Thycotic Privilege Manager 10.8

Since the end of August 2020 a new release is available – Learn here which improvements have been implemented with Privilege Management Release 10.8 from Thycotic.

In addition to improvements and the usual bug fixes, the known issues are also addressed:

10.8.0 Release Notes

Enhancements

Enhancements available with the 10.8 release of Privilege Manager. Enhancements are for both versions, On-premises and Cloud, unless otherwise outlined under a specific On-prem or Cloud subtopic.

  • New User Interface and User Experience. Refer to Privilege Manager 10.8 User Interface. 
    • New Policy Wizard driven Application Policy creation.
    • Resource Targets are now organized via Computer Groups.
    • Activation of Policies and Policy Priority changes available from the Application Policies overview page.
    • Dark theme support.
    • Refer to the Changelog for details about restructured documentation topics in alignment with the new UI.                       
  • Enhanced upgrade process for on-premises instances. Privilege Manager now checks if updates are available and downloads details prior to proceeding. Refer to Updating Privilege Manager – Primary Node.
  • The Application User Activity report provides audit details for user activities like logins and logouts. Refer to Application User Activity.
  • The Specific Installer Detection Filter and Generic Installer Detection Filter are now labeled as legacy filters. These filters are only to be used to detect legacy installers that require the Windows Application Compatibility flag to be set.
  • Support for multiple authentication providers, including multiple Active Directory domains, multiple Azure Active Directory domains, NTLM (on-premise), Secret Server, and Thycotic One authentication providers.
  • Standard Privilege Manager users can be created to log into Privilege Manager in case a connected authentication provider is unavailable
  • Additional metadata is included in Privilege Manager’s approval workflow: SHA1 hash and commandline arguments
  • Additional metadata is sent to ServiceNow for approval workflows: SHA1 hash, commandline arguments, company name, version
  • User context filter supports local user and local group names match by text

macOS Specific Features

  • Added macOS Agent Utility preference pane accessible via system preferences. Refer to MacOS Agent Utility Preference Pane.
  • Extended the Agent Summary by OS report to also contain macOS system serial number information.

Public API

Thycotic introduces Privilege Manager’s public API.

Cloud Specific Features                       

  • Support Import of On-Prem Active Directory Users and Groups into Privilege Manager Cloud instances via Directory Services Agent (AD). Also refer to Bundled Install and Agent System Requirements.      
  • Integration with Thycotic’s SaaS based behavior analysis product, Privilege Behavior Analytics (PBA), provides visibility into all processes interactively executed by end users.

Bugs Fixed

  • Users in nested groups are not shown as child items when importing specific Azure AD users and groups.
  • Adding a New AD Domain Uses the Wrong User Object (Not the One Selected).
  • Hyperlink from approval email notification redirected URL from browser is not working in cloud environment.
  • The task Import Specific Azure AD Users and Groups creates errors.
  • Parent and child actions are processing messages wrong.
  • SQL Lite Agent Errors with, ‘Database is locked’ on client item update.
  • When the Dacpac triggers a change in the schema of the itemstate table, locking errors can occur.
  • Resource Data Class Data will not be imported, if Data Class was just added during install. AD Domain Controller Resource synchronization issues.
  • Missing Trigger after importing a Remote Scheduled Client Command.
  • Cloning an Active Directory Foreign system configuration and creating a new AD does not remove previous settings (SID, DC, etc). 
    Executable not being caught when using just the file hash for the filter.
  • Agent registration fails due to foreign key constraint error pointing to missing target.
  • The Resource Explorer does not honor an OU name update for Active Directory Foreign Systems.
  • An URL specified with “http” only does not apply strict transport security for communication. Users in Privilege Manager Cloud are unable to configure tasks to send email reports. Domain user groups cannot be added to the User Context Filter.
  • Secondary file filter pre-filtering performance is lacking.
  • Errors when clicking on bar graphs for Local Security statistics about Users.
  • Customer accounts with an ampersand (&) in the company name or license cannot activate their license.
  • An error is thrown when attempting to add a managed user to a resource target.
  • The Report Summary of Application Action report only contains the first 3 to 5 records when exported to CSV.
  • When exporting a report with many records, the Select All option for CSV exports does not export all records.
  • Upgrade banners are not displayed for the latest version.
  • When creating or cloning an action, the user is unable to reference built-in or well-known local groups.
  • CSV Report export adds apostrophe before – and + symbols
  • When an endpoint is using Azure Service Bus to communicate with a Privilege Manager On- Prem instance, policies with a message, approval, or justification action do not appear and the application does not launch.
  • An exception is thrown when attempting to sync after creating an SCCM connection.
  • The subject line certificate filter does not match the certificate on file.
  • No details available for the Codesign Entitled Elevated Application Filter.
  • Issue using Multiple Security Groups in Computer Group not reflecting the correct number of computers.
  • Active Directory Computer merge is not working correctly.
  • Squishrunner.exe not working correctly with Thycotic Application Control Agent installed.
              

macOS Specific

  • System calculated due time for scheduled task as negative, causing an exception. 
  • macOS agents with a comma or equal sign in their name are not successfully registering. 
  • The approval/justification prompt appears twice for a policy elevating sudo commands. 
  • Slack’s DMG application bundle is not correctly recognized as a finder copy candidate.                   

Agent Updates                       

  • The agent is sending SHA1 and not SHA256 for Cylance integration.

Known Issues

  • Upgrading to Privilege Manager 10.8 causes a task to run to merge computer groups and remove unused system computer groups. This primarily affects the Application Control policies that are using resource targets/computer groups named All Windows Computers with Application Control Agent Installed. With 10.8, those policies will use the Windows Computers computer group and macOS will use MacOS Computers.

    If you want to prevent this automatic merge, modify the XML of this item:
    PrivilegeManager/#/item/xml/b2e02684-d154-48ca-9987-12b1759df822
    Add on line 2 <adc:Attributes>NoModify</adc:Attributes>.
  • When upgrading from 10.5 (and potentially other prior Privilege Manager versions), you may encounter an Item Not Found exception when first navigating to the console. The workaround for this is to recycle your app pools and then reload the console in your browser.
    When upgrading from 10.4 to the latest Privilege Manager version, the Admin menu might not load. The workaround for this is to recycle your app pools and then reload the console in your browser.
  • When setting the Monitor Resource switch to active on a computer resource, an error is thrown.
    Offline upgrades on multiple servers will need to be done manually.
  • The Directory Services Agent produced error messages about failed application control policy processing in the agent log.               
  • In IE11 the dates in the agent log calendar view are rendered in the same color as the background and only readable when selected.
  • With an approval policy targeting a PowerShell script (.ps1 file) via secondary file filter, the Approval Notice pop-up causes a critical error alert when accessing the .ps1 file via right-click Edit menu option.
                                  

macOS Specific                       

  • On endpoints using OneDrive, GoogleDrive, DropBox, or similar extensions, the endpoint will take about 2 min to correctly initialize the Finder Extension functionality after enabling the extension or after the upgrade to 10.8 with an enabled extension.

FAST FIND

→ You can find these release notes and other versions quickly and easily with us:
fast-find/delinea



Delinea specializes in password management and endpoint security solutions.
FYRE Consulting is an official authorized partner of Delinea.