BitMana V8.3 Release Notes

View All

Important Note

BitMana is a lightweight solution that provides basic BitLocker management needs in a package that’s simple in deployment, cost-effective, and non-disruptive to business operations.  This Release is specific only to the solution and NOT part of the standard SecureDoc Enterprise Release Versions.  

Feature Deprecation
On July 6, 2018 WinMagic customers and partners were notified that the SecureDoc pre-boot authentication feature for macOS – known as SecureDoc On Top (SDOT) for FileVault 2 – would be deprecated in SecureDoc 8.2 SR1. As of this release, customers will no longer see this feature available for macOS configuration settings.

Please visit Knowledge Base Article 1760 for more information.

Before Upgrading
Prior to upgrading from v8.2SR1 to v8.2SR2 or later versions, please refer to KB article KB000001727 to follow the steps to ensure your client machine has Win7 with KB3033929. For more information on this limitation please see previous release note v8.2SR1

SecureDoc Support
WinMagic strongly recommends that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and new features.

Please visit Knowledge Base Article 1397 for more information on End of Life and End of Support timelines for SecureDoc software releases.

Customers running SecureDoc 6.5 and earlier should upgrade their server and clients to an actively supported software version. For more information on upgrading from SecureDoc 6.5 and earlier, please visit

About This Release

This document contains important information about the current release. We strongly recommend that you read the entire document.

Recommended – WinMagic recommends this service release for all environments. Apply this update at your earliest convenience.

Previous Versions


8.3 SR1

Release Date
February 5th 2019
May 15th 2019

New Features, Improvements and fixes (server/client)
New Features, Improvements and fixes (server/client)

Download the latest release notes for each version listed within Knowledge Base Article 1756.

System Requirements
For server and client system requirements:
For supported devices, drives, smartcards and tokens:

Note:  It is strongly recommended to initially install Full-Text Indexing feature (Full-Text Search) into the Database Engine, before performing an SES installation.

More information is available here:

During the installation of SES, if Full-Text Indexing has not been installed, a message will appear indicating the absence of the Full-Text Indexing. This message will not allow the user to stop the installation of SES which will require retrofitting Full-Text Indexing into an existing SQL Server.

Note:  Use of the SES Console will require the user to have at least local admin rights on the server or client device (e.g. Admin desktop) on which it runs, in order for the console to function properly

Client OS Support
This section shows supported operating systems and upgrade paths for SecureDoc Endpoint Clients.

Microsoft Windows





10 RS5 [1809]
10 RS4 [1803]
10 RS3 [1709]
10 RS2 [1703]
10 RS1 [1607]

10 T2 [1511]
10 T1 [1507]

Enterprise Pro


8.1 SR1 HF2+
SD 7.5 SR1 HF8 / SD 8.2 HF1+
SD 7.5 SR1+
SD 7.1 SR6+
SD 7.1 SR4+

SD 7.1+


Enterprise Pro


All versions


Enterprise Pro


All versions

Apple macOS








MAC 8.3+

High Sierra



SD 8.2 DMG




SD 7.1 SR6+

El Capitan 10.11.X   SD 7.1 SR2+

The KnownConfigs.XML File

Customers are strongly advised to download the most current KnownConfigs.XML file, then replace the current version (if older) in the SES Application folders and
Installation Packages.

WinMagic strongly recommends that you seek out the most up-to-date version of the KnownConfigs.XML file and incorporate it into your SES implementation on a regular basis (e.g. monthly). This will help ensure your SES Version will take advantage of new client installation override settings that have been added since the version of the KnownConfigs.XML file that came with your version of SES. This will improve installation success on any new device makes/models you might purchase since installing SES, utilizing the new special settings available in newer versions of this file.  Customers are advised to look to the SecureDoc Knowledge Base for a link to the available
KnownConfigs.XML files, then check that document (e.g. on a monthly basis) for updates to this file, then use the new version to replace all versions of the KnownConfigs.XML file in their SES Implementation folder structure.
For example:

1. Position Windows Explorer to: c:\Program Files(x8)\WinMagic\SDDB-NT, then
2. Search for files like *.xml.
3. Sort the resulting search list by name
4. In each directory where a KnownConfigs.XML file is found, replace it with the new
one that you have downloaded from the WinMagic Knowledge Base article.
Additional information can be found here: Installing or updating the KnownConfigs.xml file (Applies to SES from Version 7.5 onward).

The latest versions of the KnownConfigs.XML files can be found at the following links:

The contents of the KnownConfigs.XML file are reserved to be developed and advanced by WinMagic solely. While customers might consider enhancing it, WinMagic cannot be held responsible for issues that might arise from such modifications and may (at its sole discretion) levy an additional support charge to any customers that encounter support issues resulting from non-sanctioned, customer-initiated changes to the KnownConfigs.XML file.  WinMagic welcomes customer ideas and suggestions on how KnownConfigs.XML can be extended and improved, but WinMagic reserves the sole right to test, approve and to publish any changes to KnownConfigs.XML that it deems to be in the broader customer interest, and makes no commitment to act upon or publish all, or indeed any customer-recommended changes.


What’s New

New Features

Please refer to the previous Release notes for new features in this version:


SD-32139 WinMagic has released a new BitLocker-focused simplified SES product called SDBM

SDBM offers dramatically simplified BitLocker-only support, with simplified Device Profile and Installation Package configurations that will help customers yield improved deployment success rates.
This product will not utilize SecureDoc's Pre-Boot Authentication for endpoint devices, and supports (in this version) only BitLocker protection for Windows Devices.

SDBM removes Boot Code and Pre-Boot kernel complexities from SecureDoc in order to provide customers with a consistently successful deployment experience, while still providing the additional value offered by BitLocker TPM-Only and TPM-PIN.

The following are the additional benefits for providing this new SDBM client to our customers:
- SDBM will offer a “guaranteed deployment” experience, with little-to-no disruptions.
- SDBM Protects against dedicated adversary attacks - when using TPM-PIN
- It provides the additional value of SES, including reporting, remote management and most other standard SES features, but for this initial version SDBM does not support Removable Media encryption or non-Windows client support.
- The SDBM-managed client does include BitLocker Tamper Protection Policies.


SD-32277 SecureDoc SDBM cannot be installed successfully on an endpoint device whose USB interface has been disabled in the device BIOS

Issue: If the USB interface has been disabled in the BIOS of a device on which SecureDoc SDBM is to be installed (and on which the defined method of recovery is the use of a Startup Key which will need to write to a USB memory device), the SDBM installer will not correctly identify that USB devices are not available at a hardware level, and will fail to complete the installation. NOTE: BitLocker will be installed, and the BitLocker Preparation step will complete successfully, but a message will appear requesting a Startup Key Configuration which cannot be resolved because USB is BIOS-disabled.

Solution: Ensure that any devices on which SecureDoc SDBM is to be installed and which will utilize Startup Key as the device authentication/recovery method have USB device access enabled in the BIOS before attempting to install SecureDoc SDBM.

SD-32338 SDBM to install Bitlocker using TPM+PIN on Windows 7 devices fails to enable BitLocker

Using SDBM to install Bitlocker using TPM+PIN on Windows 7 devices will fail to enable BitLocker if Group Policy setting " Use FIPS compliant algorithms for encryption, hashing, and signing." has been enabled on device. An error message will appear that states: "An unidentified error has occurred. Error code: 0x9966"

Issue: If installing SDBM to enable BitLocker on a Windows 7 device on which the Group Policy setting entitled " Use FIPS compliant algorithms for encryption, hashing, and signing." has been enabled, the installation will fail. This appears to occur ONLY when TPM+PIN has been configured in SDBM as the BitLocker Protection Method.

Solution: For Windows 7 devices on which SDBM is to be installed and which will use TPM+PIN, please ensure that the Group Policy setting “Use FIPS compliant algorithms for encryption, hashing, and signing." has been disabled before attempting installation.

How to Install/Upgrade

Customers with an active support plan should contact to receive the latest download link for their SecureDoc upgrade. 

Contacting WinMagic

5600A Cancross Court
Mississauga, Ontario, L5R 3E9
Toll free: 1-888-879-5879
Phone: (905) 502-7000
Fax: (905) 502-7001
Human Resources:
Technical Support:
For information:
For billing inquiries:


This product includes cryptographic software written by Antoon Bosselaers, Hans Dobbertin, Bart Preneel, Eric Young ( and Joan Daemen and Vincent Rijmen, creators of the Rijndael AES algorithm.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (

WinMagic would like to thank these developers for their software contributions.
©Copyright 1997 - 2019 by WinMagic Corp. All rights reserved.
Printed in Canada Many products, software and technologies are subject to export control for both Canada and the United States of America. WinMagic advises all customers that they are responsible for familiarizing themselves with these regulations. Exports and re-exports of WinMagic Inc. products are subject to Canadian and US export controls administered by the Canadian Border Services Agency (CBSA) and the Commerce Department’s Bureau of Industry and Security (BIS). For more information, visit WinMagic’s web site or the web site of the appropriate agency.
WinMagic, SecureDoc, SecureDoc Enterprise Server, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac, MySecureDoc, MySecureDoc Personal Edition Plus, MySecureDoc Media, PBConnex, SecureDoc Central Database, and SecureDoc Cloud Lite are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2019 WinMagic Corp. All rights reserved.
Ó Copyright 2019 WinMagic Corp.  All rights reserved. This document is for informational purpose only. WinMagic Inc. makes NO WARRANTIES, expressed or implied, in this document. All specification stated herein are subject to change without notice.

 View All Release Notes