pointsec for pc – revision tracking...profile. passwords do not match when attempting to deploy an...

Released with Pointsec for PC EW 5.2.3 Hotfix 10

Revision Tracking - Confidential (July, 2007) 1

Pointsec for PC – Revision Tracking © Copyright Pointsec Mobile Technologies AB, 1997-2007 This document contains information on changes and correction implemented in previous versions of Pointsec for PC. For new functionality, changes, corrections and the latest information on the current release, see the release notes. Contents

Pointsec for PC 5....................................................................................................................... 4 Changes and Corrections in 5.2.3 HF8 ..................................................................................... 4 Changes and Corrections in 5.2.3 HF6 ..................................................................................... 4 Changes and Corrections in 5.2.3 HF5 ..................................................................................... 4 Changes and Corrections in 5.2.3 HF3 ..................................................................................... 5 Changes and Corrections in 5.2.3 HF2 ..................................................................................... 5 Changes and Corrections in 5.2.3 ............................................................................................. 5 Changes and Corrections in 5.2.2 ........................................................................................... 13 Changes and Corrections in 5.2 .............................................................................................. 14 Changes and Corrections in 5.1.3 ........................................................................................... 14 Changes and Corrections in 5.1.2 ........................................................................................... 15 New in 5.1.1............................................................................................................................. 15 Changes and Corrections in 5.1.1 ........................................................................................... 16 Changes and Corrections in 5.1 .............................................................................................. 16 New in 5.0................................................................................................................................ 16 Changes and Corrections in 5.0 .............................................................................................. 16 Pointsec for PC 4.1 Releases.................................................................................................. 17 Changes and Corrections in 4.1 SR 2.19.1............................................................................. 17 Changes and Corrections in 4.1 SR 2.19................................................................................ 17 Changes and Corrections in 4.1 SR 2.18................................................................................ 17 Changes and Corrections in 4.1 SR 2.17b.............................................................................. 18 New Functionality in 4.1 SR 2.17 ............................................................................................ 18 Changes and Corrections in 4.1 SR 2.17................................................................................ 18 New Functionality in 4.1 SR 2.16 ............................................................................................ 18 Changes and Corrections in 4.1 SR 2.16FT ........................................................................... 18 New Functionality in 4.1 SR 2.15 ............................................................................................ 18 Changes and Corrections in 4.1 SR 2.15................................................................................ 18 New Functionality in 4.1 SR 2.14 ............................................................................................ 19 Changes and Corrections in 4.1 SR 2.14................................................................................ 19 Changes and Corrections Made in Release 4.1 SR 2.1.......................................................... 19 Changes and Corrections Made in Release 4.1 SR 2.0.4....................................................... 20 Changes and Corrections Made in Release 4.1 SR 2.0.3....................................................... 20 Changes and Corrections Made in Release 4.1 SR 2.0.1....................................................... 20 Changes and Corrections Made in Release 4.1...................................................................... 20 Changes and Corrections Made in Patch 4.0 SR 4.1.............................................................. 20 Changes and Corrections Made in 4.0 SR 4.1........................................................................ 20 Changes and Corrections Made in 4.0 SR 4........................................................................... 20 Changes and Corrections Made in Patch 4.0 SR 4................................................................. 21



Changes and Corrections Made in 4.0 SR 3.5........................................................................ 21 Changes and Corrections Made in 4.0 SR 3.4........................................................................ 21 Changes and Corrections Made in 4.0 SR 3.3........................................................................ 21 Changes and Corrections Made in Patch 4.0 SR 3.3.............................................................. 21 Changes and Corrections Made in 4.0 SR 3.2........................................................................ 21 Changes and Corrections Made in Patch 4.0 SR3.1............................................................... 22 Changes and Corrections Made in 4.0 SR 3.1........................................................................ 22 Changes and Corrections Made in 4.0 SR 3........................................................................... 22 Changes and Corrections Made in 4.0 SR 2.3........................................................................ 23 Changes and Corrections Made in 4.0 SR 2.2........................................................................ 23 Changes and Corrections Made in 4.0 SR 2.1........................................................................ 23 Changes and Correction in 4.0 SR 1 and SR 2....................................................................... 24 Features Introduced in Pointsec 4.0........................................................................................ 24 Pointsec for PC 4.2 Releases.................................................................................................. 25 Changes and Corrections in 4.2 SR 1.8.................................................................................. 25 Changes and Corrections in 4.2 SR 1.7b................................................................................ 25 New Functionality in 4.2 SR 1.7 .............................................................................................. 25 Changes and Corrections in 4.2 SR 1.7.................................................................................. 25 New Functionality in 4.2 SR 1.6 .............................................................................................. 26 Changes and Corrections in 4.2 SR 1.6FT ............................................................................. 26 New Functionality in 4.2 SR1.5 ............................................................................................... 26 Changes and Corrections in 4.2 SR 1.5.................................................................................. 26 New Functionality in 4.2 SR 1.4 .............................................................................................. 26 Changes and Corrections in 4.2 SR 1.4 build 193 .................................................................. 26 Changes and Corrections in 4.2 SR 1.4.................................................................................. 26 Changes and Corrections Made in Release 4.2 SR1.3........................................................... 27 Changes and Corrections Made in Release 4.2 SR1.1........................................................... 27 Changes and Corrections Made in Release 4.2 SR 1............................................................. 27 Changes and Corrections Made in Release 4.2 SR 0.4.......................................................... 28 Changes and Corrections Made in Release 4.2 SR 0.3.......................................................... 28 Changes and Corrections Made in Release 4.2 SR 0.1.......................................................... 28 Changes and Corrections Made in Release 4.2...................................................................... 28 Changes and Corrections Made in Patch 4.0 SR 4.1.............................................................. 28 Changes and Corrections Made in 4.0 SR 4.1........................................................................ 28 Changes and Corrections Made in 4.0 SR 4........................................................................... 29 Changes and Corrections Made in Patch 4.0 SR 4................................................................. 29 Changes and Corrections Made in 4.0 SR 3.5........................................................................ 29 Changes and Corrections Made in 4.0 SR 3.4........................................................................ 29 Changes and Corrections Made in 4.0 SR 3.3........................................................................ 29 Changes and Corrections Made in Patch 4.0 SR 3.3.............................................................. 29 Changes and Corrections Made in 4.0 SR 3.2........................................................................ 29 Changes and Corrections Made in Patch 4.0 SR3.1............................................................... 30 Changes and Corrections Made in 4.0 SR 3.1........................................................................ 30 Changes and Corrections Made in 4.0 SR 3........................................................................... 31 Changes and Corrections Made in 4.0 SR 2.3........................................................................ 31 Changes and Corrections Made in 4.0 SR 2.2........................................................................ 31 Changes and Corrections Made in 4.0 SR 2.1........................................................................ 32



Changes and Correction in 4.0 SR 1 and SR 2....................................................................... 32 Features Introduced in Pointsec 4.0........................................................................................ 32



Pointsec for PC 5 This section contains information on changes and corrections made in the previous releases of Pointsec for PC 5.

Changes and Corrections in 5.2.3 HF8 ID About Details 7609 Update profiles are not

imported on machines on which Pointsec for PC has been installed using an installation profile.

Passwords do not match when attempting to deploy an update profile on machines installed with an installation profile. The following message is written to the event log: “User log - The password for the update profile named <[path to profile]\profilename.UPP> is invalid or out of sync with current settings. Please contact technical support or administrator”. The password mismatch was found in Pointsec for PC 5.2.3 HF3-HF7. This issue has been resolved. Note: update profiles created on Pointsec for PC 5.2.3 HF3-HF7 must be resaved on HF8.

8775 Revised virus detection. The virus check has been revised to correct the erroneous virus warnings that were issued on certain machines.

8776 Improved performance when booting from a bootable CD via the Pointsec for PC alternative boot menu.

Performance when booting from a bootable CD via the Pointsec for PC alternative boot menu has been improved. On certain machines, the time required to boot from a bootable CD was experienced as long. This issue has been resolved.

Changes and Corrections in 5.2.3 HF6 ID About Details 8539 Network activity occurs

during a installation using a profile.

When using an installation profile to install Pointsec for PC, there is network activity to the search paths entered in the install profile. This activity should not occur in this situation. This issue has been resolved in this hotfix.

Changes and Corrections in 5.2.3 HF5 ID About Details 7826 Password transfer does

not take place. Changing the password locally on a client does not trigger a transfer of the password to the MI Framework. The issue was caused because a Pointsec for PC system file was not properly created on systems using partition layouts that have partitions without a driver letter, for example, the following partition layout description: | Primary, NTFS, No Drive letter assigned | Primary, NTFS, Drive letter C: assigned, Active | This issue has been resolved in this hotfix.



Changes and Corrections in 5.2.3 HF3 ID About Details 6428 Fatal error under

heavy load when PME and Symantec Antivirus 10 are installed on the same system together with Pointsec for PC.

The fatal error caused under a heavy load when PME, Symantec Antivirus 10, and Pointsec for PC all installed on the same system has been resolved. This issue has been resolved.

5894 Interoperability issue with the ATI Radeon X1300 Graphics chip and the ATI Mobility FireGL V5200 chip.

Colors in the Pointsec pre-boot environment can be distorted when running Pointsec for PC on machines with an ATI Radeon X1300 graphics chip and the ATI Mobility FireGL V5200 graphics chip. This issue has been resolved.

Changes and Corrections in 5.2.3 HF2 ID About Details 5872 BSOD after

hibernating during update profile process.

This issue has been resolved.

6594 Hibernation issue – User fail to log in after wakeup.


Changes and Corrections in 5.2.3 ID About Details 5915 Cosmetic errors in

update profile messages.

The errors have been corrected.

5914 Problem when incorrect password is entered for Entrust sign on.

The following scenario describes the problem. With Entrust Signon on the system, lock the workstation. When you press ctl-alt-del, a Pointsec login screen appears, and you input an incorrect password. Instead of the Pointsec login screen reappearing, an Entrust login screen appears. You cannot input anything in this screen, press OK, or press Enter; you must press Cancel. Then the native Windows screen is displayed again, you cannot input anything but press Cancel. Only then can you press ctl-alt-del to display the Pointsec login screen and input a correct password. This issue has been resolved.

5817 Boot from alternative boot media possible during Wake-on-LAN logon.

This issue has been resolved. During Wake-on-LAN, only "normal" logon is allowed.

5811 Setting a logon delay disables Wake on LAN.

When a logon delay is set, Wake on LAN does not logon. If no delay is set, WOL works. This issue has been resolved.

5722 Restriction in placement of third party ginas.

If a third party gina was not installed in \windows\system32, it failed to load and msgina was



ID About Details loaded instead. This issue has been resolved.

5581 Default setting of “IgnoreOldInstallation” in precheck.txt.

The default value of the precheck.txt setting, has been changed to: "IgnoreOldInstallation=Yes"

5572, 5573, 5826, and 5320

Support for hibernation with AHCI enabled on Windows XP. And support for hibernation of Windows 2000 clients

If you had a Windows XP installation with AHCI enabled on Windows XP, you were prevented from putting the PC into hibernation. Pointsec issued a message saying that disk hibernation is not allowed on the system. A similar limitation occurred on all Windows 2000 machines. Hibernation with AHCI enabled is supported, thus this issue has been resolved.

5504 Readme.txt is missing This issue has been resolved. 5476 Entrust-retrieving

information on revoked certificates.

When running Windows Server 2003 and Active Directory 5.2 and Windows Server 2003 and Entrust Authority S.M. 7.1, the following workaround will provide the information on revoked certificates: Configure the Active Directory server. Use the MMC extension ADSIEdit. http://computerperformance.co.uk/w2k3/utilities/adsi_edit.htm Step 1: - Connect to “Configuration”. - Browse to: “CN=Configuration”,“CN=Services”,“CN=Windows NT”,“CN=Directory Service”. - Choose properties for “CN=Directory Service”. - Edit the “dsHeuristic” attribute: set it to “0000002” (Allow anonymous operation permitted by ACL.) - http://support.microsoft.com/default.aspx?scid=kb;en-us;326690 Step 2: - Connect to “Configuration”. - Browse to: “CN=Configuration”,“CN=Services”,“CN=Public Key Services”,“CN=AIA”: - Choose properties for “CN=AIA”: - Select the “Security” tab: - Add “ANONYMOUS LOGON” and go to its Advanced properties: - Edit its Permission Entries and make sure the following are checked: List Contents, (List Object), Read All Properties, Read Permissions. - Apply to: “This object and all child objects” Next: Trigger Pointsec account lockout using Entrust Revocation: Use the Entrust – Security Manager Administration. - Revoke the account used together with the Entrust



ID About Details Single Sign-On enabled Pointsec user account. - Make sure to “Issue Updated CRLs”. Client PC - Start Client PC. - Authenticate to Pointsec. - A message will soon be displayed: “Your Pointsec account has been locked due to a revoked Entrust profile.” - Authentication to Windows will be denied. - The event has been logged. The workaround is now completed.

5434 Hibernation - Session not reset after "One Time login"

Scenario: 1) Hibernate machine with USER2 2) Do a "One Time login" on USER1 3) Windows will resume session (security issue?) 4) Logon with Windows user and then Shutdown 5) When logging on with USER1 you will get a dialog saying "Only USER2 or sysadmin can logon..." So the previous session was not reset.

5433 Token users get “Invalid Logon” after hibernation.

The following scenario leads to the problem: 1) Logon with a token user account (for example, username: ADMIN2) 2) Logon to Windows 3) Hibernate 4) Logon with fixed password user account. This logon is not allowed. 5) Try to logon with the ADMIN2 user account, and the “Invalid Logon” message is displayed. This issue has been resolved.

5322 Saved uninstall profiles could be corrupted when closed.

After creating and saving an uninstall profile, you close the profile and receive either an “Out of Memory” error or “This profile is corrupt” error. If profile was put on a machine in \pointsec\work in order to uninstall, the machine gave a C++ runtime error. This issue has been resolved.

5321 Selecting versions for uninstall in an uninstall profile

5.2.2 is not selectable when creating uninstall profile. If 5.2.0 is selected and the profile is created, the uninstall process starts, does not complete. This issue has been resolved.

5320 Restriction in support of hibernation when using SATA hard drives with Windows 2000.

Hibernation does not currently work on Windows 2000 with SATA hard drives. This issue has been resolved.

5313 Novell - SSO malfunctions in offline mode

When using the Novell W32 client and GINA on a Windows XP workstation, Pointsec and the Novell client fail to interoperate and perform SSO when the PC is disconnected from the network. When the PC is connected to the network, SSO works, but most PCs protected by Pointsec with the Novell client



ID About Details have an option to work disconnected. With that setting enabled, Novell will automatically detect if the network is available and logon locally with the AD password. The SSO does not work even if the two passwords are the same, and they will be because of back-end sync. Note the following: A Novell specific registry value controls whether the logon dialog is displayed in "Workstation Only"-mode or in "Online"-mode. The value is a DWORD and is named "Default WS Only". Location in registry: HKLM/SOFTWARE/Novell/Login/ A value of 0 (zero) initiates a normal NDS logon. A value of 1 forces a workstation only logon. Upon SSO we set this value to 0 (zero) in order to try online mode at first. If the network is unavailable we set the value to 1 initiating workstation only mode.

5223 Administrator with the permissions “Add User” and “Delete Users” could not delete an administrator or user.

An administrator who was logged on with the following – “Add User” and “Delete Users” authority required in addition “Change Properties for Users” and “Change Properties for Administrators” authorities to be able to delete a user or administrator. This issue has been resolved.

5179 Max values for precheck.txt not documented in manual.

Scenario: 1) Change value UpdateInterval="180" to "720" in precheck.txt 2) Install Pointsec for PC 3) Run regedit Value UpdateInterval in "HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec" is not changed. Still value 180 set The max value for UpdateInterval is 180, but this is not documented. The maximum and minimum values for all precheck.txt values have now been documented in the Installation Guide.

5130 Security problem when using ActiveCard smart cards.

A user could logon with other smart cards than the smart cards assigned to him or her. This issue has been resolved.

5106 Original database still used after upgrade through work folder.

If you installed certain versions of Pointsec for PC and then upgrading through the work folder, added, for example, new user accounts and changed some system settings, and then upgraded to Pointsec for PC 5.2, the new user accounts and changes to system settings would be lost. This issue has been resolved.

5044 Product information not updated during upgrade.

In the following scenario: 1) Install Pointsec for PC 5.1.3



ID About Details 2) Upgrade to Pointsec for PC 5.2 3) Go to "Add/Remove" and click on "Support information ..." The Pointsec version displayed is 5.1.3. This issue has been resolved.

5017 Incomplete description of precheck.txt

The relevant text in the Administrator’s Guide has been updated.

4989 Synchronized passwords become out of synch when using [email protected]

When logging on with your domain username (with password synch and SSO enabled) and changing your password via CTRL-ALT-DEL, Pointsec for PC might miss the password change. Thus, the passwords would be out of synch. This issue had been resolved.

4905 Erroneous preboot text in Spanish translation corrected.


4904 The 5.2 version of Pointsec could hang during a chkdsk /r.


4903 The 5.2 version of Pointsec could issue a general protection fault if you pressed ctrl-alt-del while in the preboot logon environment.


4902 Earlier versions of Pointsec could crash during hibernation.


4900 Support encryption of AHCI-enabled SATA hard drive systems.

Earlier versions of Pointsec 5.2 froze while loading Windows XP if AHCI was enabled in the BIOS settings on AHCI-enabled systems that have SATA hard drives. This issue has been resolved.

4748 In certain instances a dialog in mistakenly displayed to users with single sign-on and Windows password synchronization active.

In following scenario: 1) Add a user with SSO and Windows password sync enabled. 2) Make sure that SSO and password sync chain is up. 3) Change the Maximum Password Age to 1 day in the Local Policy. 4) Reboot the machine and “Your password will expire Today….”. is displayed. Click YES. 5) Change password and press OK. A Pointsec dialog is displayed telling the user to enter the current Pointsec password. This dialog should not appear as passwords are in sync. This issue has been resolved.

4725 Password settings not inherited as expected when “Group Inheritance” was enabled

Password settings ‘Fixed Password’, ‘Dynamic Password’, and Dynamic Token’ are not inherited as expected when “Group Inheritance” was enabled. This issue has been resolved.

4663 Incorrect value Occasionally during logon, the wrong value is displayed in



ID About Details displayed in the “Server” field when using SSO and password synchronization with Pointsec for PC 5.2 and Novell Client 4.9

the ‘Server’ field of the Novell Client. The value is usually replaced by another IP or NetBIOS name. This issue had been resolved.

4625 Entrust - Smartcard user locked when changing password.

If you have Entrust SSO enabled and the Entrust profile on your smartcard/token choosing to change password triggers a loop. This issue had been resolved.

4502 Possibility of receiving misleading messages after changing the time zone

If you follow this scenario, you can receive the following misleading messages: 1. Set Windows Time Zone to Central Time (GMT -6). 2. Install using 5.1.3 AES (2005.05.20 13.22.14 build 663) and allow the system to fully encrypt. 3. Change Windows Time Zone to GMT. 4. Reboot machine. 5. Login to Pointsec. 6. Login to Windows. 7. Change Windows Time Zone to Central Time (GMT -6). 8. Reboot machine. 9. Enter the userid used in step 5 and hit tab key. 10. The system immediately displays: Pointsec The date and time of your PC has been changed to a time earlier than when you made your most recent password change. OK [Note: this message had been changed to : The date and time on your PC has been changed. This may affect the order in which items are displayed in the log.] Continue this scenario. 11. Click OK. 12. You will get another window: Pointsec One or more failed login attempts on this PC OK [Note: this message is incorrect because there have not been any unsuccessful logins. Ignore it and continue.] 13. Enter the password and click OK. 14. You will get the normal “Previous successful login” window. 15. Machine will boot normally. As noted above, the message has been corrected to provide better information to the user: The date and time on your PC has been changed. This may affect the order



ID About Details in which items are displayed in the log.

4321 Error during hibernation An error occurs on certain machines during hibernation after an upgrade. Scenario: 1) Install Pointsec for PC 5.1.3 and encrypt the C drive 2) Upgrade to 5.2 3) Enable hibernation in Pointsec and hibernation prior to closing the lid 4) Select "Hibernation" from the Shut Down menu, and, after selecting Hibernate, close the lid on your laptop. This produces the following error: "Driver_IRQL_NOT_LESS_OR_EQUAL" 0xD1 (0x930A, 0xFF, 0x01,0x81687FD4) This issue has been resolved.

4238 Password synchronization when using remote desktops

In certain circumstances users might experience problems with password synchronization when using two different users with remote desktops. This issue has been resolved.

4227 Error in Administrator’s Guide text on location of files needed for software update.

The text concerning the location of files required from software update has been corrected: The files needed for the software update are located in the /SetupFiles/Software Update/Aes or /SetupFiles/Software Update/Bc folders on the Pointsec for PC CD.

4210 In certain circumstances, the InstallShield freezes when uninstalling.

In the flowing scenario: 1) Install Pointsec for PC 4.2 sr 1.9 2) Install PME 2.3.1 3) Upgrade to 5.1.3 4) Uninstall 5.1.3 InstallShield is interrupted and freezes. This issue had been resolved.

4203 Uninstall - Not able to uninstall Pointsec for PC 5.1.3 completely after upgrading from Pointsec for PC 4.2 sr 1.9.

Scenario: 1) Install Pointsec for PC 4.2 sr 1.9 2) Install PME 2.3.1 3) Upgrade to 5.1.3 4) Uninstall 5.1.3 The Installshield is interrupted and freezes. This issue has been resolved.

4174 Description of “Display challenge as” missing from documentation

A description of the function "Display challenge as" was missing in the 5.2 documentation. The description has been added to the 5.2.3. version of the Administrator’s Guide.

4157 General protection fault at pre-boot authentication on TravelMate 8000.

A general protection fault could occur when Ctrl-Alt-Del was pressed during pre-boot authentication on a TravelMate 8000 machine. This issue has been resolved.

4141 Hibernation could be Although hibernation was not supported, the selection was



ID About Details selected although not supported.

displayed to the user. This issue has been resolved.

4139 Problem with AHCI on Fujitsu 7020s

On Fujitsu 7020s: if AHCI was enabled and volumes were encrypted the machine will froze during Windows XP boot. This issue has been resolved.

4137 Correction to descriptions of “Locked and Inactive” in Administrator’s Guide

The following text has been updated on p.29 of the Administrator’s Guide under "Specifying Properties for User Accounts in the Group Account": Locked and Inactive = a user account that has been locked after attacks or failed attempts to login, and which the system administrator has defined as locked and inactive pending an investigation. Also, an account can be set to inactive by the system administrator when someone tries to log on before it is set up as available or after it has been set to inactive. and on p. 42 in Administrator’s Guide under "Setting User Account Properties": Locked and Inactive = a user account that has been set to locked and inactive (the account has been blocked) after attacks or failed attempts to login, and which the system administrator has defined as locked and inactive pending an investigation. Also, an account can be set to locked and inactive by the system administrator when someone tries to log on before it is available or after it has been set to inactive.

4130 Choice of encryption algorithm.

Previously you could experience problems when choosing the algorithm with which to encrypt. This has been corrected so that you have the following choices: For Blowfish/Cast: choose one of these two algorithms. For AES/3DES: choose one of these two algorithms.

4117 Entrust – Pointsec dialog mistakenly displayed.

After launching the "Create Entrust Profile" wizard to create an EDS profile, a Pointsec dialog box is displayed by mistake. This issue has been resolved.

4085 Documentation error in Administrator’s Guide 5.1.3

Error on page 76 of the 5.1.3 Administrator’s Guide. There it states: Note: To ensure that you do not make changes to accounts that do not need updating, delete the accounts from the update profile before you start adding, editing or deleting the accounts you want to change. This has been corrected to say´: To ensure that you do not make changes to accounts that do not need updating, set the accounts to inactive in the update profile before you start adding, editing or deleting the accounts you want to change.

4056 Name not updated when changing Name and Organization using an

Previously the Name would not be updated in the following scenario: 1) Attempt to use an update profile to change the Name



ID About Details update profile.

and the Organization to which Pointsec for PC is licensed. 2) Only the Organization will be updated. This issue has been resolved.

3962 Silent profile installation not silent.

A silent installation displays a dialog during installation. Here is the scenario that produces the problem: 1) Create a silent profile and enter some text under "Information" tab in the "Short Profile Description..." field. Enter some text in "Detailed Profile desc..." 2) Place the .ipp file under same folder as setup.exe and install Pointsec of PC with the "setup.exe /s" switch. 3) The installation dialog displays a dialog with the text entered in "Short Profile Desc...". This issue has been resolved.

3956 Typographical error in a message box.

Message now reads: “The password contains non standard English characters (A-Z allowed)”

Changes and Corrections in 5.2.2 ID About Details 4900 Support encryption

of AHCI-enabled SATA hard drive systems.

Earlier versions of Pointsec 5.2 froze while loading Windows XP if AHCI was enabled in the BIOS settings on AHCI-enabled systems that have SATA hard drives. This issue has been resolved. Note: Pointsec still does not support hibernation on AHCI-enabled systems. If AHCI is detected in the registry, Pointsec disables hibernation. To force the system to hibernate anyway you can set the following registry key=HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec\ForceHiber=1

4902 Earlier versions of Pointsec could crash during hibernation.


4903 The 5.2 version of Pointsec could issue a general protection fault if you pressed ctrl-alt-del while in the preboot logon environment.


4904 The 5.2 version of Pointsec could hang during a chkdsk /r.


4905 Erroneous preboot text in Spanish translation corrected.




Changes and Corrections in 5.2 ID About Details 3323 Removing with an

uninstall profile Previously, when removing Pointsec for PC using an uninstall profile, the administrator had to ensure that the profile was only distributed to workstations that were running the version he or she wanted to remove. Otherwise, the uninstall profile may have removed the wrong version. This issue has been resolved.

3252 Failed system launch on systems with multiple partitions / volumes and first partition is hidden system support partition / volume

In the case where the system was installed with multiple partitions/volumes and the hidden system support partition was the first partition/volume, the failure to encrypt/boot-protected all un-hidden volumes could previously result in a failed system launch. This issue has been resolved.

2261 Graphics problem when providing Remote Help.

During a Remote Help procedure, at the Verifying Integrity stage, the computer screen may appear to cease functioning. This issue has been resolved.

1764 Updating Software – Smart Card User Accounts

When updating from previous releases of Pointsec for PC, smart card users are not be able to log-in because their smart cards need to be reinitiated. This issue has been resolved.

1762 Log Can Cause a Computer to Become Unstable

The internal log function, under certain circumstances, may cause the PC to become unstable and return: KMODE_EXCEPTION_NOT _HANDLED. This issue has been resolved.

1758 Authentication/User Identification

When Single Sign-On (SSO) is temporarily disabled in Pre-Boot Authentication login mode, the first authentication attempt will fail when being authenticated using a Pointsec for PC user account with a dynamic password. This issue has been resolved.

1740 Open Log button not available

Given that all users have Open Log privileges, (on the Privileges-tab under System Settings) - when users and administrators with limited authority log on, the Open Log button is not available, nor is it available from the drop down menu. This issue has been resolved.

Changes and Corrections in 5.1.3 ID About Details N/A Installing EPSL

versions The problem installing EPSL versions with AES has been corrected.

3591 3639

Issue with local user accounts.

Previously, local user accounts needed local system administrator permissions for an update profile to be correctly deployed. This has been corrected. Note When adding Pointsec user accounts using an update profile you must set a password for each account included in the profile. Only accounts with passwords will



ID About Details be added.

Changes and Corrections in 5.1.2 ID About Details 3591 Issue with local user

accounts. Local user accounts needed local system administrator permissions for an update profile to be correctly deployed. This has been corrected. Note When adding Pointsec user accounts using an update profile you must set a password for each account included in the profile. Only accounts with passwords will be added.

New in 5.1.1 Alternative media for Pointsec for PC recovery – Recovery operations using CD-ROM, USB memory, or floppy disks. The following machine types have successfully booted from USB recovery disks: • IBM T42 • IBM T42 (Fingerprint reader) • Dell Latitude D400 • Dell Latitude D505 • Dell 370 • HP/Compaq D230MT • HP/Compaq Nx7010 Other machines may also work. The following machines have failed to boot from USB recovery disks: • Acer Ferrari 3200 • IBM T20 • IBM T21 • Interaq ( • HP/Compaq Deskpro workstation D30 • HP/Compaq 1015v • HP/Compaq Armada M700 • HP/Compaq dx2000M • HP/Compaq Deskpro EP Support IBM Rescue & Recovery Ultra (RRU) installation on client system Pointsec installer support “Re-Installation” operation to existing system where C:\ (Root) volume was re-imaged, but other volumes with encrypted data exist, without loss of the existing encrypted volumes. Provided that the installation profile used has same (most) users configured with same credentials. Implementation of “RecoverServiceUser” concept Users with “RecoverServiceUser” suffix in user name are added to recovery media, even if the account is locked. Support for additional characters (symbols) in Pointsec user name Pointsec Username now supports the following characters: “-“ [dash], “_” [underscore], “@” [at symbol], “ ” [space], and “.” [period] characters.



Changes and Corrections in 5.1.1 ID About Details N/A EPSL installation The EPSL installation problem has been corrected. N/A OEM support OEMVAR feature is completed N/A Incompatibility Fixed hardware incompatibility with HP-Compaq D51S,

HP-Compaq nx9110 and Dell Insprion 8000. 2785 IBM MBR A previous issue has been fixed.

Changes and Corrections in 5.1 ID About Details N/A Operating systems

supported This release is only supported on workstations running Windows 2000 or Windows XP (SP1 and SP2).

2893 Problems upgrading EPL installations

These issues have been corrected.

2873 No Pointsec for PC entry in Windows Add/Remove Programs

Pointsec for PC is now listed in the Add/Remove Programs list.

2272 Problem when importing a profile.

There was a possible problem due to incompatibility when importing a profile. This problem has been solved.

2253, 2254

Problems when booting with USB memory sticks inserted.

These problems were related to one specific workstation and were never reproduced on any other workstation. These issues are now considered closed.

New in 5.0

• Support for multi-processor and hyper-threading systems • Microsoft Installer (MSI) based installation package • Upgrade support for previous versions of Pointsec for PC 4.1 and 4.2 • Single product for all encryption methods supported, instead of two separate product

versions • Improved Pre-Boot Authentication memory handling for better hardware support and

future enhancement • Support for IBM Rescue & Recovery Master Boot Record (MBR), delivered with all

IBM systems as of this year • Improved password synchronization operation

Changes and Corrections in 5.0 • Serial numbers – a company can update Pointsec for PC to this release using their

old 4.X serial number.



Pointsec for PC 4.1 Releases Changes and Corrections in 4.1 SR 2.19.1 • The Administrator’s Guide no longer contains documentation regarding removing Pointsec

for PC manually. This documentation is available internally now. Contact the documentation department for more information.

• How Pointsec for PC handled the last user login in the WOL state was fixed. • The problem with view log privileges was fixed. • An issue when updating software from 4.2 SR 1.8 was resolved. • It became possible to add up to four search paths to the recovery folders in installation

profiles. • Users with normal PowerUser access rights in Windows are now able to get update

profiles. • The Password tab is no longer missing from the Add User dialog box in Pointsec Admin. • An issue with SSO was fixed and SSO now cleans up entirely after execution. • WOL now works correctly when search path and “allow windows login” are set.

Changes and Corrections in 4.1 SR 2.19 Using periods/full stops in user and group account names became possible in this release.

Changes and Corrections in 4.1 SR 2.18 • Issue with USB memory – The issue with USB memory was corrected. • Pointsec Admin – A problem, which occurred when starting Pointsec Admin, was solved. • A compatibility issue with profiles created in the previous 3 service releases was resolved. • Suspected h/w incompatibility with IBM R31 was a BIOS problem. Ensure you have the

latest BIOS available installed. • Remote Help – A problem if incorrectly entering a user name was solved. • Installing on local drive Z is now possible. • Pointsec for PC Icons in Taskbar – the issue has been corrected. • Single Sign-On

An issue with changing passwords was corrected. Members of a Novell or Microsoft network with Pointsec for PC Single Sign-On no longer have to log-in to both accounts twice before SSO becomes fully functional. Changing screen resolution no longer disables SSO.

• Update Profiles Update profiles now import correctly via Pointsec for PC when Pointsec for PC is installed on a Windows 2000 computer that does not have the drive letters labeled in alphabetical order. Computers that have a zip drive with disk ID 0 now import profiles correctly.

• Enhanced software update Software update performance has been enhanced and updates now complete faster.



Changes and Corrections in 4.1 SR 2.17b • The language loading issue with Pssogina.dll solved. • The problem with install.exe was corrected. Note, this fix is not supported on systems

running Windows 9x.

New Functionality in 4.1 SR 2.17 • New temporary lockout settings • New SSO setting

Changes and Corrections in 4.1 SR 2.17 • Viewing and size of central log files

Only logs from the same installation are listed. 30,000 byte limit removed. The memory needed is allocated.

New Functionality in 4.1 SR 2.16 • New Pointsec Service • Synchronizing Windows and Pointsec Passwords • Integration of Pointsec File Encryption and Pointsec for PC

Changes and Corrections in 4.1 SR 2.16FT • WOL User Locked-out

You cannot extend authority after a WakeOnLAN start without being locked out after a short period. This is now documented as a condition of using WOL functionality.

• Remote Help Compatibility issues in Remote Help are now handled.

New Functionality in 4.1 SR 2.15 • New WOL Setting

A new WOL setting, Allow Windows logon, has been added. See the Administrator’s Guide for more information.

• Smart Card Authentication Supports Domain Authentication (ID 738) Re-authenticating to Windows (with password) in lock screen is now possible for smart card users.

Changes and Corrections in 4.1 SR 2.15 • Updating Serial Numbers Using Profiles (ID 736)

Previous possible problems updating serial numbers using profiles have been corrected. • Keyboard Handling (IDs 472, 740)

Keyboard issues have been fixed. • Tracking Install.exe (ID 734)

You can now review the install.exe process to see when the installation is finished (e.g. silent install to track when a reboot is needed).

• Installing with Slovakian License Number (ID 735) Previous problems when installing with a Slovakian license number have been resolved.

• Log Problem Solved (ID 739) A problem associated with the length of lines in the log has been resolved.



New Functionality in 4.1 SR 2.14 • Converting webRH Profiles for Use at EPL Installations • Stricter Control over Change System Settings Authority

Changes and Corrections in 4.1 SR 2.14 • Starting an Approved Software Update

In some cases, when updating from 4.2 SR 1.3, approved software updates did not always start to run because of settings in the user policy. This has now been corrected.

• Navigating in the Uninstall Dialog Box Previously, it was not possible to use the mouse to navigate in Uninstall dialog box fields. This has been corrected.

• Unlocking Screensaver as System Administrator Windows 98 – Previously, it was not possible to unlock a screensaver as system administrator even if that option had been set. This has been corrected.

• User Password Requirement and Profiles Previously, it was not possible to create a profile when logged on using a user account that had the password requirement ‘Upper and lower case’. This has been corrected.

Changes and Corrections Made in Release 4.1 SR 2.1 • SSO and Forced Password Change

Previously, when NT forced a change of password, Single Sign On (SSO) did not work again until after you deselected the SSO option, rebooted, selected SSO and then rebooted again. This has now been corrected.

• Spanish-Mexican Keyboard Layout The issue with unwanted characters shown when using Spanish-Mexican keyboard layout corrected.

• Installing Pointsec on System Drives with Unit Letter Other than C • It is now possible to install Pointsec on system drives that have unit letter other than those

named C. Files Removed The following files that were included in previous versions of Pointsec are no longer included: ACSMC.dll, P95Serv.exe, SetupSSO.exe

• Changing User Names in 16-bit Mode A correction has been made for when a user name is changed in 16-bit login. SSO settings were shown incorrectly for a new user. SSO was not active even if setting was shown. This has now been corrected.

• The Tray Program A correction has been made for how the tray program checks for files. This corrects issues with Norton Antivirus. A correction has been made to the tray program regarding CPU usage. Pointsec´s tray icon did not release CPU after having started other Pointsec programs internally. This is now corrected. Encryption status in the tray could show an incorrect value if more than 23 GB was encrypted. This has now been corrected.

• Upper- and Lowercase Letters in User Name Fields The Pointsec login screen now displays upper- and lowercase letters in the user name field.

• Corrections to the Pointsec Driver The following issues have been corrected: Plug-and-play issues ZIP drive lost Encryption stopping on NT after 3 volumes System failures occurring due to incorrect handling of IO requests



• The Pointsec Readme File The Readme file is now read from the root of the installation folder. This makes translations easier to implement.

• Updating Profile Passwords The update profile password issue has been corrected.

• Upgrading The check for versions before upgrade starts has been improved.

Changes and Corrections Made in Release 4.1 SR 2.0.4 • Interrupted Login of Temporary User

Interrupting a logon with a temporary user on a system with multiple volumes could cause the encryption process and user access to partitions to not work correctly. This is now corrected.

• MO Drives The issue with MO drives has been corrected.

Changes and Corrections Made in Release 4.1 SR 2.0.3 • Bad Sectors

Pointsec normally handles bad sectors. However, in previous versions of Pointsec, if a disk contained many bad sectors, the encryption could stop without giving any notice to the user about this. Pointsec now informs the user with an information dialog if this scenario occurs and also creates a log entry.

• Boot Time on Windows XP The issue with increased boot time for Windows XP systems when Pointsec was installed is corrected.

Changes and Corrections Made in Release 4.1 SR 2.0.1 • Encryption Process and Heavy Workloads

Issue with encryption not starting due to service startup failure on machines with a heavy workload during startup corrected.

Changes and Corrections Made in Release 4.1 • Windows XP Restore Points

Better handling of Windows XP restore points implemented. • Single Sign On and Novell clients

Single Sign On improvements in regard to Novell clients with synchronized passwords.

Changes and Corrections Made in Patch 4.0 SR 4.1 • Change path for update profiles during patch - Correction

If a fifth path was added in the “path.txt” file Pointsec administration would cause an illegal action in the OS. This is now handled, if a fifth path is added it will be ignored.

Changes and Corrections Made in 4.0 SR 4.1 • LS120 drive correction

Machines with LS120 drives would blue screen when the LS120 drive was accessed. This is now corrected.

Changes and Corrections Made in 4.0 SR 4 • Screensaver corrections

The “Allow windows screensaver”-function did not work properly on upgraded systems. This is now corrected.



• SSO function improvements Pointsec SSO handling of third party GINAs is improved.

• SetupSSO.exe SetupSSO.exe included on the install CD and replaces program SSOReg.exe

Changes and Corrections Made in Patch 4.0 SR 4 • Change path for update profiles during patch.

New functionality added to enable change of path for update profiles during patch process. See Pointsec 4.1 SR 2.1 Addendum for more information regarding this feature.

Changes and Corrections Made in 4.0 SR 3.5 • Cisco Aironet and Cisco VPN support implemented

Support for Cisco Aironet and Cisco VPN implemented. Please refer to Release notes for more information.

• Allow Windows screensaver function corrected There was an error in previous versions that caused Pointsec screensaver to be used even if the setting “Allow window screensaver” was set. This is now corrected.

Changes and Corrections Made in 4.0 SR 3.4 • Temporary users and multiple volumes

Temporary users, with access to multiple volumes were only granted access to C: volume after password change. This is now corrected.

Changes and Corrections Made in 4.0 SR 3.3 • Pointsec Event Viewer corrected

Pointsec Event viewer could show computer names incorrectly. This is now corrected.

• Novell username missing The username of the logged on user was not presented in the Novell login window when unlocking the workstation. This is now corrected.

Changes and Corrections Made in Patch 4.0 SR 3.3 • Smart card user and rollback

Smart card components prevented rollback to function correctly. This is now corrected. • Remote help during upgrade process

It was not possible to provide remote help during the upgrade process. This is now corrected. Remote help will function as One-time-login during upgrade process.

• Expiring passwords during upgrade If a password would expire during the upgrade process the user would not be able to gain access to the machine. This is now fixed; passwords will not expire during the upgrade process.

Changes and Corrections Made in 4.0 SR 3.2 • Missing search path to recovery file

If no search path to recovery file was set on the local system this prevented update profiles to be imported. This is now corrected.

• Esc-key caused search paths in profile to be removed Using the Esc-key to navigate in the Profile settings window could under certain conditions cause the search path to Update profiles and Software update to be removed from the profile.



Changes and Corrections Made in Patch 4.0 SR3.1 • Conversion of profiles

License number used is now automatically reflected in profiles after conversion to 4.0 format.

• License number The destination and compatible license numbers may now contain hexadecimal digits in the second field.

• Deadlocks The upgrade could sometimes cause a deadlock during startup of Windows 2000 or NT.

• Installation problems The upgrade was sensitive if there were errors encountered during the upgrade. It could back out without any obvious cause, sometimes without informing about the situation. The upgrade is now much less sensitive to interruptions and there is always information in the log file if the upgrade backs out.

• Forced patch backout If the upgrade is entering an impossible state and never completes, there is a possibility to force a backout. This is made by creating the file ”C:\PATCH_COMMAND_BACKOUT” without extension and then rebooting the machine.

• Programs could be started before the patch was completed It was possible to start the admin program and also the uninstall program before the patch was completed. This could sometimes cause strange behavior or strange information to be displayed.

• Language in screen saver text corrected The screen saver text is now installed in the correct language.

• Uninstallation could leave programs and/or registry items The programs PROT_SRV.EXE, PAGENTS.EXE and the driver PROT_??.SYS could sometimes be left after uninstallation. This is now fixed.

• Converting silent 3.1 SR 1 installation profiles A silent profile created in Protect 3.1 SR 1 became interactive when converted into 4.0 format. This is now corrected.

Changes and Corrections Made in 4.0 SR 3.1 • Improved internal queue management

The queue management of internal program communications has been improved. • Correction of Blue Screen 0X040014422

The problem with the blue screen 0x04001422 is fixed. This was caused when Windows NT reported a second hard disk that was disabled at start-up, which was actually a removable disk, i.e. Jaz, Zip that was not available.

• Correction of Screen saver activation in Windows 2000 In SR 3 there was a problem when activating the screen saver using the Pointsec tray icon. This sometimes caused the PC to stop when shutting down and sometimes it was impossible to reactivate the screen saver. Those problems are now fixed.

Changes and Corrections Made in 4.0 SR 3 • Support for the PKCS11 standard is implemented

The PKCS11 standard is now supported when using smart card authentication together with Pointsec.

• Support for Telia ID is implemented In version 4.0 SR 3 support for the Telia ID smart card is implemented.



• Wildcards” in Event Viewer The use of “wildcards” in Event Viewer is now supported.

• Pre-check functionality extended The pre-check functionality is extended to detect unusual system configurations and abort installation of Pointsec. Please contact Pointsec support for latest documentation regarding pre-check.

• Problem with internal zip drives corrected In versions prior to 4.0 SR 3 there was a problem with the handling of internal zip drives. This is now corrected.

• User settings for allowing windows screensaver In versions prior to 4.0 SR 3 the user settings for windows screensaver did not work correctly. This is now corrected.

Changes and Corrections Made in 4.0 SR 2.3 • Novell integration error corrected

Under certain circumstances the Novell login window would lose the username and password fields after Pointsec installation. This is now corrected.

• Novell client version requirements changed Installation check now accepts Novell client version 4.70.

Changes and Corrections Made in 4.0 SR 2.2 • Transfer to central log

To reduce network traffic the routines that control transfer from local log to central log has changed. Events that occur frequently and usually not considered important will not trigger a transfer to central log; events that are considered important and do not occur very frequently will trigger a transfer of logged events.

• Novell client version checked during installation In version 4.0 SR 2.1 the installation check of Novell clients would abort installation of Pointsec if the Novell client installed on the system did not support Pointsec Single Sign-On (SSO). This feature is now changed. If the installation check detects a Novell client on the system that does not meet the Pointsec requirements Pointsec will still install, but some components will not be installed. It will not be possible to enable SSO on those machines. Error log files for each machine that has not had all the components installed due to this installation check of Novell clients will be created in the installation directory. The required Novell clients are: Win200 and WinNT: Novell 4.70 Win95, Win98 and WinME: Novell 3.30

• Single Sign-On (SSO) changes Checkbox “Record new credentials” is only shown after a temporary login with SSO disabled.

• Tray program - NT It is now possible to activate Lock-Workstation via the Pointsec tray program on systems running NT

Changes and Corrections Made in 4.0 SR 2.1 • Novell login loop corrected

Pointsec 4.0 SR 2 installed on a machine that contains the Novell client would loop in the Novell login if a recovery were performed on the machine. This is now corrected.



Changes and Correction in 4.0 SR 1 and SR 2 • Temporary users on machines using hardware profiles

It was not possible to choose hardware profiles when logging on with a temporary user. • Slovakian language

Handling of errors, caused by selecting Slovakian language in the Pointsec administration program.

• ActivCard 1.2 with Microsoft network login module installed Network resources and domain login were lost when installing Pointsec 4.0 on Win98/Win95/WinME, and if ActivCard 1.2 or 1.3 were previously installed with the Microsoft network login module.

• Handling of limited permissions on root folder When the root folder was set up with limited permissions, a problem occurred with the creation of recovery files.

• -2 message Less notification when working off-line, -2 message

• User with “upper case and lower case letters” password rule set A user that had the password rule “upper case and lower case letters” set could not create update profiles.

• Handling of unknown-unformatted partitions There was a problem with installing Pointsec on machines that contained an unknown and unformatted volume placed before the boot volume on the disk. Initializing smart cards at next login on NT machines It was not possible to initialize a smart card at next login on NT machines. This is now partially fixed; see known issues regarding this fix.

• Adjacent volumes A problem could occur if Pointsec was installed on a machine with adjacent volumes. A system failure error message 4004D023 would be displayed. This kind of volume layout is now handled.

• Profile import procedure If a profile had been changed on an odd second the profile would be imported over and over again by the system. This has now been corrected.

• Handling of missing Registry entry If the registry key of a device is missing the “class” key value, the Pointsec installation might not work properly and could cause a system failure error message “Inaccessible boot device”. This has now been corrected.

• Event Viewer and Search User Utilities In 4.0 SR 1 the utilities Event viewer and Search did not handle UNC search paths. This is now corrected.

Features Introduced in Pointsec 4.0 • Windows NT/2000 log integration

Integration with the NT/2000 log is implemented with new event codes. • Support for Microsoft Windows 2000

Pointsec now fully supports Windows 2000 except dynamic disks. • Single Sign On (SSO)

Pointsec 4.0 offers SSO for Microsoft, Novell and Entrust clients. • Multiple search path

Multiple search paths for update profiles, software updates and recovery files are implemented in Pointsec 4.0.

• Uninstallation profiles It is now possible to uninstall Pointsec 4.0 by means of an uninstallation profile.



• Event viewer utility Pointsec 4.0 offers the possibility to view logs from a central location. This feature is only available to Pointsec administrators and system administrators.

• Search user utility It is possible to search recovery files stored on a central location for specific users on the computers.

• Smart Card support Pointsec supports the use of Smart Cards for authentication. ActivCard and Telia ID support is implemented as well as the PKCS11 standard.

• Entrust Integration Pointsec 4.0 features a Single Sign-On and revocation check functionality to Entrust.

• Handling of incorrect BIOS disk information User option to correct incorrect disk information from BIOS.

Pointsec for PC 4.2 Releases Changes and Corrections in 4.2 SR 1.8 • Issue with USB memory

The issue with USB memory was corrected. • Pointsec Admin

A problem, which occurred when starting Pointsec Admin, was solved. • Compatibility

There was a compatibility issue with profiles created in the previous 3 service releases. This was resolved.

• Suspected hardware incompatibility with IBM R31 This was a BIOS problem. Ensure you have the latest BIOS available installed.

• Remote Help A problem with Remote Help when incorrectly entering a user name was solved.

• Enhanced software update Software updates performance was enhanced and updates now complete faster. When running a Pointsec for PC software update on a computer, the update will succeed even if Ppupdate.log cannot immediately be stored centrally. Ppupdate.log will be stored centrally when the PC rejoins the network. Ppupdate.log is now stored in the Pointsec program directory, not in the root. See Logging During Software Update in the Administrator’s Guide for more information.

Changes and Corrections in 4.2 SR 1.7b • The language loading issue with Pssogina.dll was solved. • The problem with install.exe was corrected. Note, this fix is not supported on systems

running Windows 9x.

New Functionality in 4.2 SR 1.7 • New temporary lockout settings • New SSO setting

Changes and Corrections in 4.2 SR 1.7 • Viewing and size of central log files

Only logs from the same installation are listed. 30,000 byte limit removed. The memory needed is allocated.



New Functionality in 4.2 SR 1.6 • New Pointsec Service • Synchronizing Windows and Pointsec Passwords • Integration of Pointsec File Encryption and Pointsec for PC

Changes and Corrections in 4.2 SR 1.6FT • WOL User Locked-out

You cannot extend authority after a WakeOnLAN start without being locked out after a short period. This is now documented as a condition of using WOL functionality.

• Remote Help Compatibility issues in Remote Help are now handled.

New Functionality in 4.2 SR1.5 • New WOL Setting

A new WOL setting, Allow Windows logon, has been added. See the Administrator’s Guide for more information.

• Smart Card Authentication Supports Domain Authentication (ID 738) Re-authenticating to Windows (with password) in lock screen is now possible for smart card users.

Changes and Corrections in 4.2 SR 1.5 • Updating Serial Numbers Using Profiles (ID 736)

Previous possible problems updating serial numbers using profiles have been corrected. • Keyboard Handling (IDs 472, 740)

Keyboard issues have been fixed. • Tracking Install.exe (ID 734)

You can now review the install.exe process to see when the installation is finished (e.g. silent install to track when a reboot is needed).

• Installing with Slovakian License Number (ID 735) Previous problems when installing with a Slovakian license number have been resolved.

• Log Problem Solved (ID 739) A problem associated with the length of lines in the log has been resolved.

New Functionality in 4.2 SR 1.4 • Converting webRH Profiles for Use at EPL Installations • Stricter Control over Change System Settings Authority

Changes and Corrections in 4.2 SR 1.4 build 193 • Special Characters and Scan Codes

Due to incorrect scan code use after upgrading to 4.2 SR 1.4, users with special characters in their passwords could experience problems when logging in. This is corrected.

Changes and Corrections in 4.2 SR 1.4 • Starting an Approved Software Update

In some cases, when updating from 4.2 SR 1.3, approved software updates did not always start to run because of settings in the user policy. This is corrected.

• Navigating in the Uninstall Dialog Box Previously, it was not possible to use the mouse to navigate in Uninstall dialog box fields. This is corrected.



• Unlocking Screensaver as System Administrator Windows 98 – Previously, it was not possible to unlock a screensaver as system administrator even if that option had been set. This is corrected.

• User Password Requirement and Profiles Previously, it was not possible to create a profile when logged on using a user account that had the password requirement ‘Upper and lower case’. This is corrected.

Changes and Corrections Made in Release 4.2 SR1.3 • Support for French and Spanish • Changing Languages

The language used in the Admin and tray programs and the 16-bit login dialog box • Advanced Repair Options were moved To access the advanced repair options, press [F8]

when the system boots from the recovery disk • Keyboard Scancode Check Changed • On-line Help moved to Help directory • Maintenance Accounts fixed

Changes and Corrections Made in Release 4.2 SR1.1 • WOL

Improvements have been made to WakeOnLAN function to handle third party GINAs as the active GINA.

• Works-folder Functionality Updates will now be imported even when the user is not logged-in to the system.

Changes and Corrections Made in Release 4.2 SR 1 • SSO and Forced Password Change

Previously, when NT forced a change of password, Single Sign On (SSO) did not work again until after you deselected the SSO option, rebooted, selected SSO and then rebooted again. This has now been corrected.

• Spanish-Mexican Keyboard Layout The issue with unwanted characters shown when using Spanish-Mexican keyboard layout corrected.

• Installing Pointsec for PC on System Drives with Unit Letter Other than C It is now possible to install Pointsec for PC on system drives that have unit letter other than those named C.

• Files Removed The following files that were included in previous versions of Pointsec for PC are no longer included: ACSMC.dll, P95Serv.exe, SetupSSO.exe

• Changing User Names in 16-bit Mode A correction has been made for when a user name is changed in 16-bit login. SSO settings were shown incorrectly for a new user. SSO was not active even if setting was shown. This has now been corrected.

• The Tray Program A correction has been made for how the tray program checks for files. This corrects issues with Norton Antivirus. A correction has been made to the tray program regarding CPU usage. Pointsec for PC´s tray icon did not release CPU after having started other Pointsec for PC programs internally. This is now corrected. Encryption status in the tray could show an incorrect value if more than 23 GB was encrypted. This has now been corrected.

• Upper- and Lowercase Letters in User Name Fields The Pointsec for PC login screen now displays upper- and lowercase letters in the user name field.



• Corrections to the Pointsec for PC Driver The following issues have been corrected: Plug-and-play issues ZIP drive lost Encryption stopping on NT after 3 volumes System failures occurring due to incorrect handling of IO requests

• The Pointsec for PC Readme File The Readme file is now read from the root of the installation folder. This makes translations easier to implement.

• Updating Profile Passwords The update profile password issue has been corrected.

• Upgrading The check for versions before upgrade starts has been improved.

Changes and Corrections Made in Release 4.2 SR 0.4 • Interrupted Login of Temporary User

Interrupting a logon with a temporary user on a system with multiple volumes could cause the encryption process and user access to partitions to not work correctly. This is now corrected.

• MO Drives The issue with MO drives has been corrected.

Changes and Corrections Made in Release 4.2 SR 0.3 • Bad Sectors

Pointsec for PC normally handles bad sectors. However, in previous versions of Pointsec for PC, if a disk contained many bad sectors, the encryption could stop without giving any notice to the user about this. Pointsec for PC now informs the user with an information dialog if this scenario occurs and also creates a log entry.

• Boot Time on Windows XP The issue with increased boot time for Windows XP systems when Pointsec for PC was installed is corrected.

Changes and Corrections Made in Release 4.2 SR 0.1 • Encryption Process and Heavy Workloads

Issue with encryption not starting due to service startup failure on machines with a heavy workload during startup corrected.

Changes and Corrections Made in Release 4.2 • Windows XP Restore Points

Better handling of Windows XP restore points implemented. • Single Sign On and Novell clients

Single Sign On improvements in regard to Novell clients with synchronized passwords.

Changes and Corrections Made in Patch 4.0 SR 4.1 • Change path for update profiles during patch - Correction

If a fifth path was added in the “path.txt” file Pointsec administration would cause an illegal action in the OS. This is now handled, if a fifth path is added it will be ignored.

Changes and Corrections Made in 4.0 SR 4.1 • LS120 drive correction

Machines with LS120 drives would blue screen when the LS120 drive was accessed. This is now corrected.



Changes and Corrections Made in 4.0 SR 4 • Screensaver corrections

The “Allow windows screensaver”-function did not work properly on upgraded systems. This is now corrected.

• SSO function improvements Pointsec for PC SSO handling of third party GINAs is improved.

• SetupSSO.exe SetupSSO.exe included on the install CD and replaces program SSOReg.exe

Changes and Corrections Made in Patch 4.0 SR 4 • Change path for update profiles during patch.

New functionality added to enable change of path for update profiles during patch process. See Pointsec for PC 4.2 SR 1 Addendum for more information regarding this feature.

Changes and Corrections Made in 4.0 SR 3.5 • Cisco Aironet and Cisco VPN support implemented

Support for Cisco Aironet and Cisco VPN implemented. Please refer to Release notes for more information.

• Allow Windows screensaver function corrected There was an error in previous versions that caused Pointsec for PC screensaver to be used even if the setting “Allow window screensaver” was set. This is now corrected.

Changes and Corrections Made in 4.0 SR 3.4 • Temporary users and multiple volumes

Temporary users, with access to multiple volumes were only granted access to C: volume after password change. This is now corrected.

Changes and Corrections Made in 4.0 SR 3.3 • Pointsec for PC Event Viewer corrected

Pointsec for PC Event viewer could show computer names incorrectly. This is now corrected.

• Novell username missing The username of the logged on user was not presented in the Novell login window when unlocking the workstation. This is now corrected.

Changes and Corrections Made in Patch 4.0 SR 3.3 • Smart card user and rollback

Smart card components prevented rollback to function correctly. This is now corrected. • Remote help during upgrade process

It was not possible to provide remote help during the upgrade process. This is now corrected. Remote help will function as One-time-login during upgrade process.

• Expiring passwords during upgrade If a password would expire during the upgrade process the user would not be able to gain access to the machine. This is now fixed; passwords will not expire during the upgrade process.

Changes and Corrections Made in 4.0 SR 3.2 • Missing search path to recovery file

If no search path to recovery file was set on the local system this prevented update profiles to be imported. This is now corrected.



• Esc-key caused search paths in profile to be removed Using the Esc-key to navigate in the Profile settings window could under certain conditions cause the search path to Update profiles and Software update to be removed from the profile.

Changes and Corrections Made in Patch 4.0 SR3.1 • Conversion of profiles

License number used is now automatically reflected in profiles after conversion to 4.0 format.

• License number The destination and compatible license numbers may now contain hexadecimal digits in the second field.

• Deadlocks The upgrade could sometimes cause a deadlock during startup of Windows 2000 or NT.

• Installation problems The upgrade was sensitive if there were errors encountered during the upgrade. It could back out without any obvious cause, sometimes without informing about the situation. The upgrade is now much less sensitive to interruptions and there is always information in the log file if the upgrade backs out.

• Forced patch backout If the upgrade is entering an impossible state and never completes, there is a possibility to force a backout. This is made by creating the file ”C:\PATCH_COMMAND_BACKOUT” without extension and then rebooting the machine.

• Programs could be started before the patch was completed It was possible to start the admin program and also the uninstall program before the patch was completed. This could sometimes cause strange behavior or strange information to be displayed.

• Language in screen saver text corrected The screen saver text is now installed in the correct language.

• Uninstallation could leave programs and/or registry items The programs PROT_SRV.EXE, PAGENTS.EXE and the driver PROT_??.SYS could sometimes be left after uninstallation. This is now fixed.

• Converting silent 3.1 SR 1 installation profiles A silent profile created in Protect 3.1 SR 1 became interactive when converted into 4.0 format. This is now corrected.

Changes and Corrections Made in 4.0 SR 3.1 • Improved internal queue management

The queue management of internal program communications has been improved. • Correction of Blue Screen 0X040014422

The problem with the blue screen 0x04001422 is fixed. This was caused when Windows NT reported a second hard disk that was disabled at start-up, which was actually a removable disk, i.e. Jaz, Zip that was not available.

• Correction of Screen saver activation in Windows 2000 In SR 3 there was a problem when activating the screen saver using the Pointsec for PC tray icon. This sometimes caused the PC to stop when shutting down and sometimes it was impossible to reactivate the screen saver. Those problems are now fixed.



Changes and Corrections Made in 4.0 SR 3 • Support for the PKCS11 standard is implemented

The PKCS11 standard is now supported when using smart card authentication together with Pointsec for PC.

• Support for Telia ID is implemented In version 4.0 SR 3 support for the Telia ID smart card is implemented.

• Wildcards” in Event Viewer The use of “wildcards” in Event Viewer is now supported.

• Pre-check functionality extended The pre-check functionality is extended to detect unusual system configurations and abort installation of Pointsec. Please contact Pointsec support for latest documentation regarding pre-check.

• Problem with internal zip drives corrected In versions prior to 4.0 SR 3 there was a problem with the handling of internal zip drives. This is now corrected.

• User settings for allowing windows screensaver In versions prior to 4.0 SR 3 the user settings for windows screensaver did not work correctly. This is now corrected.

Changes and Corrections Made in 4.0 SR 2.3 • Novell integration error corrected

Under certain circumstances the Novell login window would lose the username and password fields after Pointsec installation. This is now corrected.

• Novell client version requirements changed Installation check described in section 14.2 now accept Novell client version 4.70.

Changes and Corrections Made in 4.0 SR 2.2 • Transfer to central log

To reduce network traffic the routines that control transfer from local log to central log has changed. Events that occur frequently and usually not considered important will not trigger a transfer to central log; events that are considered important and do not occur very frequently will trigger a transfer of logged events.

• Novell client version checked during installation In version 4.0 SR 2.1 the installation check of Novell clients would abort installation of Pointsec if the Novell client installed on the system did not support Pointsec Single Sign-On (SSO). This feature is now changed. If the installation check detects a Novell client on the system that does not meet the Pointsec requirements Pointsec will still install, but some components will not be installed. It will not be possible to enable SSO on those machines. Error log files for each machine that has not had all the components installed due to this installation check of Novell clients will be created in the installation directory. The required Novell clients are: Win200 and WinNT: Novell 4.70 Win95, Win98 and WinME: Novell 3.30

• Single Sign-On (SSO) changes Checkbox “Record new credentials” is only shown after a temporary login with SSO disabled.

• Tray program - NT It is now possible to activate Lock-Workstation via the Pointsec tray program on systems running NT



Changes and Corrections Made in 4.0 SR 2.1 • Novell login loop corrected

Pointsec 4.0 SR 2 installed on a machine that contains the Novell client would loop in the Novell login if a recovery were performed on the machine. This is now corrected.

Changes and Correction in 4.0 SR 1 and SR 2 • Temporary users on machines using hardware profiles

It was not possible to choose hardware profiles when logging on with a temporary user. • Slovakian language

Handling of errors, caused by selecting Slovakian language in the Pointsec administration program.

• ActivCard 1.2 with Microsoft network login module installed Network resources and domain login were lost when installing Pointsec 4.0 on Win98/Win95/WinME, and if ActivCard 1.2 or 1.3 were previously installed with the Microsoft network login module.

• Handling of limited permissions on root folder When the root folder was set up with limited permissions, a problem occurred with the creation of recovery files.

• -2 message Less notification when working off-line, -2 message

• User with “upper case and lower case letters” password rule set A user that had the password rule “upper case and lower case letters” set could not create update profiles.

• Handling of unknown-unformatted partitions There was a problem with installing Pointsec on machines that contained an unknown and unformatted volume placed before the boot volume on the disk. Initializing smart cards at next login on NT machines It was not possible to initialize a smart card at next login on NT machines. This is now partially fixed; see known issues regarding this fix.

• Adjacent volumes A problem could occur if Pointsec was installed on a machine with adjacent volumes. A system failure error message 4004D023 would be displayed. This kind of volume layout is now handled.

• Profile import procedure If a profile had been changed on an odd second the profile would be imported over and over again by the system. This has now been corrected.

• Handling of missing Registry entry If the registry key of a device is missing the “class” key value, the Pointsec installation might not work properly and could cause a system failure error message “Inaccessible boot device”. This has now been corrected.

• Event Viewer and Search User Utilities In 4.0 SR 1 the utilities Event viewer and Search did not handle UNC search paths. This is now corrected.

Features Introduced in Pointsec 4.0 • Windows NT/2000 log integration

Integration with the NT/2000 log is implemented with new event codes. • Support for Microsoft Windows 2000

Pointsec now fully supports Windows 2000 except dynamic disks. • Single Sign On (SSO)

Pointsec 4.0 offers SSO for Microsoft, Novell and Entrust clients.



• Multiple search path Multiple search paths for update profiles, software updates and recovery files are implemented in Pointsec 4.0.

• Uninstallation profiles It is now possible to uninstall Pointsec 4.0 by means of an uninstallation profile.

• Event viewer utility Pointsec 4.0 offers the possibility to view logs from a central location. This feature is only available to Pointsec administrators and system administrators.

• Search user utility It is possible to search recovery files stored on a central location for specific users on the computers.

• Smart Card support Pointsec supports the use of Smart Cards for authentication. ActivCard and Telia ID support is implemented as well as the PKCS11 standard.

• Entrust Integration Pointsec 4.0 features a Single Sign-On and revocation check functionality to Entrust.

• Handling of incorrect BIOS disk information User option to correct incorrect disk information from BIOS.

pointsec for pc – revision tracking...profile. passwords do not match when attempting to deploy an...

Documents