Quest® Password Manager
version 4.1.1

Release Notes

January 28, 2008

Contents

Welcome to Quest Password Manager
What's New
Resolved Issues and Enhancements
Known Issues
System Requirements
Global Operations
Getting Started
For More Information

Welcome to Quest Password Manager

Quest Password Manager provides users and help desk support with the ability to easily and securely manage their passwords, thus eliminating the need for assistance from high-level administrators and reducing help desk workload.

Back to Top

What's New

Quest Password Manager version 4.1.1 has no new features compared to version 4.1.0. The following new features have been included into Quest Password Manager version 4.1.0:

  • Support for the Windows Vista logon architecture - You can access the self-service functionality of Password Manager from the Windows Vista logon screen. The client-side component of Password Manager, that provides anonymous access to the Self-service site, has been redesigned to support the logon authentication model in Windows Vista.
  • The Quest Password Manager GINA Extension component renamed - Quest Secure Password Extension is the new name of the client-side Password Manager component formerly known as Quest Password Manager GINA Extension. The Secure Password Extension allows you to configure anonymous access to the Self-service site from the logon screen in pre-Windows Vista and Windows Vista Microsoft operating systems.
  • Advanced Options for Users' Questions and Answers Profiles Security - You can now configure users' Questions and Answers profiles to include a question for caller identity verification by Help Desk. You can also define whether Help Desk operators must verify user identity by the complete answer to the Help Desk authentication question, or by just a few characters of the answer. This feature is intended to be used to provide higher security for users' private Q&A profile data.
  • Simplified Delegation of Administrative and Help Desk Tasks - Delegation of the Administration and Help Desk tasks in Password Manager has been simplified to eliminate the need to manually grant all necessary permissions. Now you can grant access to the Administration and Help Desk sites by simply adding the trusted individuals' accounts to the predefined security groups.
  • Groups to Configure the Scope of Registration Notification Recipients - You can now determine the scope of registration notification recipients. Password Manager lets you define a list of users you do not want to be prompted to register with Password Manager, or specify an explicit list of notification recipients; the both lists are managed through the use of group memberships.
  • Multilingual support extended with the Korean language - The multilingual support has been extended to include the Korean language. For the complete list of languages supported by Quest Password Manager, see the Global Operations section.

Back to Top

Resolved Issues and Enhancements
 

This section provides a list of issues that were resolved in Password Manager 4.1.1 (as compared to version 4.0.3). Each item in the list includes a unique ID (CR number) and a brief description of the problem.

CR0180099
Fixed: When specifying the service account during installation of Password Self-service, you may encounter the error "The selected user does not have the "Log on as a batch job" privilege."

CR0219016
Fixed: Under a heavy workload, Password Self-service may stop responding, returning the following error: "8007000E Not enough storage is available to complete this operation."

CR0216383
Fixed: With a registration schedule configured to set a daily limit on the number of the users to be registered with Password Self-service, you may encounter the following problem: All the domain users that are not mailbox-enabled are scheduled for registration on the first day even if the number of such users exceeds the daily limit specified.

CR0208316
Fixed: After deploying the Secure Password Extension on an end-user workstation, you may encounter the following problem: Accessing the Self-service site from the workstation (this can be done by using the "Manage My Password" button) erases the default Internet Explorer proxy settings on the workstation.

TFS00018851
Fixed: The "Password expired" e-mail notifications are not sent out if the "Force user registration" option on the domain settings page is not selected or the user is a member of the NoQPMregistration group.

TFS00018971
Fixed: When you disable the Length Rule on the Policy Rules page of Administration Site, the Enter New Password page on the Self-service site does not specify the password length requirement in the password requirements list despite the fact that such a requirement is imposed by the native "Minimum password length" domain policy.

TFS00018643
Fixed: The %ALLUSERSPROFILE%\Desktop folder may be occasionally deleted if the folder is empty and the "Do not create desktop shortcuts for the Self-service" option on the domain settings page is selected.

TFS00019041
Fixed: You may encounter a runtime error in the w3wp.exe process if the SMTP server for sending out e-mail notification is inaccessible or specified incorrectly.
 

Back to Top

Known Issues

This section provides a list of the currently known issues that customers may experience with the 4.1.1 release of Quest Password Manager. For each issue, the list includes a unique identifier (CR number), a brief description of the problem, and a workaround, if any exists, for the problem.

CR NUMBER not available
When you add password management to a domain that was earlier managed with Password Manager or another password management application, you may encounter the following error: "8004030F (The new password for DOMAIN\__PRM_svc_user001__ does not comply with the password policy.)"

WORKAROUND
Prior to adding password management to such a domain, create a user account in that domain with the user logon name (pre-Windows 2000) set to __PRM_svc_user001__.

CR NUMBER not available
With the "Honor Password History" check box selected in security options for a domain, every single change of a password adds two records to password history. As a result, the password history feature does not work as expected. For example, if password history is configured so that a user must use 10 unique passwords before reusing a previous password, Password Manager actually allows a user to reuse a password after a series of only 5 unique passwords.

WORKAROUND
Configure password history to retain information on two times more number of password changes.

CR0157323
When registering with Password Manager, members of the Domain Admins group may encounter the following error: "Error saving your Questions and Answers profile." The cause of the problem is that members of protected groups, such as Domain Admins, do not inherit permissions from parent containers.
For more information, refer to Microsoft's article "Delegated permissions are not available and inheritance is automatically disabled": http://support.microsoft.com/?id=817433

WORKAROUND

Method 1

Avoid registering members of protected groups with Password Manager.

Method 2

Modify the account that Password Manager uses to access the managed domain, so that the account has the following rights:
- Membership in the 'Domain Users' group
- Membership in the 'Group Policy Creator Owners' group
- The Read permission for all attributes of user objects
- The Write permission for the following attributes of user objects: 'pwdLastSet', 'comment', and 'userAccountControl'
- The right to reset user passwords
- The right to create user accounts in the Users container
- The Read permission for all attributes of the 'domainDNS' object
- The Read permission for all attributes of 'organizationalUnit'
- The Write permission for the 'gpLink' attribute of the 'domainDNS' object
- The Write permission for the 'gpLink' attribute of 'organizationalUnit' objects

CR0181270
When configuring your Questions and Answers profile, you may encounter the following problem. If you have selected the "Hide my answers for security purposes" check box, you cannot input double-byte character set (DBCS) characters in the text boxes where you specify your answers.

WORKAROUND
Clear the "Hide my answers for security purposes" check box.

CR0212015
When you extract the Password Manager files from the distribution package to your local disk and then run the Setup program to install Password Manager, you may encounter the following problem: Setup is unable to continue. This problem occurs if the local path to the extracted files is more than 259 characters.

WORKAROUND
When extracting the files, specify a shorter path to the local folder to hold the extracted files (for example, C:\QPM).

CR0221931
When using the prm_gina.adm Administrative Template to specify custom labels for Secure Password Extension buttons (such as the "Manage My Password", "Forgot My Password", or "Usage Policy" button), you may encounter the following problem: Your custom labels do not fit on the buttons.

WORKAROUND
Specify shorter labels.

Back to Top

System Requirements

Before installing Quest Password Manager, ensure your system meets the following minimum hardware and software requirements:

Platform 800 MHz or higher Intel Pentium®-compatible CPU
Memory At least 128 MB RAM (256 MB recommended)
Hard Disk Space 80 MB
Operating System Microsoft® Windows Server™ 2003 (32-bit edition) with Service Pack 1 or later
Internet Information Server Microsoft® Internet Information Server 6.0.

It is strongly recommended that you use HTTPS with Quest Password Manager. For more information, see Quick Start Guide.
Browser Microsoft® Internet Explorer 6.0 or 7.0
SQL Server

Microsoft® SQL Server™ 2000
-OR-
Microsoft® SQL Server 2005

Report definitions included with Quest Password Manager 4.1 are designed to support functionality of Microsoft SQL Server 2005 Reporting Services, and are not compatible with Microsoft SQL Server 2000 Reporting Services. Microsoft SQL Server 2005 Express Edition with Advanced Services is included in the Quest Password Manager distribution package. If you install Microsoft SQL Server 2005 Express Edition with Advanced Services from the Quest Password Manager distribution package, we recommend that you accept the default settings as the most optimal.
Windows Installer Windows Installer 3.1 or later.

Windows Installer 3.1.4000.2435 is included with Quest Password Manager distribution package. You must install Windows Installer on Windows 2000-based computers before you install Quest Password Manager.
Microsoft .NET Framework Microsoft® .NET Framework 2.0.

Microsoft® .NET Framework 2.0 is included with the Quest Password Manager distribution package. You must install .NET Framework 2.0 before you install Quest Password Manager.
Data Access Components (MDAC) Microsoft® Data Access Components 2.7 or later.

The Quest Password Manager distribution package includes Microsoft Data Access Components 2.8. You must install Microsoft Data Access Components before you install Quest Password Manager.
Acrobat Reader Acrobat® Reader® 5.0 or later.

Acrobat Reader 7.0 is included with the Quest Password Manager distribution package.

Quest Password Manager works with Windows® 2000 and Windows® 2003 domains, including domains operating in a mixed mode.

Ensure that each of the client computers meets the following minimum software requirements:

Browser Microsoft® Internet Explorer 6.0 and 7.0
-OR-
Mozilla® 1.7.5
-OR-
Mozilla® Firefox® 1.0, 1.5, and 2.0

To be able to set password policies in an Active Directory domain managed by Password Manager, you must deploy the Quest Password Policy Manager component on all domain controllers in the managed domain.

The domain controllers where you plan to install the 32-bit version of Quest Password Policy Manager component must meet the following requirements:

Operating System Microsoft® Windows® 2000 Service Pack 4
-OR-
Microsoft® Windows Server™ 2003 (32-bit editions)
Hard Disk Space 5 MB of free hard disk space

The domain controllers where you plan to install the 64-bit version of Quest Password Policy Manager component must meet the following requirements:

Operating System Microsoft® Windows Server™ 2003( x64 editions)
Hard Disk Space 5 MB of free hard disk space

To allow password resets from the Windows logon screen, you must deploy the Quest Secure Password Extension on all target computers in the managed domain. The target computers must meet the following minimum software requirements:

Operating System

Microsoft® Windows® 2000 Server Service Pack 4
-OR-
Microsoft® Windows Server™ 2003
-OR-
Microsoft® Windows® 2000 Professional Service Pack 4
-OR-
Microsoft® Windows® XP Professional Service Pack 2 or later
-OR-
Microsoft® Windows® Vista

Browser Microsoft® Internet Explorer 6.0 and 7.0.

We do not recommend use of any plug-ins for Microsoft Internet Explorer on computers where you plan to deploy Quest Secure Password Extension, since the plug-ins extend Internet Explorer functionality and could pose security threats.

Back to Top

Global Operations

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any character set. It supports simultaneous operation with multilingual data. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan.

The release is localized to the following languages: English, Spanish, Japanese, French, German, Russian, Chinese (Simplified), Chinese (Traditional), Danish, Dutch, Portuguese (Brazil), Portuguese (Portugal), Korean.

Back to Top

Getting Started

Contents of the Release Package
 

The Quest Password Manager distribution CD contains the following products:
  • Quest® Password Manager 4.1.1
  • Quest® Password Policy Manager, 32-bit version
  • Quest® Password Policy Manager, 64-bit version
  • Quest® Secure Password Extension, 32-bit version
  • Quest® Secure Password Extension, 64-bit version
  • Microsoft® Data Access Components 2.8 Service Pack 1
  • Adobe® Acrobat Reader 7.0
  • Microsoft SQL Server 2005 Express Edition with Advanced Services
  • Windows Installer 3.1 Redistributable (v2)
  • Microsoft .NET Framework Version 2.0 Redistributable Package (x86)

Installation Procedure
 

You can use the following steps to get started with Quest Password Manager:

  1. Ensure that the computer, on which you plan to install the solution, meets the system requirements.
  2. To install Quest Password Manager, click Setup in the CD autorun window, and then click Password Manager. For more information on how to install this product, see Quick Start Guide.
  3. To read the product documentation, click Documentation in the CD autorun window, and then click a document name. Adobe Acrobat Reader is required to read the documents. You can install it by clicking Adobe Acrobat Reader in the Redistributables section of the CD autorun window.

Back to Top

For More Information

Contacting Quest Software:

Email info@quest.com
Mail: Quest Software, Inc.
World Headquarters
5 Polaris Way
Aliso Viejo, CA 92656
USA
Web site: http://www.quest.com/

Please refer to our Web site for regional and international office information.

Contacting Quest Support

Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract. Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com

From SupportLink, you can do the following:

  • Quickly find thousands of solutions (Knowledgebase articles/documents).

  • Download patches and upgrades.
  • Seek help from a Support engineer.
  • Log and update your case, and check its status.

View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures. The guide is available at: http://support.quest.com/pdfs/Global Support Guide.pdf

This document contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software, Inc.

© 2008 Quest Software, Inc. ALL RIGHTS RESERVED.

Quest, Quest Software, the Quest Software logo, Aelita, AppAssure, Benchmark Factory, Big Brother, DataFactory, DeployDirector, ERDisk, Fastlane, Final, Foglight, Funnel Web, I/Watch, Imceda, InLook, IntelliProfile, Internet Weather Report, InTrust, IT Dad, JClass, Jint, JProbe, Knowledge Xpert, LeccoTech, LiteSpeed, LiveReorg, Matrix Insight, Matrix.Net, MIQ, NBSpool, NetBase, Npulse, PerformaSure, PL/Vision, Quest Central, RAPS, SharePlex, Sitraka, SmartAlarm, Speed Change Manager, Speed Coefficient, Spotlight, SQL Firewall, SQL Impact, SQL LiteSpeed, SQL Navigator, SQLab, SQLGuardian, SQLProtector, SQL Watch, Stat, Stat!, StealthCollect, Tag and Follow, Toad, T.O.A.D., Vintela, Virtual DBA, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.

If you have any questions regarding your potential use of this material, contact:

Quest Software World Headquarters
LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656

Web:    http://www.quest.com
e-mail:  legal@quest.com

Disclaimer

The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.

Back to Top