Quest® Password Manager
version 4.5.0

Release Notes

October 31, 2008

Contents

Welcome to Quest Password Manager
What's New
Resolved Issues and Enhancements
Known Issues
System Requirements
Global Operations
Getting Started
For More Information

Welcome to Quest Password Manager

Quest Password Manager provides users and help desk support with the ability to easily and securely manage their passwords, thus eliminating the need for assistance from high-level administrators and reducing help desk workload.

Back to Top

What's New

The following new features have been included into Quest Password Manager version 4.5.0:

  • Support for Windows Server 2008 - Password Manager can now be installed and used on a computer running Windows Server 2008.
  • Support for 64-bit Architecture - Password Manager can additionally be installed and used on a computer running the 64-bit version of Windows Server 2008. Password Policy Manager can also be installed on a domain controller running the 64-bit version of Windows Server 2008.
  • Support for the Apple Safari browser - Password Manager now allows users to access the SelfService site using the Apple® Safari browser.
  • Self-Service Site Integration into ActiveRoles Server Web Interface - Now you can easily and seamlessly integrate the Self-Service site of Password Manager into the ActiveRoles Server Web Interface thus providing your end users with the ability to comfortably reset or change their password without leaving the familiar Web UI.
  • Integration with Quest Defender - Password Manager can be used with Defender to provide authentication for users when changing or resetting their passwords. You can configure Password Manager to use the Defender one time password (OTP) as part of Password Manager's Questions & Answers profile to provide increased security.
  • Integration with Quest Enterprise Single Sign-on - Quest Enterprise Single Sign-on (QESSO) provides users the ability to access all applications on their desktop using a single user ID and password. After users have logged in, they can access password-protected applications on their desktop without having to enter another password. Integration with Password Manager keeps the password stored by QESSO in step with the user’s Active Directory password.
  • Integration with InSync - Password Manager 4.5 is distributed with Quest's password synchronization product, InSync. InSync provides password synchronization capabilities for all user accounts across the enterprise. InSync works with Password Manager, allowing a user to reset the password for all of their accounts from a single interface.

Back to Top

Resolved Issues and Enhancements
 

This section provides a list of issues that were resolved in Password Manager 4.5.0 (as compared to version 4.1.1). Each item in the list includes a unique ID (TFS number) and a brief description of the problem.

TF00008822
Fixed: The Quick Start Guide document lacks the instructions on how to install SQL Reporting Services.

TF00009290
Fixed: When user fails to authenticate using secret answers, Password Manager nonetheless offers a second attempt to answer secret answers disregarding that the profile is already locked.

TF00009495
Fixed: The HelpDesk and SelfService sites may behave inconsistently when simultaneously accessed using the same client host.

TF00009723
Fixed: The "Authentication by secret word" page of the HelpDesk site may be distorted if secret word is very long (over 100 characters).

TF00009833
Fixed: When the number and the size of secret questions is extremely large, Password Manager may be unable to add new questions.

TF00009861
Fixed: The "Quest Password Manager" scheduled task may fail with the following error :"Last result" field is different from "0x0". Simultaneously the following error entry is added into the Application event log: “Faulting application QPMService, faulting address 0x0005137c.”

TF00010303
Fixed: After uninstalling Password Policy Manager on a computer with Password Manager installed, you may not be able to edit the Password Manager policies on the Managed Domains tab of the Administration site.

TF00039590
Fixed: When trying to access a Password Manager site using the Firefox browser version 2.0 or earlier, you may receive the warning that this browser is not supported by Password Manager.

TF00040252
Fixed: When opening the Domain Password Policies page, you may encounter the following error: "Error opening the password policies. Error Code: 8000FFFF. Error Description: Catastrophic failure."

TF00050453
Fixed: Search robots are able to browse inside the Password Manager sites and include the links to the content in search results.

TF00053024
Fixed: The Password Policy Manager (PPM) setup allows to install PPM on a computer which is not domain controller, though PPM must be installed only on a DC.

TF00053809
Fixed: Misleading text on the “User's alert settings changed” checkbox on the “Alerts and Recipients” tab of the “Settings” page of the Administration site. Actually, this checkbox is used to configure notification about changes in user Q&A profiles.

Back to Top

Known Issues

This section provides a list of the currently known issues that customers may experience with the 4.5.0 release of Quest Password Manager. For each issue, the list includes a unique identifier (CR number), a brief description of the problem, and a workaround, if any exists, for the problem.

TF00009751
Password Manager does not update the list of MIIS agents when the set of agents is updated in MIIS.

WORKAROUND
Disconnect MIIS and connect it again.

TF00009762
If you install Password Manager to non-default virtual directory, you may encounter the following behavior: when trying to open the Self-Service site, you get redirected to non-existent location.

WORKAROUND
1. Open the following file using Notepad: %ProgramFiles%\Quest Software\Quest Password Manager\web\cmp\3.x\main.asp
2. Replace the following substring:
"/QPM/User/"
with
"/<your_virtual_directory>/User/"
where <your_virtual_directory> is the name of you virtual directory.
3. Save the file and close Notepad.

TF00051736
When one or more Managed Domains become unavailable, the Self-Service site takes much longer that expected to perform ordinary password management tasks in available Managed Domains.

WORKAROUND
Disconnect unavailable Managed Domains from Password Manager. You may reconnect them when they become available, all per-domain settings will be preserved.

TF00053948
When installing Password Manager on Windows 2008 or Vista OS, you may encounter a message box with the following error: “Windows installer has stopped working.”

WORKAROUND
Close the message box by clicking the "Close Program" button and continue installation process normally.

TF00055525
When importing policy created by Password Manager version 4.0, you may encounter the “Invalid format” error.

WORKAROUND
1. Open the policy text file in Notepad.
2. Remove any blanks (spaces, linefeeds, and carriage returns) in the end of the document.
3. Save file in the Unicode format.
4. Import the policy.

CR NUMBER not available
When you add password management to a domain that was earlier managed with Password Manager or another password management application, you may encounter the following error: "8004030F (The new password for DOMAIN\__PRM_svc_user001__ does not comply with the password policy.)"

WORKAROUND
Prior to adding password management to such a domain, create a user account in that domain with the user logon name (pre-Windows 2000) set to __PRM_svc_user001__.

CR NUMBER not available
With the "Honor Password History" check box selected in security options for a domain, every single change of a password adds two records to password history. As a result, the password history feature does not work as expected. For example, if password history is configured so that a user must use 10 unique passwords before reusing a previous password, Password Manager actually allows a user to reuse a password after a series of only 5 unique passwords.

WORKAROUND
Configure password history to retain information on two times more number of password changes.

CR0157323
When registering with Password Manager, members of the Domain Admins group may encounter the following error: "Error saving your Questions and Answers profile." The cause of the problem is that members of protected groups, such as Domain Admins, do not inherit permissions from parent containers.
For more information, refer to Microsoft's article "Delegated permissions are not available and inheritance is automatically disabled": http://support.microsoft.com/?id=817433

WORKAROUND

Method 1

Avoid registering members of protected groups with Password Manager.

Method 2

Modify the account that Password Manager uses to access the managed domain, so that the account has the following rights:
- Membership in the 'Domain Users' group
- Membership in the 'Group Policy Creator Owners' group
- The Read permission for all attributes of user objects
- The Write permission for the following attributes of user objects: 'pwdLastSet', 'comment', and 'userAccountControl'
- The right to reset user passwords
- The right to create user accounts in the Users container
- The Read permission for all attributes of the 'domainDNS' object
- The Read permission for all attributes of 'organizationalUnit'
- The Write permission for the 'gpLink' attribute of the 'domainDNS' object
- The Write permission for the 'gpLink' attribute of 'organizationalUnit' objects

CR0181270
When configuring your Questions and Answers profile, you may encounter the following problem. If you have selected the "Hide my answers for security purposes" check box, you cannot input double-byte character set (DBCS) characters in the text boxes where you specify your answers.

WORKAROUND
Clear the "Hide my answers for security purposes" check box.

CR0212015
When you extract the Password Manager files from the distribution package to your local disk and then run the Setup program to install Password Manager, you may encounter the following problem: Setup is unable to continue. This problem occurs if the local path to the extracted files is more than 259 characters.

WORKAROUND
When extracting the files, specify a shorter path to the local folder to hold the extracted files (for example, C:\QPM).

CR0221931
When using the prm_gina.adm Administrative Template to specify custom labels for Secure Password Extension buttons (such as the "Manage My Password", "Forgot My Password", or "Usage Policy" button), you may encounter the following problem: Your custom labels do not fit on the buttons.

WORKAROUND
Specify shorter labels.

Back to Top

System Requirements

Before installing Quest Password Manager, ensure your system meets the following minimum hardware and software requirements:

Platform 800 MHz or higher Intel Pentium®-compatible CPU
Memory At least 128 MB RAM (256 MB recommended)
Hard Disk Space 80 MB
Operating System Microsoft® Windows Server™ 2003 (32-bit edition) with Service Pack 1 or later
Microsoft® Windows Server™ 2003 (64-bit edition) with Service Pack 1 or later
Microsoft® Windows Server™ 2008 (32-bit edition) with Service Pack 1
Microsoft® Windows Server™ 2008 (64-bit edition) with Service Pack 1
Internet Information Server Microsoft® Internet Information Server 6.0
OR
Microsoft® Internet Information Server 7.0

It is strongly recommended that you use HTTPS with Quest Password Manager. For more information, see the Quick Start Guide.
Browser Microsoft® Internet Explorer 6.0 or 7.0
SQL Server

Microsoft® SQL Server™ 2000
-OR-
Microsoft® SQL Server 2005

Report definitions included with Quest Password Manager 4.5 are designed to support functionality of Microsoft SQL Server 2005 Reporting Services, and are not compatible with Microsoft SQL Server 2000 Reporting Services. Microsoft SQL Server 2005 Express Edition with Advanced Services is included in the Quest Password Manager distribution package. If you install Microsoft SQL Server 2005 Express Edition with Advanced Services from the Quest Password Manager distribution package, we recommend that you accept the default settings as the most optimal.
Windows Installer Windows Installer 3.1 or later.

Windows Installer 3.1.4000.2435 is included with Quest Password Manager distribution package. You must install Windows Installer on Windows 2000-based computers before you install Quest Password Manager.
Microsoft .NET Framework Microsoft® .NET Framework 3.5.

Microsoft® .NET Framework 3.5 is included with the Quest Password Manager distribution package. You must install .NET Framework 3.5 before you install Quest Password Manager.
Acrobat Reader Acrobat® Reader® 5.0 or later.

Acrobat Reader 7.0 is included with the Quest Password Manager distribution package.

Quest Password Manager works with Windows® 2000, Windows® 2003, and Windows® 2008 domains, including domains operating in a mixed mode.

Ensure that each of the client computers meets the following minimum software requirements:

Browser Microsoft® Internet Explorer 6.0 and 7.0
-OR-
Mozilla® Firefox® 1.0, 1.5, 2.0, 3.0
-OR-
Apple® Safari® 3.1

To be able to set password policies in an Active Directory domain managed by Password Manager, you must deploy the Quest Password Policy Manager component on all domain controllers in the managed domain.

The domain controllers where you plan to install the 32-bit or 64 bit- version of Quest Password Policy Manager component must meet the following requirements:

Operating System Microsoft® Windows® 2000 Service Pack 4
-OR-
Microsoft® Windows Server™ 2003 (32-bit or 64-bit edition)
-OR-
Microsoft® Windows Server™ 2008 (32-bit or 64-bit edition)
Hard Disk Space 5 MB of free hard disk space

To allow password resets from the Windows logon screen, you must deploy the Quest Secure Password Extension on all target computers in the managed domain. The target computers must meet the following minimum software requirements:

Operating System

Microsoft® Windows® 2000 Server Service Pack 4
-OR-
Microsoft® Windows Server™ 2003
-OR-
Microsoft® Windows Server™ 2008
-OR-
Microsoft® Windows® 2000 Professional Service Pack 4
-OR-
Microsoft® Windows® XP Professional Service Pack 2 or later
-OR-
Microsoft® Windows® Vista

Browser Microsoft® Internet Explorer 6.0 and 7.0.

We do not recommend use of any plug-ins for Microsoft Internet Explorer on computers where you plan to deploy Quest Secure Password Extension, since the plug-ins extend Internet Explorer functionality and could pose security threats.

Quest Password Manager supports integration with the following products:

  • Quest Defender 5.2
  • Quest Enterprise Single Sign-on (QESSO) 8.0.2
  • Quest InSync 6.5
  • Quest ActiveRoles Web Interface 6.1.0
  • Microsoft Identity Integration Server 2003 Service Pack 1
  • Microsoft Identity Lifecycle Manager 2007 Feature Pack 1
  • HP ProtectTools Authentication Services 3.1

Back to Top

Global Operations

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan.

Back to Top

Getting Started

Contents of the Release Package
 

The Quest Password Manager Release Package contains the following products:
  • Quest® Password Manager 4.5.0, 32-bit version
  • Quest® Password Manager 4.5.0, 64-bit version
  • Quest® Password Policy Manager, 32-bit version
  • Quest® Password Policy Manager, 64-bit version
  • Quest® Secure Password Extension, 32-bit version
  • Quest® Secure Password Extension, 64-bit version
  • Product Documentation, including:
    • What's New
    • Quick Start Guide
    • User Guide
  • Adobe® Acrobat Reader 7.0
  • Microsoft SQL Server 2005 Express Edition with Advanced Services SP2
  • Windows Installer 3.1 Redistributable (v2)
  • Microsoft .NET Framework Version 3.5 Redistributable Package

Installation Procedure
 

You can use the following steps to get started with Quest Password Manager:

  1. Ensure that the computer, on which you plan to install the solution, meets the system requirements.
  2. To install Quest Password Manager, click Setup in the CD autorun window, and then click Password Manager. For more information on how to install this product, see Quick Start Guide.
  3. To read the product documentation, click Documentation in the CD autorun window, and then click a document name. Adobe Acrobat Reader is required to read the documents. You can install it by clicking Adobe Acrobat Reader in the Redistributables section of the CD autorun window.

Back to Top

For More Information

Contacting Quest Software:

Email info@quest.com
Mail: Quest Software, Inc.
World Headquarters
5 Polaris Way
Aliso Viejo, CA 92656
USA
Web site: http://www.quest.com/

Please refer to our Web site for regional and international office information.

Contacting Quest Support

Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract. Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com

From SupportLink, you can do the following:

  • Quickly find thousands of solutions (Knowledgebase articles/documents).

  • Download patches and upgrades.
  • Seek help from a Support engineer.
  • Log and update your case, and check its status.

View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures. The guide is available at: http://support.quest.com/pdfs/Global Support Guide.pdf

This document contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software, Inc.

© 2008 Quest Software, Inc. ALL RIGHTS RESERVED.

Quest, Quest Software, the Quest Software logo, Aelita, AppAssure, Benchmark Factory, Big Brother, DataFactory, DeployDirector, ERDisk, Fastlane, Final, Foglight, Funnel Web, I/Watch, Imceda, InLook, IntelliProfile, Internet Weather Report, InTrust, IT Dad, JClass, Jint, JProbe, Knowledge Xpert, LeccoTech, LiteSpeed, LiveReorg, Matrix Insight, Matrix.Net, MIQ, NBSpool, NetBase, Npulse, PerformaSure, PL/Vision, Quest Central, RAPS, SharePlex, Sitraka, SmartAlarm, Speed Change Manager, Speed Coefficient, Spotlight, SQL Firewall, SQL Impact, SQL LiteSpeed, SQL Navigator, SQLab, SQLGuardian, SQLProtector, SQL Watch, Stat, Stat!, StealthCollect, Tag and Follow, Toad, T.O.A.D., Vintela, Virtual DBA, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.

If you have any questions regarding your potential use of this material, contact:

Quest Software World Headquarters
LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656

Web:    http://www.quest.com
e-mail:  legal@quest.com

Disclaimer

The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.

Back to Top