11.3.2 Release Notes

When upgrading Verify Privilege Managerto a newer version, IBM Security recommends upgrading the Directory Services agent such that both are running on the same release version.

Enhancements

  • A new option, Verify group membership via Domain Controller(s) allows the user to control how te domain controller is contacted to re-authenticate the user. See the New Group Member Authenticated Message Action in the documentation.
  • A new method for adding computer names to a computer group is available using the API. A resource filter is defined by a Computer by Name Filter and computer names are populated using a Powershell script. See Creating a Computer Name Filter Collection Query.
  • Windows 10 Enterprise for Virtual Desktops (EVD) machines will now consume a Client license within Verify Privilege Manager Server rather than a Server license.

Bug Fixes

  • Correct error messages are now returned when incorrect login credentials are entered.
  • Resolved an error being displayed when when using XAML notification actions when User Access Control Consent Dialog Detected filter is added as an inclusion filter.
  • Issues with the authentication token expiring and not refreshing for large Azure Active Directory imports has been addressed. Azure Active Directory domains with large databases are now correctly synced to the Verify Privilege Manager Server.
  • An issue was resolved that caused Local Security data to unnecessarily block the deletion of some users in Verify Privilege Manager.
  • When editing a copy of the Restrict File Dialog actions, the Disable Context Menu Options setting was not properly saved. This has been resolved.
  • When deleting Active Directory organizational units (OUs) from the UI, some related objects were not properly cleaned up, leading to errors blocking further deletes. Related objects are now properly deleted.
  • Verify Privilege Manager has two different versions of the ServiceNow connector, one of them was sending InitiatorUserName and one was not. Now both versions should properly send InitiatorUserName with the format domain\username.
  • Verify Privilege Manager now functions with FIPS enabled in the Windows policy (both agent and server). Upgrade will change the default inventory hash algorithm setting to SHA256 and Authenticode 2. This fixes an error with NTLM authentication when FIPS is enabled on the PM server.

Agent Specific

Windows

  • Fixed a problem where elevation fails for Advanced system settings when it is launched from System Settings and the associated policy contains an approval/justification action.

macOS

  • macOS application policies are no longer flagged as invalid when using a message action with the option Applies To All Processes when the action Allow Package Installation is also used.