Password Manager Pro

企業密碼管理軟件


Password Manager Pro是存儲和管理企業內部密碼、文檔和數字證書等重要數據的保險箱。部署Password Manager Pro具有以下優勢:
  • 統一集中存儲密碼,保障密碼安全/li>
  • 自動定期更改關鍵系統的密碼,提高IT管理效率
  • 通過請求批准流程和實時告警,控制對密碼的訪問
  • 符合安全審計和法規,如SOX、HIPAA和PCI
ManageEngine® Password Manager Pro - Release Notes

PMP Release 6.1 - Build 6104

New Features / Enhancements

Nested Resource Groups

  • Option to arrange and maintain resource groups in hierarchical structure (groups, sub-groups) for navigational convenience

Password Explorer

  • 'Home' tab re-arranged in an intuitive way to provide easy access to the passwords owned and/or shared. The explorer contains the following components:
    • All My Passwords
    • My Recent Passwords
    • My Favourite Passwords
    • Nested Resource Group Tree

Remote Password Synchronization for Juniper Netscreen Devices

  • Support for changing the privileged passwords of remote Juniper Netscreen devices from PMP GUI

Templates for Customizing Email Notification Content

  • By default, PMP has a specific content for the email notification for various password actions. If you want, you can customize the content and have your own content.

Export Passwords of Resource Groups

  • Option to export the passwords of specific resource groups alone

Bug Fixes & Changes

  • MySQL version upgraded from 5.0.36 to 5.079
  • Earlier, when there were large number of passwords, loading of the dashboard took some time. This has now been optimized
  • Earlier, there were issues in carrying out password synchronization / verification using a single account in Linux. This has been fixed.
  • Earlier, when Active Directory authentication was enabled, there were problems in logging in to PMP using the local authentication when a AD user was deleted. This has been fixed.
  • Earlier, when a resource group name contained a single quote, the hierarchical arrangement of resource groups were not properly shown. This has been fixed now.
  • Earlier, when the 'Personal Password' option was disabled for a Password User, the Password Explorer view became hidden. This has been fixed now.
  • So far, no cipher was explicitly mentioned for encrypting the connection between the two MySQL database instances, used in high availability and live backup scenarios. Now this connection is also AES encrypted by choosing the DHE-RSA-AES256-SHA cipher for the SSL channel.
  • The JDBC connection between the JRE (Java(TM) Runtime Environment) and the MySQL database is now encrypted by default, to eliminate the need to set it up separately.
  • All user input submitted in the user interface are centrally validated to check for and discard harmful inputs that could cause scripting attacks like cross-site scripting (XSS) irrespective of case of the scripting content.

PMP 6002 - Bug Fixes & Changes

  • All user input submitted in the user interface are centrally validated to check for and discard harmful inputs that could cause scripting attacks like cross-site scripting (XSS) or SQL injection.
  • When password policies contained a special character in the policy name, there were issues getting the policy work after editing it. This has been fixed now
  • Earlier, the 'verify password' operation failed for Linux and HP-UX target systems in certain environments. This has been fixed
  • Earlier, the custom fields for accounts did not support special characters in name. This has been fixed
  • Earlier, administrators were permitted to allow exclusive password access to a user for a maximum of 99 hours. Now, it has been modified to enter three-digit figures (in hours)
  • In PMP 6001, while carrying out high availability setup, there were issues in creating the replication pack. This has been fixed
  • Earlier, in PMP high availability set up, the /mysql/data folder was growing in size. This has been fixed

PMP Release 6

New Features / Enhancements

Password Access Control Workflow
  • Support for password request-release workflow to enforce enhanced access control in the product. The user, who requires a password, will have to 'request the release' and one or more administrators will authorize the request. Password will be made available for the exclusive use of the user for a stipulated period of time. It will be automatically reset thereafter and the user will thereby forfeit the access.
Two-Factor Authentication
  • Option to enforce users to identify themselves with two unique factors through two successive stages before they are granted access to PMP web-interface. While the existing authentication mechanism of PMP (native authentication / AD / LDAP) will be the first authentication factor, the second authentication factor could be either a unique password generated by PMP and sent through email or RSA SecurID one-time token, which changes every sixty seconds. For RSA part, PMP has entered into a technology partnership with RSA, The Security Division of EMC (NYSE: EMC).
Firefox 3 Plug-in
  • PMP plug-in for Firefox 3 to enable copying of passwords to the clipboard and to invoke various operating system commands for automatically logging-in to target systems.
Flash 10 Support
  • Support for copying of password to the clipboard when Flash 10 is used in conjunction with Firefox

Remote Password Reset

  • Option to enter administrator credentials for resources / resource groups in bulk to configure password reset for target resources with ease
Password Policy
  • Support to specify a password policy for many resources / resource groups at one go
PMP Login GUI
  • If you have users from various domains, the PMP login screen will list-down all the domains in the drop-down. For ease of use, you may specify the domain used by the largest number of users or the frequently used domain in "General Settings". Once you do so, that domain will be shown selected by default in the PMP login GUI
New OS Support
  • Support for installing PMP in Windows Server 2008

Changes/Bug Fixes

Importing Resources

  • Earlier, when importing resources, if the list of resources imported by you contains any of the already existing resources, they were ignored and not added to PMP. Now, option is provided to override this rule.
Resource Type
  • PMP supports managing the website login credentials. For ease of use, a new default resource type named 'Website Account' has now been added
Active Directory Integration
  • When users are imported from domain, by default, email notification is sent to all the imported users. Now, an option has been provided to disable the Email notification.
  • Earlier, if the password of the users imported from Active Directory contained special characters such as &, %,  authentication failed. This has been fixed.
Reports
  • PMP carries out periodic checks to ascertain if the passwords stored in the system and the ones in the actual resource are in sync with each other. The results are presented as 'Password Integrity Report'. Earlier, the integrity check was being done at 1 AM everyday. Now, an option has been provided to configure the integrity check timing.
Single SignOn
  • Earlier, in IE 7, when Single SignOn was enabled and if PMP login failed, it was not possible to login to PMP with any other user name. This issue has been fixed now.
Usage of Single Quote in Email Address
  • Single quotes are now allowed in the email addresses in PMP   

PMP Release 5.4

New Features / Enhancements

Remote password synchronization for Oracle DB Server and Sybase ASE

  • Support for changing the privileged passwords of remote Oracle DB servers and Sybase ASE from PMP GUI
  • Periodic password synchronization check with remote resources now supported for Oracle DB servers and Sybase ASE

On demand check for Password Integrity

  • Option to carry out 'on demand' verification to ascertain if the passwords stored in PMP are in sync with the actual passwords of remote resources

New Resource Creation in A-to-A Password Management

  • PMP now supports resource creation also as part of Application-to-Application Management. New resources can now be created using the Password Management APIs

Support for non-English characters

  • PMP now allows non-English characters in the data stored in the database. The user interface too allows non-English characters.

Use of 'sudo' for Privilege escalation

  • PMP now allows the use of 'sudo' for privilege escalation in Linux/UNIX systems while doing password resets. This option is useful for systems where the 'root' login is disabled.

Agent-based password reset

  • Remote password reset by deploying PMP agents in remote resources, is now supported for 'Windows Domain' resources

Audit Views

  • The reason, as entered by the users for various password management activities, are now shown in a separate column in all audit views

Changes & Bug Fixes

  • While importing users from AD, added provision for capturing AD tree structure in PMP with proper representation of OUs
  • When Single Sign On was enabled, users connecting to PMP secondary server when Primary was running fine, were not redirected to the Primary. This issue has been fixed
  • Earlier, when PMP primary server was powered off and reconnected again, it took a long time to do data synchronization between primary and secondary. This has now been fixed
  • Issue related scheduling report generation has been fixed
  • Earlier, users with the role 'Password Administrator' were not able to schedule password resets and password action notifications. This is now fixed.
  • When password reset listener was invoked, PMP did not pass the old password of the respective resource as one of the arguments as expected. This has now been fixed.

PMP Release 5.3

New Features / Enhancements

  • Out-of-the-box PCI DSS Compliance Reports
  • Option to force users to provide a reason to access passwords
  • Provision to display a common message in PMP GUI to all PMP users in the GUI
  • Option to hide passwords for password users and auditors when auto logon is enabled
  • Support for configuring the database backup destination directory

Changes/Bug Fixes

  • Domain Controller connectivity check is now done based on network connectivity
  • All items in the drop-down lists in PMP have now been sorted alphabetically
  • Issue related allowing users to choose their own encryption key for managing personal passwords, has been fixed

PMP Release 5.2

New Features / Enhancements

Remote password synchronization for MySQL servers and HP ProCurve devices
  • Support for changing the privileged passwords of remote MySQL servers and HP ProCurve devices from PMP GUI
  • Periodic password synchronization check with remote resources now supported for MySQL servers and HP ProCurve devices

PMP in two editions

  • PMP is now available in two editions - Standard and Premium.

Reports in .xls format

  • Support for generating all reports in .xls format

Changes / Bug Fixes

  • If the PMP service is run with domain administrator privilege, passwords of all the local accounts in the computer (present in the domain) can be changed without the need for supplying the old password.
  • While providing authentication details in Mail Server Settings, it is now possible to select an user account already present in PMP.
  • Option to restrict users from providing their own encryption key for managing personal passwords (as part of general settings)

PMP Release 5.1

New Features / Enhancements

Remote password synchronization for Cisco devices, MS SQL servers
  • Support for changing the privileged passwords of remote Cisco devices and MS SQL servers from PMP GUI
  • Periodic password synchronization check with remote resources now supported for Cisco devices and MS SQL server

Helper for automatic login to target systems

  • Support for automatically launching remote systems, devices and applications from PMP GUI eliminating the need for copy, paste of passwords

SSL connection with external identity stores

  • Support for establishing connection with external identity stores and authentication systems (AD/LDAP) over encrypted channel

Windows Scheduled Task Password Reset

  • Support for resetting the passwords of Windows scheduled tasks along with Windows service account password reset
  • Windows service account and scheduled task password reset for multiple domains
Alerts for audit events
  • Provision for sending notifications on the occurrence of any audit event
  • Option for customizing the audit trails view
  • Option to export audit records as PDF, CSV
Activity, integrity and compliance Reports
  • Informative reports on passwords, sharing details, password usage, policy compliance, expiry details, user activity, user access details etc
  • Automatically examining remote resources for password integrity everyday and providing out of sync reports
  • Option for scheduling report generation and sending reports by email
  • Option to periodically purge audit trails
Performance Improvements
  • Performance tuning for improvement in client responsiveness
Changes & Bug Fixes
  • Option to configure the timeout for display of passwords in plain text
  • Notes field changed to accommodate more text
  • Audit trails now capture traces on resource group addition, resource import from AD, password reset reason entered by users, result of scheduled synchronization of data with AD and password policy change details
  • All default and custom fields included in the table column chooser
  • Option to search by 'Domain Name' in advanced search
  • Option to search the details entered in 'Notes' field
  • Periodic synchronization of data in PMP with AD now includes user and resource group changes and deletion
  • Issue with regard to editing criteria-based resource groups fixed
  • Issue related to providing manage share of resource group to a user group fixed
  • Issue related to copying passwords having certain special characters to clipboard has been fixed
  • Option to copy personal password account name to clipboard
  • Option to automatically clear clipboard data periodically
  • Earlier, Password Management API did not work if the resource names contained white spaces. This issue has been fixed

PMP Release 5.0

New Features / Enhancements

High Availability Support

Uninterrupted access to passwords by deploying redundant PMP server and database instances

A-to-A, A-to-DB Password Management

Support for Application-to-Application/Database password retrieval and management by deploying 'Password Management APIs'

Windows Service Account Reset

Support for automatically resetting the passwords of associated windows service accounts when the domain account passwords are reset through PMP. Optionally the windows services could be restarted remotely to force the password change immediately

Password Reset Listener

Support for invoking a custom script or executable as a follow-up action to Password Reset action in PMP

Super Admin Support

Any administrator could be made as a 'Super Administrator' with privilege to view and manage all resources in PMP

Encryption Key Management

Provision for securely storing the unique encryption key (generated during PMP installation) somewhere outside PMP and instructing PMP to read it accordingly

Importing Users/Resources from Active Directory 

  • Provision for importing user accounts associated with the computers imported as resources from AD domain
  • Provision to import specific users, groups and OUs from AD

Resource Type Customization

In addition to adding custom fields it is now also possible to remove built-in fields for the various resource types

Notification for Passwords Out of Sync

When the passwords present in PMP differ with those in the actual resource, notifications (informing the out of sync) could be sent to desired recipients

Dashboard Reports
  • The 'Home' page in PMP GUI depicts key aspects on passwords and users as dashboard reports
  • Other Reports: Detailed and snapshot reports for resources and users

Changes & Bug Fixes

  • Importing resources/ users from CSV has been simplified with the removal of format restrictions. Entries in your CSV file could be mapped to specific fields in PMP from GUI
  • Earlier, to do remote password synchronization for Linux resource type, two accounts (one root account & another remote login account) were mandatory. Now, this has been made optional through a configuration in General Settings. Remote reset could be done with only one account
  • The PMP client responsiveness for certain queries was slow. Performance tuning has now been done
  • Clipboard utility for copying passwords in Firefox browser in Linux OS did not work. This has now been fixed
  • The animation effect during the display of user accounts has been done away with
  • Listing of user names at various places in PMP has been standardized with the display of <First Name> <Last Name> in order
  • Display of various listings in PMP has been standardized with alphabetical sorting
  • Earlier, there were issues in capturing user audit when working with AD and Single SignOn enabled. This has now been fixed
  • The attribute 'DN' has been made configurable while integrating LDAP servers of type other than Microsoft Active Directory, Novell eDirectory and OpenLDAP
  • Earlier, creating criteria-based resource groups based on 'account name' did not work. This has been fixed
  • The issue in applying filters to search results spanning over more than one page in 'Home' tab, has been fixed

PMP Release 4.8 (Build 4803)

New Features/Enhancements

  • Support for securely storing different file types such as a license key, digital certificate, document, image etc. in PMP database
  • Notifications on password policy violations
  • Alert/Warning via email seven days ahead of password expiry
  • Provision to import user groups from AD and keep PMP user database automatically in sync with Active Directory
  • Provision to configure multiple domain controllers for redundancy in AD integration (user import and authentication)
  • Provision to import computers and computer groups from AD and keep the PMP resource database automatically in sync with AD
  • Support for importing users from Novell eDirectory interfaced through LDAP
  • Delegating management of resources to other admins has been extended for criteria-based resource groups
  • Resource-based quick view of passwords in 'Home' tab

Bug Fixes

  • Hitherto, 'search' in PMP was case-sensitive. It has now been made case-insensitive
  • While logging into the PMP application, the users imported from Active Directory had to use the exact case of the account name as present in the AD. This has now been made case-insensitive
  • PMP agent, when  installed in a folder not having enough privileges, threw errors. This has been fixed now.
  • Issue related to LDAP authentication in OpenLDAP has been fixed

Changes

  • The fields "Maximum Password Age" and "Reuse of old passwords" Password Policy Creation have been made optional

PMP Release 4.7 - Build 4701

Bug Fix

  • When logged in as AD user, agent download was not happening. This issue has been fixed.

PMP Release 4.7 (Build 4700)

New Features/Enhancements

  • Real-time notifications for password events like password retrieval, modification, expiry and change in access permissions
  • Automated remote password changing based on configured schedules and events like password expiry
  • Provision for setting password expiry dates and generating alerts and reports on password expiry
  • Provision for delegating management of resources to other admins (sharing management of resources)
  • Policy to enforce not to use recently used passwords
  • Remote password reset now supported for IBM AIX, HP UNIX, Solaris and Mac OS types through SSH / Telnet
  • Provision for creating policy with Windows style password complexity allowing one of numerals or special characters in the passwords
  • Support for forcefully logging out users from PMP application based on pre-defined inactivity period
  • Password generator now available during resource creation
  • Password reset actions done through the 'Forgot Password' option in the login screen are now audited
  • Provision for generating audit trails in PDF format and also to email the same

Bug Fixes

  • Handled escaping of the apostrophes in inputs causing javascript errors (in user groups and resources)
  • 'Forgot Password' features was accessible by typing the URL directly even if it was turned off. This is now fixed

Limitation

  • The search in the product is now case sensitive

PMP Release 4.6 (Build 4600)

New Features/Enhancements

  • Active Directory integration enhanced with provision for importing user groups
  • Support for filtering and viewing passwords based on resource groups
  • Provision for searching passwords and creating groups based on custom attributes
  • Support for enabling windows single sign-on as part of AD integration. Users who have logged in to the windows system using their domain account need not separately sign in to PMP
  • Default Reports: password details report and password policy compliance report
  • Option to generate reports in PDF format and to email the same
  • Support for viewing all attributes of a resource from 'Passwords View'
  • Provision for 'Live Backup' through replicated database. Whenever a change happens in the 'Master Database', it will be instantaneously replicated to the 'Slave Database'
  • New user role named 'Password Auditor' with privileges for viewing audit reports has been introduced
  • Domain name included along with user names to keep AD users unique across domains
  • Flexible general settings for switching on and off the following features on need basis:
    • Displaying/hiding 'Forgot Password' link in login page
    • Permitting/restricting personal password management for users
    • Sending/restricting Email intimation of passwords upon PMP user creation
    • Enforcing/exempting compliance to password policies
    • Enabling/disabling of remote password synchronization
    • Enabling/disabling local authentication along with AD/LDAP authentication
    • Show/hide passwords in exported resources list
  • Support for sending mails through public SMTP servers such as gmail and others
  • Support for Windows Vista OS
  • Custom attributes visible to all users who have access to the password
  • During user creation, option for administrators to specify the password for the users
  • Provision for bulk transfer of resources
  • Revamped GUI with improved navigation


Changes

  • Earlier, while adding resources, the entry for IP address/DNS Name of the resource was mandatory. It has been made optional now
  • Provision for entering first name, last name while adding users
  • Hitherto, while entering the password for an account, users were not prompted to confirm the same. To ensure the correctness of password, confirmation dialog has been added now
  • Latest version of MySQL (v 5.0.36) is now being bundled with PMP
  • The professional evaluation version now allows adding up to 3 administrator users


Bug Fixes

  • MySQL 'Access Denied' error in linux during server startup has been fixed
  • Earlier, users could delete the default resource group automatically created by PMP. This has been fixed
Password Management