SecureDoc v6.2 Release Notes

すべて表示

New Features

Support for devices using Drive Encryption for HP Client Security [SD-4314, SD-3849, SD-3850, SD-3677, SD-3909, SD-1744, SD-3831]

Devices using HP's Drive Encryption can be controlled through SES, through an upgrade process that uses a new license specific to such devices. SecureDoc Boot Logon supports Drive Encryption keyfiles and logic.

GUI Localization [SD-406, SD-884]

Multiple languages are available for the user interface, including the removable media container application. Languages can be specified in the installation package or by the end user. The selected language takes priority over the language of the operating system.

Role-Based Access Control in SES for Web [SD-2539]

Rather than assigning rights (privileges) individually to users, roles made up of a set of rights can be defined and then assigned to users. This allows for easier administration of user rights. Note that rights granted through role-based access control apply only to SES for Web: they do not affect user rights on client devices (which are governed by policies).

Sorting and Filtering in SES for Web [SD-2538]

Data (such as lists of users or devices) in SES for Web can be sorted by clicking on a column heading. Data can also be filtered based on criteria such as "UserID beginning with 4" or "First name containing ja", with the option to combine criteria for more detailed filtering. This feature makes it easier to find specific records in the database, or to work with specific sets of data.

Remote Control of Mac FileVault 2 Devices [SD-2877]

Commands can be used to add/remove users on a Mac FileVault 2 device, to manage the members of the Unlock List, change a user's password, restart the device, update a user's profile or keyfile, or wipe the device. These commands can be sent from the regular SES console or the SES for Web console.

Media Encryption and Recovery Media Available for Mac FileVault 2 Devices [SD-3419, SD-697, SD-4117]

Mac FV2 devices under SES control can be enabled (through the profile) to encrypt removable media, using either full disk or container encryption. Recovery media can be produced for these devices through SES.

Ability to Download Installation Packages through SES for Web [SD-4008]

SES for Web shows a list of existing installation packages, which can be selected, prepared for download, and then downloaded for transmission to a client device.

 

Bug Fixes and Improvements

Reference

Description
SD-3582
SD-1379
SD-1726

File and folder encryption has been redesigned.

Server-side FFE policies can be created for both network folders and, using environment variables, local paths on managed devices.

Users with a new privilege (Config FFE) can see both server-created and client-created FFE policies, as well as create client-side policies.

FFE status will be directed to the appropriate log file: the SES log file for server-created policies, or the local log file for client-created policies.

SD-4140

SD-3582

SD-1379

SD-1726

PBConnex AutoBoot behavior has been enhanced.

Instead of sending a temporary keyfile to each PBConnex machine to use for AutoBoot, the keyfile can be cached and used for subsequent authentication requests. Users will be prompted to enter a password.

This feature is implemented for Windows machines only. The cache can be set to expire after a configurable number of days.

SD-2915

The encryption status of secondary physical devices is shown in the SES console and reports.

This information appears in the device record in the SES console and also in the new Drives by Device report.

SD-3552

A user's self-help password recovery questions/answers appear in SES for Web.

As in the regular SES console, this information appears during challenge-response password recovery, to help the administrator verify the user's identity.

SD-3430

Password changes are sent to FileVault 2 devices.

When a Mac FileVault 2 user's password is changed in SES, and the "password propagation" global option is enabled, the changed password is automatically sent to the device.

SD-2537

Drag-and-drop has been added to SES for Web.

Developing the group/folder hierarchy is easier with this addition.

SD-3636
SD-3635

The Boot Logon GUI has been improved.

These changes present a more polished look, with easier access to common features such as password recovery and wireless connections.

SD-4397

Fixed: OS crashes when reboot while Outlook is running and a PST file is in folder protected using FFE.

This issue is now fixed.

SD-4618

Fixed: Windows 8 machines hang after count-down time for "Press any key to cancel Auto_Boot" expires during Boot Logon.

This prompt has been removed, so the problem does not occur.

 

Documentation improvements have been made.

The instructions for ADSync have been updated in the SES documentation. The documentation concerning SES for Web (setup and usage) has been improved.

SD-3152

The Windows profile has been expanded to include parameters for wireless communication.

This makes wireless configuration easier.

SD-207

Fixed: Support PBConnex on UEFI preboot.

PBConnex now supports UEFI at preboot.

SD-4319

SD-2444

Support for Intel AT 5.0 devices has been added.

Common functions (enroll/de-enroll, mark as stolen, recovery through challenge/response and BIOS) are supported.

SD-3169

Improved PBConnex and local keyfile interaction.

Under some circumstances, even when using AutoBoot, a user may see the SecureDoc prompt. Although this is not harmful, it is confusing for the user and can lead to errors. This issue has been resolved.

SD-1441
SD-1736

Recovery Media Utility has been added.

To resolve issues related to differences between in emergency disk (recovery media) creation on the SD Client and emergency disk creation through SES, a new common utility has been added.

SD-2734

Fixed: Error when click Apply in SDConnex.

This has been resolved.

SD-4028

Fixed: Self help prompt inadequate.

The user is now prompted to answer self-help questions even if AutoBoot is enabled.

SD-3707 Passwords for removable media container encryption now must conform to password rules.
SD-3270

Contents of Audit Logs and FFE Logs are automatically sent to the Windows Event Log.

SD-2338
SD-1798
SD-3282
SD-4545

Support for 802.1x communication has been added.

SD-2783

SD-4644

SD-4669

Additional Mac OS supported.

SecureDoc for Mac supports OS X 10.8.3 and 10.8.4.

SD-3832
SD-4765

Improvements to visibility of data in SES for Web.

Previously, users had to have the "manage folders" access right for a folder in order to search users in those folders. This restriction has been removed: only the "read user" right is needed to read/search folders.

Granting the "manage folders" access right also gave an administrator access to view the root folder. You can now specify (by clearing its checkbox) any folder to which you do not want to grant access (such as the root folder or the recycle folder).

SD-3211

Fixed: Only 20 administrator names can be displayed in SES for Web.

Previously, even if more than 20 administrators existed, only 20 could be viewed (clicking on a different page number did not change the display).

SD-3669 Fixed: When sent to Windows 8, key files configured to convert to token protection do not get converted.
SD-4684 Fixed: When device name changes, new name not reflected in SES console.
SD-4744

Fixed: The Lenovo USB network adaptor does not work at preboot, when using the default drivers.

The Lenovo network 10/100 ASIX-based USB adapter is now supported.

SD-3387

Fixed: User passwords are changed by the Update Password command, even when options for automatic update of key file and password propagation are disabled.

This appears to have been the result of the wrong version of a file being included in the installation package.

SD-1189 Addition of Boot Config parameters to those sent to Boot Logon.
SD-3744

An option can be used to automatically remove the contents of the Recycle Bin when the console is closed.

This option appears on the Other tab of the global SES options. It should be used with caution.

SD-3433 Fixed: Use of SUSAM option (introduced in 6.1 SR1) caused issues with Boot Logon.
SD-3914

Fixed: Unable to safely remove encrypted USB drive from Windows 7 devices.

The SDservice was causing Windows to not be able to safely close the drive for removal.

SD-2100

Fixed: After a token was removed and then re-inserted, a message indicated that the smart card slot was not found.

This was occurring for specific token types and has been resolved.

SD-4815

Fixed: A lengthy path to a folder being encrypted causes a "winpin Application has stopped working error", without the folder being encrypted.

The issue was solved by converting the path to a smaller format.

SD-5064

Crypto-erase key sequences do not work on Mac client.

Such devices could still be crypto-erased from the SES or SES for Web console. This has been resolved but applies to SecureDoc Mac only: FileVault 2 users cannot perform crypto-erase on the client device.

SD-3747 When keyfile is converted from password to token-protection, the event is now logged.
SD-4813

A user without a password was unable to be added to the Unlock List (Mac FileVault 2).

Since this is desired behavior, the issue has been addressed by prompting the administrator to enter a password under this situation.

SD-3870 Fixed: The message that appears when the user is decrypting a file or folder and will overwrite the current file/folder has a typographical error.
SD-4862 Fixed: In Single Sign-on implementations, the user does not receive an error message if they enter an incorrect password at login.
SD-4967 Intel AT packages on Windows 8 are not supported for UEFI.
SD-4750

Fixed: An inaccurate message is displayed when a user attempts to rename an encrypted root folder.

A more informative message now appears.

SD-4512

Fixed: The crypto-erase countdown appears on unencrypted devices when the key sequence is pressed.

This caused user confusion, since such devices cannot be crypto-erased.

SD-4987 Fixed: Recovery media cannot be created for a machine with 5.3 SR4.
SD-4980 Fixed: PBConnex does not work after recovery media has been successfully applied.
SD-1424 Fixed: Single Sign On does not work in Windows 8.
SD-4675

Fixed: Users cannot use Credential Provider settings on a Windows 8 machine.

SD-1764 Fixed: Incorrect password attempts are not reported in a UEFI environment.
SD-12125 Fixed: ADM configuration settings not being reflected in Control Center.

 

Known Issues

Reference

Description
SD-5072

After migration from HPPT, the new key file doesn't have self-help questions.

This results from the upgrade from HPPT providing only password authentication: fingerprint and smartcard are not supported. A future release will apply self-help to be implemented post-installation.

SD-5069

Extraneous characters appear on Export Report screen.

These do not affect readability.

SD-3834

Creating a container on a FAT or exFAT USB drive from a Windows XP machine can be very slow.

This is due to a limitation with Windows FAT and exFAT.

SD-4716 Windows automated Sleep and PNP results in system failure (BSOD).
SD-4726

SecureDoc does not work on Android devices.

A test of a Motorola Android tablet reports the error message "The application SecureDoc (process com.winmagic.securedoc) has stopped unexpectedly. Please try again." SecureDoc cannot be successfully started.

SD-4715

Administrative user added in SES console could not log in to SES for Web.

An "Internal Error 500 - unauthorized access" appears.

SD-4767

SDConnex cannot be started after migration of SES from V5.2b78 to V6.2b147 on Win2K3.

Automatic upgrade is not supported for these versions. A reinstall, or manual upgrade, will be required (through WinMagic technical support).

 

Known Limitations

Reference

Description
SD-5085

Crypto-Erase key sequence doesn’t work in PBU.

In the SecureDoc Control Center, users may define a key sequence that executes crypto-erase at preboot. Currently this works only in Boot Logon.

 すべて表示 Release Notes