE (File and Folder Encryption, since renamed to SecureDoc File Encryption or SFE) active.

The issue has been resolved. The status of devices is now correct in Web Console.

SD-18420

Touch screen does not work following installation of PBL and device encryption

Issue: This was reported on a Dell Venue 11 Pro 7000 Series Tablet running Windows 8, in a SES 7.1 environment.

The issue has been resolved.

SD-18480

Software Encrypted eDrive cannot be unlocked or recovered

Issue: Software-encrypted eDrives were not showing as “encrypted” in SDRecovery (they have a status of “Locked=No”), so could not be unlocked or recovered. This was reported on a Windows 7 OS device in a SecureDoc 7.1 SR1 environment.

SDRecovery did not recognize an Activated eDrive as having SW encryption: since the drive appears to not be locked, it could not be unlocked.

This issue has been resolved: the drives can be managed normally.

SD-18503

Generating an SES Web report for "All" entities causes SDConnex to crash

 

Issue: A report for all users, all devices, all keys, etc. causes an out of memory.

This has been resolved.

SD-18588

Dell Latitude E7470 freezes after user enters logon credentials

Issue: Dell Latitude E7470 machines load the Pre-Boot for native UEFI devices (PBU) successfully, but after authentication, the machine freezes with the message “Error loading operating system”.

This has been resolved. Such devices require that the SUSAM option be set to ON (for Software-Encrypted devices only) or Ymode should be set to 4 (which will work with Software- or Hardware-encrypted devices).

SD-18591

Intermittent network connectivity at preboot while using Lenovo OneLink+ Dock

Issue: This was reported on a Lenovo Yoga 260 attached to OneLink + Dock, running Windows 7, in an SES 7.1 SR2a environment. Network connectivity was only intermittently available following pre-boot, impairing the user’s ability to log in.

The issue has been resolved. Consistent network connectivity at pre-boot is maintained.

SD-18634

SDRecovery 32 Bit does not run in 32 Bit WinPE

Issue: When SDRecovery.exe (32Bit) was run on a WinPE (32Bit) machine. a "Side by Side" error appeared. This was reported in an SES 7.1 SR2a environment.

This issue has been resolved: SDRecovery.exe can be run on a WinPE machine in this environment.

SD-18669

Boot Logon installation failed on Samsung devices

Issue: This issue was reported in a SES 7.1 SR2 HF2 environment on devices running Win7 X64 Enterprise Edition, with both standalone and enterprise packages.

This issue has been resolved. Installation and encryption now occurs as expected.

SD-18682

Lenovo P50 device with dual NVMe SSD cannot boot following encryption

 

Issue: After deploying an SES 7.1 SR2a installation package, encryption succeeds but the device does not boot.

This has been resolved

SD-18801

Local Mac admins cannot add users to FV2 unlock list

Issue: The only user who can unlock FV2 is the internal WinMagicProprietyUserForFV user.

This issue has been resolved.

SD-18871

Computer does not wake up from sleep after SecureDoc Client Installed

Issue: A computer in sleep mode would not wake up after 10 - 15 minutes and had to be powered back up again, losing any unsaved work. This issue was reported for a Lenovo M900 / M93 device in an SES 7.1 SR1, SES 7.1 SR2a environment.

The issue has been resolved: computers with this issue can now be successfully woken up from sleep mode.

SD-19010

User credentials cannot be validated for an encrypted device

Issue: This issue had been reported in an SES 7.1 HF2, SES 7.1 HF1 environment. The client device was encrypted but the applicable AD Users were not imported to the SES database, causing a “Please Contact Support” message when the user attempted to log on.

This issue has been resolved.

SD-19096

Clicking on a node in the Users or Devices tab folder tree of SES Web Console collapses the tree

Issue: This is not the normal behaviour for a folder tree.

This issue has been resolved: clicking on a node no longer collapses the folder tree.

SD-19270

Unable to create machine key file in SES Web

Issue: Creating and saving a machine key file in SES Web Version 7.1 SR2A HF2 was not possible without the Manage Folders permission.

This issue has been resolved: the permission is no longer necessary for this function.

SD-19669

Slow Performance on the SES console (Windows)

Issue: The 7.1 SR4 SES console on Windows operates very slowly when performing administrative tasks such as looking for users and devices.

This has been resolved.

SD-19678

SD-19677

CCID card readers are incorrectly detected in PBL

This has been resolved. Please follow these steps:

1. Install SecureDoc v7.1 SR4

2. Install the latest Broadcom Firmware from Dell’s website:

http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=JP80V&fileId=3559873652&osCode=WT64A&productCode=latitude-e7470-ultrabook&languageCode=en&categoryId=SY

 

SD-19679

It is possible to deploy a 64 bit package to a 32 bit machine, causing Boot Logon to fail on that machine

 

Caution: Care must be taken to not enable the 64 bit pre-boot option (it is disabled by default) for new deployments. In the future a warning message will display when this option is selected.

 

SD-19784

 

Dell XPS machine fails to start successfully following encryption

Issue:  After the machine reboots following successful deployment and encryption, the machine fails to start. This was reported on a Dell XPS machine in UEFI (rather than BIOS) mode, running Windows 10.

This has been resolved.

SD-19860

On Dell Precision 7710 machines, PBU and PBLU cannot load

Issue:  After the machine reboots following successful deployment and encryption, the Pre-Boot for native UEFI (PBU) devices as well as the Linux-based Pre-Boot for UEFI (PBLU) devices logon screen does not appear. (The Recovery screen, however, does appear.)This was reported on a Windows 10 Pro X64 machine, with SecureDoc 7.1.4.102 installed.

This issue has been resolved.

Known Issues / Limitations

Note: For the Known Limitations other than the ones mentioned below, refer to the “Known Limitation” section in the SecureDoc Release Notes v 7.1.and 7.1 SR1

  
Reference Description
SD-17349

Preboot Logon cannot be installed on Lenovo P500 devices with an NVMe (Non-Volatile Memory express) drive

 

Limitation: After package deployment, these devices continue to present the Windows login, bypassing Preboot Logon.

Work-around: NA – At this time, SecureDoc is not able to secure NVMe Drives on the Lenovo P500 device.

SD-17616

Client should not be installed on devices where UEFI is enabled and specific FBO variables are present

Limitation: This applies to devices where the BIOS are set to native UEFI and where the "FilterBootOrder" and "FilterBootOrderSupport" variables are not present or accessible. The SDClient installation will be performed but will render the device unbootable (instead of the installer failing).

Work-around: NA

SD-18119

Error message appears if the Windows drivers necessary for SD installation are missing or out of date

Limitation: If the Windows drivers necessary for SD installation are missing or out of date, the user sees an error message rather than an informative message suggesting their update their drivers.

Work-around: NA

SD-18378

Dell Latitude E7250 and E7450 devices do not boot in UEFI mode for OSA

Limitation: This issue occurs because the internal drive is power-cycled during system reboot.

Work-around: None available.  Until this is resolved in a future version do not install SecureDoc OSA on Dell Latitude E7250 or E745 models.

SD-18420

Touch screen does not work following pre-installation changes

 

Limitation: Following successful deployment of SecureDoc, changing the UEFI Boot Loader value to PBLU (in the SecureDoc Control Center), updating Boot Logon results and then rebooting results in the touch screen not working. This was reported in an environment using SES 7.1 build 457, with a Windows 8 client on a Dell Venue 11 Pro 7000 Series Tablet (7140).

Deploying an installation package (with tablet support auto detect, auto provisioning and auto SM enabled) successfully installs SecureDoc and encrypts the disk, but the touchscreen does not respond at the Linux-based Pre-Boot (PBL). (The touchscreen does work in PBU). This was reported in an environment using SES 7.1 build 457, with a Windows 8 client on a Dell Venue 11 Pro 7000 Series Tablet (7140).

Work-around: NA – Until this is resolved, owners of such devices will need to attach an external keyboard/mouse in order to be able to enter their Pre-Boot Logon credentials.

SD-18960

SecureDoc does not support SafeNet middleware SAC 10

 

Limitation: Currently, SecureDoc supports only SafeNet 8.2 and SafeNet 9.0.

Work-around: Until this can be resolved in a forthcoming service release, please continue to an earlier version of SafeNet.

SD-19326

An obsolete option, DVD Mode, appears in the SD and SES interfaces

 

Limitation: In SES, the profile boot configuration Advanced Options screen includes this option. In the SD Client, it appears in the Advanced Settings screen.

Work-around: NA.

SD-19337

Dell Tablet touchscreen does not work at PBL

 

Limitation: Deploying an installation package (with tablet support auto detect enabled) successfully installs SecureDoc and encrypts the disk, but the touchscreen does not respond at the Linux-based PreBoot (PBL). This was reported in an environment using SES 7.1 SR4 Build 36, on a Dell 5179 series tablet.

Work-around: NA - For such devices, until this is resolved it will be necessary to connect an external keyboard/mouse to enable the user to logon.

SD-19373

The incorrect user ID is shown at SDCP when machine is resumed from sleep

 

Limitation: When a machine where both the default user and a PBN user have logged on to Boot Logon successfully has been resumed from sleep, the SDCP shows the default user, not the PBN user, and the PBN user cannot log on.

Work-around: NA. Close the SecureDoc Control Panel, reboot the device and login again before attempting to log into the SecureDoc Control panel again when Windows resumes.

SD-19669

Performance in SES Windows console sub-optimal

 

Limitation: Some administrators had found the SES Windows console sluggish when trying to perform administrative tasks such as adding or searching for users/devices. This has been reported in an environment running SES 7.1 SR2a.

Work-around: NA                                             

SD-19725

PBLU does not work on devices equipped with LiteOn CV3 Solid State Drives

 

Limitation: PBLU does not work on devices equipped with LiteOn CV3 Solid State Drives (SSDs), including Lenovo Yoga 260 and Dell E7470 devices, preventing access to Windows on such devices. This limitation has been reported in 7.1S R4 environments. A UEFI bootable USB stick cannot be used to avoid this issue, since it also cannot load PBU or accept correct passwords to load Windows.

 

Workaround: Attach the SED to a SATA adapter and use SD Recovery to unlock, and then de-activate, which allows Windows to load.

SD-19747

Login/Logout suspended for SES Web after 850+ sessions

 

Limitation: Automated stress testing reveals that the system performance begins to degrade when many users are using the system concurrently. Ourt test framework simulated 850 login/logout sessions, and found that approximately 2%-4% of these logins would timeout. Simple reloading the login page and logging in again resolves this problem.

Workaround: Multiple SDConnex/SES Web installations behind load balancer would help.

SD-19767

Wireless card not functional from PBL

 

Limitation: Deploying an installation package successfully installs SecureDoc and encrypts the disk, but wireless networks cannot be detected from the Linux-based Pre-Boot (PBL). This was reported in an environment using SES 7.1 SR4 Build 90, on an HP Zbook 17 G2 with an Intel N-7260 wireless card.

Work-around: NA – For such devices, until this is resolved if the user needs to authenticate using the Network (e.g. Network-brokered PBConnex-based authentication) the device will need to be connected to a wired network.

SD-19776

Unable to use card reader at Boot Logon

 

Limitation: The user cannot log in at Boot Logon using the Smart card’s password, instead seeing a card reader error. This was reported in an environment using SES 7.1 SR4 with a smart card built-in reader and using a DataKey 330 smart card.

Work-around: NA – Until this is resolved, the SES Administrator will need to either switch such users to another Smart Card, use an external Card Reader or change the affected users over to authentication using a User ID + Strong Password, temporarily.

SD-19827

Power settings on devices with SED drive are not affected after upgrading SecureDoc to 7.1SR4

 

Limitation: Updating a protected device with a package that defines system behaviour on resumption from sleep and hybrid sleep modes does not cause the device’s power settings to change. This has been reported in an environment using SES_7.1_SR4_build_102, on a variety of client devices.


Work-around: Manually change power settings on the device using the Control Panel or command prompt.

SD-19862

SecureDoc File Encryption (SFE) is not supported on Windows 10 RS1 systems

Limitation: SFE policies are not deployed to windows 10 RS1 as SFE drivers are not compatible with windows 10 RS1.

Work-around: NA   

SD-19879

The PBLU boot code cannot be updated on SED systems during a SecureDoc client upgrade process

 

Limitation: Only PBLU and SED systems are affected.  After a SecureDoc client has been successfully upgraded to 7.1 SR4 107, the PBLU boot code remains at the existing version, i.e. 7.1.2.79.

Work-around: To update the PBLU boot code on SED systems, the SED drive must be unmanaged first, and then re-managed with the new 7.1 SR4 107 version.

SD-19995

PBN user unable to login at Boot Logon for SDOTFV2

 

Limitation: Logging in with PBN user at boot logon with an inserted USB drive is unsuccessful. An error message is displayed at the time.

Work-around: NA 

SD-20037

Unable to login a new user after device upgrade from Windows 10x64 TH2 to Windows 10x64 RS1

 

Limitation: Only applies to devices that upgrade from Windows 10x64 TH2 to Windows 10X64 RS1. Unable to login after adding a new user in SecureDoc Control Center.

Work-around: NA.

 すべて表示 Release Notes

—  フォローする  —