Change Guardian

Version 4.0 Service Pack 1

Release Notes

Date Published: July 2013

 
 

 

This service pack resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Change Guardian forum in the NetIQ Forums, our community Web site that also includes product notifications, blogs, and product user groups.

For more information about this service pack and for the latest Release Notes, see the Change Guardian Documentation web site. To download this product, see the Change Guardian Service Packs Web site.

What's New?

The following outline the key features and functions provided by this version, as well as issues resolved in this service pack:

Operating System Support

This service pack adds support for monitoring computers that run the following operating systems:

  • Windows 8 (32-bit and 64-bit)
  • Windows Server 2012

Use Change Guardian for Windows to monitor systems that run either of the new operating systems. Use Change Guardian for Active Directory and Change Guardian for Group Policy to monitor systems running Windows Server 2012.

For more information about monitoring Windows computers, see the Installation and Configuration Guide for NetIQ Change Guardian.

Updated Installation Programs

This service pack includes updated installation programs for Change Guardian and Change Guardian Policy Editor.

Software Fixes and Enhancements

This service pack includes software fixes that resolve several previous issues.

Return to Top

Change Guardian Server

Web Console Cannot Distribute Reports Through Email

Issue:

When you install the Change Guardian server appliance and bypass the SMTP setup for configuring a default email account, the installation process might fail. Also, the Web console cannot distribute reports through email. (ENG328237)

Fix:

If you bypass the steps for configuring a default email account, a successful installation process includes a message that the step was skipped. To configure the default email account after installation, use the following command:

/opt/netiq/cg/scripts/./configure.sh udei

Alerts for Changes by Managed Users Have the Same Severity Level as Changes by Non-Managed Users

When a managed user makes a change, Change Guardian no longer assigns the same severity level to the alert as would be assigned to a change by a non-managed user. (ENG328266)

Updated Version of Java Runtime

This service pack updates the Java runtime to version 1.7 on the Change Guardian server. (ENG328271)

Agent Service Fails to Send Events to the Change Guardian Server after the Server Restarts

Issue:

When the Change Guardian Server is stopped or restarted, the service for the Change Guardian agent cannot reconnect to the server and fails to forward events. (ENG329469)

Fix:

Modified the settings for the agent service to allow it to reconnect to the Change Guardian Server after a loss of connection.

Return to Top

Change Guardian for Active Directory

No Events Generated after Clearing the Windows Event Logs from Event Viewer

Issue:

If you clear the Windows event logs from the Event Viewer, Change Guardian for Active Directory stops generating events. After restarting the NetIQ Change Guardian service, Change Guardian for Active Directory begins generating events again. (ENG329466)

Fix:

Updated Change Guardian for Active Directory to reconnect to the event log when a loss of connection occurs.

Return to Top

Change Guardian for Group Policy

Events for Settings Are Not Sent to Sentinel

Issue:

When you create and assign policies in Change Guardian Group Policy and you list policies for Preferences events before policies for Settings events, Change Guardian does not generate events for the settings. (ENG328907)

Fix:

Change Guardian filters events correctly to ensure that all events are sent to Sentinel, regardless which policy is listed first.

Number of Events for an Object do not Match the Policies Monitoring that Object

Issue:

Although you assign multiple policies in Change Guardian Group Policy to monitor an object, Change Guardian generates only one event per change to that object. (ENG328811)

Fix:

The number of events generated for an object now match the number of policies monitoring that object.

Windows Agent Process Causes High CPU Utilization

Issue:

When you configure Change Guardian for Group Policy and Change Guardian for Active Directory to monitor the same object and its child objects using the Auditing Entry: Full Control for Everyone (Successful and Failed) setting, the VigilEntAgent process, which represents the Windows agent, generates a high CPU usage. This issue generally occurs when the audited object has a system access control list (SACL) for Everyone that specifies everything and you installed both Change Guardian components on the same domain controller. (ENG329330)

Fix:

Updated the filters in Change Guardian for Group Policy and Change Guardian for Active Directory to limit early events that do not match the auditing requirements.

Return to Top

Change Guardian for Windows

Policies Are Not Applied Consistently on the First Attempt

Issue:

When you apply policies to a very busy Windows computer, the policies might not be applied upon the first attempt. This issue does not occur consistently. (ENG327915)

Fix:

Change Guardian for Windows correctly assigns permissions in the cgwmf\Parameters\Consumers key, which allows policies to be applied on the first attempt.

File Integrity Policies Return Inaccurate Results for IIS Files on 64-bit Computers

Change Guardian for Windows now returns accurate results when you run File Integrity policies that compare Microsoft Internet Information Services (IIS) files on a computer running a 64-bit operating system, such as Windows 2008 R2. (ENG328836)

Return to Top

System Requirements

This service pack includes a full version of Change Guardian 4.0. For detailed information on hardware requirements and supported operating systems and browsers, see the Installation and Configuration Guide for NetIQ Change Guardian.

You can use this service pack to upgrade Change Guardian 4.0. For more information, see Installing This Version.

Return to Top

Installing This Version

This service pack includes a full version of Change Guardian 4.0. You can install this version in a clean environment or upgrade an existing installation.

For more information about version 4.0, see the Release Notes. For detailed information about installing Change Guardian components and modules, see the Installation and Configuration Guide for NetIQ Change Guardian.

Installing Change Guardian

You can install this version in a clean environment.

Installing the Change Guardian Server

For information about installing the Change Guardian server, see the Installation and Configuration Guide for NetIQ Change Guardian.

Installing the Change Guardian Console and Windows Agent

(Conditional) To locally install the Change Guardian console or Windows agent, see the instructions in the Installation and Configuration Guide for NetIQ Change Guardian.

(Conditional) To distribute the Windows agent to multiple computers, complete the steps for creating a silent installer package in Upgrading the Console and Windows Agent.

Upgrading Change Guardian

You can also apply this service pack to the following components of Change Guardian 4.0:

  • Change Guardian Server
  • Change Guardian Policy Editor
  • Change Guardian for Windows Agent

Upgrading the Change Guardian Server Appliance

You cannot use WebYaST to upgrade the Change Guardian server appliance because you must accept the updated license agreement. You need to upgrade the appliance by using the zypper patch.

To upgrade the appliance by using the zypper patch:

  1. Back up your configuration.
  2. Log in to the Change Guardian appliance console as the root user.
  3. Run the following command:

    /usr/bin/zypper patch

  4. Enter yes to continue.
  5. Review the updated license agreement, and then enter quit.
  6. Enter yes to accept the updated license agreement.
  7. When the installation completes, restart the appliance.

Upgrading the Change Guardian Server on a Standard Computer

To upgrade the Change Guardian server on a standard computer, perform the installation steps in the Installation and Configuration Guide for NetIQ Change Guardian.

Upgrading the Console and Windows Agent

You can use the IqcgInstaller.exe program in the installation kit to locally update a console or Windows agent or create a silent installer package for upgrading multiple agents.

(Conditional) To locally install the console or Windows agent, run the IqcgInstaller.exe program and follow the steps in the wizard.

(Conditional) To silently install or upgrade the Windows agent, you must create a silent installer package. Complete the following steps:

To create a silent installer package:

    Run the IqcgInstaller.exe program and follow the steps until you get to the Change Guardian Agent window.
  1. In the Change Guardian Agent window, clear Install the selected components locally.
  2. Select Create a silent installer.
  3. Specify the location for the silent installer package.
  4. Complete the steps in the wizard.
  5. The setup program creates a silent installer package called Upgrade NetIQ Change Guardian.exe. Run this program to upgrade your remote agents.

Note
When you specify Create a silent installer, the setup program also creates NetIQ Change Guardian.msi file in the specified path. To use this program to upgrade your agents, you must use the following command to run the file: msiexec.exe /i "NetIQ Change Guardian.msi" REINSTALL=ALL REINSTALLMODE=vomus.

Return to Top

Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The issues associated with the following modules are currently being researched. If you need further assistance with any issue, please contact Technical Support.

The Change Guardian Server Does Not Accept Some Special Characters in Passwords

Issue:

When you install this version in a clean environment, the installation process prompts you to specify a method for authenticating users. If you specify LDAP authentication, the installation succeeds but you cannot log in to Change Guardian Policy Editor or register your agents. This issue does not occur during an appliance installation or when you upgrade from version 4.0. (ENG329361)

Workaround:

For the user authentication method, specify Database authentication only.

Upgrade Fails if You Renamed the .msi Package for the Original Installation

If you renamed the .msi file when packaging the program to silently install a previous version of Change Guardian, the upgrade to the current release fails. During an upgrade, Microsoft Windows looks for an original installation with the same identification as the .msi package for the upgrade. For more information about this issue, see the Windows Installer Team Blog. (ENG328889)

Cannot Use Special Characters When Specifying the Installation Path

When installing Change Guardian, you cannot specify a path that contains special characters, such as a semi-colon. (ENG328999)

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.

Return to Top

Legal Notice

Return to Top