u.trust
LAN Crypt 13.0.1 Administration release notes
u.trust LAN
Crypt 13.0.1 is a feature release with a strong focus on maintaining
compatibility with Microsoft’s security update CVE-2024-30098 where Microsoft
blocks CSP-based key operation for Smart Card MFA. It is strongly recommended that V13.0.0,
V11.0.0 and V11.0.1 clients are upgraded to V13.0.1 when using Smart Cards as
MFA. With previous versions of LAN Crypt, Smart Card authentication is no
longer possible after the MSFT security update CVE-2024-30098
(caution: this is an external link Utimaco is not responsible for its content)
is rolled out. Potentially an update of your Smart Card middleware is needed in
order to support KSP-based key operations. Please contact your Smart Card
middleware provider. LAN Crypt 13.0.1 has been successfully tested with the
following Smart Card middleware:
·
CardOS API 5.5.10
·
CryptoVision 8.3.4
·
Charismathics 6.1.9
·
Nexus Personal 5.17.2
UPDATE 2026-02-10: DisableCapiOverrideForRSA
registry key removal date has been updated from April 2026 to to February 9th,
2027, by MSFT.
The version
can upgrade from V13.0.0, V11.0.0 or V11.0.1 or the respective patched
versions. See manual
for further description of the upgrade process.
Some features of this version are not compatible with native CSP-based key
operation.
We've
released V13.0.1 with important improvements to enhance your data protection
and system stability. Key benefits of updating:
·
Support for KSP (Key Storage Provider) key operations
·
Several improvements in stability, resilience and performance
·
LAN Crypt2Go and LAN Crypt2Go Reader for Windows are included in the LAN
Crypt license (https://help.lancrypt.com/docs/2Go/menu/)
·
For the LAN Crypt non-VS-NfD release additionally LAN Crypt2Go for Mac
and LAN Crypt2Go for Linux can be obtained via support.
A dedicated
version for government customers to operate VS-NfD data is available.
Quick Update Recommendation
We
suggest updating to
·
Safeguard your data
·
Experience the latest system enhancements
·
Maintain optimal software reliability
Simple Next Steps
·
Download V13.0.1
·
Install the update
·
Potentially update your Smart Card middleware
·
Enjoy improved system security
Older release
notes for LAN Crypt remain valid, if not stated otherwise.
The EULA is
available in English and German only. The English version is valid for all
non-German speaking countries.
The actual
versions can be obtained from:
Please note the LAN
Crypt 13.0.1 Client release notes.
Requirements
The below
listed platforms have been tested and are officially supported. Other Service
Pack levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
|
Supported
Windows 64-bit operating system platforms
|
|
Pro/Enterprise
versions of Windows 10 Enterprise LTSC 2021
|
|
Pro/Enterprise
versions of Windows 11 23H2, 24H2, 24H2 LTSC, 25H2
|
|
Windows
Server 2022, 2025
|
|
Supported
Citrix Environments
|
|
Citrix Virtual Apps and Desktops
2402 LTRS on WS 2022 21H2
|
|
Supported
Database Servers
|
|
MS SQL 2022,
2025
|
|
Oracle 19
|
If a LAN
Crypt Client (LCC) shall be used in combination with LAN Crypt Admin (LCA) on
the same machine, it requires a LAN Crypt Client of the same version. (LC-1546)
Mixed
operation of old and new versions of LCA on the same database is not supported. (LC-3152)
New functionalities and
changes in LAN Crypt Administration release 13.0.1
- Replaced deprecated CryptoAPI with
CNG for asymmetric Cryptography (LC-4974)
- CBC-uIV was replaced by XTS-AES
as standard algorithm for the initial installation (LC-5041)
- Extend CryptoVerification to
CNG (LC-5044)
- Added new queries for the
telemetry collector (LC-5049)
- LCA: removed obsolete GPO
editor dialog "CSPs and Algorithms" (LC-4997)
- CheckDatabase with telemetry
collector: new rules (LC4871)
- EncStatus.exe moved to LCA
deployment (LC-4829)
- Updated build number (LC-5105)
- LCA help files updated (LC-5108)
Bugfixes
in LAN Crypt Administration release 13.0.1
- LCA .NET API: performance
improvements: implement Find() for ShortName and LongName (LC-5005)
- Fixed error handling during
deleting users (LC-5017)
- Start of CreateTables with
update shows a new error message, if the database is in a migration
process, to force the administrator to finish the migration (LC-4868, LC-4896)
New and known
issues in LAN Crypt Administration release 13.0.1
- Profiles containing the
MultiPolicy feature or the new CBC-uIV format (i.e. v11 or v13 nodes) are
not compatible with v4 clients. (LC-3717)
- CBC/OFB can still be configured
even though it is deprecated. This option will be removed in a future
version. (LC-3932)
- Displaying Japanese characters
(Windows Server 2025 only):
When creating rules that combine Japanese and Western European characters,
the font displayed may change within LCA. This results in inconsistent
font appearance. There is currently no solution or workaround for this
cosmetic behaviour. This issue is exclusive to Windows Server 2025 and
does not affect any other supported operating systems. (LC-4479)
- The VS-NfD version of LC2Go
creates files in CBC-uIV format – these can currently not be used for the
KeyImport feature of LCA. (LC-4853)
- CheckDatabase cannot check some
tables when the name for the database contains a period. This will be
fixed in the next version. (LC-4851)
- For some smart card related
trace messages the severity is set too high; Charismatics Middleware:
SmartcardPin cache deletion not working, smart card pin dialog does not
pop up (LC-5102)
- Error message displayed wrongly
when adding groups via the user's properties dialog by an SO (LC-5161)
Manuals,
documentation and support
Tickets opened
in the old support portal at https://support.conpal.de will be redirected to the
new Utimaco support portal (https://support.hsm.utimaco.com/support). Registered customers with active maintenance contracts
get access to downloads, documentation and knowledge items.
Japanese versions must be obtained from our partner Next Security https://next-security.jp
The
administration contains extensive context sensitive help. This information is
also available in the form of a pdf manual.
Download the admin product documentation at
https://help.lancrypt.com/docs/admin/13_0_1/de/
in German language, at
https://help.lancrypt.com/docs/admin/13_0_1/en/
in English language, at
https://help.lancrypt.com/docs/admin/13_0_1/fr/
in French language, at
https://help.lancrypt.com/docs/admin/13_0_1/jp/
in Japanese language.
API
documentation can be obtained from:
https://help.lancrypt.com/docs/api/client/en/
https://help.lancrypt.com/docs/api/admin/en/
https://help.lancrypt.com/docs/api/admin/net/index.html
u.trust
LAN Crypt 13.0.0 Administration release notes
u.trust LAN
Crypt 13.0.0 is a feature release with a strong focus on improving security.
There are quite some new security features included, which need structural
changes of the database and that requires a migration of an existing database.
The version
can upgrade from V11.0.0 or V11.0.1 or the respective patched versions. See manual for further description
of the upgrade process.
Some features of this version are not compatible with previous LAN Crypt
product versions or their database schema.
We've
released V13.0.0 with important improvements to enhance your data protection
and system stability. Key benefits of updating:
·
Default “SuperRandom” Random Number Generator
·
New symmetric encryption algorithm, default for new users (not
compatible with LAN Crypt V11 and older)
·
Cryptographic self-tests
·
Modernized cryptographic database protection
·
Transparent and fast upgrade procedures
·
Several improvements in stability and resilience
·
Encstatus tool providing information about encrypted files without
necessity to install LAN Crypt
·
LAN Crypt2Go and LAN Crypt2Go Reader for Windows are included in the LAN
Crypt license (https://help.lancrypt.com/docs/2Go/menu/).
·
The non-VS-NfD release of LAN Crypt now also contains LAN Crypt2Go for
Mac and Linux.
A dedicated
version for government customers to operate VS-NfD data is available.
Quick Update Recommendation
We
suggest updating to
·
Safeguard your data
·
Experience the latest system enhancements
·
Maintain optimal software reliability
Simple Next Steps
·
Download V13.0.0
·
Install the update
·
Migrate your database to the new structure
·
Enjoy improved system security
Older release
notes for LAN Crypt remain valid, if not stated otherwise.
The EULA is
available in English and German only. The English version is valid for all
non-German speaking countries.
The actual
versions can be obtained from:
Please note the LAN
Crypt 13.0.0 Client release notes.
Requirements
The below
listed platforms have been tested and are officially supported. Other Service
Pack levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
|
Supported
Windows 64-bit operating system platforms
|
|
Pro/Enterprise
versions of Windows 10 22H2 (VS-NfD version only), Enterprise LTSC 2021
|
|
Pro/Enterprise
versions of Windows 11 22H2 (VS-NfD version only), 23H2, 24H2, 24H2 LTSC
|
|
Windows
Server 2022, 2025
|
|
Supported
Citrix Environments
|
|
Citrix Virtual Apps and
Desktops 2402 LTRS on WS 2022 21H2
|
|
Supported
Database Servers
|
|
MS SQL 2022
|
|
Oracle 19
|
If a LAN
Crypt Client (LCC) shall be used in combination with LAN Crypt Admin (LCA), it
requires a LAN Crypt Client of the same version. (LC-1546)
Mixed operation
of old and new versions of LCA on the same database is not supported. (LC-3152)
New
functionalities and changes in LAN Crypt Administration release 13.0.0
- Support has been added for the
new CBC-uIV encryption mode, which is incompatible with v4 and v11
clients. This algorithm is the default setting for new installations.
(LC-3827, LC-4435, LC-4437)
- C++ runtime has been updated. (LC-4503)
- 3rd
party components updated (LC-4749, LC-4472)
- API: The COM API is considered
deprecated and will be removed in a further version. (LC-2823)
- API: Example
scripts for Multi Policy and Key Tagging/Filtering have been added to the setup. (LC-4162)
- API: We added a parameter to
the LanCryptApi function that points to the directory containing the LAN
Crypt API DLLs. (LC-4367)
- API: We have added LAN Crypt
RNG self-check functionality to the .NET ODBC logon process. New C#
exceptions have been added for RNG errors. (LC-4425)
- API: Keys created without a
name are now correctly intercepted. (LC-4691)
- API: The MSBuild tags <RuntimeIdentifier> and
<Prefer32Bit> have been added to the StartFirstHere.csproj project
sample file for x86 and x64, ensuring that the correct dotnet.exe version
(x86 or x64) is used. (LC-4095)
- Setup:
- “Custom” setup changed. .NET is now pre-selected instead of ScriptingAPI
(since the COM API is considered deprecated). (LC-4694)
- Required component "SGLCScriptApiV4.dll" is now installed with
.Net API so that .Net API can be installed without installing the COM API.
(LC-3126)
-All features in the admin setup are now optional so that “API only” can
be installed and used. (LC-4680)
- Necessary Database upgrades are
detected and performed by the LAN Crypt administration. The respective
user interface has been improved. (LC-4354)
- The database protection has
been changed to a new method that uses a future-proof MAC and an updated
DB scheme version. (LC-4068, LC-4353)
- The MAC protection of the database has been extended to cover
additional tables.
(LC-4093)
- The LogData has been overhauled
to use the new MAC. The functionality to archive to a file and verify the
archive file has been fixed. (LC-4359)
- LogArchive protection overhauled. (LC-4732)
- A tool for evaluating the
encryption status and mode of encrypted files (encstatus.exe) is included in
the deployment and has been added to the settings for default ignored
applications. This tool can be used with LAN Crypt filters. Alternatively,
the tool can be used without LAN Crypt being installed. (LC-4616)
- Extended database tools functionality:
- The
CheckDatabase tool has been extended to include the new '-c' or
'--checkLoggingIntegrity' switch that verifies the integrity of the
logging. This check is only performed once the integrity of the database
has been successfully verified. (LC-4348)
- The new switch '-L' allows you to set a limit on
the number of displayed errors. For example, this can be used to avoid
extensive lists when migrating the entire database to new MACs. (LC-4342)
- The performance of the migration to CertificateMeta by CheckDatabase
has been optimized. (LC-4193)
- The CheckDatabase tool has an added telemetry collector to provide
statistical data on the data structure in the LAN Crypt Administration
database, as well as compatibility checks regarding a later cloud
migration. (LC-4742)
- For rules: 'Local volumes' are
separated into 'Local fixed drives' and 'All local drives'. See manual for
further description. (LC-4562)
- For GPO Unhandled Devices:
renamed 'Local Volumes' to 'Local Fixed Drives'. (LC-4630)
- Added GPO to administrate
MovePolicyFromResolverCache. (LC-4112)
- Added a GPO for the RNG
algorithm to be used in the ADMX and GPO Editor. (LC-4314)
- “SuperRandom” added as default RNG (LC-2617)
- Self-check of RNG added. (LC-4405)
- Implemented health checks for crypto functionality. (LC-4422)
- Added
verification of the crypto algorithms at program start-up. (LC-4500)
- P12 file handling has been
improved for security purposes. The password length can now be set to
between 12 and 60 characters via the
'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Utimaco\SGLANCrypt' registry value,
'P12PasswordLength'. The default length is 20.
See manual for further description. (LC-4255)
- The handling of certificate timestamps has been optimized. (LC-4449)
- Improved error handling in
MSO/SO certificate processing. (LC-4510)
- Certificate handling has been
improved for speed, particularly regarding certificate
migration.
(LC-4448)
- Optimizations of SQL in
CreateTables. (LC-4684)
- CreateTables optimization for
handling SQL when verifying database integrity. (LC-4168)
- ODBC Trace: removed server name. (LC-4766)
- Spaces around the file mask in
the encryption rules are removed. (LC-4656)
- Changed the icon for the bypass
rule to the 'No Encryption' icon. (LC-4126)
- Initial creation of the MSO
will be checked for invalid characters in the name. (LC-4099)
- The recovery key dialogue box
will no longer display an error message when the user cancels. (LC-4623)
- The
“sglc_config.admx” can now be imported/uploaded to InTune – but deployment
might still be an issue (see known issues). (LC-4059)
The missing XML tag attributes 'explainText' have been added. In addition,
the header of the XML had to be supplemented with the attributes:
-
xmlns:xsd=http://www.w3.org/2001/XMLSchema
- xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
- xmlns=http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions
- For diagnostic purposes, we provide (via Support) a set of scripts orchestrated by a central script named the 'Log Collector
Utility'. This should be made available to clients where diagnostic data
needs to be collected. (LC-3165)
Bugfixes
in LAN Crypt Administration release 13.0.0
- The unintended display of the signing
certificate on the SO page has been fixed. Now, with either MSO or SO, the
encryption certificate is not anymore displayed as the signature
certificate. (LC-4259)
- Key name generation: the old
behaviour has been removed from the "RandomizedShortKeyName"
registry setting. The default setting of 1 is now the only option for
generating a short key name. (LC-4142)
- The user login name with
invalid characters is now handled properly when updating user properties.
API integration tests have been added to check the login name. Special
characters are only allowed in short names. (LC-4097, LC-4098)
- Group rights 'create and assign certificates' fixed for menu and toolbar. (LC-4045)
- When creating a profile, if a
user does not have a certificate, the process is terminated, and the user
is considered invalid. If this error is set to be
ignored, the user is assigned a dummy certificate, which is now ignored by
CheckDatabase certificate check. (LC-4703)
- Fixed memory leak. (LC-4529)
- Error handling has been
improved for read errors from the administrative web port when interfacing
with KMIP. (LC-4598)
- Fixed an error in the rule
creation for parsing ShellFolders. (LC-4545)
- Entering long strings in the
antivirus configuration brought up the message 'String not found'. This
issue has now been resolved. (LC-4245)
- Trimmed the trailing spaces
before using the directory name in the CreateProfiles function. (LC-4599)
- If the GPO “Cached Policy File
Lifetime” was set to too long, the incorrect message 'Error on
substitution of placeholder' appeared. This message has now been
corrected. (LC-4727)
- The incorrect consistency check
for archived logging data has been fixed. (LC-4371)
- Fixed the behavior when
entering spaces within the encryption rule. (LC-4091)
- API: Missing strings for
logging changes have been added. (LC-4381)
- Limited date entry to 1970 as
minimum for logging. (LC-4029)
- Cosmetic changes have been
applied to the Log Archive. The space before the date has
been removed and the column label 'UNUSED' has been added. (LC-4741)
New and known
issues in LAN Crypt Administration release 13.0.0
- Profiles containing the
MultiPolicy feature or the new CBC-uIV format (i.e. v11 or v13 nodes) are
not compatible with v4 clients. (LC-3717)
- CBC/OFB can still be configured
even though it is deprecated. This option will be removed in a future
version. (LC-3932)
- Displaying Japanese characters
(Windows Server 2025 only):
When creating rules that combine Japanese and Western European characters,
the font displayed may change within LCA. This results in inconsistent
font appearance. There is currently no solution or workaround for this
cosmetic behaviour. This issue is exclusive to Windows Server 2025 and
does not affect any other supported operating systems. (LC-4479)
- LAN Crypt ADMX settings might
not be deployable with InTune. (LC-4668)
- The VS-NfD version of LC2Go
creates files in CBC-uIV format – these can currently not be used for the
KeyImport feature of LCA. (LC-4853)
- CheckDatabase cannot check some
tables when the name for the database contains a period. This will be
fixed in the next version. (LC-4851)
Manuals,
documentation and support
Tickets opened in the old support portal at https://support.conpal.de will be redirected to the new Utimaco support portal (https://support.hsm.utimaco.com/support). Registered customers
with active maintenance contracts get access to downloads, documentation and
knowledge items.
Japanese versions must be obtained from our partner Next Security https://next-security.jp
The
administration contains extensive context sensitive help. This information is
also available in the form of a pdf manual.
Download the admin product documentation at
https://help.lancrypt.com/docs/admin/13_0_0/de/
in German language, at
https://help.lancrypt.com/docs/admin/13_0_0/en/
in English language, at
https://help.lancrypt.com/docs/admin/13_0_0/fr/
in French language, at
https://help.lancrypt.com/docs/admin/13_0_0/jp/
in Japanese language.
API
documentation can be obtained from:
https://help.lancrypt.com/docs/api/client/en/
https://help.lancrypt.com/docs/api/admin/en/
https://help.lancrypt.com/docs/api/admin/net/index.html
u.trust
LAN Crypt 11.0.1 Administration release notes
u.trust LAN
Crypt 11.0.1 is a maintenance/service release, there are no new features
included.
The version can upgrade from V11.0.0 or V4.2.1.
It is
strongly recommended that V11.0.0 clients are upgraded to V11.0.1
We've
released V11.0.1 with important improvements to enhance your data protection
and system stability. Key benefits of updating:
·
Prevents potential data risks
·
Ensures smoother system performance
·
Protects your valuable information
Quick Update Recommendation
We
suggest updating to V11.0.1 to:
·
Safeguard your data
·
Experience the latest system enhancements
·
Maintain optimal software reliability
Simple Next Steps
·
Download V11.0.1
·
Install the update
·
Enjoy improved system security
Please also
refer to the u.trust LAN Crypt 11.0.0 part of the release notes.
Older release notes for LAN Crypt remain valid, if not stated otherwise.
u.trust LAN Crypt 11.0.1
comes with several bugfixes.
The EULA is
available in English and German only. The English version is valid for all
non-German speaking countries.
The actual
versions can be obtained from:
Please note the LAN
Crypt 11.0.1 Client release notes.
Requirements
The below listed
platforms have been tested and are officially supported. Other Service Pack
levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
|
Supported
Windows 64-bit operating system platforms
|
|
Pro/Enterprise
versions of Windows 10 21H2 (LTSC), 22H2
|
|
Pro/Enterprise
versions of Windows 11 22H2, 23H2, 24H2, 24H2 LTSC
|
|
Windows
Server 2022, 2025
|
|
Supported
Citrix Environments
|
|
Citrix Virtual Apps and
Desktop 7 1912 LTSR CU2
on WS 2019
|
|
Supported
Database Servers
|
|
MS SQL 2019
|
|
MS SQL 2022
|
|
Oracle 19
|
If a LAN
Crypt Client (LCC) shall be used in combination with LAN Crypt Admin (LCA), it requires
a LAN Crypt Client of the same version. Otherwise, when deinstalling the LCC,
the LCA might not work anymore. It is required to use a client of the same
version (LC-1546).
Mixed
operation of old and new versions of LCA on the same database is not supported
(LC-3152).
Changes in LAN Crypt Administration release 11.0.1
- C++ runtime has been updated.
(LC-4505)
- 3rd party components
updated
Bugfixes in LAN
Crypt Administration release 11.0.1
- The search result for users and
groups in directory objects was not parsed correctly. As a result, users
and groups deleted in AD were not deleted in the LC database during
synchronization. This has been fixed. (LC-4424)
- Profile creation using the .Net
API with key filtering feature has been fixed regarding disabled keys to
behave like profile creation using the GUI. (LC-4202, LC-4209)
- CheckDatabase did not repair
KeyUsagePlaceMac records. An incorrect column was used for sorting during
the check, causing the VMAC to be calculated incorrectly. This has been
fixed. (LC-4210)
New and known
issues in LAN Crypt Administration release 11.0.1
- Key name generation: behaviour
with the legacy registry setting "RandomizedShortKeyName" is
wrong and will be fixed in a future release. The default of 1 is the only
supported setting for generating a short key name. (LC-4142)
- A signature certificate is
currently always displayed for the MSO or SO. You can no longer create a
(M)SO that does not have a dedicated signature certificate. In addition,
all(!) existing (M)SO now also have a signature certificate. Please keep
in mind that both certificates must be reassigned during a certificate
renewal. This behaviour will be changed in a future release. (LC-4259)
Manuals,
documentation and support
The support
portal at https://support.conpal.de will redirect you to the
new Utimaco support portal. Registered customers with active maintenance
contracts get access to downloads, documentation and knowledge items.
The Japanese
version can be obtained from our partner Next Security https://next-security.jp
The
administration contains extensive context sensitive help. This information is
also available in the form of a pdf manual.
Download the admin product documentation at
https://help.lancrypt.com/docs/admin/11_0_1/de/
in German language, at
https://help.lancrypt.com/docs/admin/11_0_1/en/
in English language, at
https://help.lancrypt.com/docs/admin/11_0_1/fr/
in French language, at
https://help.lancrypt.com/docs/admin/11_0_1/jp/
in Japanese language.
API
documentation can be obtained from:
https://help.lancrypt.com/docs/api/client/en/
https://help.lancrypt.com/docs/api/admin/en/
https://help.lancrypt.com/docs/api/admin/net/index.html
Updates for the
context-sensitive help are made available via our support portal if necessary.
u.trust
LAN Crypt 11.0.0 Administration release notes
After the acquisition of
conpal GmbH in 4/2023 by Utimaco, the product conpal LAN Crypt has been
rebranded and will be continued under the different brandname u.trust LAN
Crypt. Version 11.0.0 is the first rebranded version, a feature release and
replaces the conpal LAN Crypt product.
The product is able to upgrade from the previous conpal LAN Crypt 4.2.1.
The Legacyfilter has
been abandoned, and is not supported anymore.
Administration versions earlier than conpal LAN Crypt 4.1.1 are EOL.
Clients earlier than conpal LAN Crypt 4.1.3 are EOL.
We recommend to upgrade the clients to 4.2.1 and the administration to 4.2.0
before upgrading to u.trust LAN Crypt 11.0.0.
u.trust LAN Crypt 11.0.0
also comes with improved security functionality and several bugfixes.
New features:
§
Support for new versions of operating systems
§
64 Bit .NET API
§
Several
enhancements and extensions for .NET API
§
LCSendP12Password helper tool, automatically send P12 passwords by email
§
New database tool CheckDatabase.exe
§
Improved CreateTables
§
Log Collector Utility
§
Client Performance Improvements, options to cache files for encrypted
SMB shares, DsStateCache for caching unencrypted files
§
Rebranding
§
Detail work on dialogs and error messages
§ Option to renew assigned
certificates
§ Most important cloud
apps pre-registered and maintainable via registry
§ Support for multiple
policies
§
Show "Bypass" flag for rules in "Show Profile"
Changes/Improvements
in V11:
§
Improvement of accessibility
§
Accelerated create-profile functionality
§
Improved certificate handling
§
Accelerated certificate creation
§
Support for certificates in computer-store, e.g. for services
§
Optimizations, additional verifications and acceleration of CreateTables
for MS SQL and Oracle
§
ClearCache Option for DsStateCache
§
Removed support for
§
deprecated Oracle versions
§
profiles in legacy format
§
Improved messages
§
.Net API update to support version 8
§
Throttling when creating certificates to preserve resources for OS
accessibility
§
Performance tracing
§
When importing certificates (p12) from a file server, certificates are
now checked in true descending order (by number suffix).
§
Default ignored apps can be maintained via registry
The EULA has
been updated and is now only available in English and German.
The English
version is valid for all non-German speaking countries.
The actual
versions can be obtained from:
Please note the LAN
Crypt 11.0.0 Client release notes.
Older release notes for LAN Crypt remain valid, if not stated otherwise.
Requirements
The below
listed platforms have been tested and are officially supported. Other Service
Pack levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
|
Supported
Windows 64-bit operating system platforms
|
|
Pro/Enterprise
versions of Windows 10 21H2 (LTSC), 22H2
|
|
Pro/Enterprise
versions of Windows 11 21H2, 22H2, 23H2
|
|
Windows
Server 2022
|
|
Supported
Citrix Environments
|
|
Citrix Virtual Apps and
Desktop 7 1912 LTSR CU2
on WS 2019
|
|
Supported
Database Servers
|
|
MS SQL 2019
|
|
MS SQL 2022
|
|
Oracle 19
|
If a LAN
Crypt Client (LCC) shall be used in combination with LAN Crypt Admin (LCA), it
requires a LAN Crypt Client of the same version. Otherwise, when deinstalling
the LCC, the LCA might not work anymore. It is required to use a client of the
same version (LC-1546).
Mixed operation
of old and new versions of LCA on the same database is not supported (LC-3152).
New in LAN Crypt
Administration release 11.0.0
- CheckDatabase.exe extends
CheckMacAndRepair functionality (LC-3808, LC-3255, LC-3372)
-
Performance
enhancements in VMAC check and console app with progress display
-
Default
settings for ODBC and security officer pre-configured
-
Added
checks for existing CertData and CertificateMeta entries for user certificates.
-
Added
migration of CertificateMeta entries for user certificates without
CertificateMeta entries and with CertData entries
- MultiPolicySupport
(LC-2094, LC-3419, LC-3480, LC-3471, LC-3651, LC-3782)
- Multikernel-,
Multithreading-Support for profile generation (LC-3362)
- Rebranding
GUI, icons, GPOs, EULA, file header and messages to u.trust LAN Crypt
(LC-3156, LC-3299, LC-3595)
- API: profile generation with
new call structure (LC-3447)
- API: create SQL Index for
Users.LoginName (LC-3563)
- API: new option to disable V4
signature for better file I/O performance. Please
contact support for details. (LC-3439, LC-3585)
- API: dotnet Meta info for
profiles (LC-3445)
- API: New functions
users.FindByShortName, Users.FindByLoginName, Users.FindByImportGuid,
optimised filter search function (LC-3564, LC-3565, LC-3569)
- API: new function to update the
database schema (LC-3618)
- API: Implemented key filtering
for creation of profiles with .NET API (LC-3575, LC-3619)
- API: LCAdminApiNet.ps1 sample
for X64 (LC-3639)
- API: The .NET API has been
extended from 32 bit to 64 bit and is included in the setup (LC-3443)
- API: file IO error during
creation of a certificate is now mapped to a LCAPIERR_FILE_IO and
corresponding .NET exception (LC-3777)
- New LC Trace level for
performance measurements of create certificates and create profiles
implemented with trace level 65 (LC-3629, LC-3630)
- Send P12 password with email
tool (LC-3257)
- If the registry value DWORD HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Utimaco\SGLANCrypt\MovePolicyFromResolverCache is set to 1, the temporary
policy file is moved from the resolver cache instead of being copied and
deleted. This improves performance when the target directory and resolver
cache are on the same volume, but the created policy then has the ACL
inherited from the resolver cache instead of the target directory. In this
case, the ACLs must be maintained outside of LAN Crypt (LC-4064)
- DB: The database has been
updated to manage certificates and enable multi-policy support. There is
no need to change the database schema. The newly added DB tables are
ignored by LCA v4.2 and LCA v11 can handle the v42 DB (LC-3461). Mixed
operation of old and new versions of LCA on the same database is not
supported (see LC-3152)
Changes in LAN Crypt Administration release 11.0.0
If the 'Check certificate extension'
group policy is not configured, this policy is treated as 'Enabled'.
Certificates without an appropriate
key usage will be rejected.
This applies to
Importing a user certificate into the LC Client
Importing a SO certificate into the LC Client
Assigning a user certificate in the LC Administration Console
Assigning a SO certificate in the LC Administration Console
Logging in to the LC Administration Console
Starting with LC v4.2.0, the
behaviour was inadvertently treated as "disabled" if the "Check
certificate extension" group policy was not configured.
With LC v11.0.0 this has been fixed
so that LC behaves as it did before LC v4.2.0. (LC-3938)
Therefore, before upgrading LCA and
LCC to v11.0.0, make sure that the group policy is set to "disabled"
when using certificates without the x509v3 key usage option.
- C++ runtime has been updated (LC-3295).
- 3rd party components
updated, old components removed (LC-3747, LC-2680, LC-3144, LC-3315,
LC-3221, LC-3222, LC-3223, LC-3366, LC-3748, LC-3749, LC-3484)
- Removed Oracle 8, 9, 12 support from code (LC-3477)
- Rename from inWebo to Trustbuilder for 3rd party MFA
(LC-3192)
- Improved error handling for export of log entries (LC-3242)
- Buffer overflow prevention
measurements (LC-3314, LC-3357)
- Removed obsolete rule path
"Internet Cookies" (LC-321)
- Bypass rules default wildcard
is different from wildcard for other paths. (LC-3882)
- Improved PowerShell .NET API
sample script with examples for find, filter, index (LC-3551)
- PowerShell sample script
modified to handle groups without keys (LC-4050)
- CreateTables: Removed support
for database formats older than 3.61 (LC-3462)
- CreateTables: Optimization of
the runtime when verifying the database (LC-3641)
- CreateTables: New verify check
on CertData table with error if the corresponding certificate is missing
(LC-3628)
- Improved error message when
policy creation time is not within validity period of the SO certificate
(LC-3609)
- Replaced dbms_reputil from the
Oracle SQL update script of CreateTables to create triggers in the Oracle
database (LC-3674)
- API: handle invalid email
address as error (LC-3780)
- Modified implementation for
"AD server exist" check when importing WinNT users on
non-domain-joined computers (LC-3788)
- More accurate error message
when writing certificate fails (LC-3684)
- The registry key
RandomizedShortKeyName=0 is deprecated and unsupported in versions newer
than V4.0 (LC-4142)
- Default Ignored Apps (except
SearchProtocolHost.exe) will be set in the registry by the setup at:
HKLM\SYSTEM\CurrentControlSet\Services\cplcdt2\Parameters\DefaultIgnoredApplications and can be modified by the
customer in case of need (LC-3935)
- Certificate handling revised,
CertificateMeta introduced, minor performance optimizations (LC-3349)
- Base repository check for SQL
table: implementation for Oracle (LC-3789)
- The "Delete" context
menu item is hidden for selected certificates and the "Unassign
certificates" menu item is displayed instead (LC-343)
- C# API changed to C++ 20
compiler to overcome compatibility restrictions (LC-3823)
- API: C# tests, examples and
build script updated to .NET 8.0 (LC-4057)
- Changed error handling to get a
better error message when importing expired certificates (LC-4144)
Bugfixes in LAN
Crypt Administration release 11.0.0
- Fixed memory leak in create
profile (LC-3224)
- Fixed memory leak in DB handler
(LC-3275)
- The 3rd party inventory
"3rd_party_software.pdf" is present and up to date in the LCA
and LCC deployment folders and when installed with the LC product
(LC-2696, LC-3885).
- Version information of the
binaries has been made consistent (LC-3209)
- Names of group keys are
correctly limited to 128 characters in the input fields of the
administration (LC-3200)
- CreateTables: fixed display of
“Drop tables” result (LC-3095)
- Import function for users
fixed, when path unknown message occurred in directory objects (LC-2931)
- Fixed stack overflow in MMC,
when database was modified outside of LAN Crypt (LC-3198)
- Fixed create certificates for
users with invalid characters in name (LC-3387)
- Corrected error message for ‘reset
authorization’ when selected as a task (LC-3389)
- Improved handling of security
officers when using “Additional Authorization” (LC-3381)
- Fixed
registry write error for DATAID_LCINIT_FILETYPES_USER (LC-3431)
- Improved error messages of
“Build Profiles Wizard” (LC-997)
- CheckMacAndRepair: errors fixed
when checking MAC of table ACLS (LC-3395)
- Fixed crash when import already
imported root certificate from SO properties (LC-3690)
- WinNT import now correctly
imports the alphabetically first user (LC-3691)
- Added error message when user
certificate creation fails (LC-3388)
- Accurate message when
certificate is imported from AD without domain entry (LC-3738)
- CreateTables: Fixed verify
check to handle "empty values" (LC-3669)
- Fixed ODBC exception on failed
logon due to missing or incorrect configuration (LC-3910)
- Fixed error message in LC Trace
for “AssertPathExists” and unavailable directory (LC-3953)
- Fixed error handling for
certificate creation and file IO errors (LC-3163)
- Directory import with WinNT tab
'Groups' now shows all groups (LC-3952)
- Performance throttling by
reducing the number of private key generation threads when creating
certificates (LC-3915)
- Certificates are searched and
processed correctly in both the user store and the computer store
(LC-4001)
- Fixed issue for certificates
with serial number 0 (LC-4139)
New and known
issues in LAN Crypt Administration release 11.0.0
- Login name accepts characters
despite restriction and can be saved (LC-4097)
Subsequent errors caused by allowing special
characters:
- Infinite loop when creating
profiles for login names with special characters (LC-4098)
- First-time creation of an MSO
also allows restricted special characters (LC-4099)
- Infinite loop when creating
profile for login names with special characters for more than one user.
Creating profiles for only one of those users
shows a message that does not refer to the login name, but to the output
directory, which can be confusing when troubleshooting. (LC-4098)
- First time creation of MSO
erroneously allows restricted special characters. Creating the certificate
with special characters does not work, but as soon as an existing
certificate is used, the MSO can log on.
The error message is also confusing, as described
in LC-4098, because it does not refer to the name in the MSO or the
certificate, but to the output directory and the password log file (LC-4099)
An update to Oracle Version 19.20
fixed this incompatibility.
- Non-standard screen scaling may result in incorrect display of
menus and setup (LC-4190)
- API: Deactivated keys are removed from the policy when key
filtering is enabled.
Deactivating a key ensures that it
cannot be reused, i.e. no new rules can be created with that key. Existing
rules with disabled keys can still be used in profiles.
However, if key filtering is enabled via the LCA dotnet API, all rules with
disabled keys will be filtered out and not written to the policy. This is a bug
in LC V11 and will be fixed in the next major on-premise version (LC-4209).
Manuals,
documentation and support
At https://support.conpal.de registered customers with active
maintenance contracts get access to downloads, documentation and knowledge
items.
The
administration contains an extensive context sensitive help. This information
is also available in the form of a pdf manual.
Download the
admin product documentation at
https://help.lancrypt.com/docs/admin/11_0_0/de/
in German language, at
https://help.lancrypt.com/docs/admin/11_0_0/en/
in English language, at
https://help.lancrypt.com/docs/admin/11_0_0/fr/
in French language, and at
https://help.lancrypt.com/docs/admin/11_0_0/jp/
in Japanese language.
API
documentation can be obtained from:
https://help.lancrypt.com/docs/api/client/en/
https://help.lancrypt.com/docs/api/admin/en/
Updates for the
context-sensitive help are made available via our support portal if necessary.
conpal
LAN Crypt 4.2.0 Administration release notes
conpal LAN Crypt 4.2.0
is a feature release that also comes with improved security functionality and
several bugfixes. New features:
- Malware Protection
- OneDrive Settings package
- LAN Crypt 2Go Key Import
- Adding Multiple Encryption
Groups to a User
- Bypass Rules Deployment
- Multiple Virus Scanner
Configurations
- PreventPlainFilesPath Option
- New Operating Systems Support
- Additional Database Support
- API extensions
- Localization Support for MFA
- Client Performance Improvements
- HTML-Based Client Help
- On-Premise OneNote Support
- Search field for groups
- Network filter installation
without network interruption
- Detail work on icons, dialogs
and error messages
- LCA 64-bit .NET API
- Several enhancements for .NET
API
- Support of Server-Side Copy
- DsStateCache for caching
unencrypted files
- Renewal of assigned certificates
Please note the LAN
Crypt 4.2.0 Client release notes.
Older release notes for LAN Crypt remain valid, if not stated otherwise.
Requirements
The below
listed platforms have been tested and are officially supported. Other Service
Pack levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
|
Supported
Windows 64-bit operating system platforms
|
|
Pro/Enterprise
versions of Windows 10 1809 (LTSC), 20H2, 21H2, 21H2 (LTSC), 22H2
|
|
Pro/Enterprise
versions of Windows 11 21H2, 22H2
|
|
Windows
Server 2019
|
|
Windows
Server 2022
|
|
Supported
Citrix Environments
|
|
Citrix Virtual Apps and
Desktop 7 1912 LTSR CU2
on WS 2019
|
|
Supported
Database Servers
|
|
MS SQL 2019
|
|
MS SQL 2022
|
|
Oracle 19
|
|
Please note:
MS SQL Server
2017 has a Mainstream Support End Date of Oct 11, 2022 and will
therefore not be supported by LAN Crypt
Administration v4.2.0. MS SQL Server 2019 and 2022 are supported.
Oracle 8,9 and 12 will not be supported by LAN
Crypt Administration v4.2.0. Oracle 19 is supported.
|
If a LAN
Crypt Client (LCC) shall be used in combination with LAN Crypt Admin (LCA), it
requires a LAN Crypt Client of the same version. Otherwise, when deinstalling
the LCC, the LCA does not work anymore. It is required, to use a client of the
same version (LC-1546).
Mixed
operation of old and new versions of LCA on the same database is not supported
(LC-3152).
New in conpal LAN
Crypt Administration release 4.2.0
- LAN Crypt 2Go Key Import: Key
value, GUID, name and encryption algorithm can be imported from a file
encrypted with LC2Go. This enables the LAN Crypt client to read and
decrypt files encrypted by LC2Go with a password and vice versa (LC-2859).
- Additional security function –
no plain file access on removables: Malware import protection for
removables (external USB sticks or HDD) with a single rule by disallowing
plain file access on external storage devices (LC-2861).
- Adding multiple encryption
groups to a user at once. Groups can be selected directly from the users'
properties menu (LC-1027).
- Search field for Groups in tree
view for MMC added (LC-145).
- Bypass rules can now be deployed
with the profile. Although bypass rules should only be considered in very
rare cases and only after contacting conpal support, they can be deployed
via a profile instead of registry settings and GPO for simplified
deployment (LC-2864, LC-2991, LC-3079, LC-3045, LC-3080). Please note: LAN
Crypt Administration API does not support creation or validation of bypass
rules. Conflicts of ignore and bypass rules are possible (LC-3096).
- Enable configuration of
multiple Virus Scanners without delay when profile is loaded. The
configured AV process needs to either run during profile loading or be
configured with a full path. Wildcards can now be used as part of the path
(LC-2925).
- PreventPlainFilesPath policy added to ADMX. This setting prevents that plain files are
created in defined network paths or on mapped drives if no conpal LAN
Crypt user profile has been loaded yet, or the user does not have one
(LC-1492).
- Oracle support in .NET API
(LC-2912)
- LCA 64-bit .NET API (LC-2692)
- Support of Windows 10 and
Windows 11 – 22H2, and MS SQL Server 2022
Changes in conpal LAN Crypt Administration release 4.2.0
- Assignment of certificates
associated with the "MS Base Cryptographic Provider v1.0" is now
prevented (LC-2642).
- Enable configuration of
multiple Virus Scanners without delay when profile is loaded, see
documentation of the modified operation mode (LC-2925)
- The setting “Only SO with the
‘Generate profile’ right can generate keys (keys without a value are not
permitted)” is now activated by default, so that new keys are always
created with random values as default if no key value has been specified
(LC-2544).
- Recovery key: Tabular
representation changed to simple field. Only one recovery key is now
supported (LC-339, LC-2727).
- Limitation of string length:
renaming SO, MSO Wizard (Name and E-Mail) (LC-597, LC-796, LC-988)
- Renew certificates for multiple
users who already have certificates assigned: New checkbox added to
existing wizard to allow "Create new Certificates (even if there are
already existing ones)". This option was also added to the
corresponding API functions. (LC-2817).
- Import function of intermediate
and root certificates stores these certificates in the correct certificate
stores now (LC-2611)
- Necessary permissions for
CreateTables.exe reduced (LC-2690).
- Updated
Windows start menu folder names. Changed to “conpal LAN Crypt
Administration” and “conpal LAN Crypt Client” (LC-1261).
- Change of the build numbering (LC-2927).
- Product icons modified (LC-2860).
- Embedded libraries updated
(LC-3035).
- .NET-API now requires an
additional parameter for Database.Logon().
Sample scripts show proper functionality (LC-2965).
- CreateTables: Oracle 8, 9 and
12 support is removed (LC-3074).
- CreateTables now accepts
password for ODBC connection from command line (LC-2795).
Bugfixes in
conpal LAN Crypt Administration release 4.2.0
- Assistant for Recovery Key
with/without ESKM - settings, cache and dialog options fixed (LC-2382,
LC-2746, LC-2747, LC-2748).
- .NET API: CreateCertificate(UserName) and Certificates.CreateCertificate(UserName) created a .p12 with a
wrong name and wrong certificate details. Creating certificates for a
group instead of a user did not show this error. Now login names are
correctly used (LC-2701).
- Wrong translation in the German
settings corrected (LC-3051).
- Translations for LAN Crypt
Japanese language version (LC-2906, LC-2897, LC-2882).
- LCA Help "question
mark" and F1 key in Central Settings work now (LC-394).
- Certificate import issues fixed
(e.g., when administrative rights where required for import of user
certificates) (LC-3006).
- The MSO wizard allows several
parent windows to open the folder selection file dialog to save profile
and security keys. This caused a crash in some circumstances (LC-787).
- In certain scenarios the
private keys from imported MSO certificates could not be found for logon.
This is now fixed (LC-2806).
- Adding or deleting a large
number of users at once from a user group, clicking on Apply and then
Cancel caused LAN Crypt to crash (LC-2899, LC-2913).
- Crash during LDAP certificate
assignment when entering long texts has been fixed (LC-605).
- Enforcement of unique Server
and alias names (LC-2919).
- Certificate status information
after certificate generation fixed (LC-739).
- Recovery option: If a higher
value than the number of existing additional SO was entered in the
"Additional authorization" setting, a warning appeared that
could only be confirmed with OK. After that, the entered value was applied
anyway. In the worst case, this could lead to the MSO being locked out,
which can only be undone using the recovery key. To solve this, a Cancel
button was added (LC-804).
- If a user belongs to several
groups and identical paths for rules are created in these groups, the
profile is not created with a message. There the path information was
missing (LC-1481).
- Creating a user profile with
user properties outside the maximum allowed character length is correctly
aborted, but the next profile creation within the maximum allowed
character length resulted in the same error. This has been fixed
(LC-2930).
- Create user: Input field length
limited (LC-795)
- CreateTables: Update for Oracle
now works correctly (LC-2943).
- If certificates are added to
users via the CertAssign wizard, the correct number of assigned
certificates is now displayed (LC-1456).
- Corrected error message when
creating users within a group but canceling the dialog (LC-192).
- WinNT import: Special scenarios
caused errors/crashes. User can be imported now. There is a remaining
limitation regarding E-Mail-addresses (LC-2502).
- Start menu cascaded incorrectly
(LC-3073).
- GPO handle overflow in “Cached
policy file lifetime” setting fixed (LC-552).
- null-pointer crash during
profile creation fixed (LC-2751).
- The 3rd party inventory
"3rd_party_software.pdf" is present and up to date in the LCA
and LCC deployment folders. The "3rd_party_software.pdf"
installed with the LC product is missing an entry:
- "libkmip/BSD license"
(LC-2696).
- KeyValue is not set when
Default key is created. The manual is updated with more specific
information in the key tab/key value section (LC-2544).
- When IP addresses are used for
generating rules, several conditions must be taken into consideration to
avoid wrong execution. Correct syntax is required for IP rules, otherwise
they will not be ignored by the registry setting RemoveDomainFromRules functionality (LC-1483, LC-2454).
- LAN Crypt Administration/MMC sometimes
crashes when deleting groups created by C# example script (LC- 2268).
- The message ‘Path unknown’ is
displayed incorrectly when importing users with anonymous LDAP
authentication. User import is not possible in this session afterwards
(LC-2931).
- MMC
crash can occur, if profiles are created in a group tree with more than 80
groups nested into each other (LC-3193).
Manuals,
documentation and support
At https://support.conpal.de registered customers with active
maintenance contracts get access to downloads, documentation and knowledge
items.
The
administration contains an extensive context sensitive help. This information
will be available in form of a pdf manual a couple of days after release for
download.
Download the
admin product documentation at
https://docs.lancrypt.com/ja/admin/lc_420_ahjpn.pdf in Japanese language, at
https://help.lancrypt.com/docs/admin/de/ in German language, at
https://help.lancrypt.com/docs/admin/en/ in English language and at
https://help.lancrypt.com/docs/admin/fr/ in French language.
API
documentation can be obtained from:
https://help.lancrypt.com/docs/api/client/en/
https://help.lancrypt.com/docs/api/admin/en/
Updates for the
context-sensitive help are made available via our support portal if necessary.
conpal
LAN Crypt 4.1.2 Administration release notes
conpal LAN Crypt 4.1.2
is a Japanese language version and available by our partner in Japan only. It
is functional identical to LAN Crypt 4.1.1.
Please refer to the conpal LAN Crypt 4.1.1 part of the release notes.
Older release notes for LAN Crypt remain valid, if
not stated otherwise.
Manuals,
documentation and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to
downloads,documentation and knowledge items.
The administration contains an extensive context
sensitive help. This information will be available in form of a pdf manual a
couple of days after release for download.
Download the admin product documentation at
https://docs.lancrypt.com/ja/admin/lc_412_ahjpn.pdf in Japanese
language, at
https://docs.lancrypt.com/de/admin/lc_411_ahdeu.pdf in German
language, at
https://docs.lancrypt.com/en/admin/lc_411_aheng.pdf in English
language and at
https://docs.lancrypt.com/fr/admin/lc_411_ahfra.pdf in French
language. Please note,
the French manual will be published delayed, for the time being use the English
manual.
conpal
LAN Crypt 4.1.1 Administration release notes
conpal LAN Crypt 4.1.1
is a maintenance release, there are no new features included.
Please refer to the conpal LAN Crypt 4.1.0 part of the release notes.
Older release notes for LAN Crypt 4.00.x remain
valid, if not stated otherwise.
Requirements
The below listed platforms are
officially supported. Other Service Pack levels might work as well but have not
run through a QA cycle and won´t be analysed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Pro/Enterprise Versions of Windows 10 1809 (LTSC), 20H2, 21H1, 21H2,
Windows 11
|
No
|
Yes
|
|
Windows Server 2019
|
No
|
Yes
|
|
Windows Server 2022
|
No
|
Yes
|
If a LAN
Crypt Client (LCC) shall be used in combination with LAN Crypt Admin (LCA), it
requires a LAN Crypt Client of the same version. Otherwise, when deinstalling
the LCC, the LCA does not work anymore. It is required, to use a client of the
same version (LC-1546).
Bugfixes in
conpal LAN Crypt Administration, Release 4.1.1
- Recovery key does now work with
"1 of 1" key assignment. Fix works as well for KMIP server
(LC-2724)
- Corrupt MAC for database with
multifactor authentication can now be repaired (LC-2577)
- Virtual Smart Card: Cancel the
dialog for PIN entry now does not attempt smart card logon anymore
(LC-2408)
Manuals,
documentation and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to
downloads,documentation and knowledge items.
The administration contains an extensive context
sensitive help. This information will be available in form of a pdf manual a
couple of days after release for download.
Download the admin product documentation at
https://docs.lancrypt.com/de/admin/lc_411_ahdeu.pdf in German
language, at
https://docs.lancrypt.com/en/admin/lc_411_aheng.pdf in English
language and at
https://docs.lancrypt.com/fr/admin/lc_411_ahfra.pdf in French
language. Please note,
the French manual will be published delayed, for the time being use the English
manual
Updates for the
context-sensitive help are made available via our support portal if necessary.
conpal
LAN Crypt 4.1.0 Administration release notes
conpal LAN Crypt 4.1.0
comes with support for new operating systems new functionality, improved
security functionality and new features
e.g.
·
Richer support for SGN/SafeGuard Fileshare customers
·
Portable file encryption
·
Minifilter with caching capabilities for SMB network shares
·
New .NET Administration API
·
Client API login with user context
·
LAN Crypt-Service functionality
·
Manipulation protection for processes
·
Multi factor Authentication based on 3rd party technology
·
Interoperation with Azure technologies (like Azure SQL)
·
Oracle 19 Support
The Legacyfilter has
been abandoned, but is still supported with the 4.00.x version of the product.
If not stated otherwise
the older release notes for LAN Crypt 4.00.3, 4.00.2, 4.00.1 and 4.00 remain
valid.
Please note the LAN
Crypt 4.1.0 Client release notes.
Requirements
The below listed platforms
are officially supported. Other Service Pack levels might work as well but have
not run through a QA cycle and won´t be analysed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Pro/Enterprise Versions of Windows 10 1809 (LTSC), 1909 (19H2), 20H2,
21H1, 21H2, Windows 11
|
No
|
Yes
|
|
Windows Server 2016
|
No
|
Yes
|
|
Windows Server 2019
|
No
|
Yes
|
|
Windows Server 2022
|
No
|
Yes
|
If a LAN
Crypt Client (LCC) shall be used in combination with LAN Crypt Admin (LCA), it
requires a LAN Crypt Client of the same version. Otherwise, when deinstalling
the LCC, the LCA does not work anymore. It is required, to use a client of the
same version (LC-1546).
New in conpal LAN
Crypt Administration release 4.1.0
- Support for SGN/SafeGuard FileShare keys.
In combination with a key export and a key import tool Fileshare encrypted
files can be handled by conpal LAN Crypt Client 4.00.3 or newer with
Minifilter. The LAN Crypt Administration 4.00.3 or newer is required for
the key import.
- New .NET API: Provision of the existing
V4.0 API as .NET library (A compilable C++/CLI project ‘LCNetApi’ ),
including a C# test project that calls some of these functions as examples
(LC-1472). Please also have a look at the section .NET API in these release
notes.
- Administration capabilities for clientside
Multifactor Authentication of the 3rd party technology of
inWebo
Changes in 4.1.0
- Sometimes
LAN Crypt
3.97, or 4.00 clients cannot find user certificates, if the profile was
created with LAN Crypt Administration 4.00.x before 4.00.3. The client cannot
load the profile with the error message: `User certificate not found`
(LC-2010)
LAN Crypt 4.1 Administration generates profiles, which do not lead to that
error.
- msiexec: When LAN Crypt
packages are installed, the packagename for the userapplication is now
corrected to ´UserApplication` instead of client.
The AddLocal parameter is named ’UserApplication’ instead of ’Client’
(LC-2214)
- Performance improvements in the
wizard for certificate allocation (LC-1708, LC-745).
- Performance improvements when
loading objects, e.g. when WIN-NT domain names are appended with
characters (LC-664).
- Boost
library removed for better maintenance of security relevant functions
(LC-474).
- The LAN Crypt certificates are changed to conpal branding
(LC-1265).
- Algorithm names are now consistent in client and admin (LC-952).
- Trusted Vendor behaves differently in v4 with respect to expired
certificates. In LCA v4 there is a new check so that expired certificates
can no longer be used. When importing a certificate from a cer file (in
the Trusted Vendors tab), an error message now appears if that cert has
expired. When using an exe file, the validity is (apparently) not
currently checked. Certs can be added to Trusted Vendors from the exe,
even if they are invalid. This makes sense if, for example, a three year
old program is to be added. However, the behavior is different between
import from *.exe and from *.cer and therefore documented (LC-1114).
Bugfixes in 4.1.0
- A SO was able to log on to the
administration, when logging was enabled, but not possible (LC-1683).
- The limitation of the manual
input of the key GUID to 16 bytes did not work reliably (LC-1157).
- The action ‘ Find key’ was selectable, although SO had no right
for the administration of keys (LC-1284).
- Crash when expanding groups in
deep tree structure (LC-1684).
- Text correction: Error message
Additional authorization. (LC-927, LC-1291).
- Text correction: Additional
Authorization - If a value is specified for the number of SOs required for
additional authorization that is higher than the amount of additional SOs
that are created, a warning appeared, the warning text was not correct
(LC-1201).
- When editing a LC group
structure with a minimum depth of 25 subgroups, LCA crashed when creating
new rules via the "conpal LAN Crypt Encrypting Rules and Tags"
tab (LC-1430).
- AD imports from too large OUs
failed (LC-1460).
- If a long directory name was
entered in the LC Admin during certificate assignment from file, a buffer
overflow occurs internally (LC-1055).
- Crash on certificate assignment
with wrong data type. Assigning a certificate from a file using the
Certificate Wizard sometimes causd LCA to crash if binary files (e.g. P12
files) were used (LC-1404).
- Robustness for handling of
special characters has been improved (e.g. for the certificate import
wizard) (LC-1445).
- If CreateTables was called with
an invalid ODBC name, an unhelpful error message appeared (LC-1873).
- Upgrade
installation LCA and LCC v3 -> v4: MSI ProductCode did not match with
Registry ProductCode (LC-1324).
- When cancelling the import of the Active Directory in the
Certificate Assignment Wizard, the LCA console would freeze, while the
process was running. (LC-576).
- Crash when copying / moving large tree structures (LC-675).
- Admin RecoveryKey was processed internally without transaction
backup (LC-341).
- Profile creation wizard behaved differently when called in
different places (In total user overview, in user list within a group)
(LC-819).
- If LAN Crypt logging was enabled, but the log table got corrupted,
no SO could log in anymore. As a fix the MSO now can log on to LCA despite
a MAC error in logging, disable logging and repairing the MAC (LC-190).
- GPME - Crash if input for locations was too long. It concerned
Location for Security Officer certificates, Location for policy files,
Location for key files (LC-724).
New known issues
- LAN Crypt uses CSP
(Cryptographic Service Provider) to access smartcards. Containers are not
specified during access. Therefore, conflicts can occur when using several
smartcard readers on one machine, especially if a smartcard is inserted in
several readers and "identical" certificates / containers are
present there (LC-1121).
- When LAN Crypt Administration
v3 and LAN Crypt client v4.x are installed on the same machine, the
deinstallation of the LAN Crypt Client leads to improper function, because
the connection to LCSERVN.EXE is not available anymore (LC-1546).
It is strongly recommended, to install the same client versions with the
administration (v4 LCA and v4 LCC).
- Not really new, but important:
The default database, not the master database shall be used, when creating
the LAN Crypt database (LC-84), see the section 3.2. in the manual.
- The VisualStudio runtime might
not be available on some machines. In this case e.g. deinstallation of the
product might not be possible.
https://docs.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170
https://aka.ms/vs/17/release/vc_redist.x86.exe
https://aka.ms/vs/17/release/vc_redist.x64.exe
- CreateTables.exe still offers
options for Oracle 8,9, and 12, even though they are not anymore
supported.
.NET API (LC-2437)
- When using the .Net Admin API,
if you receive the following message when initializing the Admin API, a
package reference must be included in your project:
Message:
The type initializer for 'Microsoft.Win32.Registry' threw an exception.
Registry is not supported on this platform.
Necessary reference:
<PackageReference Include="Microsoft.Win32.Registry"
Version="5.0.0" />
§
If
you do not perform a product installation when using the .Net Admin API on the
server and distribute the DLLs yourself, the registry entry for the
installation directory must be set accordingly by you, otherwise dependent DLLs
will not be found at runtime.
Key:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\conpal\LAN Crypt\Admin\Setup
Value:
InstallDir, Type REG_SZ
Example:
c:\Program Files (x86)\conpal\LAN Crypt\Administration
- Due to the 32 bit DLLs used,
the dotnet SDK must also be installed in the x86 variant.
- The example program
StartFirstHere is set up for dotnet core 3.1. If you use dotnet 6.0, you
have to change the TargetFramework entry to ‘net6.0’ in the project file
‘StartFirstHere.csproj’.
- When using the sample programs,
the path to the API dlls in the respective script must be adjusted for an
LCA installation outside the conpal default path.
Manuals, documentation
and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to
downloads,documentation and knowledge items.
The administration contains an extensive context
sensitive help. This information will be available in form of a pdf manual a
couple of days after release for download.
Download the admin product documentation at
https://docs.lancrypt.com/de/admin/lc_410_ahdeu.pdf in German
language, at
https://docs.lancrypt.com/en/admin/lc_410_aheng.pdf in English
language and at
https://docs.lancrypt.com/fr/admin/lc_410_ahfra.pdf in French
language. Please note,
the French manual will be published delayed, for the time being use the English
manual
Updates for the
context-sensitive help are made available via our support portal if necessary.
conpal
LAN Crypt 4.00.3 Administration release notes
conpal LAN Crypt 4.00.3
Admin comes with support for new operating systems and for SGN/SafeGuard
Fileshare. If not stated otherwise the older release notes for LAN Crypt
4.00.2, 4.00.1 and 4.00 remain valid.
Please note the LAN
Crypt 4.00.3 Client release notes.
Requirements
The below listed platforms
are officially supported. Other Service Pack levels might work as well but have
not run through a QA cycle and won´t be analysed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Windows 10 1909 (19H2), 2004 (20H1) Pro/Enterprise, 20H2 Pro/Enterprise,
21H2 pro/Enterprise, Windows 11 Pro/Enterprise
|
No
|
Yes
|
|
Windows Server 2012
|
No
|
Yes
|
|
Windows Server 2012 R2
|
No
|
Yes
|
|
Windows Server 2016
|
No
|
Yes
|
|
Windows Server 2019
|
No
|
Yes
|
New in conpal LAN
Crypt Client release 4.00.3
- Windows 11 support
- Windows 10 21H2 support
- Support for SGN/SafeGuard FileShare keys.
In combination with a key export and an key import tool Fileshare
encrypted files can be handled by conpal LAN Crypt 4.00.3 Client with
Minifilter. The LAN Crypt Administration 4.00.3 is required for the key
import.
Changes in 4.00.3
- LAN Crypt 3.97, or 4.00 Client
cannot find user certificate if profile was created with LAN Crypt
Administration 4.00.x before 4.00.3, client cannot load the profile with
the error message: " User certificate not found (LC-2010)
Manuals,
documentation and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to
downloads,documentation and knowledge items.
The administration contains an extensive context
sensitive help. This information will be available in form of a pdf manual a
couple of days after release for download.
Download the admin product documentation at
https://docs.lancrypt.com/de/admin/lc_401_ahdeu.pdf in German
language, at
https://docs.lancrypt.com/en/admin/lc_401_aheng.pdf in English
language and at
https://docs.lancrypt.com/fr/admin/lc_401_ahfra.pdf in French
language.
Updates for the
context-sensitive help are made available via our support portal if necessary.
conpal LAN Crypt 4.00.2 Administration release notes
conpal LAN Crypt 4.00.2
is in focus a maintenance release. If stated otherwise the release notes for
LAN Crypt 4.00.1 remain valid.
Please note the LAN
Crypt 4.00.2 Client release notes.
Requirements
The below listed platforms are officially supported. Other Service Pack
levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Windows 10 1909 (19H2), 2004 (20H1) Pro/Enterprise, 20H2
Pro/Enterprise
|
No
|
Yes
|
|
Windows Server 2012
|
No
|
Yes
|
|
Windows Server 2012 R2
|
No
|
Yes
|
|
Windows Server 2016
|
No
|
Yes
|
|
Windows Server 2019
|
No
|
Yes
|
Bugfixes in 4.00.2
Manuals,
documentation and support
At https://support.conpal.de registered customers with active maintenance contracts
get access to downloads,documentation and knowledge items.
The administration contains an extensive context sensitive help. This
information will be available in form of a pdf manual a couple of days after
release for download.
Download the admin product documentation at
https://docs.lancrypt.com/de/admin/lc_401_ahdeu.pdf in German language, at
https://docs.lancrypt.com/en/admin/lc_401_aheng.pdf in English language and at
https://docs.lancrypt.com/fr/admin/lc_401_ahfra.pdf in French language.
Updates for the
context-sensitive help are made available via our support portal if necessary.
conpal LAN Crypt 4.00.1
Administration release notes
Please note the LAN Crypt 4.00.1 Client release notes.
Requirements
The below listed platforms are
officially supported. Other Service Pack levels might work as well but have not
run through a QA cycle and won´t be analysed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Windows 10 1803 (RS4), 1809
(RS5), 1903 (19H1), 1909 (19H2), 2004 (20H1) Pro/Enterprise, 20H2
Pro/Enterprise
|
No
|
Yes
|
|
Windows Server 2012
|
No
|
Yes
|
|
Windows Server 2012 R2
|
No
|
Yes
|
|
Windows Server 2016
|
No
|
Yes
|
|
Windows Server 2019
|
No
|
Yes
|
New in conpal LAN Crypt Admin
release 4.00.1
- Windows 10 20H2 support
- Add translations for error message on
unsupported OS (LC-1251)
Changes in 4.00.1
·
Now the MiniFilter can handle the setting of
the tab „Client-API“. No separate script necessary anymore. (LC-690) (LC-1216)
Bugfixes in 4.00.1
- Updated helpfiles (LC-84, LC-645, LC-801,
LC-1421)
- Client-API-Dll can handle long pathnames
now (LC-1454)
- Findkey shows keys to unauthorized
SOs/Find Keys Degradation (LC-1384)
- Key wrapping could not be disabled
(LC-1231)
- Missing link in English helpfile (LC-1290)
- Branding (LC-935)
- Freeze-after-certificate-creation-cancel
(LC-1246)
- cleared profile not loaded (LC-1427)
- Create certificates dialog now finishes
the progress even if some users already have a certificate. (LC-1467)
- Fix search filter crash (LC-1463)
- Branding topics (LC-1518) createtables
branding (LC-698)
- GPO context sensitive help (LC-1236).
Manuals, documentation and
support
At https://support.conpal.de registered customers with active maintenance contracts
get access to downloads,documentation and knowledge items.
The administration contains an extensive context sensitive help. This
information will be available in form of a pdf manual a couple of days after
release for download.
Download the admin product documentation at
https://docs.lancrypt.com/de/admin/lc_401_ahdeu.pdf in German language, at
https://docs.lancrypt.com/en/admin/lc_401_aheng.pdf in English language and at
https://docs.lancrypt.com/fr/admin/lc_401_ahfra.pdf in French language.
Updates for the
context-sensitive help are made available via our support portal if necessary.
conpal LAN Crypt 4.00.0 Administration
release notes
Please note the LAN Crypt 4.00.0 Client release notes.
conpal LAN Crypt is the
successor of SafeGuard LAN Crypt.
conpal LAN Crypt 3.97
Administration was the initial release of conpal for the Administration. It
contained fixes and hotfixes of the previous SafeGuard LAN Crypt 3.90
Administration, but almost no functional enhancements. In sense of operating
systems and databases additional versions were supported and support for some
operating systems and databases have been dropped.
conpal LAN Crypt 4.00
Administration is a significant rework of the Administration, focused on
improvements in operational speed and laying the ground for a complete
replacement of the API functionality by a faster and more modern approach. It
is reworked bottom up, including the cryptographic base.
Some new functions, like SHA2 support for LAN Crypt generated certificates,
have been added.
Novell and Windows 7 support has been dropped, Oracle support for more current
databases has been added. Current operating systems are supported.
In addition new client capabilities can be managed.
Please note that we have
invested considerable effort in the continuity of the product. A migration of
3.9x databases requires minimal effort.
Mixed environments of older and current clients are supported (please refer to
section operation).
Manuals, documentation and
support
At https://support.conpal.de registered customers with active maintenance contracts
get access to downloads,documentation and knowledge items.
The administration contains an extensive context sensitive help. This
information will be available in form of a pdf manual a couple of days after
release for download.
Download the admin product documentation at
https://docs.lancrypt.com/de/admin/lc_400_ahdeu.pdf in German language, at
https://docs.lancrypt.com/en/admin/lc_400_aheng.pdf in English language and at
https://docs.lancrypt.com/fr/admin/lc_400_ahfra.pdf in French language.
Updates for the
context-sensitive help are made available via our support portal if necessary.
Requirements
The below listed platforms are
officially supported. Other Service Pack levels might work as well but have not
run through a QA cycle and won´t be analysed in case of occurring issues.
|
Platforms supported
|
32-bit
|
64-bit
|
|
Windows 10 Build 1803, 1809,
1903, 1909, 2004 Pro/Enterprise
|
No
|
Yes
|
|
Windows Server 2012
|
No
|
Yes
|
|
Windows Server 2012 R2
|
No
|
Yes
|
|
Windows Server 2016
|
No
|
Yes
|
|
Windows Server 2019
|
No
|
Yes
|
Microsoft SQL Server 2012 SP4
Microsoft SQL Server 2016 SP2
Microsoft SQL Server 2017
Microsoft SQL Server 2019
Azure SQL has been verified to be functional with LAN Crypt administration 3.97
and 4.0 LAN Crypt 4.0 provides the ability to logon using the active directory
interactive authentication. LAN Crypt 3.97 does not support this type of
authentication.
Oracle 12 and Oracle 19 are supported, whereas SQL Server remains LAN Crypt’s
preferred database.
A LAN Crypt database created
under LAN Crypt 3.90 or 3.97 must be updated in advance using
"CreateTables.exe %ODBCName% m u" for use under LAN Crypt 4.00
Administration. The createtables tool provides a help message for specifics
regarding e.g. Oracle.
Upgrade
For an upgrade-installation
you can find additional information in the user manual.
An upgrade installation of the administration is supported from conpal LAN
Crypt 3.97 (recommended) and SafeGuard LAN Crypt 3.90.
Migration of older versions is not supported, but technically possible, we
recommend to make use of Professional services in such cases.
New in conpal LAN Crypt
Administration release 4.00.0
- Windows Server 2019 is now supported
- Microsoft SQL Server 2019 is now supported
- Oracle 19 and Oracle 12 are supported,
whereas SQL Server remains LAN Crypt’s preferred database
- Support for policies for Removables,
Opticals, Local Volumes, Boot Volume and Network Shares - to be executed
on v4 Clients
- Integration of earlier patches for LAN
Crypt
- SHA2 support for LAN Crypt generated
certificates (*SO, User)
Operation of LAN Crypt 4.00
administrative environments
A mixed
operation of LAN Crypt v4 Admin and LAN Crypt v3.x Admin is not supported.
It is
possible to run a v3.97 Admin with v4 Clients and v3 Clients.
It is
possible to run a v4.00 Admin with v4 Clients and v3 Clients.
XML is the
only supported policy file format of v4.00 Admin and v4.00 Clients.
New profile
files are created by v4.00, with sections for v3 and v4 Clients.
The new
encryption rules for Removables, Opticals etc are transported in the new
section.
Once new
rules have been created with v4.00, it is no longer possible to create profiles
with a v3 Admin. Doing so would potentially have negative effects on the
client.
Changes
- Integration of new cryptographic libraries
in Admin and Client (for security reasons)
- Renewal of 3rd party libraries
(for security reasons)
- Integration of a new random number
generator (for security reasons)
- Significant improvement of administrative
tasks in large installations
- All in all, the
optimizations carried out are clearly noticeable in many areas. This
concerns both the API and the management program. Since central points
have been optimized, the overall system has become faster. Individual
areas with optimizations have become dramatically faster.
- Reduction of
database accesses: In many functions the access to the database has been
drastically reduced.
- Improvement SQL
Indexes:
- New indices were
added specifically when a clearly measurable improvement in performance
was achieved.
- Improvement in
processing algorithms:
- Internally,
functions have been structurally revised to achieve better throughput.
In particular, double reading of identical data records has been removed
in many places.
- In order to use
parallelization optimally, at least 4 cores should be available on the
computer. More cores do not provide much performance improvement at the
moment.
- When creating
certificates for large groups, more cores are also used well and up to
12 cores are advantageous. Based on our measurements and configurations
we recommend 6-8 cores.
- Beginning with
V4.00.0, the functions that process many individual orders in one order
are parallelized. Examples are the creation of certificates and profiles.
- Examples for the
parallelisation of certificate creation are reading the database,
creating keys, and writing the certificates. Here, these steps function
as in a pipeline, so to speak. Another example is the creation of
profiles. Here, too, the tasks are treated like a pipeline with the
substeps reading the database information, preparing the XML profile,
signing profiles, compressing, and writing profiles. The subareas are
well separated and the runtime for larger groups has been approximately
halved in our test environments.
- Optimization of
memory management:
At
central points, the memory handling was improved and optimized. These
optimizations were clearly measurable, but only lead to small improvements in
relation to database accesses.
- Optimization of
functions:
Many functions have been technically revised internally for better
maintainability and performance.
- SQL Express is no longer supplied with the
distribution. It can be downloaded directly from the Microsoft site.
- Due to security improvements in LAN Crypt
4.00 a warning appears, when weak algorithms are selected (XOR, DES, 3DES,
IDEA). (LC-957, LC-958, LC-1056)
For
continuity reasons (e.g. backup) such algorithms are not prohibited.
For
the selection of XOR this is reinforced, and the SO must also have the right to
define GUIDs for new keys to be able to select this algorithm.
- Certificates are generated with SHA2
instead of SHA1 (LC-336)
- XTS-AES is the default encryption
algorithm in LAN Crypt 4.00
- Support for other databases and operating
systems than the ones mentioned has been dropped
- The usage of the Client API must be
configured in the Administration and – in case the minifilter is used on
client-side - the included script to enable permissions for specific
applications has to be adopted and executed on the client-side
- Changed behaviour regarding client API
permissions for security improvement:
Long
path names are now default for client API configuration. For convenience
reasons short names are internally completed by searching some protected paths, when program names are
configured without path information. The client will search in the following
directories:
LAN
Crypt Install Dir\Shared\ (non-recursive)
CSIDL_SYSTEM
(typical C:\Windows\System32, non-recursive)
CSIDL_WINDOWS
(typical C:\Windows, non-recursive)
CSIDL_PROGRAM_FILES
(typical C:\Program Files, recursive)
If
an EXE file with the specified name is found, the full path will be internally
added.
Other
pathes are now untrusted for short file names. (LC-690)
- Group policy configuration is also
possible with administrative templates. The support for adm has been
dropped. The admx template files are located in the config folder of the
product package. Please see http://msdn.microsoft.com/en-us/library/bb530196.aspx for information on how the files have to be installed.
- Import from a Novell directory has not
been supported since v3.90. Other Novell functionality is now as well not
supported and will not be functional in the administration.
- Additional API functions have been added
- The EULA has been updated (for German,
English and French)
- The 3rd parties’ inventory has
been consolidated and updated
- Admin does not start with "Selected
users and certificates” anymore (but this behaviour can be configured.
(LC-844)
Bugfixes
- Recovery key handling fixed. (LC-434)
- Password file: missing carriage return
(LC-247)
- Preselected button and triggered action on
<Enter> don't match while creating groups (LC-213)
- Wrong error message when trying to build
profiles with expired certificates (LC-194)
Known issues
- The detailed description text in the admin
log for the action Create profile is erroneously truncated after the first
character (LC-1227)
- Explicit rules for file extensions are not
executed correctly by the minifilter. The Minifilter does not execute
rules like *.ext correctly for encryption and ignore rules. As a
workaround, we recommend to add an additional rule like *\*.ext. Having
both rules, *.ext and *\*.ext active, works as well for V3.9x and V4.0
clients
- MSO smart card login fails on WS2012 R2
(LC-1120):
In
Windows Server 2012 R2, SO logon with certificate on smart card is not
possible. According to our tests, this is the only supported operating system
with this limitation.
- Deleting nested groups requires a
relatively large amount of memory and can lead to instability. Therefore,
we recommend not to nest more than 200 groups into each other. (LC-527)
- Network errors:
If the network connection to the SQL server, or to a LDAP source, is
broken during LAN Crypt administration, the LAN Crypt Administration must
be closed and restarted (after the network problem is fixed).
- Entering very long data into LAN Crypt
dialogues (e.g. configuring trusted applications or virus-scanners) might
lead to crashes of the administration console. In addition these data is
not are not saved in the configuration database (LC-570)
- Simultaneous administration:
If more than one SO is working with the LAN Crypt database at the same
time, problems can occur. We recommend a regular manual refresh in that
case.
- admx do not recognize new placeholders for
unhandled devices (LC-1201)
- If the new
placeholders for Unhandled Devices are selected in the LAN Crypt node of
the gpme, they are not displayed in the administrative template and
therefore cannot be managed there.
- LDAP import and synchronization:
- If objects are
imported from a domain, you must specify the domain name and not the
computer name in the server configuration!
When configuring server logon data in central settings you should either
only enter the domain name as server name or add the domain name as an
alias.
- On the root level
(e.g. domain), only 999 objects are displayed and imported.
- Page controls
have to be enabled on the LDAP server.
- Certificate store:
LAN Crypt only supports certificates in one of the user certificate
stores. It does not support certificates in machine stores.
- Installation on 64-bit operating systems:
LAN Crypt Administration is installed on 64-bit operating systems,
therefore the following has to be considered:
- ODBC
administration:
The ODBC connection used by LAN Crypt Administration has to be configured
using the 32-bit ODBC Data Source
Administrator (%WINDIR%\SysWOW64\odbcad32.exe or use the shortcut in
the start menu).
Remark: The shortcut in the LAN Crypt start menu is not displayed on
Windows Server 2012. Please use the shortcut ODBC Data Sources (32-bit) available in
Administrative Tools
instead.
- Group policy
plugin:
The group policy plugin to administer LAN Crypt is not shown in the Windows
group policy editor. To administer the LAN Crypt policies, the 32-bit
Group Policy Editor has to be used (%WINDIR%\SysWOW64\gpedit.msc for
local policies or %WINDIR%\SysWOW64\gpme.msc for Active Directory
policies or use the shortcut in the start menu).
As an alternative the administrative templates can be used which are
stored in the config folder of the product package.
- Scripting API:
The scripting API is only available for 32-bit applications. If a Visual
Basic-Script is started which uses the LAN Crypt scripting API, it has to
be started from the 32-bit Windows Scripting Host
(%WINDIR%\SysWOW64\cscript.exe or %WINDIR%\SysWOW64\wscript.exe).
- Firewall settings:
If the Microsoft SQL Server database is located on another machine, please
ensure that the firewall is configured correctly. Additional information
can be found here: http://msdn.microsoft.com/en-us/library/cc646023.aspx.
- To operate LAN Crypt clients as a service,
additional configuration steps are needed. Please contact support for
further details.
- For performance (testing) in VMware VMs,
it is recommended not to configure more CPUs than the host has available.
Scaling should be done by the number of cores (i.e. not 2 CPU & 2
cores, better 1 CPU & 4 cores if only 1 host CPU is available).
- GPO context sensitive help:
For the operation of the Group Policies (GPO settings) there is
documentation available in the side panel of the console. There is also a
context sensitive help (sglcconfig040x.chm.) available. In version
4.00.0, the old version without
rebranding was erroneously integrated into the setup. This version is
technically almost correct but may still contain incorrect references to
SafeGuard or outdated license information. If necessary, an updated
version can be obtained from Support a few days after release and will be
included in later deliveries. To update, this must then be copied to
%\Windows\Help (LC-1236).
- The rebranding of Sophos SafeGuard to
conpal is comprehensive but may inadvertently be incomplete.