Please note that WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being, but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.
WinMagic has done extensive work to improve, streamline and augment the security surrounding the initial deployment of Key Files during the process of installing the SecureDoc Client software, bearing in mind that many customers have widely divergent requirements relating to how devices are used during and after initial installation. Some customers install SecureDoc while the primary device user is on or will be on the machine, while others may need to protect new devices before the end-users of those devices have been defined, as well as other scenarios.
Please refer to the When SecureDoc server is upgraded to version 7.1 SR4 HF3 from previous versions (6.5 or earlier) and the Device Provisioning Rules sections under the Creating Installation Packages for Windows chapter in the SES User Manual to understand how these new settings work, in order to inform your own use of these new features, particularly as they operate in a way that cannot be easily migrated from the previous methodology to the new methodology. Upon upgrading from an earlier version, you will need to adjust each of your existing Installation Packages to reflect the deployment methodology that will meet your security design.
System requirements and supported devices, including tokens and SmartCards, for SecureDoc v7.1 SR4 HF3 are listed here.
Note: It is strongly recommended to initially install Full-Text Indexing feature (Full-Text Search) into the Database Engine, before performing an SES installation. More information can be found here: msdn.microsoft.com/en-us/library/ms143786(v=sql.100).ASPX
During the installation of SES, if Full-Text Indexing has not been installed, a message will appear indicating the absence of the Full-Text Indexing. This message will not allow the user to stop the installation of SES which will require retrofitting Full-Text Indexing into an existing SQL Server.
Note: Use of the SES Console will require the user to have at least local admin rights on the server or client device (e.g. Admin desktop) on which it runs, in order for the console to function properly.
Note: SDOT for FileVault2 is now available for BETA. SecureDoc PreBoot is now supported on FileVault2 devices to support PreBoot network authentication as well as smartcard authentication.
Note: 7.1SR4HF3 can now support macOS Sierra 10.12 and 10.12.1 For more information, please see the SDOT FV2 beta guide found in this link http://downloads.winmagic.info/SD7.1SR4/HF3/SDOTFV2_Beta_v71sr4hf3..pdf
SecureDoc Client now supports policy driven encryption for BitLocker devices
User interfaces that allow a Windows Admin to decrypt BitLocker drives are now restricted. Decryption is only allowed thru the SecureDoc Control Center. If a drive is decrypted via other means, the drive will automatically be encrypted upon the next reboot.
Custom Boot Text is Not updated after SecureDoc v7.1 SR2a Installation
Issues: This issue occurred when SecureDoc v 7.1 SR2a package with Custom boot options was installed on the client devices. In such a scenario, the custom boot text (Header/User/Password fields) was not updated.
This issue has now been resolved. Upon SecureDoc installation, the Custom Boot text will be successfully applied
Unable to open SES Management Console with FIPS compliant algorithms enabled
Issue: When FIPS compliant algorithms for encryption, hashing, and signing is enabled. SES Management console unable to start up.
This issue has been resolved. SecureDoc client communicates with the server and the SecureDoc icon is available on the System Tray.
SES displaying incorrect encryption mode status for decrypted SecureDoc BitLocker Management client (SDBM)
Issue: The issue occurs on SES Web, incorrectly displaying the encryption status after successfully decrypting the drive. The symbol displayed in the Encryption Management is green and white stripes.
This issue has been resolved: Encryption Management correctly displays the status symbol (white color), indicating the device is not encrypted.
Note: For the Known Limitations other than the ones mentioned below, refer to the “Known Limitation” section in the SecureDoc Release Notes v 7.1.and 7.1 SR1
Note: We do not support upgrading SecureDoc client patch to 7.1SR4 HF3 if you are using v7.1SR4xx version and up.
To use SecureDoc FV2 to manage machines with Fusion drives running on macOS Sierra, please enable FileVault2 first, then install SecureDoc for FV to take over management.
Limitation: Upgrading unsuccessful from OSX to 10.12 BETA (16A201w). OS X could not be installed. Please note this only affects version before 7.1SR4.
Mac devices with fusion drives running macOS 10.12 and 10.12.1 are not supported on net new installs. Only take over management is supported
Expected Behavior: After deploying MacFileVault2 on a machine with Fusion Drive the conversion progress bar remains at 0%. Unable to proceed with encryption for the client machine.
Note: When SecureDoc for FV2 is deployed on a machine with Fusion Drive to enable FileVault2, the conversion progress bar remains at 0%; unable to proceed with encr
Upgrading from v7.1SR4xx to 7.1SR4 HF3 does not update SecureDoc client patch on Windows 10-RS1 systems
Limitation: Unable to apply SecureDoc Client patches only on Windows 10-RS1 systems.
Win8 UEFI upgrade fails from v6.5SR3 to 7.1SR4 HF3, blue screen with the message to “You must restart system for the configuration changes made to SecureDoc to take effect. Click Yes to restart now or No if you plan to restart later” occurs
Work-around: After deploying the package on the client machine to upgrade to v7.1SR4 HF3. Please follow these steps to bypass the BLUE SCREEN.