conpal LAN Crypt Administration 3.97 release notes
conpal LAN Crypt is the
successor of SafeGuard LAN Crypt. conpal LAN Crypt Administration 3.97 is the
initial release of conpal for the administration. It contains fixes and
hotfixes of the previous SafeGuard LAN Crypt Administration 3.90 version, but
no functional enhancements. In sense of operating systems and databases
additional versions are supported and support for some operating systems and
databases have been dropped.
The below listed platforms
are officially supported. Other Service Pack levels might work as well but have
not run through a QA cycle and won´t be analyzed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Windows 7 (Ultimate /
Enterprise / Professional) SP1
|
Yes
|
Yes
|
|
Windows 10 Build 1607, 1703,
1803, 1809, 1903, 1909, 2004 Pro/Enterprise
|
No
|
Yes
|
|
Windows Server 2008 R2 SP1
|
No
|
Yes
|
|
Windows Server 2012
|
No
|
Yes
|
|
Windows Server 2012 R2
|
No
|
Yes
|
|
Windows Server 2016
|
No
|
Yes
|
Microsoft SQL Server 2008
R2 SP2
Microsoft SQL Server 2012
Microsoft SQL Server 2012 SP3
Microsoft SQL Server 2016
Microsoft SQL Server 2017
Microsoft SQL Server 2019
For an upgrade-installation
you can find additional information in the user manual.
Note:
If you are upgrading from SafeGuard LAN Crypt administration version 3.61 on a
64-bit operating system, please uninstall version 3.61 before you install the
new version.
Make sure you selected the
policy file format which is supported by all of your clients (see administrator
help chapter "The Directories tab").
- Windows Server 2016 is now supported.
- Microsoft SQL Server 2017 is now supported.
- The default policy file format was changed to XML which is needed
for SafeGuard LAN Crypt Clients version 3.90 and newer. If older client
versions are also used, the legacy policy file format has to be activated.
- The usage of the Client API can be configured in the
administration.
- Encryption tags can be administered for the usage in the Client
API.
- The clients can be configured to use XTS-AES encryption instead of
AES.
- Security Officers which have the global permission Use Specific Keys
granted, are now able to display all specific keys in Central Settings, All SafeGuard
LAN Crypt keys. The specific keys can be displayed with Show Specific Keys in
the context menu.
The properties of specific keys can be displayed and modified and the keys
can be enabled or disabled.
- It is no longer possible to assign specific keys to a group.
- Group policy configuration is now also possible with administrative
templates. The template files are located in the config folder of the
product package. Please see http://msdn.microsoft.com/en-us/library/bb530196.aspx
for information how the files have to be installed.
- Import from a Novell directory is no longer supported.
- The number of displayed keys was limited to 65535.
- The group policy setting Strong
private key protection is now delivered correctly to the clients
again.
(unchanged compared to
SafeGuard LAN Crypt Administration 3.90)
- Network errors
If the network connection to the SQL server, or to a LDAP source, is
broken during LAN Crypt administration, the LAN Crypt Administration must
be closed and restarted (after the network problem is fixed).
- Simultaneous administration
If more than one SO is working with the LAN Crypt database at the same
time, problems can occur. We recommend a regular manual refresh in that
case.
- LDAP import and synchronization
- If objects are imported from a domain, you must specify the domain
name and not the computer name in the server configuration!
When configuring server logon data in central settings you should either
enter only the domain name as server name or add the domain name as an
alias.
- On the root level (e.g. domain), only 999 objects are displayed
and imported.
- Page controls have to be enabled on the LDAP server.
- Certificate store
SafeGuard LAN Crypt only supports certificates in one of the user
certificate stores. It does not support certificates in machine stores.
- Compatibility with Oracle 10g
SafeGuard LAN Crypt Administration is not compatible with Oracle Client
10.2.0.4 because of an ODBC driver issue. It is not possible to create the
first Master Security Officer or to login with an existing SO.
Please use either Oracle 11 or a previous Oracle 10g installation.
- Installation
If SafeGuard LAN Crypt Administration is installed and on the same machine
SafeGuard LAN Crypt Client version 3.71 or below is installed afterwards,
creation of legacy POL files is no longer possible. A repair installation
of the SafeGuard LAN Crypt Administration must be executed (Windows
control panel) in this case.
If the installation is done in the other order (first client then
administration), no repair is necessary.
- Installation on 64 bit operating systems
If the SafeGuard LAN Crypt administration is installed on a 64 bit
operating system, the following has to be considered.
- ODBC administration
The ODBC connection used by SafeGuard LAN Crypt Administration has to be
configured using the 32 bit ODBC Data Source Administrator
(%WINDIR%\SysWOW64\odbcad32.exe or use the shortcut in the start menu).
Remark: The shortcut in the LAN Crypt start menu is not displayed on
Windows Server 2012. Please use the shortcut ODBC Data Sources (32-bit) available in
Administrative Tools
instead.
- Group policy plugin
The group policy plugin to administer SafeGuard LAN Crypt is not shown in
the Windows group policy editor. To administer the SafeGuard LAN Crypt
policies, the 32 bit Group Policy Editor has to be used
(%WINDIR%\SysWOW64\gpedit.msc for local policies or
%WINDIR%\SysWOW64\gpme.msc for Active Directory policies or use the
shortcut in the start menu).
As an alternative the administrative templates can be used which are
stored in the config folder of the product package.
- Scripting API
The scripting API is only available for 32 bit applications. If a
VisualBasic-Script is started which uses the SafeGuard LAN Crypt
scripting API, it has to be started from the 32 bit Windows Scripting
Host (%WINDIR%\SysWOW64\cscript.exe or %WINDIR%\SysWOW64\wscript.exe).
- Firewall settings
If the Microsoft SQL Server database is located on another machine, please
ensure that the firewall is configured correctly. Additional information
can be found here: http://msdn.microsoft.com/en-us/library/cc646023.aspx.