Secure Configuration Manager 6.2 Patch Update 1 (6.2.0.1) resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Secure Configuration Manager forum, our community website that also includes product notifications, blogs, and product user groups.
For more information about Secure Configuration Manager, see the Secure Configuration Manager website.
For the latest version of this release notes document, see the NetIQ Secure Configuration Manager 6.2 documentation website.
The following sections outline the agent updates and issues resolved in this release.
This release adds and updates objects and attributes for the UNIX namespace to support NetIQ Security Agent for UNIX 7.5.1 (UNIX agent). You can use these objects and attributes to create custom security checks and policy templates.
NOTE:Before upgrading to this version of the UNIX agent, ensure that your environment meets the requirements. For more information, see Section 3.2, Considerations for Upgrading the UNIX Agent.
For more information about the new features and issues resolved in the UNIX agent, see the Release Notes for NetIQ Security Agent for UNIX 7.5.1. For more information about installing and using the UNIX agent, see the Installation and Configuration Guide for NetIQ Secure Configuration Manager UNIX Agent.
Secure Configuration Manager now provides detailed auditing information for the following conditions:
When you change permissions for user roles
When you add or remove members from user roles
When you specify the email option or change email addresses for report distribution
Console users with the View Audit History permission can view these updates, such as what changes were made and which user made the changes.
For more information about viewing the audit history log, see Understanding Console User and Administrator Auditing
in the NetIQ Secure Configuration Manager User Guide.
(Bugs 888231, Bug 888230, and Bug 891479)
This patch update includes software fixes that resolve several issues.
Issue: This release resolves an issue where a policy template run failed with following type of error:
An invalid XML character (Unicode: 0x8) was found in the element content of the document.
This issue occurred because the name of a group included a character that must be escaped in XML. For example, the group is Texas/balanced. Secure Configuration Manager could not parse the '/b' part of the name because the characters represent the backspace action in code. (Bug 1003189)
Fix: To allow parsing of the XML file, this release includes a new setting that instructs Secure Configuration Manager to add an escape character before an invalid character.
To escape invalid characters:
In the Core Services Configuration Utility, select the Advanced tab.
For gladiator/securitycheckup/filter/EscapeInvalidChars, set the value to True.
Restart the NetIQ Core Services service.
You can configure your managed groups to inherit the exceptions of their immediate parent group. (Bug 969956)
For example, you want to add two child groups, Texas and Utah, to the US Finance group. You want the endpoints within the child groups to have the same exceptions that you previously applied to endpoints in US Finance. Rather than manually creating each exception, complete the following steps:
To inherit a parent group’s exceptions:
In the Core Services Configuration Utility, select the Advanced tab.
For gladiator/exception/parent/enabled, set the value to True.
Restart the NetIQ Core Services service.
Issue: Secure Configuration Manager 6.2 added a timezone value to dates in reports. In some instances, the timezone data interfered with importing XML files. (Bug 1018416)
Fix: This release enables you to prevent the inclusion of the timezone value in your reports.
Log out of the Secure Configuration Manager console.
On the console computer, open the Registry Editor.
Locate HKLM\Software\NetIQ.
Create a key with type dword called ShowTimeZone.
To disable the timezone, set the value to 0.
This patch update requires Secure Configuration Manager 6.2.
For more information about hardware requirements, supported operating systems, and browsers, see the NetIQ Secure Configuration Manager Technical Information web page.
This patch update must be installed on the Secure Configuration Manager Core Services Computer and all console computers. When you run the update on the Core Services computer, the program automatically updates the Secure Configuration Manager database.
For more information, see the NetIQ Secure Configuration Manager Installation Guide.
Back up the configuration data, such as registry keys, and the database for Secure Configuration Manager.
Backing Up Configuration Data
in the Secure Configuration Manager Installation Guide
Backing Up the Secure Configuration Manager Database
in the Secure Configuration Manager User Guide
Log in the Core Services computer as an administrator.
NOTE:If the database is installed on a separate computer from Core Services, ensure your user account is a member of the local Administrators group on the Core Services computer, or is a member of the Microsoft SQL Server sysadmin role.
Run the SCM_6.2.0.1.msp file.
Follow the instructions in the wizard for updating Core Services until you have finished installing the patch update.
Log in to the Secure Configuration Manager console computer with a local administrator account.
Run the SCM_6.2.0.1.msp file.
Follow the instructions in the wizard for updating the console until you have finished installing the patch update.
Repeat Step 4 through Step 5 on each Secure Configuration Manager console computer.
If your UNIX agents communicate with both NetIQ Change Guardian and Secure Configuration Manager, it is possible that upgrading the UNIX agent might interrupt communication with Secure Configuration Manager. This issue occurs because the agent and Change Guardian upgrades include a security profile switch for the agent.
To ensure continued service between the UNIX agent and Secure Configuration Manager, review the following considerations:
You can install or upgrade to Change Guardian 5.0 and apply this patch update to Secure Configuration Manager. However, do not perform the steps for the security profile switch for the UNIX agent.
If you use Change Guardian 4.2.1 and choose to apply this patch to Secure Configuration Manager, ensure that you use Unix Agent Manager to upgrade to UNIX agent 7.5.1. The deployment process does not include the security profile switch for the agent.
For more information about installation scenarios, see the documentation for Security Agent for UNIX. (Bug 1056377, Bug 1050051)
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of the Secure Configuration Manager forum, our community Web site that offers product forums, product notifications, blogs, and product user groups.
For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions, U.S. Government restricted rights, patent policy, and FIPS compliance, see http://www.netiq.com/company/legal/.
Copyright © 2017 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/. All third-party trademarks are the property of their respective owners.