Centrify® Server Suite 2014 Windows Agent 3.2.0 Release Notes

© 2007-2014 Centrify Corporation.

This software is protected by international copyright laws.

All Rights Reserved.

Table of Contents

1.  About Centrify Windows Agent 3.2.0 2

2. Supported platforms and system requirements 3

2.1 Centrify Windows Agent - Access 3

2.2 Centrify Windows Agent - Audit 3

3.  New Features 4

3.1 New Features in Windows Agent 3.2.0 4

3.1.1 Centrify Windows Agent – Audit 4

3.1.2 Centrify Windows Agent – Access 4

3.2 New Features in Windows Agent 3.1.1 5

3.3 New Features in Windows Agent 3.1.0 5

3.3.1 Centrify Windows Agent - Audit 5

3.3.2 Centrify Windows Agent - Access 5

3.4 New Features in Windows Agent 3.0.1 6

4. Bugs Fixed 6

4.1 Bugs Fixed in Windows Agent 3.2.0 6

4.2 Bugs Fixed in Windows Agent 3.1.1 6

4.3 Bugs Fixed in Windows Agent 3.1.0 7

4.3.1 Installation 7

4.3.2 Centrify Windows Agent - Audit 7

4.3.3 Centrify Windows Agent - Access 7

4.4 Bugs Fixed in Windows Agent 3.0.1 7

5. Known Issues 8

5.1 Installation and Uninstall 8

5.2 Centrify Windows Agent - Audit 10

5.3 Centrify Windows Agent - Access 10

5.3.1 Configuration 10

5.3.2 Environment 11

5.3.3 RunAsRole 11

5.3.4 Desktop with Elevated Privileges 12

5.3.5 Roles and Rights 14

5.3.6 Compatibility With 3rd Party Products 14

5.3.7 Miscellaneous 16

6. Additional information and support 16

 

1.  About Centrify Windows Agent 3.2.0

The Centrify Windows Agent package contains software to support auditing, access control, and privilege management on Windows computers. The Audit and Access features can be installed together or separately on the Windows computers you want to manage.

For auditing, the Centrify Windows Agent requires the Centrify DirectAudit feature set, which is available in Centrify Server Suite Enterprise Edition. DirectAudit enables detailed auditing of user activity on a wide range of UNIX, Linux and Windows computers. With DirectAudit, you can perform immediate, in-depth troubleshooting by replaying user activity that may have contributed to system failures, spot suspicious activity by monitoring current user sessions, and improve regulatory compliance and accountability by capturing and storing detailed information about the applications used and the commands executed. If you enable auditing, the Centrify Windows Agent records user activity on the Windows computer when it is installed. For a complete list of the platforms supported, see DirectAudit Supported Platforms.

For access control and privilege management, the Centrify Windows Agent requires the Centrify DirectManage and DirectAuthorize feature sets, which are available in Centrify Server Suite Standard Edition. With DirectManage and DirectAuthorize, you can configure and manage role-based access controls for Windows servers. The Centrify Windows Agent extends the access control and privilege management features available for Linux and UNIX computers, so that you can use a single console to manage multiple platforms. You can deploy the Centrify Windows Agent in a Windows-only environment or as part of a mixed environment that includes, Windows, Linux, and UNIX computers. For a complete list of the platforms supported, see DirectAuthorize UNIX Supported Platforms.

You can obtain information about previous releases from the Centrify Support Portal, in the Documentation & Application Notes page.

Centrify Server Suite is protected by U.S. Patents 7,591,005, 8,024,360, and 8,321,523.

2. Supported platforms and system requirements

For information about setting up a test environment for the Centrify Windows Agent, see the Centrify Server Suite 2014 Evaluation Guide for Windows. The Centrify Server Suite Evaluation Guide for Windows includes common tasks and usage scenarios.

2.1 Centrify Windows Agent - Access

The Centrify Windows Agent – Access feature can be installed on the following operating systems:

2.2 Centrify Windows Agent - Audit

In addition, the Centrify Windows Agent – Audit feature supports the following platforms:

3.  New Features

3.1 New Features in Windows Agent 3.2.0

3.1.1 Centrify Windows Agent – Audit

·         Failed privilege elevation attempts by Run As Role and desktop creation are now recorded as an audit event in DirectAudit database and Windows event log.  (Ref: 39166)

3.1.2 Centrify Windows Agent – Access

3.2 New Features in Windows Agent 3.1.1

3.3 New Features in Windows Agent 3.1.0

3.3.1 Centrify Windows Agent - Audit

3.3.2 Centrify Windows Agent - Access

3.4 New Features in Windows Agent 3.0.1

4. Bugs Fixed

4.1 Bugs Fixed in Windows Agent 3.2.0

4.2 Bugs Fixed in Windows Agent 3.1.1

4.3 Bugs Fixed in Windows Agent 3.1.0

4.3.1 Installation

4.3.2 Centrify Windows Agent - Audit

4.3.3 Centrify Windows Agent - Access

4.4 Bugs Fixed in Windows Agent 3.0.1

5. Known Issues

5.1 Installation and Uninstall

5.2 Centrify Windows Agent - Audit

5.3 Centrify Windows Agent - Access

5.3.1 Configuration

·         Administrator should always leave the zone before joining the computer to a different domain.  Otherwise, DirectAuthorize may not function correctly after the computer is joined to a different domain.  (Ref: 54278)

5.3.2 Environment

5.3.3 RunAsRole

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

Typing ‘y’ or ‘n’ doesn’t do anything because the input cannot be successfully redirected to sc.exe. (Ref: 47016)

·         It is not recommended to change zone via Run As Role since the role that is in use may no longer be available once after leaving from the previous zone during the change zone process. (REF#: 58043)

5.3.4 Desktop with Elevated Privileges

            ==================================================================

            Failed to open new desktop. Right xxx references bad user account.

            ==================================================================

The workaround is to restart the computer. (Ref: 35124)

========================================================================

The system administrator has set policies to prevent this installation.

========================================================================

This issue happens when User Account Control (UAC) is enabled and when "Run with UAC restrictions" is selected when creating the new desktop. (Ref: 33384)

VMWare registers to run VMwareUser.exe on the guest operating system to enable user to copy and paste text between the guest and managed host operating systems. Creating multiple desktops with different user accounts causes multiple VMwareUser.exe are run in different user accounts in the same logon session.  VMwareUSer.exe cannot support this scenario and therefore an error message is displayed on the default desktop which blocks all the UI operation on the new desktop.  To workaround this problem, user can disable the VMWare user program on the guest machine by deleting the registry value name "VMware User Process" from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. (Ref: 49268)

5.3.5 Roles and Rights

5.3.6 Compatibility With 3rd Party Products

===========================================================================

Microsoft Security Client

An error has occurred in the program during initialization. If this program

continues, please contact your system administrator

Error code: 0x80070005

===========================================================================

This issue happens on Windows XP, Windows 2003, and Windows 2003 R2. This error message can be safely ignored. (Ref: 37687)

(Ref: 45318, 45218, 43779, 38016)

6. Additional information and support

In addition to the documentation provided with this package, see the Centrify Knowledge Base for answers to common questions and other information (including any general or platform-specific known limitations), tips, or suggestions. You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone.

To contact Centrify Support or to get help with installing or using this version of Centrify Windows Agent software, send email to Support or call 1-408-542-7500, option 2.

For information about purchasing or evaluating Centrify products, send email to info.