SafeGuard LAN Crypt
Administration 3.80 release notes
Requirements
The below listed platforms have been tested and are officially supported.
Other Service Pack levels might work as well but have not run through a QA
cycle and won´t be analyzed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Windows
XP SP3
|
Yes
|
No
|
|
Windows
Vista (Ultimate / Enterprise / Business) SP2
|
Yes
|
No
|
|
Windows 7
(Ultimate / Enterprise / Professional) SP1
|
Yes
|
Yes
|
|
Windows
Server 2003 R2 SP2
|
Yes
|
No
|
|
Windows
Server 2008 SP2
|
Yes
|
No
|
|
Windows
Server 2008 R2 SP1
|
No
|
Yes
|
Database
Microsoft SQL Server 2005 SP4
Microsoft SQL Server 2008 SP3
Microsoft SQL Server 2008 R2 SP1
Oracle Server 9i
Oracle Server 10g (see section known issues)
Oracle Server 11
Upgrade
For an upgrade-installation you can find additional information in the user
manual or see http://www.sophos.com/support/knowledgebase/article/117139.html.
Note: If you are upgrading from SafeGuard LAN Crypt administration
version 3.61 on a 64-bit operating system, please uninstall version 3.61 before
you install the new version.
Noticeable Changes
- Performance
improvements in several areas
- Added a
wizard for profile creation
- New global
and group permissions for security officers
- Create
Profiles for all Members
- Assign
Certificates to all Members
- Copy
Users
- Searching
for a specific key is added to the encryption rules dialog
- Additional
authorization can be activated for the display of a key value
- Improved
security officer administration
- Automatically
set group permissions
- Show
granted group permissions
- Extended
logging information after permissions have changed
- Improved
certificate creation
- A
friendly name can be specified for newly created certificates.
- Certificates
can now be created without the critical extension 1.3.36.15.1.1.1.
- Shortcuts
to the ODBC administration and Group Policy management are added during
the installation.
- Database
migration
- Database
errors are now corrected during the migration
- Database
migration wizard is started during the first login after migration
- New icons
and bitmaps in the graphical user interface
- No longer
supported functions
- Group
policy Universal
Token Interface no longer exists. Still relevant settings
moved to LAN Crypt
Configuration.
- Event
logging (SGLOG) is no longer available. Database logging within the
SafeGuard LAN Crypt Administration has to be used instead.
- The
scripting API does no longer support remote login of security officers
- New
functions for the next client release
- Client
profiles are stored in xml files
- New
encryption file format can be configured
- Sort
order of the encryption rules can be configured in the administration
Resolved Issues (from 3.61)
- API
function WriteRule now accepts a specific key
- Several
corrections in LDAP synchronization
- Users
deleted in LDAP directory were not deleted
- Groups
moved from one container to another container lost the security officer
permissions
- Parent
group of objects was not updated
- The In Use property of
keys was reset in some situations
- Logging
wizards can now be canceled
- Security
officers created with an administration version 3.50 or below could not be
deleted
- Signature
certificate was not saved during the creation of a new security officer
- Fixed
additional authorization if encryption rules were modified
- Fixed
logging entry for GrantRightsOnGroupToSO and GrantRightsOnSOToSO
- Fixed
some application crashes
- Eliminated
SQL timeout errors
- Scripting
API does no longer show message boxes
Known
Issues
- Network
errors
If the network connection to the SQL server, or to a LDAP source, is
broken during LAN Crypt administration, the LAN Crypt Administration must
be closed and restarted (after the network problem is fixed).
- Simultaneous
administration
If more than one SO is working with the LAN Crypt database at the same
time, problems can occur. We recommend a regular manual refresh in that
case.
- LDAP
import and synchronization
- If
objects are imported from a domain, you must specify the domain name and
not the computer name in the server configuration!
When configuring server logon data in central settings you should either
enter only the domain name as server name or add the domain name as an
alias.
- On the
root level (e.g. domain), only 999 objects are displayed and imported.
- Certificate
store
SafeGuard LAN Crypt only supports certificates in one of the user
certificate stores. It does not support certificates in machine stores.
- Importing
keyfiles from SafeGuard LAN Crypt 2.x
Importing a key file from SafeGuard LAN Crypt 2.x fails, if it includes an
encryption rule which has the flag “/O” specified. This flag means “only
encrypted files are allowed”.
Such rules have to be changed before the key file can be imported.
- Compatibility
with Oracle 10g
SafeGuard LAN Crypt Administration is not compatible with Oracle Client
10.2.0.4 because of an ODBC driver issue. It is not possible to create the
first Master Security Officer or to login with an existing SO.
Please use either Oracle 11 or a previous Oracle 10g installation.
- Installation
If SafeGuard LAN Crypt Administration is installed and on the same machine
SafeGuard LAN Crypt Client version 3.71 or below is installed afterwards,
creation of legacy POL files is no longer possible. A repair installation
of the SafeGuard LAN Crypt Administration must be executed (Windows
control panel) in this case.
If the installation is done in the other order (first client then
administration), no repair is necessary.