Centrify® Server Suite 2015.1 Windows Agent 3.2.3 Release Notes

© 2007-2015 Centrify Corporation.

This software is protected by international copyright laws.

All Rights Reserved.

Table of Contents

1.  About Centrify Windows Agent 2

2. Supported platforms and system requirements 3

3.  Feature Changes 4

3.1 Feature Changes in Windows Agent 3.2.3 4

3.1.1 Centrify Windows Agent – Access 4

3.1.2 Centrify Windows Agent – Audit 4

3.2 Feature Changes in Windows Agent 3.2.2 5

3.2.1 Centrify Windows Agent – Access 5

3.3 Feature Changes in Windows Agent 3.2.1 5

3.4 Feature Changes in Windows Agent 3.2.0 5

3.4.1 Centrify Windows Agent – Audit 5

3.4.2 Centrify Windows Agent – Access 6

4. Bugs Fixed 6

4.1 Bugs Fixed in Windows Agent 3.2.3 6

4.1.1      Centrify Windows Agent – Access 6

4.1.2 Centrify Windows Agent - Audit 7

4.2 Bugs Fixed in Windows Agent 3.2.2 7

4.2.1 Centrify Windows Agent – Access 7

4.2.2 Centrify Windows Agent - Audit 7

4.3 Bugs Fixed in Windows Agent 3.2.1 7

4.4 Bugs Fixed in Windows Agent 3.2.0 8

5. Known Issues 8

5.1 Installation and Uninstall 8

5.2 Centrify Windows Agent - Audit 10

5.3 Centrify Windows Agent - Access 11

5.3.1 Configuration 11

5.3.2 Environment 11

5.3.3 RunAsRole 11

5.3.4 Desktop with Elevated Privileges 12

5.3.5 Roles and Rights 14

5.3.6 Compatibility With 3rd Party Products 15

6. Additional information and support 17

 

1.  About Centrify Windows Agent

The Centrify Windows Agent package contains software to support auditing, access control, and privilege management on Windows computers. The Audit and Access features can be installed together or separately on the Windows computers you want to manage.

For auditing, the Centrify Windows Agent requires the Centrify DirectAudit feature set, which is available in Centrify Server Suite Enterprise Edition. DirectAudit enables detailed auditing of user activity on a wide range of UNIX, Linux and Windows computers. With DirectAudit, you can perform immediate, in-depth troubleshooting by replaying user activity that may have contributed to system failures, spot suspicious activity by monitoring current user sessions, and improve regulatory compliance and accountability by capturing and storing detailed information about the applications used and the commands executed. If you enable auditing, the Centrify Windows Agent records user activity on the Windows computer when it is installed. For a complete list of the platforms supported, see DirectAudit Supported Platforms.

For access control and privilege management, the Centrify Windows Agent requires the Centrify DirectManage and DirectAuthorize feature sets, which are available in Centrify Server Suite Standard Edition. With DirectManage and DirectAuthorize, you can configure and manage role-based access controls for Windows servers. The Centrify Windows Agent extends the access control and privilege management features available for Linux and UNIX computers, so that you can use a single console to manage multiple platforms. You can deploy the Centrify Windows Agent in a Windows-only environment or as part of a mixed environment that includes, Windows, Linux, and UNIX computers. For a complete list of the platforms supported, see Centrify Server Suite Standard Edition in the document in www.centrify.com/platforms.

You can obtain information about previous releases from the Centrify Support Portal, in the Documentation & Application Notes page.

Centrify software is protected by U.S. Patents 7,591,005, 8,024,360, 8,321,523, and 9,015,103 B2.

2. Supported platforms and system requirements

For information about setting up a test environment for the Centrify Windows Agent, see the Centrify Server Suite Evaluation Guide for Windows. The Centrify Server Suite Evaluation Guide for Windows includes common tasks and usage scenarios.

The Centrify Windows Agent supports the following operating systems:

Note:

3.  Feature Changes

3.1 Feature Changes in Windows Agent 3.2.3

3.1.1 Centrify Windows Agent – Access

New group policy template centrify_windows_settings.xml and centrify_windows_settings.adm have been added to Centrify Group Policy Management Editor Extension to support group policy enabling desktop right on Windows 8, Windows 8.1, Windows 2012 and Windows 2012 R2 installed with Centrify Windows Agent - Access. After installing CentrifyDC_GP_Extension.msi, template centrify_windows_settings.xml is installed in %Program Files%\Common Files\Centrify Shared\Group Policy Management Editor Extension\policy, template centrify_windows_settings.adm is installed in %Windir%\Inf.

After adding the new group policy template in Group Policy Management Editor via Add/Remove Templates under Computer Configuration > Policies > Centrify Settings, the new group policy can be found under Centrify Settings > Windows Settings > Enable desktop right on Windows 8, Windows 8.1, Windows 2012 and Windows 2012 R2. To enable the group policy, open Properties, select Enabled and click Apply to save the changes. (Ref: 77697)

3.1.2 Centrify Windows Agent – Audit

3.2 Feature Changes in Windows Agent 3.2.2

3.2.1 Centrify Windows Agent – Access

3.3 Feature Changes in Windows Agent 3.2.1

Note: Due to its reduced feature set in Windows Server Core, certain specific functions are not supported such as “Run as Role…” context menu, Centrify system tray, Centrify shortcut menus and privilege desktop. (Ref: 33467)

3.4 Feature Changes in Windows Agent 3.2.0

3.4.1 Centrify Windows Agent – Audit

3.4.2 Centrify Windows Agent – Access

4. Bugs Fixed

4.1 Bugs Fixed in Windows Agent 3.2.3

4.1.1  Centrify Windows Agent – Access

4.2 Bugs Fixed in Windows Agent 3.2.2

4.2.1 Centrify Windows Agent – Access

4.2.2 Centrify Windows Agent - Audit

4.3 Bugs Fixed in Windows Agent 3.2.1

4.4 Bugs Fixed in Windows Agent 3.2.0

5. Known Issues

5.1 Installation and Uninstall

5.2 Centrify Windows Agent - Audit

5.3 Centrify Windows Agent - Access

5.3.1 Configuration

5.3.2 Environment

5.3.3 RunAsRole

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

Typing ‘y’ or ‘n’ doesn’t do anything because the input cannot be successfully redirected to sc.exe. (Ref: 47016b)

5.3.4 Desktop with Elevated Privileges

            ==================================================================

            Failed to open new desktop. Right xxx references bad user account.

            ==================================================================

The workaround is to restart the computer. (Ref: 35124a)

========================================================================

The system administrator has set policies to prevent this installation.

========================================================================

This issue happens when User Account Control (UAC) is enabled and when "Run with UAC restrictions" is selected when creating the new desktop. (Ref: 33384a)

5.3.5 Roles and Rights

5.3.6 Compatibility With 3rd Party Products

(Ref: 45318a, 45218a, 43779a, 38016a)

6. Additional information and support

In addition to the documentation provided with this package, see the Centrify Knowledge Base for answers to common questions and other information (including any general or platform-specific known limitations), tips, or suggestions. You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone.

To contact Centrify Support or to get help with installing or using this version of Centrify Windows Agent software, send email to Support or call 1-669-444-5200, option 2.

For information about purchasing or evaluating Centrify products, send email to info.