Change Guardian |
Version 4.1 |
Release Notes |
Date Published: March 2014 |
|
NetIQ Change Guardian 4.1 includes new features, improves usability, and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Change Guardian forum in the NetIQ Forums, our online community that also includes product information, blogs, and links to helpful resources. The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Change Guardian Documentation page. To download this product, see the Change Guardian Web site. What's New?The following outline the key features and functions provided by this version, as well as issues resolved in this release: EnhancementsEnhanced Operating System SupportThis version of Change Guardian supports existing monitoring functionality on the following operating systems:
Support for LDAP AuthenticationThis version of Change Guardian supports LDAP authentication in addition to database authentication. You can configure a Change Guardian server for LDAP authentication to enable users to log in to Change Guardian with their LDAP directory credentials. New Dynamic GroupsThis version of Change Guardian allows you to group agents to device groups dynamically, based on specified attributes. New OVF Appliance Package FormatBeginning with this version, Change Guardian will no longer include specific Xen or VMware formats of the appliance. Instead, the release will include an .ovf appliance that can be used on both Xen and VMware hypervisors. This version also includes an .iso file. You can still deploy Change Guardian patches to the previous Xen and VMware appliances. Enhanced Active Directory Monitoring CapabilitiesThis version of Change Guardian for Active Directory several new "best practice" policy templates as well as new monitoring functionality.
The new policy templates allow you to monitor changes in Active Directory configuration in the following areas: New monitoring functionality allows you to: New Diagnostics FeatureThis new feature in Change Guardian informs you of any issues that prevent you from successfully monitoring an asset. New Auditing of Administrative ActionsChange Guardian now tracks any change you make in the Policy Editor with a System Event. Support for Custom Severity SettingsOn the File System Policy window, you can set a severity level for a policy. Any event the policy generates will have the specified severity level. You can specify either a static severity level (1-5) or an automatic severity level. If you specify an automatic severity level, Change Guardian assigns the severity based on weighted factors. Internationalization SupportThis version of Change Guardian supports multibyte character sets. Software FixesChange Guardian 4.1 includes software fixes that resolve several previous issues. If you use the upgrade installer, the set of new features and fixed defects depend upon the version from which you upgrade. For example, if the system is running Change Guardian 4.0, defect fixes from Change Guardian 4.0 SP1 are also applied as part of this upgrade. Change Guardian for Active Directory Does Not Send Some Events to NetIQ SentinelChange Guardian for Active Directory now sends all events to NetIQ Sentinel after rebooting the Domain Controller computer. (ENG329595) Additional and Delayed Events Arrive when Configuring Windows Firewall
Resource Expansion Does Not Work with SubdomainsResource expansion now works correctly with subdomains. (ENG330278, ENG332023) Resource Expansion Does Not Work After Installing Change Guardian 4.0 Service Pack 1This version of Change Guardian corrects an issue where resource expansion did not work after installing Change Guardian 4.0 Service Pack 1. (ENG330168) Policies Do Not Work When Using Fully Qualified Domain Name for Managed UserPolicies in Change Guardian for Active Directory now allow you to specify managed users with either Fully Qualified Domain Name (FQDN) or NetBIOS. (ENG330861) Web Console Displays 'Security Certificate is Not Trusted' ErrorThe Change Guardian Web Console no longer displays a 'Security Certificate is not trusted' error. (ENG330863) All Reports Return Errors After Installing Change Guardian 4.0 Service Pack 1This version of Change Guardian corrects an issue where generating a report returned an error after installing Change Guardian 4.0 Service Pack 1. (ENG330411) Known IssuesNetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Cannot Use WebYaST to Upgrade the Change Guardian Server ApplianceYou cannot use WebYaST to upgrade the Change Guardian server appliance because you must accept the updated license agreement. You need to upgrade the appliance by using the zypper patch. Upgrade Fails if You Renamed the .msi Package for the Original InstallationIf you renamed the .msi file when packaging the program to silently install a previous version of Change Guardian, the upgrade to the current release fails. During an upgrade, Microsoft Windows looks for an original installation with the same identification as the .msi package for the upgrade. For more information about this issue, see the Windows Installer Team Blog. (ENG328889) VMware vSphere 5.5 Web Client Cannot Import OVF Templates
Modifications to System-Only Object Might Not Generate Security EventsChange Guardian for Active Directory requires a security event to generate a Change Guardian event. System-only object attributes in Active Directory cannot be modified manually. They can only be modified internally by Active Directory. Modifications to system-only attributes do not generate security events, so Change Guardian is unaware of these changes and cannot track them or create Change Guardian events. (ENG332134) Missing Sections in 'Process was Terminated' EventsIf you create a process policy in Change Guardian for Windows that monitors an application for Process was Terminated events, and the monitored application is open before you assign the policy to the agent, when the monitored application shuts down, the generated event does not contain the Event Message and Who sections. To ensure the generated event contains all sections, turn off the application you want to monitor before assigning the policy to the agent. After you assign the policy to the agent, start the application again. (ENG332876) Resource Expansion Cannot Expand Group Members from Trusted DomainsIf you configure resource expansion for a group that contains members from a trusted domain other than the domain to which the group belongs, Change Guardian cannot expand the group members. (ENG331982) Resource Expansion Does Not Support ParenthesesResource expansion does not work on Active Directory users or users of groups if the name attribute contains open or close parentheses: ( ) (ENG331896) 'Demoted from DC' Events Not Generated on Windows Server 2003If you configure Change Guardian for Active Directory to monitor for Demoted from DC events, and the demoted computer is running Microsoft Windows Server 2003, a Demoted from DC event is not generated. (ENG332176) LDIF Scripts Do Not Generate 'Class-Schema Was Created' EventsIf you use an LDIF script to create a class-schema, Change Guardian generates a Class-Schema Was Modified event instead of a Class-Schema Was Created event. (ENG332311) Change Guardian for Active Directory Does Not Generate Some Events on Microsoft Windows Server 2012 R2If you run Change Guardian for Active Directory on a computer with the Microsoft Windows Server 2012 R2 operating system, Change Guardian for Active Directory does not generate some events. If you install Windows Update KB2911106, Change Guardian for Active Directory is able to generate all events except Active Directory Object was Renamed events. (ENG332396) Microsoft Windows Server 2012 R2 + KB2887595 Can Cause Instability on Domain ControllerIf your domain controller runs Windows Server 2012 R2, ensure you have installed the most recent Windows updates. If the most recent Windows Update you have installed is KB2887595, the computer can become unstable when the following are true:
(ENG332396) Upgrading a Change Guardian Agent from Version 4.0 to Version 4.1 Might Require RebootWhen you upgrade a Change Guardian agent from version 4.0 to version 4.1, if files the upgrade process needs are locked or in use, the upgrade process might require a reboot to complete. (ENG333172) Upgrading a Change Guardian Server from Version 4.0 to Version 4.1 Causes Invalid User Format ErrorIf you upgrade a Change Guardian server computer from version 4.0 to version 4.1, and then edit the include only events performed by these Active Directory users [user names] constraint on a Change Guardian for Active Directory policy you created in version 4.0, the constraint displays an Invalid User Format error. To correct this error, delete the constraint and add it again. The new constraint will not display the error. (ENG332795) Upgrading a Change Guardian Agent from Version 4.0 to Version 4.1 Causes User Expansion to Fail in Registry PoliciesIf you manually add Active Directory users to a registry policy in Change Guardian for Windows version 4.0, and then upgrade a Change Guardian agent to version 4.1, Change Guardian cannot expand the users you added manually. To correct this, submit a new revision of the policy. For example, you can make a minor change to the policy description, and then submit the change. On the new revision, Change Guardian correctly expands the users you added manually. (ENG333316) Change Guardian for Windows Does Not Capture Some File Share SettingsChange Guardian for Windows does not capture modifications to the following types of share settings:
(ENG326828) Migrating Locally Saved Policies Not SupportedBefore you upgrade the Policy Editor to the current version, ensure you back up or submit locally saved policies to the Change Guardian Policy Repository. If you upgrade without backing up locally saved policies from version 4.0 or version 4.0.1, the policies will be lost. (DOC331358) Active Directory Schema Events Might Display 'N/A' in Before and After FieldsAn issue with Active Directory causes Schema Attribute Modified and Schema Class Modified events to display N/A in both the Before and After fields. (ENG330960) Contact InformationOur goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you. For detailed contact information, see the Support Contact Information Web site. For general corporate and product information, see the NetIQ Corporate Web site. For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels. Legal NoticeTHIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. For information about NetIQ trademarks, see http://www.netiq.com/company/legal/. | ||||||||||