Quest® Reporter
Version 6.1
Release Notes
May 2008
Resolved Issues and Enhancements
Known Issues for Configuration Baselining
Quest Reporter enables IT organizations to collect, compare, report on, and
resolve Active Directory and Windows-based configurations which is essential for
change auditing, Windows security assessments, or Active Directory pre- and
post-migration analyses.
Whether baselining compliance with regulations or migrating to Active Directory, Quest Reporter brings the information together with its extensive library of reports.
New features in Quest Reporter version 6.1
The following is a list of issues addressed and enhancements implemented in this release of Quest Reporter.
|
Resolved Issue |
Change Request |
|
Issue: If Reporter is installed and then uninstalled on a computer you can no
longer deploy a new RDC to this computer.
Fixed: Registry key is now cleared. |
CR#231691 |
|
Issue: Spelling mistake: Access Control Entry displays "ACL" instead of "ACE"
Fixed: Typo corrected. |
CR#229069 |
|
Issue: Action-enabled reports against large numbers of objects return no data.
Fixed: Problem occurred because default timeout key had no value. Timeout now defaults to one day if the key is not set. |
CR#227784 |
|
Issue: When a trial key is close to expiring, scheduled collections fail and sit in a running state.
Fixed: Licensing component modified to address the problem. |
CR#226713 |
|
Issue: Filters are getting cut off in print screen and PDF outputs when many filters are present.
Fixed: Problem resolved. |
CR#226558 |
|
Issue: Quest Reporter's Licensing application does not work on Vista/Longhorn.
Fixed: Problem resolved. |
CR#223163 |
|
Issue: Reporter cannot output a report in Excel for Office 2007.
Fixed: Problem resolved. |
CR#182634 |
|
Issue: Users with an Exchange (5.5) Mailbox Report returns all email-enabled users.
Fixed: Problem resolved. |
CR#084249 |
The following is a list of issues known to exist at the time of this Quest Reporter release.
|
Known Issue |
Change Request |
| When setting up a scheduled collection on a remote computer, the browse path shows the desktop on the local computer and not the remote computer. | CR#232224 |
| There are no access errors displayed when you try to add attributes to the database in the Configuration Utility and you do not have the correct access rights to the database. WORKAROUND: Ensure you have the appropriate access rights to the database before you add attributes through the Configuration Utility. | CR#232223 |
| The Object change history items might not always appear in chronological order. | CR#232220 |
| Quest Reporter version 6.1 can only be installed with ActiveRoles Direct version 5.3. | CR#232219 |
|
The NULL password agent cannot be installed locally when running Quest Reporter
on a DC. As a result, the Users with NULL Passwords (Agent) report will return
no data if run against the local computer in this case.
WORKAROUND: Deploy the NULL password agent to another DC in the same domain. |
CR#232218 |
| If you manually stop the compression services on a remote RDC, and leave the services panel open on the RDC host, then try to create a new job from the console, an error message will be displayed that the Repository Controller service could not be installed and that it has been marked for deletion. If the services panel is closed before you try and schedule a job it works without error. | CR#232217 |
| On a Windows 2003 computer, there may be compatibility issues when installing both Microsoft Message Queuing (MSMQ) and CMAK (Connection Manager Administration Kit) on the same computer. You can remove CMAK using the Add/Remove Programs | Windows Components. | CR#232216 |
|
When installing Reporter on a VISTA computer where UAC is enabled, compressed
mode does not get installed when this option is selected. WORKAROUND: 1) Disable UAC before you do the install or 2) Install compressed mode (after the install is done) by selecting the "Compressed Data Mode" tab in the configuration utility and then selecting the "Install " button. |
CR#232146 |
|
If Reporter is installed on Windows Server 2008 without first installing the
Remote Server Administration Tools (RSAT), the Active Directory node will not be
able to create new Active Directory objects.
WORKAROUND: Install RSAT, then remove the domains from the Active Directory node, restart the application, and re-add the domains. |
CR#231583 |
| When reporting on the group "Members" attribute, any user that has that group as its primary group will not be reported. | CR#231577 |
| Change History reporting may not report all changed attributes if the report template contains attributes from more than one attribute class. | CR#231543 |
| The "Time Zone Daylight Name" attribute is not collected from Vista and Windows Server 2008 computers. | CR#231421 |
|
You may receive the error "Cannot generate report. Canvas does not allow
drawing" when generation a report. WORKAROUND: Uninstall printer. |
CR#230581 |
| Limited object properties are available in the AD snap-in on Windows XP computers. WORKAROUND: Install the Windows 2003 Adminpack. | CR#229946 |
| On Vista computers, long attribute names may overwrite the data when viewing report output. | CR#229585 |
| Filter Grouping does not work for multivalued attributes or attributes of child classes. | CR#225468 |
|
NetApp Filers that do not have a C$ share cannot be reported on by Reporter.
WORKAROUND: Create a C$ share that points to an empty folder that is longer than three characters in length. |
CR#223841 |
| The "Boot Entries" attribute is not collected from Vista and 2K8 computers. | CR#223166 |
| The installation of Reporter for Novell 1.2 will reset the database upgrade timeout limit from 30 days to 12 hours. | CR#223081 |
| Filtering on some multi-valued attributes may not work properly, resulting in excess information being included in the report. | CR#222622 |
The following NTFS special reports should not be run using offline object sets:
|
CR#218315 |
| Running Track Changes against any computer report shows 'Machine SID' as changed when the attribute was not selected to report on. | CR#217746 |
The following
NTFS special reports will not run correctly in stored mode after an upgrade:
WORKAROUND: Run a collection before generating the report. |
CR#217455 and 211804 |
| When running action enabled reports, extra attributes may be reported with an incorrect value of %Not Set. | CR#217303 |
| Scheduled Collection Wizard - Modifications to CB categories or templates will not be updated in scheduled collections using those categories or templates. | CR#216133 |
| Child paths are not sorted in the Child ACL differs from Parent and Child ACL differs from Root reports. | CR#215154 |
| If you run the Child ACL differs from Parent report and then save it as a favorite, when you run the report again from the Favorites node it will not return ACL differences. | CR#214998 |
| If you link other attributes to the SAM Account Name before running either the Registry Key Information report template or the Registry Permissions report template, some attributes are displayed multiple times. | CR#214645 |
| During installation the license dialog may appear behind the setup window. | CR#214496 |
| When you run the Security Options report template with an object that is a 64-bit computer, some attributes in the resulting report will be incorrect. | CR#208402 |
| The Modified Date and Accessed Date will report the time in GMT for Old Value and New Value properties when reporting Track Changes information. However, the Date Changed value will be reported in local time. | CR#208353 |
| Contrary to what the licensing dialog indicates, the product will stop working when your license has expired. | CR#207918 |
| Reporter will not report a Group Name greater than 200 characters. | CR#207059 |
| Reporter will not report a Street Address greater than 200 characters. | CR#204760 |
| The Windows Version attribute will show a $ as the first character of the value when exported to an Excel file. | CR#200917 |
| If a grouping in a template filter is reduced to only one filter item errors may occur when you run the report. | CR#197872 |
| Some user attributes cannot be reported on Netapp filers. | CR#196942 |
| The Account Lockout Policy report may report previously set values for the lockout attributes if any of the values are re-set to Not Defined. | CR#192012 |
|
Change History data cannot be saved in Excel file format.
WORKAROUND: Export to txt or csv format and import into Excel. |
CR#186555 |
|
If you run an exceedingly high number of reports that target similar types of
attributes, database records may not be updated correctly, as the updating may
take place simultaneously.
WORKAROUND: Stagger the reports to avoid simultaneous attempts to update the same data. |
CR#174892 |
| Reports might not be displayed on the screen when scheduling a favorite through a remote desktop. |
CR#174375 |
| In Action Enabled reporting you are restricted to the local domain. | CR#172207 |
| Database set up does not display any name instances when collected from the database. | CR#167470 |
| NULL password agents cannot be deployed to 64-bit domain controllers. | CR#161064 |
| Deploying a Remote Data Collector configured to use compressed data transport mode on a non-english operating system may result in an installation error. | CR#155373 |
The following is a list of issues known to exist at the time of the Quest Reporter Configuration Baselining release.
|
Known Issue |
Change Request |
| Numeric Security Option attributes that are “Not Defined” will show a “-1” for the Set and Actual Values in the results view and rule wizard. | CR#231572 |
| When scheduling a configuration check to “Run now” on a remote server, the submission may occasionally fail. If this occurs, re-submit the configuration check. | CR#231496 |
| If you schedule a configuration check to Run Now on a remote computer and the current time setting of that remote computer is earlier than the local computer, the configuration check might run twice. This happens when Microsoft Windows Task Scheduler runs the job after the job has been triggered manually by the Configuration Check Wizard. | CR#231086 |
| If you copy a template category containing more than one template with rule sets, the folders for those rule sets will not be correctly organized. However, the templates, rule sets and rules themselves are successfully copied. | CR#224226 |
| Copying a template category may result in a dialog box being displayed that indicates an error condition has occurred. However, the contents of the category are successfully copied. | CR#224220 |
|
Attribute snapshots in stored mode and configuration checks in stored mode may
not display results after an upgrade from 5.5. This is due to
required data needed for Configuration Baselining that was not available in
Reporter before 6.0.
WORKAROUND:
|
CR#223930 |
|
Attribute snapshots in stored mode and configuration checks in stored mode may
not display results for an NTFS report after an upgrade from 5.5. This is due to required data needed for Configuration Baselining that was
not available in 6.0.
WORKAROUND:
|
CR#223850 |
| If you create a rule based on the NTFS Files or NTFS Folders attribute category and you select the Search for files or Search for folders option and limit the scope of the search to the common folder Program Files or Common Program Files, when the configuration check runs it will only reference the 32-bit versions when targeting a 64-bit computer. | CR#218442 |
|
If you add the same attribute multiple times to a rule filter, the rule filter
will not be applied successfully to the rule. This only occurs for the following
attribute categories and attributes: Local Users – User Name Local Groups – Group Name Active Directory Domains – Domain Name Active Directory Users – Distinguished Name Active Directory Groups – Distinguished Name Active Directory Trusts – Trust Domain Name Active Directory Sites – Site Name Active Directory Organizational Units – OU Distinguished Name Active Directory Published Printers – Published Printer Distinguished Name Active Directory Schema Attributes – Schema Attribute Active Directory DFS Shares – DFS Share Distinguished Name Active Directory Published Shares – Published Share Distinguished Name
WORKAROUND: Use the “is in” condition when you add these attributes multiple times to a rule filter.
|
CR#218192 |
| If you add Active Directory rule set filters to a configuration check, the filters will not be applied to the following categories: Account Lockout Policy, Password Policy, Schema Attributes, Sites, and Trusts. | CR#218044 |
| You cannot enter a blank password as the password when you create a configuration check. | CR#217614 |
| You cannot import an .inf or .xml file that has more than 254 characters in the name. | CR#217572 |
| When creating a rule or viewing the results of a configuration check, the name of some attributes or attribute values might not reflect the exact operating system terminology. | CR#217332, 214681, 213653, 207078, 185028, 147370, and 130197 |
| You can only run configuration checks against NetApp filers if the rules included in the configuration checks are based on the NTFS Shares attribute category. | CR#216142 |
|
CIS Benchmark Exceptions
The rules referenced by the following CIS Benchmark exceptions have been removed from Configuration Baselining:
|
CR#215328 CR#210851 CR#209191 CR#216301 |
| If you import an .inf or .xml file, you have to manually refresh the Templates and Rule Sets nodes by right-clicking the node and selecting Refresh or pressing F5. | CR#214693 |
| If you run a configuration check that includes a computer that is offline or inaccessible, the results will show a Success symbol for that computer. | CR#213144 |
| If, when you create an NTFS Folders rule, you select the Specific folder or share option as the Search Location and browse to a folder that has 250 or more characters in the name, you will receive an error message. | CR#211185 |
| Configuration checks will not process the "(Default)" value for any registry key. | CR#208482 |
| The Configuration Baselining node might not function correctly if you run Quest Reporter through the Quest Management Console. | CR#207801 and 207789 |
| Running configuration checks against registry values that contain a backslash “ \” in the name might produce unpredictable results. | CR#203881 |
| String list operators function differently in the Configuration Baselining module than in other areas of Quest Reporter. | CR#203359 |
| You have to select a domain when you create a configuration check for Active Directory objects even though individual computers are available for selection. | CR#198381 |
| A configuration check might stay in a "Running" state and never finish. You should be able to right-click it and select Stop. | CR#195682 |
| You cannot run configuration checks against Vintela Authentication Services (VAS) objects. | CR#194901 |
Before installing Quest Reporter, ensure your system meets the following minimum hardware and software requirements:
| Platform | 3 GHz multiprocessor
32 or 64-bit processors - 64-bit CPU support running in 32 bit emulation mode |
| Memory | 2 GB or more recommended |
| Hard Disk Space | 100 MB of disk space for the application
500 MB of disk space for processing
35 MB of disk space on any computer where RDCs are to be deployed
12 MB of disk space on any computer where CCPs are to be deployed
Database size is dependent on the amount of information being collected. |
| Operating System |
Installation and deployment computers:Microsoft Windows XP (Service Pack 2) -OR- Microsoft Windows Vista (Service Pack 1) -OR- Microsoft Windows Server 2003 (Service Pack 2) -OR- Microsoft Windows Server 2003 R2 -OR- Microsoft Windows Server 2008 -OR- Microsoft Windows Server 2000 with MSMQ installed (RDC computers only) Note: All computers must be members in a domain.
Note: If you have ActiveRoles installed, ensure you are using version 5.3 or later. Reporter 6.1 is not compatible with earlier versions of ActiveRoles. Collection computers:Microsoft Windows XP (Service Pack 2) -OR- Microsoft Windows Vista (Service Pack 1) -OR- Microsoft Windows 2000 Professional, Server or Advanced Server (Service Pack 4) -OR- Microsoft Windows Server 2003 (Service Pack 2) -OR- Microsoft Windows Server 2003 R2 -OR- Microsoft Windows Server 2008 -OR- NetApp Filer - Data ONTAP 6.5.6 Configuration check computers:Microsoft Windows XP (Service Pack 2) -OR- Microsoft Windows Vista (Service Pack 1) -OR- Microsoft Windows 2000 Professional, Server or Advanced Server (Service Pack 4) -OR- Microsoft Windows Server 2003 (Service Pack 2) -OR- Microsoft Windows Server 2003 R2 -OR- Microsoft Windows Server 2008 |
| Services | The Remote Registry service must be started and the startup type must be set to Automatic. |
| Additional Software | Supported database servers include SQL Server 2000
(Service Pack 4), SQL Server 2005 (Service Pack 2), or SQL Server
Express 2005
For compressed data transport mode on Windows 2000 computers: Microsoft Message Queuing (MSMQ) 2.0 or later in workgroup mode, Independent client setup
Microsoft Data Access Control (MDAC) 2.8 (Service Pack 1) or SQL Server Admin Tools
.NET Framework 2.0 or later
MMC 3.0
Quest Vintela Authentication Services (VAS) 3.3 (if you are using VAS reporting)
Microsoft Office Excel 2000 or later (if you are saving the report output as a Microsoft Excel spreadsheet)
For Windows XP, full Reporter console functionality under the Active Directory node requires the installation of Windows Server 2003 Administration Tools Pack
For Windows Server 2008, full Reporter console functionality under the Active Directory node requires the installation of Remote Server Administration Tools |
| File System | NTFS |
| Account | It is recommended you run Quest Reporter under a user account with local administrative access on all computers where Reporter components are installed (Console, RDCs, and CCPs included) and all computers where Reporter will collect data. |
This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.
This release supports any single-byte or multi-byte character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe, Latin America, and Japan.
The Quest Reporter release package contains the following products:
Links are provided to the following products in the Autorun under the Redistributables tab:
Refer to the Quest Reporter Installation and Deployment Guide for installation instructions.
Get the latest product information, find helpful resources, and join a discussion with the Quest Reporter team and other community members. Join the Quest Reporter community at http://compliancesuite.inside.quest.com/index.jspa.
| info@quest.com | |
| Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA |
|
| Web |
Refer to our Web site for regional and international office information.
Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract.
Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com.
From SupportLink, you can do the following:
View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures.
The guide is available at: http://support.quest.com/pdfs/Global Support Guide.pdf.
This guide is available in English only.
© 2008 Quest Software, Inc.
ALL RIGHTS RESERVED.
This document contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software, Inc.
If you have any questions regarding your potential use of this material, contact:
|
Quest Software World Headquarters
LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656
www.quest.com |
Refer to our website for regional and international office information.
Quest, Quest Software, the Quest Software logo, Aelita, InTrust, Quest Central, Sitraka, Spotlight, and Vintela are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.
This product includes the following third party software components: Blowfish, Info-Zip, Log4Net and SharpZipLib. Their licenses can be found in the Reporter 6.1 online help. Third party freeware source code can be found in the "Third Party Components" root folder on the Reporter installation CD.
The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.