conpal LAN Crypt 4.00.0 Administration release notes

Please note the LAN Crypt 4.00.0 Client release notes.

conpal LAN Crypt is the successor of SafeGuard LAN Crypt.

conpal LAN Crypt 3.97 Administration was the initial release of conpal for the Administration. It contained fixes and hotfixes of the previous SafeGuard LAN Crypt 3.90 Administration, but almost no functional enhancements. In sense of operating systems and databases additional versions were supported and support for some operating systems and databases have been dropped.

conpal LAN Crypt 4.00 Administration is a significant rework of the Administration, focused on improvements in operational speed and laying the ground for a complete replacement of the API functionality by a faster and more modern approach. It is reworked bottom up, including the cryptographic base.
Some new functions, like SHA2 support for LAN Crypt generated certificates, have been added.
Novell and Windows 7 support has been dropped, Oracle support for more current databases has been added. Current operating systems are supported.
In addition new client capabilities can be managed.

Please note that we have invested considerable effort in the continuity of the product. A migration of 3.9x databases requires minimal effort.
Mixed environments of older and current clients are supported (please refer to section operation).


Manuals, documentation and support

At registered customers with active maintenance contracts get access to downloads,documentation and knowledge items.


The administration contains an extensive context sensitive help. This information will be available in form of a pdf manual a couple of days after release for download.


Download the admin product documentation at in German language, at in English language and at in French language.

Updates for the context-sensitive help are made available via our support portal if necessary.


The below listed platforms are officially supported. Other Service Pack levels might work as well but have not run through a QA cycle and won´t be analysed in case of occurring issues.

Platforms supported



Windows 10 Build 1803, 1809, 1903, 1909, 2004 Pro/Enterprise 



Windows Server 2012



Windows Server 2012 R2



Windows Server 2016



Windows Server 2019




Microsoft SQL Server 2012 SP4
Microsoft SQL Server 2016 SP2

Microsoft SQL Server 2017
Microsoft SQL Server 2019
Azure SQL has been verified to be functional with LAN Crypt administration 3.97 and 4.0 LAN Crypt 4.0 provides the ability to logon using the active directory interactive authentication. LAN Crypt 3.97 does not support this type of authentication.
Oracle 12 and Oracle 19 are supported, whereas SQL Server remains LAN Crypt’s preferred database.

A LAN Crypt database created under LAN Crypt 3.90 or 3.97 must be updated in advance using "CreateTables.exe %ODBCName% m u" for use under LAN Crypt 4.00 Administration. The createtables tool provides a help message for specifics regarding e.g. Oracle.


For an upgrade-installation you can find additional information in the user manual.
An upgrade installation of the administration is supported from conpal LAN Crypt 3.97 (recommended) and SafeGuard LAN Crypt 3.90.
Migration of older versions is not supported, but technically possible, we recommend to make use of Professional services in such cases.

New in conpal LAN Crypt Administration release 4.00.0

Operation of LAN Crypt 4.00 administrative environments

A mixed operation of LAN Crypt v4 Admin and LAN Crypt v3.x Admin is not supported.

It is possible to run a v3.97 Admin with v4 Clients and v3 Clients.

It is possible to run a v4.00 Admin with v4 Clients and v3 Clients.

XML is the only supported policy file format of v4.00 Admin and v4.00 Clients.

New profile files are created by v4.00, with sections for v3 and v4 Clients.

The new encryption rules for Removables, Opticals etc are transported in the new section.

Once new rules have been created with v4.00, it is no longer possible to create profiles with a v3 Admin. Doing so would potentially have negative effects on the client.



At central points, the memory handling was improved and optimized. These optimizations were clearly measurable, but only lead to small improvements in relation to database accesses.

For continuity reasons (e.g. backup) such algorithms are not prohibited.

For the selection of XOR this is reinforced, and the SO must also have the right to define GUIDs for new keys to be able to select this algorithm.

Long path names are now default for client API configuration. For convenience reasons short names are internally completed by searching some  protected paths, when program names are configured without path information. The client will search in the following directories:


LAN Crypt Install Dir\Shared\ (non-recursive)

CSIDL_SYSTEM (typical C:\Windows\System32, non-recursive)

CSIDL_WINDOWS (typical C:\Windows, non-recursive)

CSIDL_PROGRAM_FILES (typical C:\Program Files, recursive)


If an EXE file with the specified name is found, the full path will be internally added.

Other pathes are now untrusted for short file names. (LC-690)






Known issues

In Windows Server 2012 R2, SO logon with certificate on smart card is not possible. According to our tests, this is the only supported operating system with this limitation.