SafeGuard LAN Crypt
Administration 3.90 release notes
The below listed platforms have been tested and are officially supported.
Other Service Pack levels might work as well but have not run through a QA
cycle and won´t be analyzed in case of occurring issues.
(Ultimate / Enterprise / Professional) SP1
Server 2008 R2 SP1
Microsoft SQL Server 2005 SP4
Microsoft SQL Server 2008 SP3
Microsoft SQL Server 2008 R2 SP2
Microsoft SQL Server 2012
Microsoft SQL Server 2012 SP3 (support added Oct 2016)
Oracle Server 9i
Oracle Server 10g (see section known issues)
Oracle Server 11
For an upgrade-installation you can find additional information in the user
manual or see http://www.sophos.com/support/knowledgebase/article/117139.html.
Note: If you are upgrading from SafeGuard LAN Crypt administration
version 3.61 on a 64-bit operating system, please uninstall version 3.61 before
you install the new version.
Make sure you selected the policy file format which is supported by all of your
clients (see administrator help chapter "The Directories tab").
- Windows 8
and Windows Server 2012 are now supported.
SQL Server 2012 is now supported.
default policy file format was changed to XML which is needed for SafeGuard
LAN Crypt Clients version 3.90. If older client versions are also used,
the legacy policy file format has to be activated.
- The usage
of the Client API can be configured in the administration.
tags can be administered for the usage in the Client API.
clients can be configured to use XTS-AES encryption instead of AES.
Officers which have the global permission Use Specific Keys granted, are now
able to display all specific keys in Central
Settings, All SafeGuard LAN Crypt keys. The specific keys can
be displayed with Show
Specific Keys in the context menu.
The properties of specific keys can be displayed and modified and the keys
can be enabled or disabled.
- It is no
longer possible to assign specific keys to a group.
policy configuration is now also possible with administrative templates.
The template files are located in the config folder of the product
package. Please see http://msdn.microsoft.com/en-us/library/bb530196.aspx
for information how the files have to be installed.
from a Novell directory is no longer supported.
Resolved Issues (from 3.80)
number of displayed keys was limited to 65535.
- The group
policy setting Strong
private key protection is now delivered correctly to the
If the network connection to the SQL server, or to a LDAP source, is
broken during LAN Crypt administration, the LAN Crypt Administration must
be closed and restarted (after the network problem is fixed).
If more than one SO is working with the LAN Crypt database at the same
time, problems can occur. We recommend a regular manual refresh in that
import and synchronization
objects are imported from a domain, you must specify the domain name and
not the computer name in the server configuration!
When configuring server logon data in central settings you should either
enter only the domain name as server name or add the domain name as an
- On the
root level (e.g. domain), only 999 objects are displayed and imported.
controls have to be enabled on the LDAP server.
SafeGuard LAN Crypt only supports certificates in one of the user
certificate stores. It does not support certificates in machine stores.
with Oracle 10g
SafeGuard LAN Crypt Administration is not compatible with Oracle Client
10.2.0.4 because of an ODBC driver issue. It is not possible to create the
first Master Security Officer or to login with an existing SO.
Please use either Oracle 11 or a previous Oracle 10g installation.
If SafeGuard LAN Crypt Administration is installed and on the same machine
SafeGuard LAN Crypt Client version 3.71 or below is installed afterwards,
creation of legacy POL files is no longer possible. A repair installation
of the SafeGuard LAN Crypt Administration must be executed (Windows
control panel) in this case.
If the installation is done in the other order (first client then
administration), no repair is necessary.
on 64 bit operating systems
If the SafeGuard LAN Crypt administration is installed on a 64 bit
operating system, the following has to be considered.
- ODBC administration
The ODBC connection used by SafeGuard LAN Crypt Administration has to be
configured using the 32 bit ODBC Data Source Administrator
(%WINDIR%\SysWOW64\odbcad32.exe or use the shortcut in the start menu).
Remark: The shortcut in the LAN Crypt start menu is not displayed on
Windows Server 2012. Please use the shortcut ODBC Data Sources (32-bit) available
The group policy plugin to administer SafeGuard LAN Crypt is not shown in
the Windows group policy editor. To administer the SafeGuard LAN Crypt
policies, the 32 bit Group Policy Editor has to be used
(%WINDIR%\SysWOW64\gpedit.msc for local policies or
%WINDIR%\SysWOW64\gpme.msc for Active Directory policies or use the
shortcut in the start menu).
As an alternative the administrative templates can be used which are
stored in the config folder of the product package.
The scripting API is only available for 32 bit applications. If a
VisualBasic-Script is started which uses the SafeGuard LAN Crypt
scripting API, it has to be started from the 32 bit Windows Scripting
Host (%WINDIR%\SysWOW64\cscript.exe or %WINDIR%\SysWOW64\wscript.exe).
If the Microsoft SQL Server database is located on another machine, please
ensure that the firewall is configured correctly. Additional information
can be found here: http://msdn.microsoft.com/en-us/library/cc646023.aspx.