NetIQ Privileged User Manager 2.3.2 Release Notes

January, 2013
2.1 AIX
2.2 HP-UX
2.3 Linux
2.4 SLES10
2.5 SLES11
2.7 Tru64

1.0 Documentation

The following sources provide information about Privileged User Manager:

2.0 Installing Privileged User Manager 2.3

Privileged User Manager can be downloaded from the Novell Downloads site.

To obtain the purchased license, log in to the Novell Customer Center and follow the link that allows you to download the software and the license key.

The ISO image contains the following directories and files for Framework Managers, Agents, and the Package Manager.

2.1 AIX

Package

netiq-npum-agent-2.3.2-aix-5.1-powerpc.bff.gz

 

Agent package for AIX* 5.1

netiq-npum-manager-2.3.2-aix-5.1-powerpc.bff.gz

 

Framework Manager package for AIX 5.1

For installation instructions, see the following sections in the NetIQ Privileged User Manager Getting Started Guide:

2.2 HP-UX

Package

netiq-npum-agent-2.3.2-hpux-11.00-hppa.depot.gz

 

Agent package for HP-UX 11 and 11i HPPA

netiq-npum-agent-2.3.2-hpux-11.23-ia64.depot.gz

 

Agent package for HP-UX 11i v2 and v3 Itanium*

netiq-npum-manager-2.3.2-hpux-11.00-hppa.depot.gz

 

Framework Manager package for HP-UX 11 & 11i HPPA

netiq-npum-manager-2.3.2-hpux-11.23-ia64.depot.gz

 

Framework Manager package for HP-UX 11i v2 and v3 Itanium

For installation instructions, see the following sections in the NetIQ Privileged User Manager Getting Started Guide:

2.3 Linux

Package

netiq-npum-agent-2.3.2-linux-2.6-s390x.rpm

 

Agent package for Linux on zSeries mainframes with a 2.6 kernel.

netiq-npum-agent-2.3.2-linux-2.6-x86_64.rpm

 

Agent package for Linux on Intel 64-bit machines with a 2.6 kernel

netiq-npum-agent-2.3.2-linux-2.6-intel.rpm

 

Agent package for Linux on Intel 32-bit machines with a 2.6 kernel

netiq-npum-manager-2.3.2-linux-2.6-s390x.rpm

 

Framework Manager package for Linux on zSeries mainframes with a 2.6 kernel

netiq-npum-manager-2.3.2-linux-2.6-x86_64.rpm

 

Framework Manager package for Linux on Intel 64-bit machines with a 2.6 kernel

netiq-npum-manager-2.3.2-linux-2.6-intel.rpm

 

Framework Manager package for Linux on Intel 32-bit machines with a 2.6 kernel

For installation instructions, see the following sections in the NetIQ Privileged User Manager Getting Started Guide:

2.4 SLES10

Package

novell-pum-2.3.2-22885.i586.rpm

 

Agent package on SLES10 32-bit machine

novell-pum-2.3.2-22885.x86_64.rpm

 

Agent package on SLES10 64-bit machine

novell-pum-manager-2.3.2-22885.i586.rpm

 

Framework Manager package on SLES10 32-bit machine

novell-pum-manager-2.3.2-22885.x86_64.rpm

 

Framework Manager package on SLES10 64-bit machine

For installation instructions, see the following sections in the NetIQ Privileged User Manager Getting Started Guide:

2.5 SLES11

Package

novell-pum-2.3.2-22885.i586.rpm

 

Agent package on SLES11 32-bit machine

novell-pum-2.3.2-22885.x86_64.rpm

 

Agent package on SLES11 64-bit machine

novell-pum-manager-2.3.2-22885.i586.rpm

 

Framework Manager package on SLES11 32-bit machine

novell-pum-manager-2.3.2-22885.x86_64.rpm

 

Framework Manager package on SLES11 64-bit machine

For installation instructions, see the following sections in the NetIQ Privileged User Manager Getting Started Guide:

2.6 Solaris

Package

netiq-npum-agent-2.3.2-solaris-2.8-intel.pkg.gz

 

Agent package for Solaris* 2.8 Intel

netiq-npum-agent-2.3.2-solaris-2.8-sparc.pkg.gz

 

Agent package for Solaris 2.8 SPARC*

netiq-npum-manager-2.3.2-solaris-2.8-intel.pkg.gz

 

Framework Manager package for Solaris 2.8 Intel

netiq-npum-manager-2.3.2-solaris-2.8-sparc.pkg.gz

 

Framework Manager package for Solaris 2.8 SPARC

For installation instructions, see the following sections in the NetIQ Privileged User Manager Getting Started Guide:

2.7 Tru64

Package

netiq-npum-agent-2.3.2-tru64-5.0-alpha.tar.gz

 

Agent package for Tru64 v5.x OSF1

For installation instructions, see the following sections in the NetIQ Privileged User Manager Getting Started Guide:

2.8 Windows

Package

netiq_pum_agent_2.3.2_x86.msi

 

Agent package for Windows 32 bits

netiq_pum_agent_2.3.2_x64.msi

 

Agent package for Windows 64 bits

netiq_pum_manager_2.3.2_x86.msi

 

Framework Manager package for Windows 32 bits

netiq_pum_manager_2.3.2_x64.msi

 

Framework Manager package for Windows 64 bits

For installation instructions, see “Installing a Framework Manager” in the NetIQ Privileged User Manager Getting Started Guide.

2.9 Package Manager

Package

netiq-npum-packages-2.3.2.tar.gz

 

Zipped file for setting up a local package manager.

For instructions on how to set up either the Framework Manager or an agent to be the local package manager, see “Setting Up a Package Manager” in the NetIQ Privileged User Manager Getting Started Guide.

3.0 Upgrading from Novell Privileged User Manager 2.2 to 2.3

To upgrade from Novell Privileged User Manager 2.2 to 2.3, you can download the packages from the Novell Customer Center or from Novell Downloads. Then you must add the packages to your Framework Manager and update your system with the Framework patch.You can then update the other packages.

To install new 2.3 agents, you need to download the ISO image from Novell Downloads or from the Novell Customer Center.

4.0 New Features

4.1 Video Capture for Windows

Video Capture for Windows monitors user activity by capturing videos of every task performed by the user.

  • You can browse the text log of a user and select a particular task and watch the video.

  • You can search for a particular event within a video based on the keyword search option.

  • You can schedule compression and archiving of video files to external storage.

  • You can turn the Video capture feature ON or OFF for a particular user based on your requirement.

For detailed information, see Video Capture for Windows in the NetIQ Privileged User Manager 2.3.2 Administration Guide.

4.2 Two Factor Authentication

Two factor authentication is required to enhance the security and to ensure the identity of the user is valid. Every framework user has to enter the secondary password to log in to the PUM Administration Console.

For detailed information, see Modify User: Authentication Script in the NetIQ Privileged User Manager 2.3.2 Administration Guide.

4.3 SSL Renegotiation DOS Attack Protection

A client can attack the SSL server by sending a number of renegotiation (SSL handshake) requests to it. This can overwhelm the server and the server can go down. To prevent such attacks you can limit the renegotiation requests from a particular client by setting a threshold.

For detailed information, see SSL Renegotiation DOS Attack Protection in the NetIQ Privileged User Manager 2.3.2 Administration Guide.

4.4 Change Management

Any GUI specific operations performed by you is audited by the Change Management feature. Each operation is tracked and the log is maintained in the Change Management report. The default Sample Report displays all the collected audit records and any associated keystroke captures.

For detailed information, see Change Management in the NetIQ Privileged User Manager 2.3.2 Administration Guide.

5.0 Known Issues

5.1 Privileged User Manager Crashes when only the Framework Package is rolled back from the latest version to the previous version.

To workaround this issue, first rollback all the other packages apart from the framework package and then rollback the framework package.

5.2 The RDP Key is Corrupted when it is Created and throws an Error during Initialization

To workaround this issue, take a backup of the rdprelay.ldb file, delete the original rdprelay.ldb file and restart the service.

5.3 EAC Policy does not Work for Non-root Users of the Group.

To workaround this issue, in the rule where the EAC script is included, set Submit User to root.

5.4 Unable to Rollback Framework Patch on Windows Platform

To resolve this issue, see TID 7010308 in the Novell Support Site.

5.5 Unable to Audit 32-bit Internet Explorer Using PUM Run

When you launch a 32 bit Internet Explorer with the PUM Run function, without closing any already launched 32 bit Internet Explorer without PUM Run, you cannot audit the 32 Internet Explorer using PUM Run.

To resolve this issue, close all 32 bit Internet Explorers before launching a 32 bit Internet Explorer with PUM Run

5.6 LDAP Server Certificate Validation is Ignored

On Windows and Linux platforms the LDAP server certification validation is ignored at the client side.

5.7 Uninstaller does not Remove all PUM Files and Registry Entries

When you uninstall Privileged User Manager, the uninstaller does not remove all the PUM files and registry entries.

To remove the complete Privileged User Manager folder, manually delete the existing files and restart the system.

5.8 RDP Relay Related Error Message

An error message, "This computer cannot connect to the remote computer” is displayed when host name cannot be resolved either from DNS or Hosts file on a machine from where a user is trying to connect to an RDP relay session using RDP relay feature.

To resolve this issue, on the Windows machine from where you are trying to run the RDP relay session, add the hostname resolved to IP address on hosts file.

5.9 Account Domains are not Imported or Exported in Command Control

Account Domains are not imported or exported with the rest of the configuration for Command Control.

5.10 RPM Upgrade Issues on SLES Platform

While upgrading RPM on SLES platforms from version 2.2.2.x to 2.3, new packages such as LDAP agent, SSH relay agent, SSH agent and Privileged Credential manager are unregistered.

To resolve this issue, do one of the following:

  • Use the unifi regclnt register to re-register the packages to manager.

  • Use the console to register the packages in hosts console.

5.11 RDP Session Cannot be Connected when a Screensaver or Lock Screen Prompts Appears

During an RDP session, if a screensaver appears or if the user locks the system, the RDP session cannot be connected.

To resolve this issue, close the active RDP session and reconnect to a new RDP session.

5.12 Package Manager Update Issue

While upgrading from version 2.2.2 to 2.3 using Package Manager, new packages such as Privileged Credential Manager, SSH Relay Agent, SSH Agent are not installed.

To resolve this issue, install the new packages through the host's Install packages option.