Release Notes

Password Reset Server Release Notes

PRS 3.2.000000 Release Notes

Main Focus: Required Questions

  • Questions on a Security Policy can now be marked as Optional, Required or Grouped. Required questions must always be answered correctly during the reset process. Grouped questions require an answer for each question, but the user only has to answer one of the grouped questions correctly. This provides flexibility for organizations requiring some form of two-factor authentication. Phone and SMS verification can be grouped, allowing the user to answer a phone call or submit a SMS verification.
  • Added support for User must change password attribute in active directory for login and change password page.

Bug Fixes:

  • Fixed issue where if a user was created in AD and logged into Password Reset Server prior to synchronization they would not be able to authenticate and enroll. Synchronization will not be kicked off at login if they exist in Active Directory but have not yet been added.
  • Fixed issue with the user change password page, where a non-resolvable friendly domain name would prevent the user from changing their password.

PRS 3.1.000000 Release Notes

Main Focus: End User UI Enhancements

  • Significantly changed the enrollment look and feel. End users now see a list of all the questions and choose which ones to answer before starting the enrollment, rather than being prompted for each question and skipping ahead.
  • Reworked the landing page to make it clearer what action a user should take. Note that this may affect any customizations to images or theming on the landing page.
  • Administrators can now allow end users to sign in with their email address instead of their Active Directory username in cases where end users may not know their AD username and domain.
  • The connection from Password Reset Server to ProxStop for sending texts and phone calls is now over HTTPS.
  • Updated licensing to better handle user overages and alert administrators when the license limit is hit.

Bug Fixes:

  • Fixed issue where “User must change password on next logon” was getting set during the end user reset process in incorrect cases.

PRS 3.0.000000 Release Notes

Main Focus: Active Directory Attribute Integration

  • Added Automatic Enrollment through AD Attributes. Admins can now choose an AD Attribute as a source for a user’s answer, so users can be quickly enrolled without having to manually answer questions.
  • Added ability to manage AD Attributes. Admins and allowed users can update AD attributes, such as home phone number, mobile number, etc. within the tool itself.
  • Enrollment Reminders, Username Recovery, and Expiration Reminder emails are all now sent as HTML.
  • SIEM Integration: Audit Events are now logged in the CEF format to any third party logging tool that accepts a syslog feed for custom alerting and reporting.
  • Added option to send SMS messages for questions to any gateway that accepts an SMTP message and forwards it on as an SMS.
  • Added Security Policy option to only show a certain number of questions to the user during the reset.
  • Question order can now be randomized during the reset process.
  • UI usability enhancements to the Administration section.
  • The Windows Logon integration can now be deployed on .NET 4.0 and higher environments without requiring a .NET 3.5 prerequisite.

Bug Fixes:

  • Fixed error in some cases when removing questions from a Security Policy where a minimum reset threshold was set.

PRS 2.3.000017 Release Notes

Main Focus: Bug Fixes and Usability Enhancements

  • Updated inclusion and exclusion to show results from OU’s, Groups, and Users for cases when objects are named similarly.
  • Fixed issue with users changing passwords for non English locales.
  • Added missing localizations on the Login page.
  • Fixed Admin Performance export to include the fastest time column.

PRS 2.3.000016 Release Notes

Main Focus: Bug Fixes and Usability Enhancements

  • The SecurityPolicyUsers page now allows searching by partial or full OU paths.
  • The SecurityPolicyUsers page now shows the full path of searched-for OUs in a tooltip.
  • The SecurityPolicyUsers page now saves if Enter is pressed in the Include or Exclude box.
  • Resolved edge cases in AD synchronization based on limited user permissions.
  • Added data inconsistency check.
  • Resolved issue where time zone discrepancies could cause an error on the AD synchronization page.
  • Fixed issue on ChangeUserPassword page that would sometimes cause an error in some customer environments.

PRS 2.3.000012 Release Notes

Main Focus: Active Directory Synchronization

  • Improved speed and reliability of Active Directory Synchronization.
  • Added additional handling for user’s attempting to reset passwords while the Active Directory Synchronization was running.
  • The recipient of the Test Email on Configuration is now shown.

PRS 2.3.000000 Release Notes

Performance and Usability Enhancements

  • Updated Domain Synchronization to significantly improve performance on very large domains.
  • Added more granular inclusion and exclusion controls on Security Policy. Administrators can now choose OU’s, Security Groups, and specific Users to include or exclude in a Security Policy.
  • Added ability to allow users who forgot their username to recover it by email.
  • Password expiration reminders are no longer sent out if there is less than 24 hours until the password expires.
  • Added option to prevent the application from checking for updates automatically.
  • Added new Web Service method to check whether a user is enrolled or not.
  • The URL specified for the Windows Logon Integration is now also the URL sent out in Enrollment Reminders using the %LINK% token.
  • DEPRECATED: The legacy method to install the Windows Logon Integration with WMI has been removed. The only supported way to deploy the Windows Logon Client is through Group Policy with the provided MSI. This will not break existing Windows Logon Client installations.

Bug Fixes:

  • Fixed possible exception that could occur during the reset process caused by password expiration processing occurring during a user’s reset process.
  • Fixed display of menu links that were shown to users after test run.
  • Fixed button text on Enroll screen that could not be localized.

PRS 2.2.000014 Release Notes

Bug Fixes and Usability Enhancements

  • Added searching and paging to the Excluded Users and the Exclude By Group pages.
  • Added performance enhancements for very large environments and also diagnostic pages.
  • Fixed issue where expired users could no longer use Change Password.
  • Fixed Logon Integration issue with Microsoft Windows Server 2012 Domains.
  • Fixed issue where disabled users could reset their passwords if they were enrolled.

PRS 2.2.000013 Release Notes

Usability Issues and Bug Fixes

  • Added options on the Windows Logon Integration to display and change the URL that the client will connect to.
  • Fixed issue where if a user used the Change Password option and the password did not meet domain requirements the user got locked out.
  • The Change Password button is no longer visible if the user is not a member of a Security Policy.
  • Error messages on Change User Password now include just the error message and diagnostic information is written to the System Log
  • Fixed issues where users would see a reset session expired error if they clicked the Reset Password button multiple times.
  • Fixed bug where only 15 Security Questions could be displayed.
  • Fixed IE7 and Chrome display issues for the user home page.
  • Fixed incorrect warning on the Dashboard if Telesign was not selected as the multifactor phone provider.

PRS 2.2.000012 Release Notes

Main Focus: Features and Enhancements

  • Added new Security Policy option for forcing users to change their password after enrolling.
  • Role Assignment Administration and Audits now include the user’s domain username in addition to their display name for greater detail.

Bug Fixes:

  • Fixed error on the Change Password page when the domain selector is disabled.

PRS 2.2.000012 Release Notes

Main Focus: Features and Enhancements

  • Added new Security Policy option for forcing users to change their password after enrolling.
  • Role Assignment Administration and Audits now include the user’s domain username in addition to their display name for greater detail.

Bug Fixes:

  • Fixed error on the Change Password page when the domain selector is disabled.

PRS 2.2.000009 Release Notes

Main Focus: Localization Enhancements

  • End users can choose an available language during the reset process from the Windows Logon client.
  • Administrators can set a default language for the Windows Logon client.
  • Users are automatically redirected to the Change Password page if they fail to login due to an expired password.

Bug Fixes:

  • Fixed error that could occur during the reset process when the friendly domain name was not resolvable.

PRS 2.2.000008 Release Notes

Features and Enhancements:

  • Admins can create scripts or applications to automatically import users’ answers or keep them up to date through a new API.
  • Users can now change their password if they know their current password, instead of having to answer all the reset questions or go through a password reset in Windows.

Bug Fixes:

  • Fixed bug where if a user resets their password, they could still receive an expiration email alert if the Active Directory synchronization had not yet run.
  • Fixed issue where a validation message warning that no OUs were selected could show incorrectly when selecting OUs in a Security Policy.
  • Fixed issue where the Fully Qualified Domain Name showed instead of the friendly name in the Reset Password initial dialog.
  • Fixed bug where exceptions could be thrown during enrollment, test runs, or resets if the security policy is altered while a user is confirming their identity.

PRS 2.2.000002 Release Notes

Features and Enhancements:

  • Added versioning to Windows Logon integration client (future releases will allow a direct upgrade through the MSI without requiring uninstall and reinstall).

Bug Fixes:

  • Fixed security issue where certificate problems could allow the user to use the Windows Logon integration client to get to Internet sites.
  • Fixed security issue where the user could get to Windows Explorer (only if using special inputs) through the Windows Logon integration screen.
  • Fixed issue where the Windows Logon integration screen could hang if the user closed the Password Reset Server browser too quickly.
  • Fixed issue where recreating Windows Logon integration configuration files failed on new installations (caused error in log).

PRS 2.2.000001 Release Notes

Main Focus : Security Fixes

  • Fixed issue where a user could access the explorer menu through the Reset Password process on the Login Integration screen. (Reported by customer and fixed within 24 hours)
  • Fixed issue where if the connection from the web server to the database was lost, a user could access the explorer menu through the Reset Password process on the Login Integration screen.
  • Fixed issue where machines with the Login Integration installed could lock up when logging out multiple times through Remote Desktop.

2.2.000000

Features and Enhancements:

  • Added Secure LDAP support for Active Directory.
  • Added support for Authenticated SMTP.
  • Improved performance of User Administration screen when displaying a large number of users.
  • Improved password reset logging.

Bug Fixes:

  • Fixed display issues in IE7.
  • Fixed issue where disabled users might not be re-enabled upon synchronization.
  • Fixed issue in Security Policy where a child OU might become unselected upon re-saving.
  • Improved email address validation.

2.1.000019

Features and Enhancements:

  • Added option to separately backup the application and database.
  • Added User Password Expiration Report.
  • Moved the Organization Unit Synchronization log into the Domain Synchronization log.
  • Removed the Remote Installation feature. Existing users will still be able to access this feature through the Legacy Remote Installation link under Windows Login Integration.

Bug Fixes:

  • Fixed bug where email validation did not allow a hyphen in the domain.

2.1.000015

Features and Enhancements:

  • Allowed users to select their own images for image questions.
  • Made determining the locked out status more fault tolerant.
  • Allowed admins to install licenses with a future start date.
  • Added AppSetting that allows users to log the IP Address of users when they are accessing through an internal proxy.
  • Added context based help links throughout the application.

Bug Fixes:

  • Fixed bug where the password expiration date could not be determined on some domains.
  • Fixed bug on diagnostics page where the page would timeout when the server uses a proxy.

2.1.000013

Bug Fixes:

  • Fixed bug where accounts in certain domains could not be unlocked.
  • Fixed bug where expiration notifications were sent to users in inactive security policies.
  • Fixed bug where if the application pool was recycled during a password reset, the user would get an error.
  • Fixed bug where pressing enter in Internet Explorer during reset steps could sometimes cause an exception.
  • Fixed bug where duplicate answers could sometimes be inserted.
  • Fixed bug where styling would be incorrect on some pages when using an SSL load balancer.

2.1.000010

Main Focus – Answer Import

Features and Enhancements:

  • Added bulk import for answers.
    • Admins can now upload a spreadsheet or XML file to pre-populate user’s answers.
  • Created new “Clear Answer” permission to allow Admins to clear all answers for a question.

Bug Fixes:

  • Fixed bug where users weren’t put into OU’s during the first synchronization run.

2.1.000001

Main Focus – Ease of Use

Features and Enhancements:

  • Added MSI installer for the initial install.
  • Added instructional video for getting started with Password Reset Server to the Dashboard.
  • Added the configuration setting to force HTTPS.
  • Updated licensing to allow one free User if there is no installed license for testing purposes.
  • Improved the Windows Login Integration to first load a temporary page and allow HTTP if HTTPS is not enabled.
  • Added the ability to manually set an AppSetting to only synchronize certain OUs.

Bug Fixes:

  • Fixed display issue where Minimum Correct Answers would display ‘All’ even when another number was sent.

2.1.000000

Main Focus – Reporting and Question Thresholds

Features and Enhancements:

  • Reporting
    • Reports page allows administrators to view standard reports, or to create reports with SQL and charting options. Reports can use a variety of 2D or 3D charts.
    • Reports can be displayed with all their associated data points (grid).
    • Reports can be placed into categories, and these categories and their reports can be organized using drag and drop.
    • Reports can have rows with different colors based on data values.
    • Reports can be created using parameters such as start date, end date, and user ID.
  • Question Thresholds on Security Policies
    • Ability to lower the Question threshold on enrollment so users are able to skip questions and answer the ones pertinent to them.
    • Ability to allow the user to get only a percentage of questions correct for confirming their identity during a reset.
  • Bulk Exclusion can be done based on the Active Directory group.
  • Added the ability to change the local administrator’s email address.

Bug Fixes:

  • Fixed issue with manual and scheduled Backups.

2.0.00007

Main Focus: Domain Synchronization Performance

Bug Fixes and Enhancements:

  • Fixed memory issue and increased efficiency for synchronizing larger domains.
  • Updated progress bars to better show synchronization details.
  • Added Admin Notification for when the application is running in 32-bit mode.
  • Added offline upgrade option to the installer.

2.0.00001

Bug Fixes:

  • Updated the Unlock Account button to validate if the privileged domain credentials does not have permission to unlock the account.
  • Fixed issue with retrieving the Expiration Date from AD if a user has never had that value set.

2.0.000000

Main Focus – SMS and ProxStop

Features and Enhancements:

  • Added multi-factor SMS question.
  • Added support for ProxStop as an alternative phone and SMS service provider.
  • Added configuration setting to allow logging in using Domain\User without showing the available domains in a drop down list.
  • Added a second image set of landmarks for the image question.
  • Added ability to Clear Answers on a question to force users to re-enroll for that question.
  • Improved the UI on selecting users for Security policies.
  • Ability to change the Local Administrator’s password.

Bug Fixes:

  • Improved validation message for certain domain policy errors when attempting a password reset.
  • Active Directory synchronization supports non-standard characters in Organization Unit name.

1.1.000016

Features and Enhancements:

  • Unlock Only Option
    • Users can now opt to just unlock an account instead of resetting the password.

Bug Fixes:

  • Updated password expiration date population for notification emails.

1.1.000015

Features and Enhancements:

  • Greatly improved Active Directory synchronization performance.
  • Added Security Hardening Report.
  • Added option to Force HTTPS in the configuration.

Bug Fixes:

  • Fixed bug where adding more than 1000 computers in a single OU could cause synchronization issues.
  • Fixed bug where scrolling issues could occur if a user had many questions assigned to his security policy.
  • Fixed bug where containers with more than 100 OUs on the same level did not display properly when assigning security policies.

1.1.000012

  • BUG: Fixed issue with resetting password on an account using minimum password age.

1.1.000011

Main Focus: Responding to customer requests to make GINA extension deployable through Group Policy and to provide password expiration notifications

  • Added MSI Installer to easily deploy GINA extension to Windows clients (including through Group Policy).
  • Added configurable email alerts to end users when their AD password will be expiring soon.
  • Domain policy password requirements are now respected for password resets.
  • Added ability to synchronize specific computers when deploying GINA extension using the web interface.
  • Reduced the number of System Log entries from various synchronizations.
  • Added separate page (DBConnectionReset.aspx) to allow users to change their database connection information without needing to go through the installer.
  • BUG: Fixed issue where Organization Units and Computers would sometimes not get synchronized when a new domain was added.
  • BUG: More robust computer synchronization. Prevented situation where connection to the domain controller could fail.
  • BUG: All computers found on the Domain Controller will now be visible even if the computer could not be reached across the network.

1.1.000002

  • BUG: Fixed issue where Computer Synchronization would stop if a getting the detailed information failed on a computer
  • BUG: Fixed UI styling for the Organization Unit Tree view and Admin Mode button in IE 7.0
  • Removed Domain Validation for specific Reset permission

1.1.000001

  • BUG: Fixed issue where duplicate users would be created for the parent and child domain.

1.1.000000

  • Added Windows Logon Integration support for Windows XP and Windows Server 2003 (including 64 bit versions).
  • Added the ability to view users in an OrganizationalUnit when assigning users to a Security Policy.
  • Improved Active Directory Synchronization to log any errors retrieving a user and continue synchronizing the domain.
  • Improved the Enrolled Report to list unassigned users separately from un-enrolled users.

1.0.000000

  • Streamlined installation steps to avoid synchronization and simplify the process.
  • Added ability to assign users to a Security Policy based on their Active Directory Organizational Unit (OU).
  • Added ability to exclude Users on an individual basis.
  • Added ability to deactivate domains.
  • UI Enhancements to simplify the look for standard Users and separated Administration pages.
  • Added dashboard for Administrators with configuration alerts.
  • Added automated backup for disaster recovery.
  • Added multi-factor phone question – verifies identity by phone