SafeGuard LAN Crypt Administration 3.90 release notes
The below listed platforms have been tested and are officially supported.
Other Service Pack levels might work as well but have not run through a QA
cycle and won´t be analyzed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Windows XP SP3
|
Yes
|
No
|
|
Windows 7 (Ultimate / Enterprise / Professional) SP1
|
Yes
|
Yes
|
|
Windows 8
|
Yes
|
Yes
|
|
Windows 8.1
|
Yes
|
Yes
|
|
Windows 10 Build 1703
(Creators Update) Pro/Enterprise
(support added August 2017) *
|
No
|
Yes
|
|
Windows Server 2008 R2 SP1
|
No
|
Yes
|
|
Windows Server 2012
|
No
|
Yes
|
|
Windows Server 2012 R2 (support
added Jan 2017) *
|
No
|
Yes
|
|
Windows Server 2016 (support
added August 2017) *
|
No
|
Yes
|
* A warning dialog is displayed during the
installation on these platforms. To suppress this dialog, a mst file can be
used during the installation (msiexec /i sglcadm.msi TRANSFORMS=sglcadm.mst).
Microsoft SQL Server 2005 SP4
Microsoft SQL Server 2008 SP3
Microsoft SQL Server 2008 R2 SP2
Microsoft SQL Server 2012
Microsoft SQL Server 2012 SP3 (support added Oct
2016)
Microsoft SQL Server 2016 (support added June 2017)
Oracle Server 9i
Oracle Server 10g (see section known issues)
Oracle Server 11
(Note: Oracle Server 12 and later are NOT
supported!)
For an upgrade-installation you can find additional information in the user
manual or see http://www.sophos.com/support/knowledgebase/article/117139.html.
Note: If you are upgrading from SafeGuard LAN Crypt
administration version 3.61 on a 64-bit operating system, please uninstall
version 3.61 before you install the new version.
Make sure you selected the policy file format which is supported by all of
your clients (see administrator help chapter "The Directories tab").
- Windows 8 and Windows Server 2012 are now supported.
- Microsoft SQL Server 2012 is now supported.
- The default policy file format was changed to XML which is
needed for SafeGuard LAN Crypt Clients version 3.90. If older client
versions are also used, the legacy policy file format has to be activated.
- The usage of the Client API can be configured in the
administration.
- Encryption tags can be administered for the usage in the
Client API.
- The clients can be configured to use XTS-AES encryption
instead of AES.
- Security Officers which have the global permission Use
Specific Keys granted, are now able to display all specific keys in Central
Settings, All SafeGuard LAN Crypt keys. The specific keys can be
displayed with Show Specific Keys in the context menu.
The properties of specific keys can be displayed and modified and the keys
can be enabled or disabled.
- It is no longer possible to assign specific keys to a
group.
- Group policy configuration is now also possible with
administrative templates. The template files are located in the config
folder of the product package. Please see http://msdn.microsoft.com/en-us/library/bb530196.aspx
for information how the files have to be installed.
- Import from a Novell directory is no longer supported.
- The number of displayed keys was limited to 65535.
- The group policy setting Strong private key protection
is now delivered correctly to the clients again.
- Network errors
If the network connection to the SQL server, or to a LDAP source, is
broken during LAN Crypt administration, the LAN Crypt Administration must
be closed and restarted (after the network problem is fixed).
- Simultaneous administration
If more than one SO is working with the LAN Crypt database at the same
time, problems can occur. We recommend a regular manual refresh in that
case.
- LDAP import and synchronization
- If objects are imported from a domain, you must specify
the domain name and not the computer name in the server configuration!
When configuring server logon data in central settings you should either
enter only the domain name as server name or add the domain name as an
alias.
- On the root level (e.g. domain), only 999 objects are
displayed and imported.
- Page controls have to be enabled on the LDAP server.
- Certificate store
SafeGuard LAN Crypt only supports certificates in one of the user
certificate stores. It does not support certificates in machine stores.
- Compatibility with Oracle 10g
SafeGuard LAN Crypt Administration is not compatible with Oracle Client
10.2.0.4 because of an ODBC driver issue. It is not possible to create the
first Master Security Officer or to login with an existing SO.
Please use either Oracle 11 or a previous Oracle 10g installation.
- Installation
If SafeGuard LAN Crypt Administration is installed and on the same machine
SafeGuard LAN Crypt Client version 3.71 or below is installed afterwards,
creation of legacy POL files is no longer possible. A repair installation
of the SafeGuard LAN Crypt Administration must be executed (Windows
control panel) in this case.
If the installation is done in the other order (first client then
administration), no repair is necessary.
- Installation on 64 bit operating systems
If the SafeGuard LAN Crypt administration is installed on a 64 bit operating
system, the following has to be considered.
- ODBC administration
The ODBC connection used by SafeGuard LAN Crypt Administration has to be
configured using the 32 bit ODBC Data Source Administrator
(%WINDIR%\SysWOW64\odbcad32.exe or use the shortcut in the start menu).
Remark: The shortcut in the LAN Crypt start menu is not displayed on
Windows Server 2012. Please use the shortcut ODBC Data Sources
(32-bit) available in Administrative Tools instead.
- Group policy plugin
The group policy plugin to administer SafeGuard LAN Crypt is not shown in
the Windows group policy editor. To administer the SafeGuard LAN Crypt
policies, the 32 bit Group Policy Editor has to be used
(%WINDIR%\SysWOW64\gpedit.msc for local policies or
%WINDIR%\SysWOW64\gpme.msc for Active Directory policies or use the
shortcut in the start menu).
As an alternative the administrative templates can be used which are
stored in the config folder of the product package.
- Scripting API
The scripting API is only available for 32 bit applications. If a
VisualBasic-Script is started which uses the SafeGuard LAN Crypt
scripting API, it has to be started from the 32 bit Windows Scripting
Host (%WINDIR%\SysWOW64\cscript.exe or %WINDIR%\SysWOW64\wscript.exe).
- Firewall settings
If the Microsoft SQL Server database is located on another machine, please
ensure that the firewall is configured correctly. Additional information
can be found here: http://msdn.microsoft.com/en-us/library/cc646023.aspx.