Passwordstate Changelog

What's new in Passwordstate 9.8 Build 9873

Apr 15, 2024

Updated Features:
Changed session recording file naming convention for browser-based gateway, so file names are now more generic
Minor updates and improvements
Fixed:
Fixed potential confusion with remote session gateway session recording file names, under various different conditions
Fixed an error of "Conversion from string "" to type 'Integer' is not valid" for Linux discovery jobs, when a custom operating system was selected for the Job and Host records
Fixed an issue where the AD Sync process was reporting in Auditing a user's email address field was updated, when it wasn't because the System Setting to ignore email address changes was selected
Fixed an error of 'Conversion from string "Emergency" to type 'Double' is not valid' when using SAML in conjunction with the Allowed IP Ranges feature
Fixed an issue where the SAML Logout URL was not being used, when using SAML in conjunction with the Allowed IP Ranges feature

New in Passwordstate 9.8 Build 9866 (Mar 28, 2024)

New in Passwordstate 9.8 Build 9858 (Mar 7, 2024)

New in Passwordstate 9.8 Build 9853 (Feb 20, 2024)

New in Passwordstate 9.8 Build 9849 (Feb 13, 2024)

New in Passwordstate 9.8 Build 9839 (Dec 21, 2023)

New in Passwordstate 9.8 Build 9823 (Oct 19, 2023)

New in Passwordstate 9.8 Build 9811 (Sep 25, 2023)

Updated Features:
Updated Windows Credential Provider browser to use latest build of Chromium
Updated Chilkat assembly used for SSH to version 9.5.0.95
Added an option to use the -UseSSL parameter in PowerShell scripts for the Invoke-Command cmdlet
Added logging of IP Address on the screen Administration -> Error Console
Added an option to prevent the use of Password Lists in the browser extensions, and mobile app, where the Additional Authentication option is set on the Password List
Included OTPUri field in response for the API endpoints when retrieving password records
Fixed:
Incorrect Access Control allowing the potential for an existing Security Administrator to use the System Wide API Key to interact with private password lists for Password History, delete and copy/move API endpoints
Fixed a potential bug when discovering accounts on IIS Application Pools where it may have reported an account name that matched the application pool name
Fixed an issue with Bulk Permissions feature, for Password Lists with the disable inheritance option set, where the Password List was disabled when wanting to apply permissions based on a security group
Fixed a potential case sensitivity failure check for Bad Passwords, if using both the local and Have I Been Pwned options
Fixed possible logging of anti-forgery error, when load balancers, app proxies or other events, cause sessions in IIS to end prematurely
Fixed a potential Unicode/character transformation issue when exporting data from the screen Administration -> Reporting, or via a Scheduled Report
Fixed a file naming logic issue for remote session recordings, if a recording was deleted via the UI and another recording was started prior to the file being removed from the file system
Fixed a "user not found" error when trying to edit a user's account when the data contained certain Unicode characters
Fixed a Unicode transformation issue when editing the description for an Active Directory security group
Corrected MIME type errors when being served from Azure, and the Add/Edit password screens

New in Passwordstate 9.7 Build 9786 (Aug 3, 2023)

New in Passwordstate 9.7 Build 9785 (Jul 31, 2023)

New in Passwordstate 9.7 Build 9753 (May 4, 2023)

New in Passwordstate 9.7 Build 9737 (Apr 12, 2023)

New in Passwordstate 9.7 Build 9727 (Mar 15, 2023)

New in Passwordstate 9.7 Build 9715 (Feb 23, 2023)

New in Passwordstate 9.7 Build 9708 (Feb 16, 2023)

New in Passwordstate 9.7 Build 9700 (Feb 6, 2023)

New in Passwordstate 9.6 Build 9665 (Dec 15, 2022)

New in Passwordstate 9.6 Build 9661 (Dec 12, 2022)

New in Passwordstate 9.6 Build 9653 (Nov 7, 2022)

New in Passwordstate 9.6 Build 9630 (Oct 6, 2022)

New in Passwordstate 9.6 Build 9627 (Oct 4, 2022)

New in Passwordstate 9.6 Build 9611 (Sep 5, 2022)

Updated:
Auditing records will now be added for any changes to System Settings, or Feature Access settings
Added additional logging and processing to the Password Reset Queue to help troubleshoot any records getting stuck in the queue
The ability to navigate to a Password List's contents from the Administration area has been deprecated
The password field for the Separate Password authentication option for Templates and Password Lists will no longer be visible on the screen
Made various security improvements and enhancements
Fixed:
Fixed a Hash validate issue for the Remote Site Locations agent if the Password List had data in the GenericField4 field
Fixed the error message of "The LDAP server is unavailable" when performing an Account Heartbeat on an Active Directory account, when the password was incorrect and LDAPS was being used
Fixed an error of "does not meet complexity of the domain" when using the Password Reset Portal, if a domain controller was specified on the Active Directory Domain record
Fixed an issue in the APIs where it was possible to add password records where the Title field was blank
Fixed a bug with a scheduled password reset where the randomly generated password was blank, if the Password Generator policy only had pattern matching options selected
Fixed a bug with the Remote Site Locations agent where any "dependencies" for an account password reset would have failed
Fixed a possible bug when copying passwords to the clipboard from Passwords Home or Password Folder, where email's may not have been sent or Tree Path auditing data added
Fixed a possible bug with the Active Directory account validate script where it could have reported the error "The server cannot handle directory requests"
Fix a UI issue in the browser extensions when it could have shown a web site as a Linked record, when it was not
Fixed the error "Index (zero based)" for the Password Reset Portal module, when trying to query event logs for bad login attempts
Fixed a possible 401 Unauthorised error message when performing imports of Passwords from third party products

New in Passwordstate 9.5 Build 9595 (Aug 10, 2022)

New in Passwordstate 9.5 Build 9593 (Aug 9, 2022)

New in Passwordstate 9.5 Build 9583 (Jul 26, 2022)

Updated:
Deprecated searching on every key stroke within the Mobile Apps, for the Password Lists and Passwords screen
Updated the clipboard functionality in the Mobile App to appropriately handle sensitive data with the introduction of Android 12's clipboard popup
Updated the Android Mobile App to target Android 12 (SDK 31)
Updated the database upgrade screen to show additional logging when the beginning of each build upgrade commences
Implemented a new method for copying data to the clipboard, which performs a postback to the web server before any data is copied into the clipboard
Provided additional HMAC Hash validation for various tables in the database
Added new Windows Server 2022 Datacenter Azure Edition operating system
Added Kerberos domain authentication options to Passwordstate, and the Password Reset Portal module
Updated Client Based Launcher installer to be an executable, using new code signing certificate
Updated various third party assemblies to the latest releases
Updated Telerik ASP.NET Ajax Controls to version 2022.2.622
Deprecated the feature where you could view password history, or the password record, from the screen Administration -> Auditing
Provided an option on user's preferences screen for clearing Ignored URLs for the browser extensions in bulk
Provided options to clear the Web Field ID values on password records for the browser extensions
Made various performance improvements to browser extensions to prevent excessive processing of DOM events, and fixed various runtime errors showing in the extension console
Added 'Copy to Clipboard' and 'Password Viewed' auditing events for browser extensions, when accessing details from within the browser extension itself
Password Retrieved auditing event for browser extensions will now record the actual URL displayed in the browser itself
The icon overlay for browser extensions will now only show on web sites where the user already has a saved password record for the web site
The browser extensions will no longer automatically updated Field IDs on web sites on the corresponding password records - the new field mapping feature can be used, if web sites change the value of their Field IDs
Made various browser extension improvements for the accuracy of form filling web sites
Added new URI matching capabilities to the browser extension, giving more matching options when form filling and updating password records
Added field mapping capabilities to the browser extensions, to simplify the recording of Field ID's on web sites
Browser extensions now support form-filling OTP fields on web sites
Browser extensions now support storing and form-filling up to 10 additional fields - stored in the Generic Fields
The Brute Force lockout feature for the Password Reset Portal now has an option to disable the feature, for troubleshooting purposes
The Brute Force lockout feature for the Password Reset Portal will now track based on UserID as IP Address
Fixed:
Fixed bug in the Mobile App where if the user did not have permissions to the existing privileged account credential, of a reset enabled record, then the drop down control would be empty
Fixed bug in the Mobile App where updating a password record may have failed if the password list did not have the expiry date field enabled
Fixed bug in the Mobile App where a password with special characters may have appeared truncated when viewing on the password record detail screen
Fixed a "does not contain a method named 'new'" error with various Windows based PowerShell scripts when hosts were running older versions of PowerShell
Fixed an issue in various PowerShell scripts where the ::new initializer was not working on older versions of PowerShell
Fixed an issue with the Remote Session Gateway scripts where it could not download OpenJDK because of TLS restrictions
Fixed an issue in the Browser based Gateway where a 'Not Found' message was displayed when trying to download files from within a RDP session
Fixed an issue where the playback buttons for viewing session recordings were non responsive
Fixed a bug with the System Setting 'Allow permissions to be applied multiple times for a user/security group to the same Password or Password List' where it was not be honoured for password record permissions
Fixed an insufficient permission screen warning when a user has been removed as a Security Administrator, but they last had the Administrator's tab selected before the logged off
Fixed an issue with a Custom Auditing Report where All Activity types was not being selected when next editing the report settings
Fixed an issue where a system setting to disable AD accounts when immediately added into Passwordstate, was not setting the DisabledDate field value for the account
Fixed an issue where Drag and Dropping Password Lists and Folders was not working under the Passwords tab, when using search filter
Fixed an issue of a Build Mismatch error when using the non Push/Pull version of the Self Destruct Message feature when installing new builds of 9535
Fixed an issue when searching in a Passwords Folder where there were no Password Lists nested beneath it, was giving the same results as searching in Passwords Home
Fixed the error 'Value cannot be null' when testing permissions for Backups, when no backup account was selected
Fixed a 'Page Not Found' error when using the Add Password List wizard for Private Lists, when copying from Templates that have an authentication option set
Fixed a bug in the Mobile App where it was not possible to update password records in a Password List where the ExpiryDate field was not selected for the List
Fixed a display issue in Mobile App on the password detail screen where certain characters could have truncated the display
Fixed an possible error of "String was not recognized as a valid DateTime" when retrieving password history from the APIs (Generic Fields) for a record that was added via the API
Fixed an error of "String was not recognized as a valid DateTime" when importing a csv file where a Generic Field was blank, but expecting a Date value
Fixed an issues on the user's Preferences screen where the Windows Integrated API One-Time Password may not have saved after being created

New in Passwordstate 9.5 Build 9535 (Jun 3, 2022)

New in Passwordstate 9.5 Build 9533 (May 25, 2022)

New in Passwordstate 9.5 Build 9531 (May 24, 2022)

New in Passwordstate 9.5 Build 9519 (May 2, 2022)

New in Passwordstate 9.5 Build 9512 (Apr 26, 2022)

New in Passwordstate 9.4 Build 9500 (Apr 10, 2022)

New in Passwordstate 9.4 Build 9493 (Apr 7, 2022)

Updated Features:
Passwordstate now supports storing Unicode characters in the database
All documents will now open as attachments in the browser, instead of trying to view certain document types in a new tab in the browser
When entering the System Settings screen, we re-query all System Settings in memory in case another Security Administrator has made a change whilst the user’s session was active
Updated the browser extensions to only refresh data once an hour
Updated the browser extensions to provide a menu option to refresh data manually if required, instead of waiting for the sync period, or the need to log in and out of the extension
Removed the onclick events for the main navigation icons on the left-hand side of the screen, requiring the sub menus to be used instead
Mobile App can now scan, view and retrieve one-time passwords, and has its own dedicated menu for the feature within the App
Mobile App can now add, update and delete password records
Increased the length of the Username field for the Mailbox settings for sending emails
Made various security improvements to the Password Reset Portal module
Moved the Mobile App default home page setting from the UI in Passwordstate, into the App itself
Deprecated the 'Disable Inheritance' setting on Password List Templates - it can only be used on Password Lists now
Renamed Backups and Upgrades menu in the Administration area to Backups, and moved some upgrade information to the main Administration page
The ability to copy the 'Disable Inheritance' Password List setting from other Password Lists, or Password List Templates, has been deprecated
Authorised Web Servers for the core product and the App Server can now have different functional roles enabled or disabled
Reduced the size of the AccessNotes field for ACL tables, and the Reason field when requesting access to passwords, to 1000 characters
Fixed:
Fixed an issue with User Account Policies where the link shared password list to a template setting was not applying
Fixed an issue where searching for Host records from the top search bar was not filtering the hosts under the Hosts tab
Fixed an issue with account discovery jobs where some hosts may not have been queried for the job, if the Tag field for the host was null in the database
Fixed an issue with the Clone User Permissions feature where it was not moving any Private Password Lists for the source user
Fixed an issue with the Self Destruct Message web site where you could not browse to the root of the web site without the use of the Self Destruct Message ID being passed in the URL
Fixed an issue with the Outage Notification feature where it was not honouring the setting of sending via the email address of the mailbox specified on the System Settings screen

New in Passwordstate 9.4 Build 9471 (Mar 8, 2022)

Updated Features:
Provided additional filtering options for discovery jobs, where values can be separated by semicolon characters
Added additional permissions checks on postback for menu items in the List Administrator Actions dropdown list
Within the Hosts tab, provided further permission checks on all pages to ensure the user has been given access to the Hosts tab
In addition to checking if a user's session is still active when browsing to a new page, we also check now on all Postback events
Added a new System Setting to prevent users adding themselves to Local Security Groups, and prevent them from adding new or existing User Accounts to Local Security Groups on the User Accounts screen
Added a new System Setting option to prevent concurrent logins using the same account
Update the Dell iDrac PowerShell script to support newer versions of firmware 4.40 and above
When a Password List is nested in a folder configure for the Advanced Permission model, you can now manage permissions for Mobile Access on those nested Password Lists
Updated the Yubikey authentication screens so it would not log any exceptions if certain special characters were used as part of the authentication process
Updated all pages within the Administrator area to also check Security Administrator roles on postback events
Added additional permission checks on Add Password screen when entering the screen, and on postpack
Updated the API(s) so the password strength policy compliance is only checked for the parent password record, if updating a password record which is linked to one or more other password records
Fixed:
Fixed an issue where the Active Users screen in the Administration area may not have shown any active users
Fixed an issue for the Browser Extension where a user's Private Password List was meant to be selected as the default Password List, if they had not already specified one themselves
Fixed an issue where the Auditing Graphs menu in the Administration area for Password Reset Portal required the Security Administrator role from the other Auditing Graphs screen
Fixed an issue where you could browse to the initial Setup page after the initial setup had been completed

New in Passwordstate 9.4 Build 9455 (Feb 22, 2022)

The Restricted Feature for converting private password lists to shared lists has now been deprecated
Custom Logos for Passwordstate will now show on the Permalink Loading screen
Made further performance improvements to the screen Reports -> Auditing
Improved the performance of the Import Passwords screen when the user had access to thousands of Password Lists
Added all Activity types to the screen Reports -> Auditing
Made changes to the Clone Permissions feature to ensure no SQL deadlocks were experienced during the cloning process
Updated the clone user permissions feature to also clone favourite Password Lists
Updated the Account Discovery feature to better capture exceptions when using multi-threaded execution against multiple hosts
On Auditing screens, clicking on the various Platforms will no longer filter the different Activity types
You can now export a list of Private Password Lists as well from the screen Administration -> Password Lists
Introduced a new Feature Access to restrict which users are allowed to convert the permission models on folders. By default, no users have access, and access needs to be granted on the screen Administration -> Feature Access -> Folder Options tab
Added new SQL Index to improve performance of displaying the 'Password Statistics' chart on Passwords Home
If navigating to the Request Access to Passwords screen from a Password List you do not have access to, then appropriate records for this Password List will be displayed on the request access screen
Fixed •Fixed a bug with the 'Add Hosts to Folder' screen under the Hosts tab where the paging in the grid would not navigate past the second page
Fixed an issue on the screen Reports -> Auditing, where the grid paging was not progressing to additional pages
Fixed an issue with the High Availability Polling feature where it was polling as a passive server, when it should have been polling as on active server
Fix and issue where the Report Loading popup window would not close when executing the Expiring Passwords report
Fixed a bug where the Passphrase for the Self Destruct Message feature was not allowing certain HTML type characters as part of the Passphrase
Fixed an issue where the link provided in emails for Pending Access Requests, was not taking you to the Pending Access Requests screen if you were already logged into Passwordstate when clicking on the link
Fixed an issue adding Host records via the API(s), or via importing from a csv file, where the Remote Connection Type of Telnet was not being set correctly

New in Passwordstate 9.4 Build 9435 (Feb 8, 2022)

Updated:
The two based forms of Authentication in Passwordstate (AD and Forms) have now been consolidated into one version
Deprecated the "Separate Password" authentication option which could only be used with Active Directory Single sign-on
Made performance improvements to the Add/Edit Password List screens when customers have thousands for Password Lists
Made performance improvements to the 'Request Access to Passwords' screen by limiting the number of records returned when searching, and also not returning all data when opening the screen
Made performance improvements to the Passwords Home screen open first entering the screen
Made performance improvements by adding various SQL Server indexes
Made performance improvements to Auditing screens by providing searching functionality for selecting Password Lists as opposed to listing all Password Lists in a dropdown
Made performance improvements to the loading of data on the Reports -> Auditing screen
Updated the new Import process, to ensure the default Password Strength Policy does not interfere with imports - by temporarily turning off the 'Compliance is Mandatory' setting
Updated the API's to ensure certain data could not exceed the field size in the database
Improved brute force detection for Passphrases for Self Destruct Messages to retain login attempt counts when restarting your browser
Updated Telerik ASP.NET Controls to version 2022.1.119
On the View Failed Reset History screen, removed generic fields from the screen as they are not relevant to retrieving the value of the password used during the password reset attempt
For the Privileged Account Credential system setting of "only allow the user to manage credentials they have been explicitly given access to", the radiobutton to view all credentials will be disabled if this option is set to yes
Fixed:
Fixed a bug with the KeepAlive functionality for Load Balancers where the page was reporting a precompiled page message
On the View Failed Reset History screen, fixed the issue where the Account Type images were oversized
Fixed an issue with Self Destruct Message feature where it was possible to bypass the passphrase authentication, if the correct URL and MessageID could be guessed
Fixed an issue where the new 'Import' Powershell scripts may not have been added if customers installed or upgraded to build 9400 specifically
Fixed an issue with the Load On Demand feature for the Passwords tab, where Passwords Home was not selected when you first navigated to this tab
Fixed an error of "Conversion from string to type Double is not valid" when trying to open a password record from the Expiring Passwords Calendar screen, where the password record has a URL specified
Fixed an issue where the 'Copy Permissions from Password List' feature on the add Password List screen was not working

New in Passwordstate 9.4 Build 9414 (Jan 14, 2022)

New in Passwordstate 9.4 Build 9400 (Dec 23, 2021)

Improvements:
Provided a new consolidated Import Passwords feature for importing via CSV files, or from other products
Removed synchronization timeout setting for Mobile App when synchronizing data from the App Server
Updated ImageFileName field in PasswordLists and PasswordListTemplates table to match size of field in UserAccounts table
Provided a better warning message when the Passwordstate web server was blocking outgoing connections to the Have I Been Pwned API URL for Bad Password checks
Updated the Actice Directory synchronization process so user accounts are no longer deleted as part of this process. Instead, a purge option has been provided to delete disabled accounts after a set period of time
Provided a new setting to automatically purge password records in the Recycle Bin after a set period of time
The feature to clone user permissions will now no longer remove permissions on Private Password Lists for the destination user, even if this option is selected - it will still remove permissions for shared lists
When exporting passwords from a Password List, individual auditing records for 'Password Viewed' will no longer be added, as it can trigger the Excessive Activity Auditing report
The API Key fields on the Add/Edit Password Lists screen is now enabled, if you've been given permission to create/change API Keys
In the Mobile App, the Tree Path field for long Folder names will be displayed in their entirety now, instead of being truncated on the screen
Fixed:
Fixed a crash in iOS Mobile App when clicking the X symbol if not text was specified in the search bar
Fixed an issue in the Standard API when querying a Password List's details, where the API Key was only being considered if it was included in the Header or Querystring - not the Body of the request
Fixed and issue with the Password Reset Portal where the client IP Address being reported to the Duo Admin Portal, was of the Password Reset Portal Server, and not the client itself
Fixed an issue where the Browser Extensions were not updating the Last Updated field for password records, when the extension updated the password
Fixed the description on the Passwords Exported email template, to indicate the email is sent to Security Administrators with the Password Lists role
Fixed a threading error with the Windows Local Admin Accounts discovery job, which was preventing the discovery job completing for all hosts
Fixed a bug with the manual synchronization of security groups in the main UI where it may not have detected an AD account being deleted from Active Directory
Fixed a 'UnlockComponent' error on the Edit Password screen when using the Heartbeat icon for hosts they require SSH connectivity
Fixed an issue where the 'Guide' was not being copied from a Password List Template when using the standard Add Password List screen

New in Passwordstate 9.3 Build 9381 (Nov 29, 2021)

Updated:
Auditing screen under Reports navigation menu will now only load data when the Search button is clicked
Made changes to Bad Password check in the core product where it no longer performs the check via the Standard API
Mobile App will now honour the enabled status on user accounts when authenticating to the Mobile App
Exact match searching for passwords now includes the Account Type field
Updated Telerik ASP.NET Controls to build 2021.3.1111
Made changes to the scheduled account heartbeat process to resolve occasional SQL locks some customers are experiencing
Added additional error capturing to the Windows Local Administrator Discovery script
Added additional error capturing for failures with the SSH Templates password reset scripts
Updated RDP functionality for Browser Based Gateway so it no longer logs an error in the Error Console when connecting to a host more than once with the same login credentials
Removed the password validation check which occurs 4 times per day for the privileged account credential being used with the Password Reset Portal module
Fixed:
Fixed a search issue for Password List/Folders in the Passwords navigation tree, when using the search icon and thousands of Password Lists
Fixed some issues for the URL field where HTML Encoding of data could have malformed the value of the URL when opening the sites in new tabs in the browser
Fixed a bug in the Standard API where calls could not be made to Private Password Lists - introduced bug in build 9350
Fixed a bug with the Mobile App where it was not taking the 'Mobile Access' permissions on Password Lists into consideration
Fixed the Email Template 'User Account Impersonation' as line breaks where not rendering in email clients
Fixed a documentation error for the API(s) for the retrieving of security groups
Fixed a General Error screen bug after successfully performing a Bulk Update of passwords in a Password List
Fixed an issue where the Disable Inheritance setting on Password List templates was not being applied to any linked Password Lists
Fixed an issue with the SSH Templates password reset script feature where the value of variables where not being updated during execute of the scripts
Fixed a potential issue where is was not possible to use the 'Bulk Delete Empty Password Lists' feature if one of the Password Lists was selected in a Scheduled Report
Fixed a bug on the Edit Password List screen where it was possible the incorrect Password Generator Policy was being selected

New in Passwordstate 9.3 Build 9360 (Oct 27, 2021)

New in Passwordstate 9.3 Build 9300 (Aug 2, 2021)

Updated:
Introduced a new Common Software Installation Process (CSIP) with published checksums for validation
Increased code obfuscation across all Click Studios software assemblies
Implemented strict calling process validation for all critical processes
Remove the dependency on the file Moserware.SecretSplitter.dll
Subdomain naming standard enforced for the Click Studios Content Delivery Network servicing downloads of the Common Software Installation Process
Deprecated In-Place Upgrade capability and blocked from working on all existing builds. Replaced by CSIP in build 9300
Added a One-Time Password feature for the Emergency Access Login account
Updated Telerik ASP.NET Controls to version 2021.2.511
Updated Telerik ASP.NET Controls to use the digitally signed versions
Remote Site Locations Agent will now upgrade directly from your instance of Passwordstate
Added an option on the screen Administration -> Remote Site Locations to export all agent installer instructions to a csv file
Increased the Description field length in the database for Security Groups from 255 to 1000 characters
Provided a setting on security groups to prevent the security group from showing in the UI when applying permissions to credentials, features, etc
Oracle validation script has been updated to support SYS accounts
Updated iDrac password reset script to support iDrac firmware version 9
PowerShell scripts no longer exist within the Passwordstate folder after the initial installation is complete
Added additional HMAC Hashing checks to various fields in the SystemSettings table
Updated backup functionality so administrative rights on the Passwordstate web server are no longer required
Browser Extensions have now been updated so the 'Update Dialog' does not display when updating an account password on a web site, if the user only has 'View' permissions to the credential in Passwordstate
Updated the Client Based Remote Session Launcher so 'AdditionalParameters' in included in the Public/Private Key sessions as well
Updated VNCViewer for the Client Based Remote Session Launcher to version 1.3.2.0
Updated PuTTY for the Client Based Remote Session Launcher to version 0.75
Renamed the methods in the APIs which triggers a synchronization of AD Security Groups and User Accounts to GetADSync
Made some changes to the 'Password Retrieved' auditing events in the API's to make the description more consistent with the core UI auditing
If the user has not been given the 'Feature Access' for the Mobile App, then the QR Code will no longer be visible on their Preferences screen for scanning
The Build Number will now be added to exceptions for the core product, and Passwordstate Windows Service
Additional additional content validation to various URL fields and document name fields on relevant screens
Updated to latest build of Remote Session Gateway to resolve Chrome 89 issue where mouse scrolling was not working
Made changes to Mobile Apps to better support formatting of the Notes field
Updated Remote Session Gateway installer scripts to use OpenJDK 16.0.1
The RADIUS sectet field on the System Settings screen is now masked like a normal password field
Fixed:
Fixed an issue in the API's where it would not send Self Destruct Messages correctly when using the Push/Pull instance of the Self Destruct message feature
Fixed an issue in the API's when sending Self Destruct Messages where it was not honouring the System Setting as to which email address the message was meant to be sent from
Fixed an issue where scheduled account heartbeats could still have executed, when the Password Lists has been modified to disable the 'Enable for Resets' option
Fixed an error of 'The remote certificate is invalid according to the validation procedure' if TLS was selected for the mail settings, and older TLS protocols were disabled on the email server
Fixed the SonicWall account discovery script as it had an invalid path to the Passwordstate bin folder
Fixed a bug where a password record was getting checked out for exclusive use immediately (Password Requires Check Out) when enabling the option for the first time
Fixed a bug where it was attempting to link a Password List to a Template (based on a System Setting) when it should not have been, which was causing a FOREIGN KEY constraint exception
Fixed an issue where two menus under the Help menu were not hidden, when permissions were removed from them from the Administration -> Feature Access screen
Fixed an issue deleting a domain from the Password Reset Portal administration area where it was reporting the domain was in use for password records
Fixed a bug where the PG_CapitalizeWordPhrases session variable was not set when logging in via emergency causing some page load errors
Fixed a false positive with Active Directory heartbeat check on the Add Password screen where the list is new and never had any password records assigned
Fixed an issue with the Browser Based Launcher where authentication would fail if the password contained a & character
Fixed an Internal Server 500 error for the Password Reset Portal when using SecurID authentication
Fixed a bug in the Password Reset Portal when using SAML Authentication where it would error with 'user not successfully authenticated' when trying to change the user's password
Fixed an issue with new installs where the Twitch icon for the Account Type was incorrect
Fixed an issue where the Self Destruct Manual link in Passwordstate was giving a Page Not Found error
Fixed an issue in the API when adding a Host record where it could have errored with "index was outside the bounds of the array"
Fixed a potential issue with the Remote Site Locations agent where a discovery job may not have completed if no 'dependencies' were found for a host
Fixed a bug where it was not possible to view Permissions of a Host Discovery Job under the Hosts menu
Fixed an issue where some customers where reporting the App Server could not be installed on the same web server as the core Passwordstate install
Fixed an issue here some environments might not have had their browser based launcher gateway configured to use http posts for the websockets connections
Fixed an issue on the Add/Edit Passwords screen, where it was trying to use the proxy server settings in System Settings, when it should not have been
Fixed an issue where the Username button at the top right-hand side of the screen still had a click event on it, when the user had their access removed from the Preferences screen - resulting in a 404 page not found error

New in Passwordstate 9.1 Build 9117 (Apr 20, 2021)

New in Passwordstate 9.1 Build 9112 (Apr 14, 2021)

New in Passwordstate 9.1 Build 9100 (Mar 29, 2021)

Updated the PowerShell scripts for SQL Server backups to support SQL Aliases
Made further improvements to Browser Extensions for performance, and Save dialogs appearing when they should not have been
Added additional checks to ensure subsequent upgrades are not performed if a previously failure was detected
When uploading new images for Account Types, we now check to confirm the file name is not already in use
Added some additional debugging to the Backup Settings screen during testing of permissions, as well as the In-Place Upgrade screen for downloading new builds
Made some improvements to the backup setting screen when trying to search fo your backup account - it will now also search on your Domain, or Host Name
Added additional debugging if the test for sending of emails on the System Settings screen fails
Made improvements to the Oracle Password Reset script when not using a Privileged Account Credential to perform the reset
Updated the feature where the browser extensions could automatically clear the clipboard so the event is now triggered based on using the 'Copy to Clipboard' buttons
Fixed •Fixed a bug upgrading to build 9000 where an exception of 'Subquery returned more than 1 value' if there where duplicate Account Types with the same name
Fixed an issue with new installs of Passwordstate where the SAML Verification Policy for the Password Reset Portal did not have auto-enrolment enabled
Fixed an issue with setting permissions when creating Password Lists under folders with Advanced Permissions model, where settings and permissions were based off a Template via a User Account Policy
Fixed an issue with the backups to import the SQLSERVER module rather than the SQLPS module
Fixed an issue with the Dependencies Discovery Job where it could have reported exceptions for "System.Threading.Tasks" when a Host could not be queried
Fixed an issue when applying individual permissions to a password record, where permissions to upper-level folders maybe have been added, when they were not meant to be
Fixed an issue where it was not possible to use the In-Place Upgrade feature for High Availability instances
Fixed an issue in the WinAPI when generating random passwords where it may have raised an exception for the phrase CapitalizedWordPhrases
Fixed an issue upgrading to version 9, if your High Availability Nodes were recorded in NetBIOS format, instead of FQDN
Fixed an issue where auditing records for the Mobile App may not have shown in the Recent Activity grid under the Passwords grid
Fixed an issue with the WinAPI where adding and updating password records would result in a 'No HTTP resource' error
Fixed an issue when creating Password Lists via API where it could set a Password List to block inheritance when it should not have been
Fixed an issue with the Test Permissions process for backups where it was checking if a Local Account, and remote SQL Server were being used, when the option to back up the database was deselected
Fixed an issue where an exception of converting varchar to datetime could have happened for the Self Destruct Message feature - both adding and deleting messages
Fixed an issue where the number of Discovery Threads on the System Settings page was not displaying the value saved in the database
Fixed issues with Oracle PowerShell scripts where an exception was raised about the Oracle components not being found
Fixed an issue with the browser extensions, which was allowing users to view a Password when they should not have been allowed to, based on the Hide Password settings for a Password List
Fixed In-Place Upgrades for App Server if it was installed on the same servers as Passwordstate

New in Passwordstate 9.0 Build 9073 (Mar 11, 2021)

New in Passwordstate 9.0 Build 9000 (Jan 11, 2021)

New Features:
New native Mobile App available for iOS and Android
New Passwordstate App Server available for use with the Mobile App, Browser Extensions, and Self Destruct Site, for use when users are out of the office
Added a new method to the API(s) to trigger and Active Directory synchronization for user accounts and security groups
You can now Copy/Link/Move passwords via the API(s)
Added the ability to delete password record dependencies via the API(s)
One-Time Passwords can now be retrieved via both APIs if Password Lists and records are configured to use them
Added methods to both APIs for retrieving all Password Strength and Password Generator Policies
Browser Extension icon in the toolbar will now turn blue if the current web site has been added to the Ignored URL list
Browser Extension can now update passwords in Passwordstate when you change them on web sites
Password Lists which have the One-Time Password feature enabled, will now have the OTP progress and copy to clipboard functionality visible in the Password List grid
One-Time Passwords can now be retrieved via both APIs if Password Lists and records are configured to use them
Password Lists which have the One-Time Password feature enabled, will now have the OTP progress and copy to clipboard functionality visible in the Password List grid
Bad Passwords and Have I been Pwned password checks can now be used in conjunction with each other on the Add/Edit Password screens
Browser based remote session gateway can now be configured to record and play back session recordings from a network share
You can now add in your own "Managed" account types, and configured password resets which are not related to a Host or Active Directory
Failed Brute Force login attempts will now be locked out via IP Address, requiring the block to be removed manually from the Administration screen
Folder and Password Lists can be configured to block inheritance of permissions from parent objects
Manual folder permissions on password folders has been deprecated and replaced by a combination of propagation, and blocking of inheritance
Provided search functionality on various screens in the Administration area to help quickly find various settings
Added SAML Authentication support as a Verification Policy for the Password Reset Portal
The Password Reset Schedule for records now have options for adding the number of Days or Months to the Expiry Date field after the reset has occurred
The 'Default Password Reset Schedule' setting on Password Lists can now be randomized between two time slots
Added multi-threaded support for Account and Windows Dependency Discovery Jobs
Added a "Keep Alive" page to allow for monitoring website and database availability
Updated Features:
Ability to delete empty password lists in bulk can now be found under Administration -> Password Lists -> Perform Bulk Processing
Session recordings in the browser based launcher will now be marked as complete if the user either closes their tab or browser
Added more Operating Systems for account discovery, password resets and remote sessions
Backups have been improved where file and database backups can be stored in different locations, and backups zip files can be password protected
Browser Extension Fixes and Updates
Updated VNCViewer for the client based remote session launcher to version 1.2.4.0
Updated PuTTY for the client based remote session launcher to version 0.74
Added better error reporting if an OU for a Host Discovery Job no longer exists in Active Directory
Updated Telerik ASP.NET Ajax Controls to version 2020.3.1021.45
Added 256bit AES encryption option to password protected zip files for exports
The Mobile Client Web site has now been deprecated and replaced by the new Native App
Made improvements to session variable handling when using multiple tabs to access Passwordstate
Made performance improvements to the In-Place High Availability upgrade feature
SSH public/private key authentication now works with the Browser Based Gateway, when the gateway is installed separately from Passwordstate
Browser Extension Default Password Lists now show an option of --Please Select-- if a List has not yet been selected
Browser Extension will now show a new Ignored URL menu, where you can delete any personal Ignored URLs
Removed various words from the Word Dictionary for the Password Generator Policies
Host Properties section under the Host Dashboard now includes the "Tag" field data for the Host
Made improvements to the search feature to return better results if the search terms had a "_" in them
When using an active/active configuration for Passwordstate, the Windows Service on the 'Primary Server' will also now check on a schedule if any images/logos need to be written to disk, instead of just when the Windows Service starts
On the SAML screen which informs you the account does not exist in Passwordstate, a Logout button will be presented to allow you to log out of your SAML Provider - as long as a Logout URL has been configured in Passwordstate
An Exit button will always be visible now when using the Password Reset Portal, and redirect you to a screen instructing the user how to close their browser
The email sent for Email Temporary Pin Code can now be customized - both for core product and Password Reset Portal
Safenet and AuthAnvil Authentication options have been deprecated - use SAML Authentication for these providers instead
Added a check on the database upgrade screen to ensure the read-only Passive Node instance of Passwordstate could not attempt to upgrade the database
Updated all icons to a new look and feel
Background color branding has now been deprecated due to readability issues
Updated Standard API so API Keys can be used consistently across all API Methods
Self Destruct Message Web Site has been re-designed to work with active/active high availability setups, and can also be used with new Passwordstate App Server
Updated HtmlSanitizer assembly to version 5.0.319
Upgraded Passwordstate and all modules to use .NET Framework 4.7.2
The PassiveNode key in web.config files has been deprecated, and the 'roles' of your the Passwordstate web servers are now managed on the screen Administration -> Authorized Web Servers
With the option to disable user's accounts when they are no longer members of any AD Security Groups, this setting will no longer be overridden by any other enabled/disabled setting
Made improvements to redact API Keys from various screens if user did not have access to the 'Anonymous API Permissions' feature on the Feature Access screen
The option to nest Folders and Password Lists beneath other Password Lists has now been deprecated
The Restricted Feature for allowing the use of Multiple Open Tabs has now been deprecated
Consolidated High Availability Nodes menu in Administration area into Authorised Web Servers
Made some UI improvements to the main navigation menus and tabs
Updated to the latest SQLite DLLs for each appropriate module
Made some changes to PowerShell script for discovering Local Administrator accounts on Windows to improve performance
If a password is check-out for exclusive use in the UI, it will only be available in the browser extensions for use by the person who has checked it out
Now digitally signing core DLLs, in additional to various Windows Services already signed
Added additional Content Security header policies
Fixed:
With the update to .NET Framework 4.7.2, the combination of SAML Authentication and Permalinks now work again
Fixed a bug editing a User Account Policy if there was a System Setting set to hide Inbuilt Password List Templates
Fixed some issues when using the Passive High Availability instance of Passwordstate where some controls where enabled on the screen when they should have been disabled
Fixed an issue with expanding/collapsing navigation tree nodes if the user preference was set to collapse nodes by default
SSH Private Key authentication for the Browser Based Gateway was not working when launching a session directly from a password record
On the System Settings page for Password Reset Portal, the Exit Button URL was leaving a https:// value behind when trying to clear the field
In the browser extension, the Default Password List may not be selected correctly when navigating around the menus in the extension
Fixed an issue with the Local Admin account discovery job where it could return a null user if a Security Group name was specified which did not exist

New in Passwordstate 8.9 Build 8993 (Dec 30, 2020)

New in Passwordstate 8.9 Build 8991 (Dec 10, 2020)

New in Passwordstate 8.9 Build 8990 (Dec 1, 2020)

New in Passwordstate 8.9 Build 8989 (Dec 1, 2020)

New in Passwordstate 8.9 Build 8987 (Oct 31, 2020)

New in Passwordstate 8.9 Build 8983 (Oct 20, 2020)

New in Passwordstate 8.9 Build 8981 (Oct 13, 2020)

New in Passwordstate 8.9 Build 8973 (Aug 27, 2020)

New in Passwordstate 8.9 Build 8968 (Aug 13, 2020)

Updated Features:
Provided better error capturing if records were getting stuck in the password reset queue
Changed the automatic check-in process for configured password records to look for all records at the check in time, as well as in the past
Processing of Password Reset Queue has been updated where any possible exception for one record, cannot hold up the processing of subsequent records in the queue
Made changes to the password protected zip file for exports so they would work natively with Windows Zip file support
Added same-origin Referrer-Policy security header policy globally for Passwordstate and Mobile Client web site
The "searchpasswords" method in the standard API has now been updated to return a 401 Unauthorized if an invalid API Key is being used, as opposed to the previous behaviour of simply not returning any records
Made a change to work around issues of reset tasks getting stuck in the queue if the time on the SQL Server was different to the web server
Fixed:
Fixed an issue with the Password Reset Portal in IE 11 and Firefox where the on-screen instructions for password requirements was not showing
When denying users the ability to use their Personal Password Generator settings, we now update existing Password List Templates and Password Lists and assign the Default Password Generator policy
Fixed an issue with the Password Reset Portal and IE11 where the buttons where not completely visible if the 'Exit' button was chosen to be displayed on the screen
When adding a new folder via the API(s), the folder name was being returned in the Description field
Fixed an issue with the WinAPI when searching for Password Lists based on the Description field
Fixed an issue where a general error occurs when clicking on Passwords Home, after an initial failed login attempt, and then a successful login attempt
Fixed the Bulk Update Password Reset Options screen so you did not need to select a Privileged Account Credential in order to perform a search
When using a User Account Policy for selecting default password list settings and permissions, these options was not selected on the user's preferences screen
Fixed a 'Object reference not set to an instance of an object' when editing different scheduled reports on the screen Administration -> Reporting
Radius Server settings would not accept port values which had more than 4 integers

New in Passwordstate 8.9 Build 8951 (Jul 12, 2020)

New in Passwordstate 8.9 Build 8942 (Jun 23, 2020)

New in Passwordstate 8.9 Build 8933 (Jun 9, 2020)

New in Passwordstate 8.9 Build 8903 (Apr 6, 2020)

New in Passwordstate 8.9 Build 8900 (Mar 21, 2020)

New in Passwordstate 8.8 Build 8884 (Feb 27, 2020)

New in Passwordstate 8.8 Build 8876 (Feb 18, 2020)

New in Passwordstate 8.8 Build 8865 (Jan 28, 2020)

New in Passwordstate 8.8 Build 8864 (Jan 28, 2020)

New in Passwordstate 8.8 Build 8850 (Dec 23, 2019)

New in Passwordstate 8.8 Build 8844 (Dec 16, 2019)

New in Passwordstate 8.8 Build 8838 (Dec 5, 2019)

New in Passwordstate 8.8 Build 8835 (Nov 29, 2019)

Custom SSH Scripts using the Chilkat library are no longer allowed due to licensing restrictions - please use new SSH Template script options instead
Added two new 'Templated' SSH password reset script options where you can pass command parameters to the script instead of developing your own custom scripts
Added Palo Alto Firewall support for Password resets and validation
Disabled function keys in browser when using the Password Reset Portal web site
If additional authentication options are set on a Password List, those Password Lists will no longer be visible in the Mobile Client
Add the ability to perform exact match searching in the API(s) when searching for Folders and Password Lists
Email Temp PIN verification policy now displays the email address on screen for 15 seconds, instead of 3 seconds.
ix an issue where duplicate security groups could have been displayed on the Security Groups screen, if duplicate domains where added on the screen Administration -> Active Directory Domains
Add an option where a single Password record can be linked to multiple Web Site URLs to be used with the browser extensions
Made further improvements to form filling and Field ID updates for the Chrome Browser Extension
Released redesigned Firefox browser extension
Fixed potential form filling issues with browser extensions if the URL stored in Passwordstate was not prefixed with http or https
Added the variable to other URL fields on various screens, including any Generic Fields configured this way
Remove the Google Fonts reference call in the Password Reset Portal module
Password Reset Portal will no longer automatically enrol a user for the "Email Temp PIN verification policy, if the user does not have an email set in Active Directory
"What has a user been doing lately" report will no longer report on all users when you first enter the report screen
Made performance improvements in the Windows Integrated API when returning all records the user has access to
Fixed:
The Office 365 and Azure AD Reset and Validation Scripts were missing from new installs of Passwordstate
Fixed a password uniqueness issue with the Password Generator Policies
Fixed an issue where it was not possible to delete the default 'Read Active Directory....' Privileged Account Credential if it was no longer in use
Fixed a general error when users are searching for password records, but only searching by entering a space as the search criteria
When using an account which requires Check Out with the Remote Session Launcher, it was not checking out the account if SQL Server credentials were also displayed on the screen
On the Edit Password screen, generating many new random passwords and the clicking the Copy to Clipboard icon, was adding duplicate auditing records

New in Passwordstate 8.7 Build 8806 (Oct 9, 2019)

New in Passwordstate 8.7 Build 8792 (Sep 25, 2019)

New in Passwordstate 8.7 Build 8782 (Sep 11, 2019)

New in Passwordstate 8.7 Build 8765 (Aug 20, 2019)

New in Passwordstate 8.7 Build 8760 (Aug 12, 2019)

New in Passwordstate 8.7 Build 8744 (Jul 29, 2019)

New in Passwordstate 8.7 Build 8729 (Jul 10, 2019)

Updated Features:
Added a new System Setting option to exclude synchronizing the email address for Active Directory user accounts
Set autocomplete = false on the Username field on Add/Edit Passwords screens
Added support so Windows Datacenter operating systems could be discovered using a Discovery Job
Deleted jquery-ui.min.js off of the file system if it still existed
Removed further header response attributes to not reveal server information in header responses
Labelled access requests better to more easily distinguish between a request for a Password List, or Password Record
Added additional java script output encoding to various pages, in addition to back end server checks
Added additional debugging onto the screen informing the user that the SQL Server 2012 Native client is not installed
Added additional license checks for High Availability module - to ensure Registration Names match
Fixed:
Fixed an issue in the AD Sync process where the time taken to execute could increase over time when synchronizing thousands of security Groups
Fixed an issue with SSH key authentication for Google Cloud virtual machines
Some reports for the Password Reset Portal required a Security Administrator role from the core product, instead of from the Reset Portal module
Fixed an issue with synchronizing security groups into the Password Reset Portal, when maximum password age was not set in a fine grain group policy
When returning a Hash for the password field via the API, if the Hash Type is misspelled then you will be informed of this instead of returning the password value
Fixed an issue where the Passwordstate Windows Service was not removing Guest permissions on folders automatically after they were removed from any nested Password Lists
Fixed an issue sending Auditing data to syslog servers over TCP where it was possible an exception was raised regarding multiple sockets being opened
Fixed an issue with the Windows Credential Provider where it was returning users to the Windows Login screen, when resetting their password natively through the Windows Login screen
Fixed the following SAML Authentication on the active node of high availability setup - An SSO service URL for the partner identity provider hasn't been configured
Fixed an issue with the Password Reset Portal where certain special characters in the value of passwords was causing a IIS Server Error
Notes field in PasswordHistory table was not set to same length as Passwords table
The additional authentication option after SAML authentication was not working when Anonymous Authentication for the site in IIS was enabled
Fixed an issue where HaveIBeenPwned reports would not work with proxy server configurations settings in Passwordstate
Group Managed Service accounts could not be imported into the User Accounts screen, only normal and Managed Service Accounts

New in Passwordstate 8.6 Build 8691 (May 18, 2019)

New in Passwordstate 8.6 Build 8687 (May 14, 2019)

New in Passwordstate 8.6 Build 8679 (Apr 26, 2019)

New in Passwordstate 8.6 Build 8670 (Apr 16, 2019)

Updated Features:
If the 'Provide a Reason' option is selected for a Password List, then the menu 'Remote Session Launcher with these Credentials' will now be disabled, as you need to open the record and specify a reason before launching the session
Updated the Client Based Remote Session Launcher so that determine the OS Architecture type works for different languages
When using the Manual Launch button for Remote Sessions, users will be asked to 'Provide a Reason' for using credentials from Password Lists which have this option configured
You can now choose to send Emails for Permalinks either via the user's email address, or the mailbox being used for sending most other emails
Added a new System Setting option to hide the 'Copy or Email Password Permalink' menu
On relevant Discovery Job screens, a new tab has been added so you can query live which Host records will be queried as part of the discovery job execution
Added an option to delete Discovery Job results History
Notes field for password records can now store unlimited characters
The Error Console screen will now also show exceptions possibly caused by Anti-Virus software on the Passwordstate web server
Microsoft SQL Accounts can now be reset using an Active Directory account as the Privileged Account Credential
Made changes to MSSQL Discovery Job to allow AD Accounts to be used for the Privileged Account Credential
You can now specify multiple different names for the Local Administrators Security Group for the Windows Local Admin discovery job
Add a new Active Directory account Discovery job, where OUs or Security Groups can be queried, with accounts being imported into a Password List
Fixed:
Fixed an issue in both APIs where generating 100's of random passwords could have produced duplicated passwords
A successful account verification for the Password Reset Portal when using Questions and Answers was not reporting the correct Verification Policy in the Auditing data
Account Discovery Jobs for Remote Site Locations was not reporting any errors to the History of the Job, only to the emails sent for the job
Non Security Administrators could not access the Auditing Graphs main menu
Fixed an exception when trying to use the 'Test Email' button on the Email Template page if there was no email address associated with the user's account

New in Passwordstate 8.6 Build 8652 (Mar 22, 2019)

New in Passwordstate 8.6 Build 8650 (Mar 21, 2019)

New in Passwordstate 8.6 Build 8600 (Feb 4, 2019)

Updated Features:
Made Form-Filling improvements to Browser Extensions where fields names where explicitly specified in Passwordstate
Remote sessions can now be launched from the Passwords tab without requiring access to the Hosts tab
Added additional HMAC Hash validation to various functions within the APIs, and in the Administration area of the UI
Made sure there could be no spaces in a Host name when adding or editing host records
If launching a Remote Session from a password record, it will no longer navigate in the UI to the Hosts tab first
Added an option to deploy the Remote Session Gateway separate to the main Passwordstate web site
Added support for per Host session recording, instead of being user based
If using the Have I Been Pawned password check, and 'Prevent Bad Passwords' on Password Lists is disabled, you will now get a warning if the password has previously been compromised
When password records which are enabled for password resets are moved to the Recycle Bin, the option 'Enabled for Resets' will now be disabled
Fixed an issue in Internet Explorer where it was possibly to see a dialog asking you to close the tab when using the Browser Based Remote Session
Added additional HTTP headers for improved security
Add additional tools supporting Have I Been Pwned web site
Added reports to check status of passwords on Have I Been Pwned web site
SSH Browser Based Remote Session launcher now allows certain special characters when keyboard layout is not in US layout
If System Settings options are configured to prevent exporting of Password List data, then this will be reflected on the screen Administration -> Password Lists as well
Made some changes to the High Availability upgrade scripts to overcome any file locking issues when copying files
Updated the PowerShell script using for stopping the Windows Services when upgrading the High Availability Instance to wait until the services stopped
Updated the Browser Based Gateway to the latest build
Updated the Browser Based Gateway for the Remote Session Locations module to the latest build
If browsing to the site using a Permalink, the Password Lists/Folders/Hosts in the respective Navigation trees will be filtered and expanded so the appropriate node is visible
Fixed:
The System Setting option to restrict access to newly created Shared Password Lists was being ignored on the new Add Password List Wizard
Fixed issues with Duo Authentication for all modules if TLS 1.0 and TLS 1.1 were disabled on the web server
Actions menu for downloading documents was disabled if the user only had View access
It was possible that when using Firefox there was more than one Audit record added for a single Copy To Clipboard event
Fixed an issue where custom dependency scripts would not execute unless a host records was associated with the dependency
Fixed an issue where date filters in grid column headers were automatically clearing after selecting a date
Fixed an issue where clicking on the option 'Automatically log out of the Browser Extension when you close the browser' in the Preferences screen would cause the setting to be hidden, and then error when saving the change

New in Passwordstate 8.5 Build 8573 (Jan 9, 2019)

Updated Features:
Redesigned the architecture of Chrome, Firefox, Edge and Safari browser extensions for improved form filling and login field detection
Chrome, Firefox, Edge and Safari browser extensions updated to use jQuery 3.3.1
Browser based remote sessions will now open within separate tabs in the browsers
Update the Windows Credential Provider for the Password Reset Portal to resolve issues with domain name detection issues on login screens
Made some changes to SAML authentication to better support SP initiated SSO providers
Made changes to the execution of PowerShell scripts to prevent execution of PowerShell commands which were not included as part of the scripts
When using an active/active High Availability configuration, the Passwordstate Windows Service will no longer poll back to the primary site to see if it is available
Searching for Hosts under the Hosts tab will no longer close any open remote sessions
The option to link the creation of a Password List to a Template is now disabled by default for new installs
Renamed labels on Browser Form Fields tab on edit/add passwords screens
Added a better descriptive error message when a password reset for an Active Directory account fails due to the account no longer existing in AD
Provided a better descriptive message if a user tries to view the properties of a Password List when they do not have Administrator rights to it
Browser extension will no longer form fill fields on websites if the ID values are recorded in password records
Browser extensions will now only add an auditing record if they save or auto-fill credentials, not every time a website is accessed
Fixed:
Fixed an issue where the Windows Integrated API (WinAPI) was not working when using the 'read only' High Availability instance of Passwordstate
Browser Based Gateway Settings screen in the Administrator area was checking for the wrong Security Administrators role
Users could clone a folder to the Passwords Home even if they had no permissions to create a folder in this location

New in Passwordstate 8.5 Build 8556 (Dec 11, 2018)

New in Passwordstate 8.5 Build 8549 (Dec 3, 2018)

New in Passwordstate 8.5 Build 8537 (Nov 14, 2018)

Updated Features:
Improved the Request Access to Password feature, also allowed a requirement for multiple approvers
Added options for the Self Destruct Message feature to save the message, but not email the recipient - and then the Self Destruct URL can be emailed outside of Passwordstate
OTP accounts in Password Lists can now be copied and linked between different Password Lists which are enabled for OTP
Made further HMAC Hashing improvements in the database
Handshake approval feature has now been deprecated
Added Logged Off Auditing events for the main Passwordstate application
Changed the Issuer for Google Authenticator for the Password Reset Portal so it doesn't conflict with existing scanned QR Codes on your phone for the main Passwordstate web site
Updated the Linux Password Reset script to capture successful reset messages for French operating systems
Provided an option to disable email notifications per Password List
Made some improvements for error reporting if user's sessions in IIS end prematurely, or if using multiple tabs when accessing Passwordstate
Made various improvements to Linux Validation script
Fixed:
Fixed a general error screen on the passive High Availability mode when trying to perform a remote session when session recording was enabled
Fixed an issue with One Time Passwords generator where trying to add the QR code manually into the system would give an unexpected error
Fixed an issue in the APIs to ensure the UserID field specified for any permissions is set to lowercase as required
Fixed an issue with the copy to clipboard functionality where multiple Euro symbols where included in the value of the password
Fixed an authentication issue with a combination of SAML and alternate Authentication options based on Allowed IP Ranges, when navigating to the site after first authenticating to the SAML provider
Copy to Clipboard button for the Self Destruct Message URL was not including the ID field value
Fixed a Generic Error on the Add Privileged Accounts screen when selecting an Account Type from the dropdown list using keyboard navigation

New in Passwordstate 8.5 Build 8519 (Oct 24, 2018)

Updated Features:
Added PasswordListID and PasswordID values into various Permissions reports
Removed the IP Address reporting in the Temporary Pin Code email for the Password Reset Portal, as it was reporting the IP Address of the Passwordstate web server
Added an option for Passwordstate, Password Reset Portal, and Self Destruct Message sites to allow you to add your own custom css
Added a new System Setting option to allow users with View access to passwords to use the 'Expire Now' menu
If the Force the User of Selected Password Generator option was selected for a Password List, all new records being added will have a new password generated when opening the page
Added an option where the UserID field on Active Directory Authentication screens can be set to read only
Discovery Jobs will now maintain a history of changes, which can be viewed from within Passwordstate
Using the Run Now menu for Discovery Jobs will no longer alter the existing schedule
Made a change to mitigate against any conflicts where a password reset of a Privileged Account Credential was scheduled at the same time as other accounts, which are using the Privileged Account to perform the reset
Fixed:
Fixed an issue where 'There was an issue validating both the AuthToken session variable and cookie' may have been recorded in the Error Console
Fixed a 'Object reference not set to an instance of an object' error when trying to add password records via the API when the Password List was for a Remote Site Location
Fixed an issue were Logos for the Self Destruct message web site may not scale correctly on mobile phones
Fixed an issue were Logos for the Password Reset Portal may not scale correctly on mobile phones
It was possible the Agent Health icon on the Remote Site Locations screen may not have reported the health of each agent correctly
Fixed an issue where the embedded Self Destruct Message web site was not redirecting properly if specifying the ID manually
Fixed an issue with Browser extensions were not logging some auditing data
Fixed an issue where the password strength of a password wasn't being displayed the first time a password was created, when the 'Force the use of Password Generator' setting was enabled
The duration taken to perform an AD Sync process was not being accurately reported in the Windows Application Event Log

New in Passwordstate 8.5 Build 8501 (Oct 12, 2018)

New in Passwordstate 8.4 Build 8491 (Oct 5, 2018)

New in Passwordstate 8.4 Build 8488 (Oct 3, 2018)

New Features:
Added conditional permission check on destination Password Lists for the copy/move password record feature
New Self Destruct Message site with separate install, branding, passphrase protection and address book for contacts
Updated Features:
Made various improvements to SAML Authentication process
SAML Authentication can now be based on either the UserID, EmailAddress or UserPrincipleName fields in the database
Added an option for the Password Reset Portal where users can be redirected back to a specific URL when they click on any 'Exit' buttons
Mobile Client web site will no longer differentiate between incorrect Username or Password - it will provide a generic "Incorrect Login Details" if authentication fails
Made some improvements to ASP.NET Session management
Added an option where Forms Based and Local Login accounts now have to adhere to a Password Strength Policy when resetting the passwords for user's login accounts
Changed the Active Directory account validation, just prior to a reset, to use the same PowerShell script as the Heartbeat functionality uses
Added an option to purge all records in the Password Reset Queue
Added detailed debugging option for processing or records in the Password Reset Queue
Certain 'Local' Account Types will no longer show as Remote Session Credentials of not appropriate
When using the Bulk Delete Hosts feature, you will now be notified if some hosts could not be deleted as the records are still in use
When cloning users' permissions, you now have the option to not remove the destination users' permissions first
Added an option where you can specify which users are allowed to manage permissions on Remote Session Credentials via the View Permissions menu
Made some improvements to the Linux Validation Script to better detect incorrect account passwords
Made some changes to the High Availability Node poll process to try and resolve polling issues reported by customers
Password List Grids now have filters available for Account Type
HTML tab on each of the Rich Editor screens has now been removed
Syslog data will now be UTF8 encoded
Updated all pages to use the latest version of jQuery
The Tag field for Host records is also now searchable in the Hosts navigation tab
With the Add Password List Wizard, the Finish button is now disabled after you first click it - to prevent multiple clicking
Updated to the latest version of Telerik ASP.Net Controls
When Password Expiring Emails are sent to users for the Password Reset Portal, an audit record of category 'Email Sent' is now added with details of the reminder
Fixed:
Fixed a bug where the Recycle Bin for a Password List may not have been able to be viewed if the grid for the Password List had been customized
Standard failed Active Directory login attempts were adding records into the Error Console screen when it should not have been
AD Synchronization debug information was showing on the error console screen when it shouldn't have been
Fixed an exception on the Edit Password screen if you try and save an Active Directory record without selecting a domain

New in Passwordstate 8.4 Build 8459 (Sep 3, 2018)

New in Passwordstate 8.4 Build 8455 (Aug 31, 2018)

New in Passwordstate 8.4 Build 8449 (Aug 24, 2018)

Updated Features:
Updated the APIs so you can manage permissions on Folders, Password Lists and Password records
Windows API now supports password records where individual permissions are applied to the record
The new 'Reason' and 'HashType' parameters for API Calls can also be configured at the Password List level to be mandatory
Password retrieved from the API can now be returned as a Hash instead of the actual password value
When adding new Password Lists via the API, you can also apply permissions based on Security Group Name
When updating passwords via the API, you can now choose to exclude having the value of the password returned for the updated password object, or an auditing record will be added if the password is returned and visible
Added logging for high level API exceptions to the Error Console screen in Passwordstate, if API calls with invalid syntax are made
Added the ability to specify a 'Reason' as to why API Calls are being made, and this reason will be added to auditing data
Added an option to further restrict which users are allowed to modify settings on the 'API Key & Settings' tab for Password List settings
Optimized memory usage within the Passwordstate Windows Service
Added an option where you can specify a background image for the authentication screens
You can now specify your own Syslog date formatting for sending auditing data to Syslog servers
Added a new System Setting option to delay failed login messages from Active Directory, to obfuscate if the issue was either a incorrect Username or Password
Password Expiry Reminder email for the Password Reset Portal also now includes the user's domain account name in the email
If a password record has the option set to prevent exporting the password, then the record will also now be excluded from the Password History report
Added timings into reporting from the Passwordstate Windows Service for the Active Directory user and security group synchronization process
Added any exceptions from the Passwordstate Windows Service into the Error Console screen in Passwordstate
You can now manually specify One-Time Password settings instead of just scanning QR Codes
Failed SAML authentication attempts will now report the email address being used in Auditing data
Added additional debugging for any failed AD authentication login attempts
Deprecated the feature where you can archive auditing data from the UI
Introduced a new Auditing Archive table where auditing records can automatically be moved to the archive table to help with performance in the UI
Provided an option where you can specify the URL the browser extension authenticates/operates against
Send Self Destruct menu will now be disabled if the Hide Passwords setting on a Password List is applicable to your account
The global search feature for the API can now use Password List API Keys, instead of just the System Wide API Key - only data from the relevant Password List will be returned when doing this
Provided additional logging if a custom PowerShell script for account dependencies where to fail for whatever reason
Fixed:
Fixed an error with synchronizing AD Security Groups for the Password Reset Portal where the maxPwdAgeInDays attribute in AD was set to 0
Fixed an issue in the Password Reset Portal where a hardware token assigned to a user's account in Duo was not showing in the list of devices
Auditing records where being added when exporting passwords when the password was configured not to the exported
Fixed an issue where the alternative authentication option for Allowed IP Ranges was not working when Forms Based and SAML Authentication was being used as the System Wide authentication option.
Fixed an issue with the Password Reset Portal sending out an incorrect enrolment email, if two or more policies were assigned to a user.
Fixed and error on the add Active Directory Security Group screen where it could have been LDAPS instead of LDAP, or vice versa - depending on whether multiple domains were being used
Some HTML manuals under the Help menu were not displaying on various Linux based operating systems
It was possible the Custom Auditing scheduled report was reporting data on Password Lists the user no longer has access to
The 'Search for Password Lists' API method was not adding an audit record for found Password Lists
Fixed an issue where the password requirement indicators were not showing on the password reset screen for the Password Reset Portal
Fixed an issue with reordering password dependencies
Fixed an issue where it was not possible to update the Email Templates for the Questions and Answers Reset Portal verification policy

New in Passwordstate 8.4 Build 8411 (Jul 12, 2018)

New in Passwordstate 8.3 Build 8397 (Jun 21, 2018)

New in Passwordstate 8.3 Build 8388 (Jun 19, 2018)

Updated Features:
Added support for the 'Have I Been Pwned' API for the Add and Edit Password screens
Added support for the 'Have I Been Pwned' API for the Password Reset Portal
Updated Passwordstate and the mobile client to support authentication using the Active Directory UserPrincipalName attribute
Updated Passwordstate Reset Portal to support authentication using the Active Directory UserPrincipalName attribute
A custom Windows Credential Provider is now available for the Password Reset Portal, allowing users to access the Portal directly from a link on the Windows Login screens
Added a new feature where you can upgrade High Availability instances of Passwordstate, directly from within UI of the Primary server
You can now have duplicate Security Administrator records assigned to your account, via user account and or security groups, and the roles will be combined
You can now hide Security Administrator menus, instead of disabling them, if the user has not been given access to the required role(s)
On the Bulk Password Reset screen within the Administration -> Password Lists, you can now also see records which are not enabled for resets
When search for a host record on the Add/Edit password screen, you can now also search on the Title field for the host if it has a value
Added debugging data for failed password validations for the Backup account, and Privileged Account Credentials
The feature to delete a Folder and all nested Password Lists and Folders has been improved to avoid issues with slow performing database servers
After upgrades, any existing Notifications regarding new builds will be automatically deleted
If you have not been given access to create Folder and Password Lists in Password Home, you now also cannot drag and drop these into Passwords Home
Redesigned the password screen for the mobile client so more data can be seen for each field
"What passwords can a user see" report has now been modified to show each individual password records, instead of access to a Password List
Fixed:
Security Administrator's Report was missing a couple of newly added roles
The scheduled backup zip file could not be opened with the build in compression tools in Windows Explorer - other zip programs were not affected
Fixed an issue where editing a newly added Host record would show an error, when the Host was created using the 'Save & Add Another' button
Fixed and issue on the Bulk Password Reset screen in the Administration area where a search filter may have been cleared if using paging buttons for the grid
Security Administrator role for Remote Session Management was not renamed from Remote Session Credentials
Fixed an issue where the Check-In Tooltip for a Password record was not changing if the schedule was changed when the record was checked out
Fixed an issue with the Host Discovery job where it was possible to receive the error 'No value given for one or more required parameters'
Fixed an issue where manually adding host records to a Host Folder could have added the wrong hosts if using paging in the Hosts grid
Fixed an issue in the mobile client where it was possible you could not login after an automatic logout without first restarting your browser
Upgraded to the latest build of the Keno UI files for the mobile client to fix an issue where you could not scroll/swipe left and right within a fields value
On the Password Folders screen within the Administration area, it was not possible to view permissions on a Folder unless your account already had permissions to it

New in Passwordstate 8.3 Build 8345 (Apr 30, 2018)

New in Passwordstate 8.3 Build 8285 (Apr 6, 2018)

New Features:
Added a new Questions and Answers verification policy to the Password Reset Portal
Added Password Policies to the Password Reset Portal to provide on screen instructions for the expected strength of the password to be used
Added Bad Passwords to the Password Reset Portal to prevent usage of certain passwords
Passwordstate Browser Extension now available for Safari
Updated Features:
Removed the password field from the 'Request Access' pages
Remote Site Location Agent will now report back what Host Name the agent is installed on
Emergency Access login password can now be longer than 100 characters
Made changes to the Cisco Password Reset Script so it waits for expected responses before executing proceeding commands
Added an option where you can specify which users are allowed to use the Manual Launch buttons for the Remote Session Launcher(s)
Managed Service Accounts, and Group Managed Service Accounts, can now be added in as a User Account in Passwordstate so they can be used with the Windows Integrated API
Made some changes to the Windows Service reset script so it would not error if the Windows Service is currently disabled
The read only High Availability instance can now be accessed if the primary site is enabled for maintenance mode
Added an option to alert the user that remote sessions are being recorded when using the Browser based version of the Remote Session Launcher
Session Recordings for the Browser based Remote Session Launcher will now be automatically closed (ended) if the user navigates away from the active session to another page in Passwordstate
You can now display launch buttons for both Remote Session Launchers on the screen if needed
You can now also specify which users are allowed to use the Client based version of the Remote Session Launcher
If a user does not have access to a Folder or Password List when using the 'Toggle all Visibility' menu option, all context menus on these Folders and Password Lists will now be disabled
Renamed the IIS and COM+ reset scripts for consistency with the word Windows in the title
Updated to the latest build of PuTTY for the Client based version of Remote Session Launcher
Pasting of clipboard contents now works for SSH session with the Web based Remote Session Launcher
Email Templates now have no limits on the amount of characters you can insert into them
Updated HTML version of the manuals so you can navigate directly to certain pages if bookmarked
Added TCP support for sending Password Reset Portal Auditing data to Syslog servers
Host Discovery Job will not longer discover disabled computer accounts
Made improvements to the Cisco Discovery script to ensure it find all accounts on all iOS versions
Updated HTML version of the manuals so they are compatible with different operating systems
User's email addresses for the Password Reset Portal can now be edited by Security Administrators
Verification Policies in the Password Reset Portal can now be applied more than once for a user, but with precedence
Added logo branding to the Password Reset Portal
Fixed an issue with the Internet Explorer browser extension where is would cause errors on some pages which were running in 'Compatibility Mode'
Fixed:
Fixed an issue where the Allowed IP Ranges could produce an error for the Remote Site Locations agent, causing it to now communicate back to the API
Newly discovered accounts had the Heartbeat option enabled even though it was disabled on the Discovery Job
Fixed a bug in the Windows Integrated API where it could have reported a 'Object reference not set to an instance of an object' error for all calls
Fixed an issue where there appeared to be a space at the end of the Self Destruct Message when using the feature from the Tools menu
Fixed an issue where Session Recording may have caused the Manual Launch buttons for the Remote Session Launcher to fail
Fixed an issue where the JSON string returned from an invalid API call was malformed - it was missing a double quote at the end of the error message
Fixed an issue where the Browser Based Remote Session Launcher could not connect to pfSense Firewalls via SSH
Fixed an issue where the Pin Number Verification Policy for the Password Reset Portal was accepting any pin number
Fixed an issue with the Password Reset Portal where certain special characters were causing issues with enrolling and resetting user's accounts
It was possible you could not delete a security group if it was assigned to a Verification Policy for the Password Reset Portal
It was possible to create an API Key for a Folder, when the user had their permissions removed from this feature

New in Passwordstate 8.2 Build 8284 (Mar 16, 2018)

New in Passwordstate 8.2 Build 8257 (Mar 14, 2018)

New Features:
New browser based Remote Session Launcher with Session Recording is now available
Updated Features:
Made significant performance improvements to the Recent Passwords grid on Passwords Home
Remote Sessions to Hosts can now be initiated directly from the Passwords tab - for Local Accounts you have access to
Provided an option where it as possible to search and display Hosts in the Host Navigation Tree, if you do not specifically have access to them within a Hosts Folder
Made additional changes to web.config file to allow caching of static content
The IBM IMM password reset script has now been updated to allow the use of a Privileged Account credential, and better error capturing
Added better error capturing to the password reset script for local Windows accounts
Added Domain or Host field to Enumerated Permissions and Password Strength Reports
Added TLS 1.2 support in the Remote Session Launcher Powershell script for servers which have been hardened
Failed Password Reset and Heartbeat reports now only report on records where these options are enabled
Made some changes to the date check on the Password Reset Portal, to overcome an issue if there were date format differences between the SQL database and the portal Operating System
Fixed:
Fixed an issue where an old SQLLite dll was included in the latest build of the Remote Site Location agent
Fixed an issue here removing a Host record from a Folder under the Hosts tab would remove it from any Folders it was displayed in
If monitoring more than one Event Log for lockouts for the Password Reset Portal, it would error in the UI when checking the event log for a specific user account
The Host Discovery job could have found Hosts in AD if the OperatingSystem Attribute was blank - when OU recursing was used
Fixed a bug with the Auditing timestamp from the Passive Node of the High Availability instance - time was being offset from UTC
Fixed an issue where the installer of the Password Reset Portal would fail with a basic error on the screen
PIN with Mobile client wasn't working as expected when running the Forms based version of Passwordstate
Bulk Permissions was not working when revoking access for View Permissions

New in Passwordstate 8.2 Build 8256 (Feb 19, 2018)

New in Passwordstate 8.2 Build 8242 (Feb 5, 2018)

New in Passwordstate 8.2 Build 8225 (Jan 22, 2018)

New in Passwordstate 8.2 Build 8215 (Jan 4, 2018)

New in Passwordstate 8.2 Build 8205 (Dec 15, 2017)

New in Passwordstate 8.2 Build 8204 (Dec 11, 2017)

Updated Features:
Added support to the Remote Session Launcher for SQL Server Management Studio
Added an option on Discovery Jobs to report on all discovery activities, not just new accounts found
The account used on the backups and settings screen can now be linked to a password record
Made changes to prevent the use of multiple tabs open in your browser pointing to your Passwordstate environment - security enhancement
When the 'Check In Automatically' setting for password records is set to 00:00, then no automatic check-in will occur - this disables it
Edit Properties and View Permissions right-click menus on Password Lists in the Navigation Tree, are now disabled if an Additional Authentication option is applied to the List
Added a System Setting option to set the RADIUS username field on authentication screens to be read only
Made changes to the Handshake Approval process so the same approver cannot be selected twice
Added time based access to Remote Session Credentials
Added Time Based access to Privileged Account Credentials
Made changes to Remote Session Credentials so users without access to the linked Password record could not make any changes to the record
Added new auditing records for Remote Session Credentials
Add a new System Setting option to specify which Password Generator is used in the search toolbar at the top right-hand side of the screen
All Remote Session Credentials are now accessible from the Administration area
Added the Spell Out icon back to the Password Generator in the top toolbar
Add a new System Setting option to only show Templates on Add/Edit Password List screens if the user has been given permission to the templates
Added new System Setting options to restrict creation of Folders and Password Lists beneath parent folders, depending on your permissions to the parent folder
Fixed:
If you navigated to a second page in the Remote Session Credentials grid and then editing a record, it would display the wrong record
Fixed an issue with both APIs where you would get an error saying the PasswordListID was not found in the database when adding password records, if you first created the Password List via the API without copying any settings
Database Port label on Host remote session screen was showing the Remote Session port number
Cloning of Security Group permissions was not cloning for 3 tables
Clicking on the Tools icon was taking you to the Account Discovery screen, even though you had not been given access to this menu
Under certain conditions, a System Setting may have caused additional user permissions being applied to the creation of a new Private Password List
Fixed an issue accessing Password List Templates screen in the Administration area - incorrect role was being checked

New in Passwordstate 8.1 Build 8165 (Nov 10, 2017)

New in Passwordstate 8.1 Build 8150 (Nov 2, 2017)

New in Passwordstate 8.1 Build 8146 (Oct 30, 2017)

New in Passwordstate 8.1 Build 8136 (Oct 19, 2017)

New Features:
Edge browser extension now released
Updated Features:
Made a change to the Scheduled Task Password Reset Script to help with a Microsoft bug with Tasks created on Windows Server 2008 and Windows 7
Devolutions Remote Desktop Manager now integrates with our Windows Authenticated API
Added support for API Keys in the Header request when using Devolutions Remote Desktop Manager integration
Made changes to the Copy To Clipboard feature in the Passwords grid to support Unicode characters in the password
Made changes to exporting Auditing data so only the contents of the displayed grid where exported
When exporting passwords for the Bulk Update feature, we have removed some additional columns which where not required in the export
You can no longer delete an Active Directory domain if it is the only domain in the system
Added a link in the 'Access Request' email which is sent so the user can navigate to the Pending Access Requests page
Added some better error reporting if TLS 1.2 was disabled on the Passwordstate web server
The Linux Password reset script has been improved to handle special characters in the passwords
Added additional error reporting to the Windows Local Admin reset script when remoting into a Host using a Local Administrator's account, and not a domain account
Fixed:
Fixed an issue with SSH for the Remote Session Launcher feature as the SendKeys Class in the .NET Framework did not support certain characters
Fixed the following error when re-uploading a document - Operator '<>' is not defined for type 'DBNull' and string
Fixed an error in the Passwords tab when viewing visibility of all Password Lists, while a specific System Setting sorting option was set
Deleting an External Link from a Passwords Folder was not working
Fixed a CSV Import issue when trying to import into a Password List which belongs to a Remote Site Location
Fixed an issue with the SQL Server Password Reset Script where it would fail if the SQL Account had a dash character in the Username field
Under certain conditions, clearing one notification in the Notification Centre could have cleared all for the specific type of notification
Fixed an issue with Enabling Maintenance Mode when logged in as Emergency Access
Fixed a positioning issue with the eraser icon for the Global Password Generator when using custom logos with greater than default height
Fixed an issue where it was possible to select a Folder with the Copy/Move Password feature when using the Load On Demand feature

New in Passwordstate 8.0 Build 8097 (Sep 16, 2017)

New in Passwordstate 7.8 Build 7883 (May 29, 2017)

New in Passwordstate 7.8 Build 7869 (Apr 11, 2017)

New in Passwordstate 7.8 Build 7863 (Mar 17, 2017)

New in Passwordstate 7.7 Build 7854 (Feb 10, 2017)

New in Passwordstate 7.7 Build 7847 (Jan 27, 2017)

New in Passwordstate 7.7 Build 7844 (Jan 22, 2017)

New in Passwordstate 7.7 Build 7830 (Jan 22, 2017)

New in Passwordstate 7.7 Build 7825 (Dec 30, 2016)

New in Passwordstate 7.7 Build 7821 (Dec 30, 2016)

New in Passwordstate 7.7 Build 7819 (Dec 30, 2016)

New in Passwordstate 7.7 Build 7817 (Dec 30, 2016)

Made some significant improvements to the loading times of the main Navigation Tree, as well as expanding/collapsing nodes, and drag and dropping nodes around the tree
Added a User Account option to limit the number of Password Lists and Folders retrieved and displayed in the Navigation Tree
When search for Password Lists in the Navigation Tree, the folder structure to the found Password Lists is now shown
Tooltips on Folders and Password Lists in the Navigation Tree have been removed to improve loading times
Made some changes to the Authorized Web Server check to overcome intermittent DNS lookup issues some customers where having
Self Destruct messages can now be sent from the user rather than the default email address in System Settings
Fixed:
When sending a Self Destruct Message, the Subject line from the Email Template was not being used
Fixed an issue where it was possible to return back to the last Setup page for Passwordstate after the setup was complete
When using FIPS encryption, a database connectivity error screen was displayed when trying to validate the High Availability License Key
It was possible a Bad Password could also be reported on the screen as having Excellent strength
Fixed a database integrity error after importing user accounts via CSV files, and the UserID and Email Address for the user had capitalization in it
Fixed an issue where the Active Users screen would error if a UserID had a single quote in it
Fixed an exception where a custom Reset script could not be deleted
Fixed and issue with the Bulk Updated Password Reset Options feature, where deselecting the 'Managed Account' option would also disable the 'Heartbeat Options' tab
Fixed an issue where the Passwordstate Windows Service could not decrypt the AppSettings section of the web.config file when using FIPS encryption
Fixed an issue with SQL Server case sensitive DB settings and permissions not being applied to new Password Lists when new user accounts where being added
Fixed unrecognized date error on Maintenance Mode screen when using Greek language for Windows operating system
When viewing a Self Destruct Message, the whole value of the password may not be visible if it contains certain special characters
When importing Hosts, and the value for the database port was not a numerical value, it would report a successful import when it didn't actually import anything

New in Passwordstate 7.7 Build 7798 (Dec 30, 2016)

New in Passwordstate 7.7 Build 7789 (Oct 24, 2016)

New in Passwordstate 7.7 Build 7773 (Sep 20, 2016)

New in Passwordstate 7.7 Build 7772 (Sep 19, 2016)

New in Passwordstate 7.7 Build 7763 (Sep 6, 2016)

New in Passwordstate 7.7 Build 7748 (Aug 19, 2016)

New in Passwordstate 7.7 Build 7742 (Aug 11, 2016)

New in Passwordstate 7.7 Build 7737 (Aug 8, 2016)

New in Passwordstate 7.7 Build 7732 (Aug 4, 2016)

New in Passwordstate 7.7 Build 7723 (Aug 2, 2016)

New in Passwordstate 7.7 Build 7721 (Aug 1, 2016)

NEW FEATURES:
Added support for password resets and validation for Juniper ScreenOS firewalls
Added support for password resets and validation for Juniper Junos devices
Added support for password resets and validation for HP Procurve switches and routers
Added support for password resets and validation for HP H3C switches and routers
UPDATED FEATURES:
Added a new queuing system for Password Resets, and no data is updating in Passwordstate unless a successful reset is completed
Simplified the process of configuring accounts for Password Resets
The API has been updated to allow configuring password records for Resets and Account Heartbeat validation
Browser Extension for Internet Explorer is now out of beta
Made some improvements to the Navigation Tree so you can scroll up and down the tree when dragging and dropping Folders or Password Lists
Made various performance improvements to the Navigation Tree and selecting Password Lists when users have access to thousands of Password Lists and Folders
Scheduled Reports can now be run on a more frequent basis, and there is an option to run the report immediately
Remote Session Launcher now supports the use of local accounts for RDP sessions
When a password reset fails, the Expiry Date field is now no longer modified, and retry attempts will be made every day at the scheduled time
Added support for Microsoft SQL 2016
Host records can no longer be deleted if the Host has associated password records
The previous one-to-many relationship between password records and host records has now been deprecated
Permissions on custom Password Reset scripts are no longer required to associate the script with a password record
Added Connection Type and Port Number columns onto the Remote Session Credentials screen
The Oracle password reset script no longer requires the use of a Privileged Account Credential to connect to the database
You no longer need to modify any PowerShell scripts for Oracle to specify the path to the Data Access Components - the path can now be specified within Passwordstate on the System Settings screen
Various menu items under the main Hosts menu have now been renamed
The Hosts main menu has now been renamed to Resets
Hosts & Password Resets area within Administration has now been renamed to Password Resets
Renamed the Host Type of Appliance to Firewall
The option to reset a password when One Time Access is applied to an individual password record, has now be deprecated
When using Duo Push, hitting the enter key on various fields can now cause the push notification to be sent
The Import button on the Password List screen has now been move to the List Administrators Actions dropdown list
When adding an Active Directory account into a Password List which is enabled for Password Resets, it will prevent you from saving the record if the account exists in another Password List
It is now possible to trigger a Password Reset upon a new account being discovered on the network
Permissions on Host records are no longer required
Custom Images in the Administration area is now called Images and Account Types
The Expire Password Now menu for password records now triggers a Password reset if applicable
Installer for Internet Explorer Browser Extension will now delete registry key (on uninstall) which is created on initial use of the Extension
AD Synchronization Report has now been deprecated
Scheduled Password Validation Report has now been deprecated
Password Reset Tasks Report has been deprecated
FIXED:
Fixed a general error screen when authenticating with Manual AD Authentication from non-trusted IP addresses
Fixed an issue where encrypted Generic Field values may not have been able to be decrypted in the Passwordstate Windows Service
Users with Non-Admin rights to Folders and Password Lists were not able to drag them around in the Navigation Tree when they were meant to have access to do this
A general error screen was displayed when a user's account was disabled, instead of redirecting them to an appropriate screen
After clicking the Expand/Collapse all Password Lists/Folders icon in the Navigation Tree, it was not possible to expand/collapse individual tree nodes
When clicking on the 'Yes' button to check out a record for exclusive access from Passwords Home or a Folder, a JavaScript errors was preventing opening the Edit Password screen
When in Maintenance Mode, and error may have been displayed once clicking on a password record as it's possible the user's session may have ended if there was no activity on the screen
An error may have occurred during a Password Reset after a Time-Based Access was removed if the account was an Active Directory account and specified in FQDN format
Resource Discovery job was adding duplicate records when different naming conventions of UPN and Pre-Windows 200 format for accounts where being used

New in Passwordstate 7.6 Build 7676 (Jun 24, 2016)

New in Passwordstate 7.6 Build 7672 (May 29, 2016)

New in Passwordstate 7.6 Build 7668 (May 20, 2016)

Ability to Check Out Password Records for exclusive access
Updated Features Added Ability to set propagating permissions at nested folder levels, instead of just the top-level folder
Added the option to disable propagation of permissions from a folder
Made some changes to improve memory utilisation with the Passwordstate Windows Service, and also within IIS
Added support for Windows 10 and Server 2016 for Local Admin Account discovery, and Windows Account password validation
Added support for AzureDB and Amazon SQL Database Services
Made various improvements to the initial setup process, for adding logging and disabling buttons as you progress through the install
Updated the Folder icons to better indicate which permissions model is being used for the folder
Added the option to set the Host Heartbeat schedule on the Add and Edit Host screens
Added column TreePath to Expiring Passwords Report
The View Password screen for users with View access to a password record has now been replaced with the Edit Password screen for consistency
Added an option to force users to use a specific Policy for the Password Generator in the top toolbar and under the Tools menu
Added a copy to clipboard permalink icon to the Edit Password screen
Fixed If the Password List was configured to prevent exporting of Passwords, using the Save and Add Another button when adding record was ticking this option on newly created records
Fixed an issue where an Image may not have shown on the Remote Session Launcher credentials screen if not image was assigned to the relevant Password List
It was possible to set permissions on individual records when the Password List was inheriting permissions from an upper-level folder
Fixed an issue where an AD Security Group could not be added to Passwordstate if the ObjectSID for the group was longer than 50 characters
Scheduled Reports were not being sent to CC'd addresses if the CSV file type attachment
Error Console screen may have been showing in incorrect date format for specific regions
An exception may have been raised when viewing the History of a password record, if that record was restored from the recycle bin
Charts were not showing when using the High Availability instance of Passwordstate
Certain events which trigger sending of emails was receiving a "The multi-part identifier could not be bound" due to SQL Server being configured for Case Sensitivity

New in Passwordstate 7.6 Build 7646 (Apr 20, 2016)

New in Passwordstate 7.6 Build 7641 (Apr 4, 2016)

Moved some settings on the System Settings screen to more appropriate tabs
RADIUS Authentication official release - no longer in Beta
SAML2 Authentication official release - no longer in Beta
Added two new System Settings so you can specify which users are allowed to create Folders and Password Lists in the root of Passwords Home
Excluded the TreePath and ResetTaskCount fields from the 'All Passwords Report' to make the process of importing data into other Password List simpler
Security Administrators can now type the user's One-Time Password secret key within the User Account screen
Updated the validation for One-Time Password secret keys to instead check if the key was specified in Hexadecimal notation, instead of a Base32 string
When a user is asked to first populate their Google Authenticator or One-Time Password settings on first login, they must authenticate on this screen before their settings are saved
It is now possible to add a new or existing user's account to multiple Local Security Groups at once
Option to hide Toggle Visibility of Web API IDs for users who have Modify rights to Password Lists
Added a link to the Maintenance Mode label at the top of the screen, allowing you to easily navigate to the Administration area - and disable Maintenance Mode if needed
Added an option to the API to add Password Lists for individual User Accounts or Security groups - both Shared or Private Password Lists
Added a dropdown list on the Add/Edit Passwords screen so users can choose different Password Generator Policies to generate random passwords with
Added an option where a new Shared Password List can also be created when new user accounts are added into Passwordstate
Fixed A runtime error was being used with SAML2 Authentication when you navigate to the site from the SAML2 Providers web site directly
When basing a new Password List on the settings from another Password List or Template, the fields HeartbeatSchedule and FailedRetrySchedule did not have their values copied across
When using the Manual AD and One-Time Password authentication option, it was not redirecting to a page for the user to create their OTP secret if none existed
When returning Password List details from the API, it was not returning the new One-Time Password and RADIUS authentication types as a field setting

New in Passwordstate 7.6 Build 7623 (Mar 18, 2016)

New in Passwordstate 7.6 Build 7619 (Mar 11, 2016)

New in Passwordstate 7.6 Build 7615 (Mar 10, 2016)

New in Passwordstate 7.6 Build 7610 (Mar 5, 2016)

New in Passwordstate 7.6 Build 7603 (Mar 1, 2016)

New in Passwordstate 7.5 Build 7592 (Feb 24, 2016)

New in Passwordstate 7.5 Build 7583 (Feb 13, 2016)

New in Passwordstate 7.5 Build 7580 (Feb 12, 2016)

New Features:
Added a new One-Time Password authentication method for the Web UI and Mobile client based on the TOTP and HOTP algorithms
A new Secret Key Rotation features has now been added to allow regular encryption key rotation
Updated Features:
Encryption Keys can now be exported to a password protected zip file for disaster recovery purposes
Encryption Keys now use Secret Splitting to mask their identity
Every install of Passwordstate now uses two unique keys to perform the encryption, instead of the previous one
HMAC-SHA512 Hashing algorithm is now used to validate tampering of data directly in the database is not occurring
Random Initialisation Vectors are now used for every encrypted field and record
Added brute force login detection to all authentication methods in Passwordstate
A new System Setting option has now been included to prevent specifying API Keys in the QueryString of the API method call
Added FIPS Compliance support for Passwordstate
Have added a new System Setting option to allow nesting of Password Lists beneath other Password Lists if needed
Added better error reporting if a Password List associated with a Discovery Job had been deleted - previously reported conversion of string to boolean error
Added a user based option where they can choose to hide all Password Lists/Folders in the navigation tree when they first log into Passwordstate
When toggling the visibility of of Web APIs for a Password List, we now hide certain controls above the grid so the keys are more visible
You can now add in multiple Host records with the same name, if they have a different Remote Connection port number, and we've added the Port Number to the Hosts grid
Export all Passwords In Folder from within the Administration area is now exported to a password protected zip file
Added a license check to ensure the license count matches for Client Access Licenses and the Annual Support keys
Fixed:
When changing the value of a password field which was linked to various Hosts, it was performing a password reset even though the option Manage Account was not checked
Password Reset Results emails where being sent when the Email Template was disabled
When using forms based authentication, the new Maintenance Mode feature would not allow any user accounts to login in when maintenance mode was enabled
Fixed an issue where a user's Guest permissions could have been removed from a Password List when they were adding new password records and security groups where being used as the permission type
The Save And Close button was enabled on the Edit Folder screen for users who did not have administrator rights to the Folder
Filtering on a Password List when using the Password List Bulk Permissions feature was not allowing you to move the Password List into one of the Permission textboxes
When creating Password List under the Administration Area, it was possible it could have shown an error about not being able to create a Private Password List underneath a folder which was configured to propagating permissions
Fixed issue where page would not redirect if cloning a folder from in Administration area
When viewing permissions on a Folder from within the Administration area, it was possible to change permissions even though the Folder was not configured to have its permissions managed manually
The option to Auto Generate a new password value when adding new records was not working
When using the Save & Add Another button for a new folder, no permissions where applied when the top level folder was set to propagate permissions downwards
When selecting the 'Toggle All Password List Visibility' menu, filtering on Password Lists in the Navigation Tree was not working

New in Passwordstate 7.5 Build 7551 (Jan 26, 2016)

New in Passwordstate 7.5 Build 7539 (Jan 6, 2016)

New in Passwordstate 7.5 Build 7537 (Dec 30, 2015)

New in Passwordstate 7.5 Build 7535 (Dec 30, 2015)

New in Passwordstate 7.5 Build 7531 (Dec 18, 2015)

Updated Features:
Updated Active Directory and Local Windows Account Validation scripts to overcome issues with environments which may have tighter security controls
Removed Windows Server 2003 from the Discovery and Password Reset screens due to this OS not being supported
Updated the Active Directory account password reset feature to support accounts in User Principal Name format
Added a count to the Document button for Password Lists
Added additional debug data for the Active Directory Security Group synchronization process
Made changes to the Folder Propagating Permissions feature to allow users to create Password Lists beneath them, regardless of the permission level at the top level folder
Fixed:
When dragging a Password List which was not inheriting permissions into a Folder structure which was propagating permissions, the flag on the Password List to indicate it was inheriting permissions was not being set
Made some changes to the scheduled Active Directory Security Group synchronization process to overcome an issue where users may have been removed from Security Groups within Passwordstate
The High Availability instance of Passwordstate was trying to write to the DebugInfo table when it shouldn't have been
When adding a password via the API, the request may have failed when adding Password History if no ExpiryDate was set
The Remote Session Launcher for RDP sessions was not working if the UserName or Password had a space in its value, or if using User Principal Name format
When adding a password via the API, then GeneratePassword setting was not generating a random password
Some variables in the Self Destruct Email template where not properly being replaced at the time the email was sent
It was possible that Passwordstate reported an Active Directory password reset roll back was successful, but didn't roll back the change in Active Directory
Bar chart statistics on Passwords Home and Folders was showing the same statistics for All Users and the currently logged in User
When moving a Password List into Passwords Home from a Folder which was propagating permissions downwards, the Password List was still configured to inherit permissions

New in Passwordstate 7.5 Build 7515 (Dec 5, 2015)

New in Passwordstate 7.5 Build 7507 (Dec 4, 2015)

Updated Features:
Made some changes to database querying in the API for the Passwords Home and Folder chart to improve performance
When a Security Admin impersonates another user's account, they cannot modify permissions to Password Lists or Folders even if that user had Admin rights
Scheduled Password Validation can now occur even if the password is not enable for resets
Discovery Jobs can now add new records to Passwordstate without enabling the Password Reset option
When a Password Validation occurs, if there is some form of error which prevents validating the Password, auditing data is now added and an orange Icon is shown in the Account Heartbeat column
You can now execute a Password Validation script for Active Directory Accounts on demand through the Passwordstate web interface
Added a new column to the Passwords grid to show a count of associated Password Reset Tasks for a record
Added a configurable OperationTimeout setting to Discovery PowerShell scripts
When an Active Directory account is configured for resets, the record is now added to the Reset Tasks count on the Edit Password screen
Added a Verbose Logging screen for Manual and Scheduled Backups
Updated the Active Directory account validation script to also support UPN account format
Various Host timeout settings are now configurable for PowerShell scripts on the screen Administration -> System Settings -> Hosts
On the main Administration screen, we've added the option to enable Maintenance Mode if you have the correct Security Administrators role
Fixed:
The use of Privileged Account Credentials was not showing accounts to users when permissions were applied to them via Security Groups
When a user had View access to a password record which had mulitple password fields configured, trying to click on the magnifying class multiple times to unmask data was causing a JavaScript error preventing visibility of data as expected
Fixed an issue where the new Maintenance Mode feature may have interfered with various schedules executed by the Passwordstate Windows Service
Under certain circumstances, adding a password record via the API could results in a 'no compatible route found' error message
The Reset Tasks count on the Edit Password screen was showing a count for Hosts which were set to unmanaged
Fixed and issue with using Bulk Permissions on Password Lists in the Administration area
Fixed a potential issue where Password Validation for certain records may not have been executed at the set schedule
Any of the Telerik Editor controls, like Password Notes field, was stripping line feeds during a paste operation
After pressing the Save button for Screen Options for the Password Lists page, it was prompting to export history data for records
You could no longer manager permissions on Folders within the Administration area, if your account did not already have Admin access to the folder
When impersonating a user's account, the option to delete a Password List was available

New in Passwordstate 7.4 Build 7483 (Nov 18, 2015)

New in Passwordstate 7.4 Build 7476 (Nov 12, 2015)

New Features:
Permissions from top level folders can now be propagated down to all Shared Password Lists and Folders
Updated Features:
The Copy to Clipboard feature no longer requires Flash in the browser to function
You can now restrict API Access by IP Addresses on a per Password List setting
The Password Strength Compliance Report now includes a column called Bad Password, to indicate if there was a bad password match or not
Added an exclusion to the Resource Discovery script to ignore a scheduled task bug for Microsoft Sharepoint Workflow Manager
Added a regular clean up process for any old files left in the Upload folder
When adding a password record via the API and you have enabled it for Password Resets, then any Discovery Jobs can make use of this record instead of creating duplicates
Added a new Maintenance Mode which prevents users from logging on, and allows you to specify a time in which users sessions will be terminated
Made some changes to the IIS Application Pool reset script to ensure it could be successful started after stopping it
Added -IncludePortInSPN parameter support for Invoke-Command for various Windows reset scripts
A new Error Console screen has been added to the Administration area, and error debug data will no longer be visible to general user accounts
Pressing the Enter key of the Username field on any authentication screens now initiates the login process, just the same as the password field
You can no longer type the Upgrades URL directly into your browser
Made changes to account handling on Upgrade screens for improved security
Added checks to upgrade pages to ensure the user had the correct Security Administrator role in order to perform upgrades
Added additional checks to ensure no permissions to Private Password Lists can be changed in anyway
Added additional checks so permissions can only be added to Password List if you are Administrator of them, or a Security Administrator
In addition to a user session variable being destroyed on logout, their secure ASP.NET State Session cookie is now also destroyed
Changed any Disabled columns in grids to read Enabled, and showed an appropriate icon for each status type
You can now only nest Password Lists and Folders beneath other existing Folders - or Passwords Home
Removed the ability to create Folders from within the Administration area
The Navigation Tree will now be sorted by Folders first, then Password Lists - in alphabetical order
Fixed:
On the Hosts screen, using the paging buttons was clearing any filtering set on the page
Fixed an issue with AD Sync process where a circular loop of nested Security Groups could have caused the IIS process to spike CPU, or crash the Passwordstate Windows Service
After cloning a user's permissions and moving any Private Password Lists, the destination user would have received a database integrity error issue when trying to access any Private Password Lists
When searching from Passwords Home, it was possible that not all Password Lists your account had access to was being searched
Requesting access to Password Lists was broken, preventing adding of permissions if the request was approved
Fixed some issues to further protect against Cross Site Scripting issue (XSS) attacks
Some scheduled Account Heartbeats may have started failing as we overlooked inserting the correct license key for the Chilkat SSH component
For the 'Test Script Manually' feature, any SSH script using the Chilkat SSH component was failing, as we overlooked inserting the correct license key for this component
It was possible to upload documents at the Password List level when you only had Guest Access to the Password List
The Remote Session Launcher utility would not launch SSH sessions if the password had a comma or semicolon in its value
Reinstalling the Remote Session Launcher utility would cause remote sessions to fail as the PowerShell script being used was appending configuration settings on every reinstall
Fixed an issue where users may have been removed from an Active Directory Security Group during the scheduled AD sync process if there was a computer object within the group
Bulk Permissions for Password Lists would not list the available Password Lists if the TreePath field was NULL for one or more records
It was not possible to add a new Password Reset or Validation Script manually, unless you copied contents from a pre-existing script
An error message about the Privileged Account Credential for a non-trusted domain when resetting AD passwords could have occurred, preventing a password reset
The error message returned from Password Reset scripts if you forget to associate a Privileged Account with the Password Record, was still indicating you needed to associate the Privileged Account with the script itself
If using one of the Manual AD authentications screens, it was not reporting to the user that their account was disabled in Passwordstate
If your user account was disabled in Passwordstate, and you change the UserName field to another account in the AD Login screen, it would not let you authenticate with the second account
Certain password fields on various screens would not allow the use of special characters such as < and >
It was possible the password Recycle Bin could show an exception when you browse to it

New in Passwordstate 7.4 Build 7434 (Oct 13, 2015)

New in Passwordstate 7.4 Build 7426 (Oct 9, 2015)

New in Passwordstate 7.4 Build 7422 (Oct 9, 2015)

UPDATED:
You can now specify the Ping Packet Size for the Host Heartbeat feature
Made performance improvements to the Security Group and User Account cloning process as it relates to permissions for Password Lists
Various Notes fields now strip any Microsoft Office formatting when pasting from Word or Excel
Reduced the number of calls to the database significantly when clicking on Passwords Home of a Password Folder, which helps improves performance of page loads
Removed the old 'View Password Reset Tasks' icon from passwords records on the Passwords Home page to make it consistent with the View Passwords page
When using the 'Link to Password' feature for a Privileged Account Credential, we now show Title and Description so records are easier to identify
The notification for Annual Maintenance expiring will now only be visible to Security Administrators
Made changes to protect against inline proxy scanning tools manually manipulating querystring parameters
Any attempts to manually manipulate QueryStrings will now be redirected to a 404 page not found page
Set autocomplete="off" for all password textboxes so Firefox and IE do not remember previously typed values
Increased the default timeout on pages when cloning permissions for User Accounts or Security Groups
The option to convert Private Password Lists to shared is now hidden by default and customers must contact Click Studios to enable the option
Added an option to not show a list of Email Addresses on the Permalink screens for non Security Administrators
Set the ASP.NET Session Cookie as secure by default
Public Key authentication can now be used with Privileged Account Credentials to perform Password Resets in Linux Hosts
The Discovery Job process now queries all existing Password Lists to see if accounts already exist in them, instead of just the Password List specified in the Discovery Job
FIXED:
When reading Self Destruct Messages, if the URL being accessed is not HTTPS, the user will be informed they need to use it
Using the 'Save and Add Another' button when creating a Folder was not clearing the screen to allow you to create another folder
When searching for User Accounts in the Administration area, to add to security groups or apply permissions somewhere, disabled User Accounts will not be returned as well
The page which informs the user they do not have an account in Passwordstate could have reported a blank UserID value
Restoring the default Reset Scripts for F5 BIG-IP and Dell iDrac was not working
Fixed an issue where an error may have occurred when deleting a Privileged Account Credential
It was possible to upload PSD files for branding on the System Settings screen, when only png, gif or jpg files should be used
Selecting Non Active Directory Accounts on the Privileged Account Credentials screen was not hiding the Check Password button
When moving a Password Record with individual user Permissions to a new List, Guest access was not being applied to the new list for those users
When deleting a password record on Passwords Home or a Folder, the Recent Passwords grid was not updating
The Recent Passwords grid was not showing records which had permissions applied via a security group
When setting an Account Type for a password record from 'Active Directory' account back to blank, it was possible all records in the Password List where not being displayed, or an exception was raised
When using the Bulk Permissions feature for Hosts, if you removed permissions to all Hosts for a user or security group, the Save button did not perform the action

New in Passwordstate 7.3 Build 7393 (Sep 5, 2015)

Important Changes:
If you are using the Linux Password Reset script at all, you now need to have Microsoft's Visual C++ 2013 Runtime library installed on your Passwordstate web server - https://www.microsoft.com/en-au/download/details.aspx?id=40784
Host Types and Operating Systems have been set back to their default values. If you have added any of your own custom records here, you will need to do so again on the screen Administration -> Host Types & Operating Systems
Password Reset Scripts no longer need a Privileged Account Credential associated with them - this is applied at the password record level now if required
If you have modified any of the Password Reset or Validation Scripts provided by Click Studios, majority of these scripts have been set back to defaults in this build. It is now recommended that you create your own scripts for this purpose, and clone the contents from the default scripts we provide
If you have modified any of the Discovery Scripts provided by Click Studios, these scripts have been set back to defaults in this build. There are now options for the Discovery Jobs to include/exclude cetain accounts from the Local Administrators Discovery Job
If you have Host records currently added in Passwordstate, please review the new settings on the screen Administration -> System Settings -> Hosts tab
If performing Password Resets, please refer to the new KB Articles in the User Manual, found in the Help Menu
New Features:
It is now possible for Failed Password Reset tasks to roll back the password value within Passwordstate
Added support for resetting passwords on F5 BIG-IP Load Balancers
Added support for resetting passwords on IBM's IMM out of band management cards
Added support for resetting passwords on Dell's iDRAC out of band management cards
Added an feature where various Password Reset and Validation tasks can be updated for multiple password records at once
Added a new Account Heartbeat feature where Password records can now be polled on a regular basis to ensure the passwords stored in Passwordstate match what is being used on the Host
Hosts can now be polled regularily to ensure they are on-line, with multiple options for setting the Host as Unmanaged, or to delete the Host record if not seen on the network for an extended period
Added the option to test Reset, Discovery and Validation Scripts within the Passwordstate interface, with your own test data
Added support for resetting passwords for Linux root accounts
Added a new report to query when a password value was last updated
When a password value is updated, we now track this date and provide a column in the Grids to view it
Added an option to retry failed Password Resets on a more frequent schedule
Added support for discovery other types of operating systems in Active Directory with the Hosts Discovery job
Updated Features:
Password Reset Scripts no longer need a Privileged Account Credential associated with them - this is applied at the password record level now if required
The 'Bulk Update Passwords' feature is now only available to Administrators of Password Lists
When viewing access requests for password records, we now include the UserName field for the password record in the grid view as well
The dedicated Remote Session Launcher page no longer opens in a new tab in the browser, and you will return to this page if your session in Passwordstate ends
Made changes to Backup Settings screen to better explain backup and in-place upgrade account requirements
Added a 'Refresh Grid' button to the Auditing grid on each of the Password List pages
When users are adding Hosts into Passwordstate, they are now informed if the Host already exists - adding manually, importing and the API
Redesigned the 'View Password Reset Tasks' screen to see last Account Heartbeat status, and to initiate a Heartbeat Poll for Hosts and Accounts
Password Validation Scripts no longer need to have permissions applied to them in order to associate them with a password record
Made some changes to the main Vertical Menu System so the menu can be pinned when it is expanded
Added 2 new audit events for the regular account Heartbeat password validation process
You no longer need to specify a Description when adding Password Lists or Folders
When opening the Edit Password screen when navigating from the Administration area, you will now be redirected to the View Password screen
"Validate Passwords Are In Sync" actions menu item has been removed now regular schedules for Account Hearbeats can be configured
Added right mouse click Context Menu to Navigation Tree for creating folders and password lists
When adding passwords via the API, you can now also select the Validation Script to associate with the password if you choose to enable the password for performing resets
Added additional error checking to the Get-Resource.ps1 PowerShell script for better error capturing
When Adding/Editing password records, if Password Reset is enabled, the relevant Password Validation Script is now automatically selected when choosing the Account Type
Pattern matching for Password Generator Policy can now include Special Characters
Renamed some of the Custom Images, and added a few extra
When adding Custom Images, the Custom Image Name field will not be overwritten with the name of the file
When adding a Remote Session Credential query, you can now use wildcards for matching Host Names
Added a new System Setting option to turn off the popup 'Guided Tour' for new user accounts
A parent Password List/Folder will now automatically expand in the tree view when creating any nested Password Lists/Folders
Added an option to have all Folders collapsed by default when your first log into Passwordstate
Hosts can now be set to Unmanaged or Deleted if they are no longer found in any Active Directory OUs as part of a Discovery Job
When adding/editing a Remote Session Credential, you can now also search for password credentials by Title and Description fields
You can no longer delete any inbuilt Host Type or Operating System records
Discovery Job emails are now sent to users who have permissions to the Discovery Job, as opposed to any related Password Lists/Templates
Made some changes to better catch error exceptions - previously they could have been blank
Added additional Host Types, Operating Systems and redesigned the screen within the Administration area
The Windows Account validation script no longer needs to use a Privileged Account credential to validate the password is correct
You can no longer make changes to the contents of Inbuilt Reset & Validation Scripts
When adding/editing Reset and Validation Scripts, it now records who the author is and date updated
You no longer need to pick the Password Reset Scripts to associate with any Discovery Jobs
You no longer have to have permissions to Inbuilt Password Reset scripts in order to associate it with a Password and Host record
Added an option to force user to change password upon next log on when using Forms Based Authentication
With the Hosts Discovery Job, you can now apply permissions to newly discovered Hosts with either User Accounts or Security Groups, instead of copying permissions from a Password List or Template
Added an option to only look for certain named accounts when using the Local Administrator Discovery feature
Fixed:
A background process was removing permissions from Folders if the folder had no nested Password Lists or Folders beneath it
When using Form-Based Authentication and email/pin MFA, the user was being logged out immediately after authenticating
User Accounts screen in Internet Explorer was showing contents center aligned when using small resolution displays
Fixed some UI width issues for Internet Explorer when displaying HTML fieldsets on various screens
Adding user accounts manually, or importing via csv file, was not allowing the UserID field to be of maximum length of 100 characters
The 'Folder Options' button was showing for the Passwords Home screen, when it shouldn't have been
If a Password Folder had no permissions applied to it, Security Administrator's couldn't fix permissions manually as all controls were disabled
When searching for passwords in a Password List with multiple pages, you could not navigate to the next page
Fixed an issue with Google Authenticator not prompting for access code when logging in as a different user
Newly created Local Login Accounts where being logged out immediately after they logged in for the first time
The Maintenance Renewal reminder link at the top of the screen could not find the renewal invoice in some cases
SSL Redirection was only occurring during initial authentication to the Passwordstate web site
Notes field text limit warning not showing when adding an initial 8000+ characters of text to a password record
Made several changes to prevent Cross Site Scripting attacks (XSS) by users intentionally saving malformed data in the database
Password List and Password Titles were missing within the body of the Permalink emails
Fixed an issue where the Active Directory User Account synchronization process may not complete due to a 'String or binary data would be truncated' error
The Mobile Client was expiring users sessions before the Idle Timeout setting was reached
It was possible Windows Hosts weren't being discovered if the AD Attribute lastlogontimestamp had no value stored in it
The Browser Extension fields could have been marked as mandatory fields when performing a CSV file import
It was possible to receive a 'malformed querystring error' on certain screens if a relevant field had an & symbol in it
When using API to create a new Password List, it could have apply the incorrect settings from a Template if also apply permissions from a Template
Received an error about the querystring being malformed when adding a Password List and clicking on the 'Save and Add Another' button
The 'Edit Password List Settings' menu option is no longer available for Private Password Lists within the Administration -> Password Lists screen
When Impersonating a User in Passwordstate, we now set the default home page to 'Passwords Home', in case the user has a Private Password List set as their default
When editing details for a Scheduled Report, the description of the report was not displayed unless you re-selected the report

New in Passwordstate 7.3 Build 7316 (Jul 14, 2015)

New in Passwordstate 7.3 Build 7301 (Jul 3, 2015)

Added:
Windows 10 Host support for Discovery, Password Resets and Remote Session Launcher
Made several changes to support the use of Managed Service Accounts for connecting to the database, instead of SQL Server Logins
Searching of passwords can now be done with partial matches using multiple values as the search criteria
Made changes to further protect against SQL Injection attacks, or Cross-Site Scripting (XSS) attacks
Dropped the reference to InBuiltAccount for Privileged Account Credentials
Renamed the 'Password Reset Options' tab on the Add and Edit Passwords screen to 'Schedule'
When setting a user's account to expire, the date when the account is expiring is now added to the audit logs
Added 'View Password Reset Tasks' menu to Host records on the Passwords Home page
On the Add/Edit Password screen, various controls are now hidden if the Password field has not been selected to be used for the Password List
Fixed:
When deleting a Password List or Folder, it was possible you may have seen a screen saying you no longer had access to this Password List or Folder
Was getting a "WRM cannot process this request" for Windows Resource Discovery as some hosts required the use of the -IncludePortInSPN parameter for Invoke-Command
Some of the Search boxes continued to show the search animation if the same value was searched more than once
When you are redirected to a screen to create a Google Authenticator Secret Key on initial login, the barcode was not centered correctly on the screen when using a small resolution
Add Password page was not being rendered correctly when clicking on the 'Save and Add Another' button while on the 'Notes' tab
Trying to save any changes to the 'Scheduled Task' password reset script was causing a server 500 error, preventing saving of the record
Fixed an issue where an error of "String or binary data would be truncated" may have occurred when trying to add records to the QueuedEmail table
A password record which was enabled for Password Resets was still showing an icon indicating it was associated with a Host, if the Host was set to 'Ignored' in Passwordstate
Password Reset Scripts should have had the option '-- Not Required --' for the Privileged Account you can associate with the script. This was missing for new installs of version 7.
When reading a Self Destruct Message, a error about "remote certificate is invalid" was shown when using a Self-Signed Certificate
When emailing a user a copy of the Google Authenticator Barcode, an Encryption error was displayed on this screen if the user did not have have Passwordstate open in the browser when they clicked on the navigation link in the email
Resetting of Scheduled Task passwords was failing if the Task had a single quote in the name
When a Password List has the option "Hide Passwords from users", it was still possible to see the password value by using the 'View & Compare History of Changes" menu option
Updated the Linux Password Reset script so that it will reset passwords correctly on RedHat Operating Systems
The Host Discovery process was discovery Hosts multiple times if the Host record did not have a dnshostname attribute

New in Passwordstate 7.2 Build 7277 (May 30, 2015)

New in Passwordstate 7.2 Build 7273 (May 26, 2015)

New Features:
Added support for SafeNet Two-Factor Authentication for the Web UI and Mobile Client
Updated Features:
Added an option where you can return to the last Password List you had shown on your screen, once you have been logged out of Passwordstate
Added the option to brand the Logo and Page Titles for the Mobile Client
Updated licensing features to support the new Global license option
Added reporting options to export a list of Password Reset Tasks for an entire Password List, or an individual password record
Added a new option to allow changing of a Password Lists image when copying settings from another Password List or Template
Added an option to prevent users from unticking the option 'Link this Password List to the selected Template' when set via a User Account Policy
The option to link a new Active Directory account to an existing one in another Password List now requires you to know the password for the account, and the linking happens when hitting the Save button
Made some changes to the Remote Session Launcher installer to try and overcome NTFS permission issues on files when installing as a non administrator
The list of Domains in the dropdown list on Authentication windows will now only return unique domain entries if duplicate domain information has been added to Passwordstate
When using the 'Export All Passwords' feature, any Password Lists configured to support the Browser Extension will now have the values of the Browser Extension fields exported as well
Added a new option to enforce a two-step authentication process when one of the two-factor options was selected and only Windows Authentication for the site in IIS is enabled
Browser Form Fields are now exported and can be re-imported for Password Lists configured to use the URL field
Fixed:
Fixed an issue where selecting an additional Authentication Option for a Password List and clicking the 'Save and Close' button, was causing the site to be displayed in an iframe
Editing a user's settings on the screen Administration -> User Accounts, was clearing the Email Address field for where to send a Temporary Pin Code for authentication
Excessive Activity email notification was reporting on records in Private Password Lists
Some Exporting of Password features were exporting the ScriptID field when they shouldn't have been
On the Passwords Home page, "user" auditing data in the graph could have been incorrect on the timeline if some months had zero data to report
When the System Setting for preventing exporting passwords from Shared Lists was set, it was still possible to select this option on the Edit Password List Settings screen - exporting was disabled though
Custom page background color was not being displayed when logged out due to idle timeout being reached

New in Passwordstate 7.2 Build 7253 (May 12, 2015)

New in Passwordstate 7.2 Build 7243 (May 6, 2015)

With the changes in the performance of the AD Synchronization process, please ensure the LDAP Querystring for any domains on the screen Administration -> Active Directory Domains are pointing to the root of your domain so User Accounts and Security Groups can be found
Updated Features •Added support for resetting passwords on VMware ESXi accounts
Added support for resetting passwords on HP iLO accounts
Made significant speed improvements to the Active Directory Security Group synchronization process
Local Login Accounts, when using AD Authentication option, can now also use all the other authentication options built into Passwordstate
Added an option on the Manual AD Authentication screens to display a list of Domains which can be selected, instead of needing to type the domain prefix manually
Additional Authentication options are now available when you enable Anonymous authentication for the site in IIS - when using the AD Integrated version
Added a new AD Account and Security Group debug mode, and screen for viewing debug events
When using the AD Integrated version of Passwordstate, if a user tries to access the site and they don't have a registered account in Passwordstate, they will be redirected to the Manual AD login page so they can login with a different account
Made changes to the resource Discovery PowerShell script to support discovery of Scheduled Tasks nested in Folders
Updated the error capturing in the Scheduled Task password reset PowerShell script to better report on whether the new password or privileged account password was incorrect
Added an email alert when Security Administrators export all passwords from the Administration area
Made some changes to the Passwordstate Windows Service to overcome the intermittent issue of "Unknown error 0x80005008" and security groups being removed when the Active Directory Synchronization process runs
Made improvements to memory utilisation of the Passwordstate Windows Service when synchronizing many Active Directory User Accounts and Security Groups
Fixed:
Made some changes to the Resource Discovery PowerShell script as Hosts without the option to execute PowerShell scripts enabled may have returned blank data
The Discovery PowerShell script was returning blank data if no Windows Services using accounts as their identity on Hosts with PowerShell 2 installed
Local Login Account authentication audit events where being recorded as Active Directory authentication attempts
When using Forms Based and SecurID Two-Factor Authentication, the UserID value was not being added to the auditing data
Duo Push Authentication was not working when the use of local Proxy Servers was required
Was receiving a 'Object reference not set to an instance of an object' error when trying to apply permissions for which user's were allowed to create API Keys for Password Lists
Fixed a 'String or binary data would be truncated' error if saving a Password List when the guide has more than 8000 characters of text specified

New in Passwordstate 7.2 Build 7223 (Apr 18, 2015)

Added the ability to add, delete and search for Hosts via the API
Added a separate 'Allowed IP Ranges' feature for the API, so this can be locked down to different sets of trusted networks if required
Added a separate 'Allowed IP Ranges' feature for the Emergency Access Login page, so this can be locked down to different sets of trusted networks if required
Added an 'Outage Notification' Email Template and button so you can inform users of planned outages for Passwordstate
Added an option to email Security Administrators when a Password List is deleted
Added a new System Setting option for displaying the Account Types label next to the image in each of the Password Grids
Added the ability to view SecurityGroupID values on the screen Administration -> Security Groups
Added a new Password Generator API Key (System Settings screen) which now must be used for generator random passwords via the API
The automatic configuration of the Chrome Browser Extension no longer has a dependency on the Base URL field being accurate on the screen Administration -> System Settings
The Passwordstate Windows Service no longer relies on a registry key to determine the path to the web.config file
Updated to the latest version of ZeroClipboard for improved security - version 2.2.0
The SuperPutty configuration file had an incorrect path as to where it should save it's settings
The Allowed IP Ranges feature may have prevented the use of the Chrome Browser Extension, depending on what network settings were specified
Fixed various Cross-site scripting (XSS) vulnerabilities as the result of an application penetration test
The 'Save and Add Another' button on the screen Administration -> Password Lists was not redirecting to the Add Password List page
Fixed an issue with the 'Aged Password Report' where it may not have been returning data for all password records
Using Security Groups to specify which users are allowed to use the Chrome Browser Extension was not working - only when specifying permissions based on User Accounts
Fixed a bug for the Host Discovery Job where the Tag field may have repeated the value of 'No longer found in' if the Host was moved to a different OU
When the Passwordstate Windows Service 're-enabled' a user's Active Directory account, it was not first checking if there were any available licenses to do so
The verification of the backup account used prior to upgrades occurring was failing if customers where using the Forms-Based authentication version of Passwordstate
Fixed an issue where the standard horizontal popup message at the bottom of the screen was not bottom justified when using the new Vertical menu system
If a Password List's options 'Hide Passwords from Users' and 'User Must Specify a Reason' were set, the Password column in the Home Page Search Passwords grid was showing two sets of data
The verification of the backup account used prior to upgrades occurring was failing if a local account was being used as opposed as a domain account

New in Passwordstate 7.2 Build 7200 (Mar 28, 2015)

Updated Features:
Made significant performance improvements when automatic applying of permissions to upper-level folders needed to occur
Made some performance improvements when sending the Delta Permissions Report email
The Host Discovery process no longer checks for matches on HostType equals 'Windows'
The 'Link to Password' field for Remote Session Credentials is now hidden a user has not been given permissions to the credential
When using Forms Based Authentication, if the 'Denied Access Altogether' option is selected for untrusted networks, the user is now denied on initial login, not after they first authenticate
The Emergency Access login page will now return a 404 Error page if accessed outside of the 'Allowed IP Ranges' settings
Fixed:
Reverted to previous version of Telerik ASP.NET Controls as the latest version was preventing pasting data from the clipboard into the Notes field for password records
After upgrading to Build 7185, the High Availability instance was reporting an UPDATE error for the UserAccounts table when trying to update the LastLoginDate field
Fixed an issue where the Passwordstate Windows Service could have caused high SQL Server CPU usage when sending emails for Password Lists which were nested deep in a Folder structure
The Passwordstate Windows Service was logging audit records as 'Access Updated' when it should have been 'Access Removed'
When only having a single Zone on the Passwords Home Page, the grid was not filling the width of the screen
When using Duo Push Authentication, it was possible a blank alert may have shown on the screen after authenticating
Pending password resets were visible to users who weren't granted access to the relevant hosts
The 'Allowed IP Ranges' authentication option, when outside the trusted networks, was only working if Passthrough Authentication was selected on the System Settings -> Authentication Options tab
Was receiving a 500 Internal Server Error when viewing a Self Destruct Message, only if the email wasn't sent from Passwordstate i.e. the copy to clipboard icon was used instead

New in Passwordstate 7.1 Build 7185 (Mar 24, 2015)

To configure the Chrome Browser Extension now, all you need to do is browse to the Passwordstate web site and it will configure itself - no more specifying the URL, UserID and API Key
Added two auto logout timers for the Chrome Browser Extension - when the user closes their browser, or when the browser has been idle for (x) minutes
Made some changes to the Chrome Browser Extension to eliminate the need to upgrade Passwordstate every time the Extension is updated
Security Admins can now choose which Users are allowed to save new web site logins with the Browser Extension
Security Administrators or Users can now choose which URLs are ignored by the Browser Extension, preventing saving of new logins for the given URLs
Added an option where 'View' permissions to a Password List can create new password records
Added 'Last Login Date' field on the screen Administration -> User Accounts
Updated to the latest build of Telerik's ASP.NET Controls
When sending Auditing data to a syslog server, the client IP Address is appended to the end of the syslog description field
Added a popup alert if there are any Failed Password Reset Tasks on the screen Hosts -> Pending Password Resets which may require your attention
Added additional error checking to 'Validate Password for Windows Account' PowerShell script, to ensure a Privileged Account Credential has been associated with it
When applying permissions to a Privileged Account Credential, a check is first made to ensure you have specified the UserName and Password for the account
Added some checks on the System Settings page to check AuthAnvil and Duo Push settings are specified before selecting one of these authentication methods
Added a new System Setting option to prevent users from exporting passwords from Shared Password Lists
Made some changes to the Remote Session Launcher Utility so the 'Remember my credentials' option is not selected for RDP sessions
Added an option to pause for (x) seconds between synchronizing Active Directory Security Groups
Made some changes to the Self Destruct Message feature, where the message can be viewed (x) number of times, and an email is sent to the user who generated the message on it being viewed
Added a new audit events for requesting,denying and approving access to Passwords and Password Lists
Added the option to add multiple Security Groups at once
When using the AD Authenticated version of Passwordstate, users outside of your internal network can now view Self Destruct Messages
Added a System Setting to have the default option of automatically linking or not new Password Lists to a Template if copying of settings from the Template is selected
Included UltraVNC VNCViewer 1.2.0.5 as the latest VNC client for the Remote Session Launcher utility
Added a check to ensure duplicate Bad Passwords can't be added on the screen Administration -> Bad Passwords
Added a filtering header to certain grids in the Administration area to allow easier searching
Increased the Field Length for filtering Hosts on the Remote Session Credentials screen
Browser Extension and Remote Session Launcher now has their own tabs on the Preferences screen
Masked and disabled some data on the Preferences screen when a Security Admin is impersonating a user's account
The Temporary Pin Code Email Address is now auto-populated when new accounts are added to Passwordstate
When a password record is of type 'Active Directory', then the UserName label will now show Domain\UserName
Increased the Field Length for filtering Hosts on two of the Discovery Jobs screens
Provided Templates for Permalink Text and Self Destruct Message Text
When using the Remote Session Launcher, if the password being used has the 'Provide a Reason' setting, then you must do this before logging in with these credentials
When saving new Passwords with the Chrome Browser Extension, the Password Lists are now sorted alphabetically by the TreePath
Added SuperPutty as the default SSH client for the Remote Session Launcher utility
Added an icon on the Edit Password screen to launch a new browser tab for the URL field
Password Reset script for Linux has been updated to include conditional processing for different Operating System types
Added OperatingSystem variable for Password Reset scripts so conditional processing in the script is possible for different Operating Systems
On the Backup and Upgrade Settings screen, add a button to validate the domain account being used has a valid password
Added a new System Setting option to hide the ability to manage permissions manually on folders
Added the ability to apply permissions to Remote Session Credentials, and share the credentials with other users
When performing an In-Place Upgrade, we now validate the account/password being used for the backups is still valid and not blank
When adding an Active Directory account password, if the account is found to already exist in Passwordstate, you are given the option of linking the two
Fixed :
For the 'Bulk Permissions for Individual Passwords' feature, an error message was displayed if you were not a Security Administrator of Passwordstate
Adding a Host Discovery Job record may have resulted in a JavaScript error after adding an OU, preventing certain clicking functions on the screen from working
Renamed the UserID for the Passwordstate Windows Service from WindowService to WindowsService
Added some checks to ensure either the Alphanumerics or Word Phrased options where selected for Password Generators, before you can generate passwords or save policy records
Administration -> Auditing screen may have returned zero results when filter on Audit Activities, as the Activity Type was automatically being deselected
Was receiving a "'Date2' cannot be converted to type 'Date'" error when impersonating a user when using Forms-Based Authentication
Self Destruct Message may not have added Auditing data to reflect which Password record was contained within the message
Fixed an issue where Password Lists were not showing on the screen Administration -> Password Lists, if the TreePath field value was NULL
Some session variables weren't being refreshed when using Form-Based Authentication, and saving some changes to your Preferences screen - required you to log back in to pickup changes
Made some changes to the Export All Passwords feature to overcome the report crashing if values like 5,4,3 were stored in a field - these we're trying to be interpreted as date fields
Any selected settings on the 'Password List Options' tab for a User Account Policy, were not highlighted Red showing the setting was in use
If connecting to en existing empty database during initial install, the database connection test would fail in the database name had a dash in it i.e. '-'
The 'Spell Password' icon was showing in to top toolbar when logged in as the Emergency Access account
Fixed an issue where it was possible to bypass the ScramblePad authentication login if your Pin Number was currently blank
Fixed some Passwords Home page UI issues when using a very small resolution
Fixed an issue with Google Authenticator where we query if the User Account exists now before we present the screen to create the Secret Key QR code
Fixed an issue where the correct authentication option for an account was not presented if the UserID was changed on the initial login screen
Error capture page for AD User or Security Group querying was not reporting the correct AD attributes
Fixed an issue where popup screens would not resize correctly when using small resolution monitors
Hosts & Password Resets screen in Administration area was showing black border around icons when using Internet Explorer 9

New in Passwordstate 7.1 Build 7123 (Jan 30, 2015)

New in Passwordstate 7.1 Build 7120 (Jan 21, 2015)

New in Passwordstate 7.1 Build 7105 (Jan 12, 2015)

Added a Simulation Mode for each of the three Discovery features
Added a Scheduled Password Validation Report to check if the passwords stored in Passwordstate match what is currently in use on the various hosts
Updated Features:
Added the option to disable a User's account when they no longer belong to any Active Directory security groups in Passwordstate
Added an email alert for Security Administrators if the automatic AD Sync Process was still running the next time the scheduled was met - could indicate an issue
Added an option to convert a Private Password List into a Shared one
Added some popup guidance windows to each of the 'Discovery' feature screens if the prerequisites haven't been met for adding discovery records
Added various System Setting options for showing, hiding or masking passwords on the Compare Password History screen, and for disabling the Actions menu item for this screen
Made some changes so the URL Mismatch popup window no longer appears
Added a new option where you can insert your own JavaScript code into the main default.aspx page - useful for your own usage tracking and reporting
Added the option to CC other users when emailing Scheduled Reports
Upgrades now check if SQL Transactional Replication is currently in place before an upgrade commences. If so, reminds the user that it must first be deleted if there are any schema changes
Added a new Password Validation script for Active Directory accounts, so it could be used in conjunction with the new scheduled report
Added the option to retrieve documents via the API
Added the ability to link a Password record with a Password Validation script
Using the 'Remote Session Launcher with these Credentials' Passwords menu item now allows you to search for hosts using the 'Tag' field
Added an option to Time-Based Access to password records to reset the password when the permissions were removed
Fixed:
The Spell Out Password feature may not have displayed the whole password on the screen correctly if the password value contained HTML tags
The use of Password Validation Scripts was too restrictive when used in conjuction with custom Password Reset Scripts
The 'Password Reset' option for passwords records was not being copied across to other Password Lists when using the Cop/Move feature

New in Passwordstate 7.0 Build 7086 (Dec 22, 2014)

New in Passwordstate 7.0 Build 7077 (Dec 12, 2014)

Updated Features:
Submitted the Chrome Browser Extension to the Google Play store
Added a 'Last Access vs Updated Report' for User Accounts to report on which passwords they have access to, and whether they have accessed them since the password was last updated
Added a new option which allows Security Administrators to grant themselves access to Password Lists via the Administration area
Provided the option where a User Preference or User Account Policy for copying settings/permissions from a Template to newly created Password Lists could be overridden
Added a new 'Inactivity Time Out' setting for clients who's IP Address was not in the Allowed IP Ranges
Selecting the reports 'All Passwords Report' or 'All Password History Report' will now add one 'Password Viewed' record for each password exported
Added additional error checking to PowerShell scripts to detect if a Privileged Account Credential has been associated with the script
Fixed:
Clicking on the Default Password Generator policy after a fresh install of version 7 was giving a 'DBNull to Boolean' error
'Logon' button for Manual AD and Duo Push Authentication option was wrapped to the next line in Internet Explorer
The List Administrator's Actions dropdown list may not have shown it's menu items if the list was positioned at the very bottom of the page
Under certain conditions, the authentication option chosen for client IP Addresses outside of the Allowed IP Ranges may have been ignored
Password Reset Script for Cisco & Linux accounts may have complained about 'Cannot access a disposed object' even after a successful reset
Using the 'Manual Credentials for Remote Session Launch' menu item was not working for domain accounts, only local accounts
The feature to restore default script settings for Oracle password validation and resets was not working
Any additional Authentication steps for a Password List where being ignored if the Password List was flagged as a favorite, and you navigated to it from the Passwords Home page

New in Passwordstate 7.0 Build 7062 Beta (Nov 27, 2014)

New in Passwordstate 7.0 Build 7061 Beta (Nov 25, 2014)

New in Passwordstate 7.0 Build 7059 Beta (Nov 22, 2014)

Updated Features:
You can now perform a Remote Session Launch from the Actions menu for a password record, and manually specify the Host and remote session type connection
Added a 'Tag' field to Hosts records, so you can categorise them, search them, or create Discovery Job records based on them
Discovery Jobs for Hosts can now populate the Tag field with the OU the Host belongs to
You can now compose a Self Destruct Message for individual password records
For Host Discovery Jobs, added the option to Lookup the FQDN for OUs and Containers
The Active Directory OUs for Host Discovery Jobs can now have the option to either recurse nested OUs, or not
Added 'View Password Reset History' for password records to view the history or any reset tasks, and the value of passwords for them
The Search Textbox in the toolbar at the top of the page will now search through all passwords you have access to, regardless of what Password List you may have selected
When copying/moving passwords between Password List, the filter for Password Lists now behaves the same in the main navigation tree
Added Auditing data for Self Destruct Messages being sent and read
Added a new option to either show all Hosts the user has access to on the Passwords Home and Remote Session Launcher pages, or to instead make them search for them
Added an option to hide the setting 'Show all Hosts added to Passwordstate' on the Hosts and Resources screen
'Actions' menu items for Password records have now been sorted alphabetically
Increased the size of the DatabasePortNumber and RemoteConnectionPortNumber for Hosts records
Added some additional error checking to Password Reset Scripts to detect if PowerShell 3 was not installed on the Passwordstate web server
For Forms Based Authentication, provided an option where users don't need to regularly change their login password
For Discovery Jobs, added more granular control for the schedule in which to execute the job
Fixed:
Fixed an issue where the domain portion of a Users ID may have been detected incorrectly when synchronizing security groups - happened if the user accounts where in a different domain to that of the security group
Fixed an issue where potentially a 'Could not load Telerik.Web.UI assembly' error could occur for certain Password Lists after upgrading to version 7
Recent Hosts grid could have shown Hosts which were set to be ignored
For 'Database' Server hosts, the Port Number may not have saved successfully
Made some internal changes for the Chrome Browser Authentication Key to see if it resolves an issue when using Russian language settings on the web server
Clicking on a Host could have resulted in a 'String to Boolean is invalid' error if the Host was added via a Discovery Job
The Mobile Client may have reported the Passwordstate web site was in need of an upgrade - issue introduced in Build 7019
Fixed error 'Method invocation failed because of method named Gettype' when discovering Local Administrator accounts
Cloning a Folder was causing a 'Operator = is not defined for type DBNull' when clicking on a Password List

New in Passwordstate 7.0 Build 7033 Beta (Nov 10, 2014)

New in Passwordstate 7.0 Build 7019 Beta (Nov 10, 2014)

New Features:
Added support for resetting Oracle account passwords
Updated Features:
Duo Push authentication will now automatically log you in once you have accepted the Push Notification
Added the option to make the Duo Username read-only on the authentication screen
Chrome Browser Extension will now show you the Tree Path for a Password List when saving new records
Chrome browser extension will now save the Title of a page into the Description field
Mobile Client now reports generic login failure messages on the screen for improved security
Have now made it easier to configure the browsers to support the Custom Protocols needed for the Remote Session Launcher utility
The PSLauncher.exe file has now been digitally signed using a www.digicert.com Code Signing Certificate
All Passwordstate .exe installer files have now been digitally signed using a www.digicert.com Code Signing Certificate
Made the naming of buttons and menu items for linking of Passwords, Hosts and Reset Scripts to be more consistent and logical
Added some additional checks to ensure a PowerShell script was selected when linking Hosts -> Scripts -> Passwords
Added some buttons on the Reset and Validation Scripts screens to easily navigate to the 'Community Scripts' section of our forum
Added Help menu, build information, and a few UI improvements to the Chrome Browser Extension
Fixed:
Fixed an issue on 32bit servers for a System.Data.SQLite error
When selected users for the Handshake approval process for new permissions applied to Password Lists via the Administration page, it was possible your own account was being disabled as one of the approvers
Clicking on the 'Add Linked Resource' button for a Host record would produce an 'Object reference not set to an instance of an object' error
Fixed a bug where it was possible to experience a database timeout error when upgrading from Build 5458 or earlier
Remote Session Launcher feature may not have been working if execution of PowerShell scripts on the user's desktop was disabled
The Remote Session Launcher popup window in the browser may not have been successfully closed once remote session was initiated

New in Passwordstate 7.0 Build 7000 Beta (Oct 25, 2014)

New Features:
New Chrome Browser extension for form filling web sites
Added support for changing passwords on various remote Windows systems - Windows Services, IIS Application Pools, Scheduled Tasks and Local Account Passwords
Added support for changing passwords on Microsoft SQL and MySQL Servers
Added support for changing passwords on various remote Unix and Network hosts
You can now automatically discover Windows Hosts on your network, Local Administrator Accounts, and Windows Services, IIS Application Pools and Scheduled Tasks which are using accounts as their identity
Added the ability to validate Passwords are correct for Local Windows Accounts, MS SQL & MySQL Accounts, Linux and Network Hosts
Added support for creating your own PowerShell scripts to execute on a password change event
Added Duo Push Two-Factor Authentication support
Remote Session Launcher for automatically logging into hosts via RDP, SSH, Telnet or VNC
Added a new Vertical Navigation Menu, in addition to the Horizontal one. The navigation menu type can now be set system wide, users can choose their own, or it can be set via User Account Policy
Passwordstate can now be themed with different colors
New Dashboard Layout for Password Home and Folder pages - allows you to choose which panels to display, and where
New Favorite Password Lists feature, whereby favorites can be easily filtered in the Navigation Tree
New "Self Destruct Message" feature for sending time-bombed messages to other users
Updated Features:
Generic Fields can now be configured as URL fields as well
Added the ability to encrypt any one of the Generic Fields you can select for Password Lists
Added the feature to spell out passwords in the format of tango echo yankee foxtrot, etc
Add Google Authenticator and Duo Push two-factor authentication support for the mobile client
Added option to Password Lists to ensure passwords are not visible or can be copied to clipboard
Added option to force users to use the Password Generator associated with a Password List
Updated User Account Policy settings to allow new Password Lists to be based on an existing Template - for both Shared and Private Password Lists
Users password, using Forms based authentication, will now expire after a set period, and password reuse is prohibited
Added various Folder and Password List methods to the API
It's now possible to send specific email notifications to a generic email address
When managing Password permissions from the Administration area, you can no longer apply/modify permissions for your own account, or for any Security Groups you're a member of
Users can no longer modify their own Security Administrator roles, or add roles for themself
Removed spaces around back slash from the TreePath value for all Password Lists
List Administrators Actions dropdown list now has menu items sorted alphabetically
System Settings tabs have now been ordered alphabetically
Added Department and Office fields for User Accounts, with Active Directory Synchronization updating these fields automatically
Each of the main Navigation Menus can now be hidden from users, instead of just disabled. We've also added controlling all menus items
Scheduled Reports now have an option to not send the report if there is no data to report against
The API now supports deleting password records
Permalinks for Password Folders has now been added
Added the option to exclude performing a backup prior to any In-Place Upgrades taking place
Added the option to export all Shared passwords into a KeePass compatible csv file
Email Temporary Pin Code authentication option has now been enabled when Anonymous Authentication in IIS has been enabled for the AD Integrated authentication version
Active Directory Authentication for the Mobile Client has now been moved to the API so a dedicated server hosting the Mobile Client web site does not need to be joined to the domain
Modify rights for a Password List can now access additional menu options in the List Administrator Actions dropdown list
Added an option to display a popup window for a Password List's Guide every time users access the Password List
Any System Settings for cloning settings and permissions from Templates to new Password Lists have now been moved to User Account Policies
One Time Access for permissions can now synchronize passwords for Active Directory Accounts, and initiate any associated Password Reset Tasks
Added a System Wide option to prevent the uploading of documents into Passwordstate
Passwordstate can now be used without an email server if needed, with certain features being disabled
Added the ability to generate random passwords based on a pattern of alphanumeric characters
'Password Synchronization' audit events have been renamed to 'Password Reset'
Filtering in the Navigation Tree can now also filter on Folders names
Added additional error capturing to the API for HttpStatusCode of InternalServerError (500)
Improved performance of page loads by removing the count total for various menu items under the Grid's Actions menu
Provided greater detail in the AD Synchronization Report
Screen Options for Password Lists and Folders has now been changed to a popup window
Password Generator Icon within the Search Textboxes on each page has now been moved to the top header panel on the main page
When deleting a Password List, the confirmation popup now tells you what Password List you have selected to delete
You can now exclude specific letters and numbers in the Password Generator results
When using IE, the clipboard clearing timer is reset if a password is again copied to the clipboard why the timer was active
Email alerts from the High Availability instance of Passwordstate are now queued, instead of being sent real-time
High Availability instance of Passwordstate now adds its own auditing data, which can also be reported against
Added the option for various API calls to exclude the Password field from being returned, resulting in to Auditing records being added
Added the ability to see all Private Password Lists on the screen Administration -> Password Lists. Only feature available with this is deleting the Password List
Moved all 'Administration' navigation menu items to their own Navigation Tree
Allow different Privileged Account Credentials for different AD Domains for synchronizing password changes
API and Mobile Client web sites now have their own IIS Application Pool
Added additional Pie Chart color options for Password pages
Auditing Graphs are now available to non Security Administrators as well
Synchronizing of AD user accounts and security groups will no longer execute if an existing process is running
Installer now provides the option to add a firewall exception for the selected web site port
New Security Administrator Report
API Key can now be included in the header request instead of the URL
Once the initial Enterprise license trial expires, you're now given an option to extend the trial instead of just disabling or deleting any excess user accounts
Added a check prior to starting any upgrades to ensure the required Session Variables hadn't expired due to the page being left open too long
Fixed:
Some Auditing Activities for various 'platforms' was not being shown correctly for Scheduled Reports
Mobile client was ignoring User Account Policy settings
Auth Anvil authentication was not working when Anonymous Authentication in IIS was selected - when using AD Integrated authentication
When the option to prevent exporting of all Passwords in a Password List was selected, the Bulk Update features was not disabled
User Account Policy conflict check wasn't checking for the last user in the query
API would not allow calls to Private Password Lists when using the API Key from the Private Password List
HTTPS redirection wasn't working for various authentication options until after the user was authenticated
Under certain circumstances, a Scheduled Report of type 'Custom Audit Report' may not save the correct Audit Activity
Under certain conditions, a Pending Access Request popup reminder window may have shown when you didn't have the required Security Administrator role
ScramblePad Authentication option was allowing users to log in when the initial Pin Number wasn't set
When a Generic Field of type Password was displayed in the grid and the field was blank, it was preventing copying the password field value to the clipboard
Under certain conditions the Password Generator may create duplicate passwords when generating large quantities of them
Enumerated Permissions Report was showing passwords in the recycle bin
When using Forms-Based Authentication, the ability to manage Security Administrator roles was disabled/hidden
Filtering in the Passwords Navigation Tree was not working if Password Lists were nested beneath other Password Lists
Searching from the Passwords Home page may have returned zero results if the previous search was was displaying a different Page Index in the grid
Could not manually add an AD Security Group with the same name on different domains
When upgrading from version 5, it was possible to receive an error about dropping a column in the TreeViewState table
When upgrading from Builds prior to 5458, it was possibly to receive an error about the Expanded field in the TreeViewState table not being allowed NULL values
The initial resetting of a password for a forms-based User Account was allowing the Confirm Password to be different
Could not close the 'View Password' window when viewing from the Auditing menu at the bottom of the screen
Edit Password screen was not sizing correctly if the descriptive text at the top of the screen was too long.
Notes field had no scrollbar for large content
Fixed a UI issue where an icon was shifting on the Add Password List Permissions page when you clicked on a User or Security Group

New in Passwordstate 6.3 Build 6350 (May 2, 2014)

New Features:
Added 'Aged Password' report, which shows the last time any activity occurred for each password records
Scheduled Reports can now be sent as embedded HTML reports in addition to CSV attachments
Updated Features:
Multiple Audit events can now be selected for Scheduled Reports
Darkened the color of disabled Folders and Password Lists on the Copy/Move Password screen to make them more visible
Added filtering/search capability to the Copy/Move Passwords screen
Disabled certain reporting features if the user didn't have the required Security Administrator role
Added some validation when extending the Enterprise License trial to ensure users don't enter paid license keys on this screen
Added "in progress" notification when Permalink emails were being sent
Added "What's New" Help menu item for the Passwordstate Changelog
Disabled 'Dynamic Compression' for the Passwordstate web site during initial install, as it was causing some performance issues for some customers
Fixed:
Sending emails for 'Permalinks' was potentially behaving differently than the 'Test Email' feature on the System Settings screen
Fixed an issue where clearing the 'Quick Navigation' search criteria in the Password Lists navigation tree may not have worked
Using the 'Insert Variable' feature when editing an Email Template was giving a message about the feature not being implemented yet
Test Email feature for Email Templates was potentially behaving differently than the 'Test Email' feature on the System Settings screen
'Bulk Permissions for Individual Passwords' feature was enabled for Private Password Lists
Fix the error 'Thread was being aborted - CloneSecurityAdmins_SecurityGroups' when cloning permissions for a Security Group
When editing details for a custom image under the Administration area, an error regarding the mobile client folder may have occurred if no image was uploaded at the same time
The error 'Column 'Permissions' does not belong to table' occurred when copy passwords between Lists from within the Administration area

New in Passwordstate 6.3 Build 6332 (May 2, 2014)

New in Passwordstate 6.3 Build 6330 (May 2, 2014)

New Features:
Added the ability where Security Administrators can impersonate another user's account within Passwordstate
Updated Features;
Clicking on the 'Most Active Users' chart for a Password List will now filter audited records based on the user you clicked on
Clicking on a Password Strength Chart for a Password List will now filter password records on the Password Strength you clicked on
When requesting access to a Password List or individual passwords, you can now select which user the access request gets sent to
Added the option 'Bulk Permissions for Individual Passwords' to the List Administrators Actions dropdown for each Password List
Added an option to log in with a non-AD account when using the Active Directory Integrated version of Passwordstate
Added the option where you can specify which users are allowed to create API Keys for each of the Password Lists they have access to
Added an overlaid message to the Password Home's chart if there was not enough data to display the graph
Enabled various 'List Administrator Actions' menu items when navigating from the screen Administration -> Password Lists
Enabled the menu item 'Copy or Move to Different Password List' for the Actions dropdown menu on the screen Administration -> Password Lists
Accessing the page Administration -> Emergency Access, now sends email alerts to other Security Admins, similar to when the Emergency Access login is used
If the option 'Allow Password List to be Exported" is checked for a Password List, then the option 'Allow this Password to be Exported' for individual password records is now disabled
Updated to latest build of Telerik UI for ASP.NET - this requires all Grid Settings to be reset for all users
Fixed minor image alignments in the horizontal menu at the bottom of the screen
Fixed:
When importing new user accounts when using the Forms-Based Authentication version of Passwordstate, it wasn't including the user's login password in the welcome email
Fixed an issue where the 'editor' would inadvertently resize when updating the content of an Email Template
The width of the Edit Password screen was slightly truncated after providing a Reason why you needed to access the password
Any Event Log entries for the Scheduled Reports feature had a typo in it
When adding a new Password List, the System Setting option to copy permissions from a template was not working unless you also had the option to copy settings from a template as well
Running the 'AD Synchronization Report' for a Password List was getting the error of 'Overload resolution failed because no Public LCase can be called with these arguments'
Temporary Pin Code was clearing on the screen when using an additional authentication step for a Password List
Fixed typo for 'Google Authenticator' authentication for Password Lists and Templates

New in Passwordstate 6.3 Build 6308 (Feb 21, 2014)

New in Passwordstate 6.3 Build 6300 (Feb 13, 2014)

Added support for AuthAnvil Two-Factor Authentication
Added a new Scheduled Reports feature where various reports can be emailed to you on a schedule
Updated Features :
You can now clone permissions from one Security Group to another
Mobile Client can now be used with AuthAnvil, and Email/Temporary Pin Code, Two-Factor Authentication solutions
Added an new settings to either delete/do nothing to a user's account in Passwordstate when they no longer belong to any security groups in Active Directory
When searching for passwords, you can now get an exact match if you enclose your search term in double quotes i.e. "root_admin"
Passwordstate Windows Service is now multi-threaded for improved performance
Added 'Online Help' option to the Help menu
Added a new method to resolve issues with web servers not being registered as Authorized Web Servers (generally caused by server migrations), which does not require the involvement of Click Studios
You now need to confirm the Emergency Access password during initial setup, and if you change it within the Administration area of Passwordstate
Renamed the reference to Active Directory Managed Service account on the screen Administration -> System Settings, as it was a little misleading
Updated the wording for SecurID settings on System Settings page as it was previously a little misleading
The password field on the Active Directory Security Groups Debug screen is now masked
Disabled Server and Browser Caching for the Mobile Client web site
When adding new AD Security Groups, or synchronizing memberships, insufficient client access licenses will no longer prevent existing user accounts from being added to the Security Group
When using the High Availability instance of Passwordstate, the performance of initial page load has been improved due to changes in sending email notifications
Fixed:
The Manual Sync feature for Active Directory Security Group Memberships was reporting in the audit record the Passwordstate Windows Service was performing various actions, instead of the actual user who performed the Sync action
Under certain conditions, a Primary Key Violation error for the UserAccounts table may have occurred when adding or synchonizing AD security groups
A User Account Policy alert may have been visible on the Preferences screen when no policy was set for the user
The Security Administrator report 'Enumerated Password Permissions' may not have shown all permissions correctly
Deleting a Folder will now update the TreePath for all nested Password Lists correctly
Under certain conditions a notification would be displayed saying there were not enough licenses available when adding an AD Security Group, even though there were licenses available
The High Availability instance was sending "Site Accessed" emails even though the setting was disabled in Passwordstate
The error 'The maximum recursion 100 has been exhausted before statement completion' was received when trying to delete a Folder with more than 100 nested Password Lists
It was possible to search for passwords in Private Password Lists from the menu option 'Request Access to Passwords'
Using a password with special characters like prevented saving the System Settings screen during the initial set up, or on the System Settings page once Passwordstate was installed
Fixed typo in Email Template description for 'Security Administrator Removed'

New in Passwordstate 6.2 Build 6250 (Jan 13, 2014)

New in Passwordstate 6.2 Build 6242 (Dec 20, 2013)

New in Passwordstate 6.2 Build 6231 (Dec 9, 2013)

New in Passwordstate 6.2 Build 6226 (Dec 3, 2013)

New in Passwordstate 6.2 Build 6220 (Nov 26, 2013)

New in Passwordstate 6.2 Build 6215 (Nov 18, 2013)

Added Mobile Client support for iOS, Android, Windows 8 Phone & Blackberry
Added two-factor authentication option using email and a temporary pin
Added the ability to clone permissions for users
Updated Features:
Made some significant performance improvements when synchronizing Active Directory security group memberships, or user account enabled/disabled status
When users request access to Passwords, the 'Reason' for the request is now stored in the database and displayed on various screens
Any domain accounts specified on the screen Administration -> System Settings will automatically have their passwords updated if the account is stored in a Password List which is enabled for synchronization with Active Directory of Windows Servers
The Users IP Address will now be correctly reported if accessing Passwordstate from behind a proxy server, and/or firewall
Added an option to disable Automatic Password Rotation for Private and Shared Password Lists
Have now added another menu option under the 'Administration' menu to better expose the feature of controlling who has access to the menus at the bottom of the screen
Synchronizing of AD Security Groups and User Accounts status can now be scheduled on a more granular basis if needed
Added an option for Automatic Backups to not perform backups of the Passwordstate database. This is useful for customers who use a third-party tool for backup up their SQL Servers, and can't support the native SQL Backups
Made some changes to SecurID Authentication in order to achieve partner certification with EMC
Provided better explanation of AD security group and users status synchronization options on the System Settings page
Updated to the latest version of KendoUI DataViz library
Updated to the latest version of Telerik RadControls
Active Directory & Windows Actions feature has now been moved to its own tab on the Edit Password screen
The option 'Active Directory & Windows Actions' is now disabled for Private Password Lists
When enabling/disabling Automatic Password Rotation settings for a Password List Template which is linked to one or more Password List, then all passwords in the List will have the default settings applied to them
When enabling/disabling Automatic Password Rotation for a Password List, all passwords in the list will have the default settings applied to them
Telerik Web UI library no longer needed in API bin folder
Reorganised the Active Directory Options tab on the System Settings page
Password screens now open in the popup window when viewing from either a permalink URL or from the Expiring Passwords Calender
Changed the search behavior on the Password Lists page to match that of the Passwords Home page - the filtering was too broad
Added a notification at the top of the screen if the currently used URL does not match what's recorded in the database - only visible to Security Administrators
Grouped all 'Bulk' processes on the screen Administration -> Password Lists into its own dropdown list
Provided a better explanation of what permissions on Password List Templates are used for
All Password List Templates are now visible on the screen Passwords -> Password List Templates, and certain controls will be disabled if your account hasn't been given Admin access
Removed the ability to set a Template as a Private Password List to avoid confusion
Removed the ability to save Private Password Lists as templates, and to copy Password List settings from Private Password Lists - to avoid confusion
Updated a label on the Passwords page so it was more obvious of you are viewing a Shared or Private Password List
Provided better explanation of how permissions are managed on folders when adding a new folder, or editing an existing one
Provided an option whereby the SecurID UserID value for 'RSA SecurID Authentication' can be set to read-only, which mitigates against users authenticating using a different SecurID account compared to the logged in domain account
Renamed 'Mark as Private' for a Password List settings so it was more obvious the Password List is a private one
Added a loading animation when enumerating all the Password records on the page Administration -> Password Lists -> Bulk Copy/Move Passwords
We now record the date/time a user accepts a User Acceptance Policy, and Security Admins can view this date
Added source IP address to audit description and email alerts for Emergency Access events
Added Email Notification for when user accessed the High Availability instance of Passwordstate
Fixed:
The delegation of 'Drag and Drop Password Lists in Navigation Tree' was not working as expected - Security Admins could drag-n-drop regardless of any settings
Closing the 'View Password' screen was giving a message 'Password Successfully Saved' when it shouldn't have been
Fixed a screen UI resizing issue for add/edit Password screens if the Password List is enabled for synchronization
Fixed an insufficient permissions issue when trying to process an Access Request when your Security Administrator privileges did not have the 'Password Lists' role assigned to it
Filtering on the Password List field on the screen Administration -> Password Lists was not filtering on values in the Tree Path for the Password Lists
Various additional authentication options may not have been visible on the Preferences screen when the option 'Use the SystemWide Authentication Settings' was selected
Some Internet Explorer 8 users may have been affected by Password Lists not displaying in the Navigation Tree, instead a loading animation was showing. This was caused by a version 5 width setting of the vertical splitter being less than 250 pixels
It was possible to change settings for a Password List Template when you only had View access
Fixed an issue where copying Template or Password List settings to a different Password List could cause a data integrity error, if the private or shared status was not the same
When 'generating' a new random ScramblePad Pin Number on the Preferences screen, the ScramblePad HTML div was collapsing
Depending on what Password List fields where configured, it was possible the buttons at the bottom of the Add Password page may have been slightly cut off when using Chrome and Firefox
The option to not add new user accounts to Passwordstate when synchronizing Active Directory security groups was being ignored
Fixed some issues when using Case Sensitive collation with SQL Server - for FirstName and UserName fields

New in Passwordstate 6.1 Build 6165 (Sep 28, 2013)

New in Passwordstate 6.1 Build 6153 (Sep 16, 2013)

New in Passwordstate 6.1 Build 6150 (Sep 16, 2013)

New in Passwordstate 6.1 Build 6148 (Sep 10, 2013)

Updated Features:
Improved performance of page loads by not initially loading all Password Lists into the Password Columns tab in the Screen Options area
Improved performance of unmasking passwords by reducing the number of round-trips to the server
Improved performance of page loads when regular expression matching for Bad Passwords were enabled
Added loading animation on various screens when searching for passwords
Have now split the requesting of access to Password Lists and individual Passwords into two menu items
When using the High Availability Instance of Passwordstate, all menu items at the bottom of the screen have now been enabled
Fixed:
Various Password Strength Reports were not reflecting the use of Bad Passwords
Password Strength Summary Chart was not reflecting the use of any Bad Passwords
Password Strength image was not being displayed accurately on the Passwords Home page if regular expressions for Bad Passwords was enabled, and a partial match found
Fixed a 'Object reference not set to an instance of an object' error message when unmasking passwords on the screen, and clicking on the copy to clipboard icon for the Username field
Fixed a bug where an 'insertion index was out of range' error would appear when selecting the menu option 'Linked Password Lists' for templates
If the path for Automatic Backups was on the same server as Passwordstate, the identity of the Passwordstate Application Pool had to be changed in order for the Backups to work correctly
Some customers were still receiving ajax javascript timeouts when using the In-Place Upgrade feature while downloading the updated build
Using the 'Filter' option for Password Lists introduced in Build 6133, it was possible additional Password Lists were being selected if using the Shift key, instead of the Ctrl Key
Empty graph overlay introduced in Build 6133 was preventing clicking of options under the Screen Options section, and the overlay also wasn't positioning vertically with the graph when users clicked on the Screen Options button

New in Passwordstate 6.1 Build 6133 (Sep 10, 2013)

Updated Features:
Expand/Collapse view of Password Lists in navigation tree is now unique per user
Add the ability to delete a Password Folder, and recursively delete all nested Folders and Password Lists (from the Administration area)
Added ability to filter list of Password Lists on various screens like Bulk Copy/Move Passwords & Administer Bulk Permissions
Added the menu option 'Unlink & Delete Password' for any linked password records
When expanding/collapsing tree notes in the Passwords Navigation Tree, you can expand/collapse all nested Password Lists/Folders by holding down the Control key
Added an option to display a loading animation icon when expanding/collapsing nodes in the Passwords Navigation Tree
Increased the asynchronous postback time out period on all pages to mitigate against any timeout issues
When the Passwordstate Windows Service removes users or security groups access to Passwords Lists & Passwords, the Password Reset Recommendation email now explains what access has changed
Google Auth secret key and ScramblePad pin number fields are only shown on the Preferences screen now if one of these authentication options is selected
Added a couple validation checks to the Edit User Account screen to ensure a ScramblePad Pin Number, or a Google Authenticator Secret Key is specified, if one of these authentication methods is selected
Combined the TreePath and Password List columns on various screens
The Password List image will now be applied when linking a Password List to a Template - if the Template has an image specified
Now showing a label on the Home Page chart if there is not enough data to display the chart yet
Updated the Test Email link on System Settings page to inform then user if their account does not have an email address associated with it
Updated the API so Remote Desktop Manager (http://devolutions.net/) could query Private Password Lists if the appropriate API Key was specified
Removed the user 'lock out' feature during In-Place Upgrades
Added TreePath value for Password Lists into the mail which is sent for Access Requests to passwords
Fixed:
Having a single quote in Password List title was causing no response when clicking on tabs on the Edit Password List Settings screen
No longer sending the 'Password Reset Recommended' email if permissions were removed from a Folder - was occurring when the Windows Service was synchronizing Active Directory group and account status
Fixed a timeout/log out issue when bulk moving/copying passwords between different Password Lists
When initially creating the Passwordstate database, the Test Connection would fail if any of the fields had a semicolon in it
Was receiving a 'record not found' error when Security Administrators were trying to approve Access Requests to Password Lists they didn't have access to

New in Passwordstate 6.1 Build 6111 (Aug 29, 2013)

New in Passwordstate 6.1 Build 6107 (Aug 29, 2013)

Updated:
Added a loading animation to the Password List Navigation Tree while it is rendering on the screen
Made some performance improvements when expanding/collapsing nodes in the Password Lists Navigation Tree
Added various API calls to allow integration with Remote Desktop Manager from http://devolutions.net
Updated API to return a full list of Shared Password Lists using the System Wide API Key
Added a couple validation checks to the Preferences screen to ensure the user creates a SrcamblePad Pin Number, or a Google Authenticator Secret Key, if they select one of these authentication methods
Added the ability to reset all user's User Acceptance Policy accepted status at once, instead of just individually
Added an audit event for when users drag and drop Password Lists/Folders in the Navigation Tree
The Tree Path column on the Password Home page is now a hyperlink which can link back to the relevant Password List
Pie Charts no longer show 0% pie segments
Quick Navigation search box in Navigation Tree now expands to the full width when resizing the panel
Now sorting Password Lists dropdown values in ascending order on the Add/Edit Password Lists screens
Added Manual Upgrade Instructions to the upgrade instructions PDF
Fixed:
Certain API calls was retrieving passwords when they were in the Recycle Bin
Fixed an issue where a Telerik.Web.UI error may have occurred for certain users, for certain Password Lists. This requires the resetting of any column reordering, or width changes, for the Password grids
When cloning a folder, if a Password List was linked to a Template, this setting was not cloned
In the Password List Templates screen, returning from the Add/Edit/Linked Lists screens was returning back to the incorrect page which may have shown all Templates, not just the ones you had access to
Fixed a "Conversion from string to Boolean' error when trying to add a new Password List from the Administration -> Password Lists screen
The "Start Upgrade' button was hidden when using small screen resolutions during an upgrade - page now scrolls as expected
When editing the contents of an Email Template, the height of the editor was increasing with every key pressed
Fixed an issue where a single quote in a Password List's title may have prevented certain processing when dragging and dropping in the navigation tree
Passwords' Title in the header frame now repositions correctly when the Navigation Tree panel is resized
Fixed an issue where you would get a 'Page_Load' error if editing a Password List's settings from the Administration -> Password Lists screen, when your account didn't have permissions to the Password List
When linking Password Lists to a Template, all Password Lists where showing which the user had access to, not just the one's they had Administrator rights to
When linking Password Lists to a Template, duplicate Password Lists were available in the list if duplicate permissions where applied to the Password List
Fixed an issue where the popup notification message at the bottom of some screens was disabling any buttons beneath the popup
Fixed a few typo issues on various pages
Active Directory Domains menu option was enabled for forms-based authentication installs when it shouldn't have been

New in Passwordstate 6.0 Build 6080 (Aug 29, 2013)

New:
New User Interface
Added Passwordstate API for integrating Passwordstate with your own applications
Added two-factor authentication with Google Authenticator
Added two-factor Authentication with RSA SecurID
Provided the feature whereby you can link Templates to Password Lists, and apply settings for multiple Password Lists at a time
You can now perform inplace upgrades, no longer requiring you to first uninstall Passwordstate
Provided feature to back all Web files and Database on demand, or on a schedule
Added User Account Policies for managing various user-based settings
Added Allowed IP Ranges to restrict access to the Passwordstate web site and API from certain IP Address/Subnets
Updated:
When using forms authentication, the new user account welcome message now includes the login password, and it's also possible to resend the welcome email message
Added option to redirect to HTTPS of users are browsing to HTTP
Added various Active Directory Actions when editing passwords located in Password Lists enabled for synchronization - unlocking, disabling and change on first logon
Added the option to display the Navigation Tree Path column when searching for passwords on the home page, or within folders
We've added another new report called Password Reuse Report
Added multiple Expiry Reset Options for passwords
You can now set a default Expiry Date period when creating new Password Records
New installations of the free 5 user version of Passwordstate will allow unlimited users for 30 days. After the 30 days has expired, you will be given the opportunity to disable or delete the required number of user accounts
If you're sent a Password Permalink to a record you don't have access to, you can now request access on the same page
Added the option to specify newly created Password Lists to be based on a selected Template
Added some indexes to the database to help improve querying performance
Made some auditing improvements when moving Password records between Password Lists
Certain actions for a Password record (add/edit/delete etc) will now also email the user who initiated the action
Disabled user accounts are no longer counted as an active license
Updated Bulk Move Passwords feature so you can copy and link passwords as well
Opening the Edit Password screen and clicking the Save button without making any changes no longer adds a History record
Move the Emergency Access Login to the URL /emergency
Increase the length of various fields for Password records
Increased Generic Fields sizes to unlimited text - previously 50 characters
Added the ability to synchronize Active Directory security group memberships on a regular schedule, instead of just once a day
Adding additional 29 Custom Images
Authentication options for Security Groups has now been moved to User Account Policies
Removed the option to hide Footers on Grids - makes paging controls hidden and can cause confusion
Made some improvements to Authentication options to make the choices more logical
Added additional Generic Fields, and provided multiple different field type options
You can now report on audit events called 'Password Copied Between Password Lists' - applies to copies, and copy and link
Added auditing events in source Password List when a user Copies, or Copies and Links, a password to a different Password List
Added a 'close' button to each of the horizontal popup navigation menus at the bottom of the screen
Added 'Password Retrieved' auditing data for every password retrieved via the API when making calls to return all Passwords in the system, or all Passwords in a Password List
Added 'Password Viewed' auditing data for every password exported using the reports 'Export All Passwords' and 'Password Reuse Report'
Updated to the latest version of ASP.NET Ajax controls
Added Tree Path column to Auditing grids, as well as when exporting auditing data
Added visual popup reminders that changing any Generic Field types for a Password Lists, may cause the data for the Generic Fields to be cleared in the database
Added the names of the backup files to the emails which are sent on a successful backup
Renamed 'Reset Login Password' for forms authentication to 'Change Password'
Added some spacing between Title logo and Build Number
Changed handling of custom logos (Title and Dialog logos) to allow any height, instead of fixing to a height of 28 pixels
Added horizontal scrollbars to grids on default home page if there was not enough screen real-estate to display both the Search Results and Favorites grids
Improved performance of various page loads by changing the way we handle/query for Bad Passwords
Added UserID field to Auditing screens
Added "Tree Path" value for Password Lists to Auditing screens, and Password Columns tab in Screen Options
Removed some duplicate Account Type images
Modified behavior of all drop-down combo-boxes so you can type ahead for the selection you want i.e. Account Type fields, and others
Moved part of the database renaming upgrade instructions from the PDF to a SQL file within the Passwordstate folder
If the .NET Framework 4.5 is not installer, the installer will give you the option to download from Microsoft's web site
Added back the ability to specify the Port Number the web site uses during the initial install
Updated Guided Tour a little, and reset so all new and existing users can view the Guided Tour again
Made horizontal menus at bottom of page expand half a second quicker
Added an arrow indicator (graphic) to each of the expanding horizontal menu items at the bottom of the page, and disabled click behaviour for these root menu items
Added 'Reason' why a user viewed a Password to the 'Password Viewed' email notification
Excluded audit activity type of 'Email Sent' from the Daily Audit Report
Added Tree Path for Password Lists to the drop-down combo-boxes on the Add/Edit Password List screens
Added options for Password List API calls to authorize or prevent certain calls being made, as well as returning a blank password value if required
Added optional thresholds for "Failed Login Attempt" e-mail notifications
Added Passwordstate User Manual
Changed the behaviour over overlapping grids on the Passwords Home page so it no longer displays horizontal scrollbars - text is now wrapped within the grid
Added additional fields to the Enumerated Password Permissions report for Password Lists
Updated the Administer Bulk Permissions screens to also include the Tree Path in the Password Lists dialogs
Updated the All Password History Report for a Password List to also show the time value of when a records data was changed
Added a System Setting to disable the 'Active Directory & Windows Actions' option for Password List and Templates
Added a System Setting for Active Directory password synchronization to ensure the passwords were in Sync before a password could be reset
The Site's URL is no longer updated dynamically in the database - it can be updated from the System Settings screen if required.
Renamed the Audit Event 'Windows Password Synchronization' to 'Password Synchronization Successful'
Added a new Audit Event called 'Password Synchronization Failed' which records any issues when synchronizing passwords with Active Directory or local accounts on Windows Servers
Automatic Password Rotation only shows now for records which are configured to synchronize with Active Directory, or with local accounts on a Windows Server
Updated the subject and email body for Automatic Password Rotation email - was reading Expiring Password Reset
Updated the 'Active Directory Actions' to also allow processing for local accounts on Windows Servers
Made some further improvements and checks to the In-Place Upgrade feature
Added the option to enable Active Directory User Accounts when using the Active Directory Actions feature
Added 'Save' and 'Save and Close' buttons to multiple screens to prevent redirecting in the event you haven't finished apply changes
Added Passwordstate Security Administrators Manual
Added hyper-linking topics into the Passwordstate User Manual
Fixed:
Fixed a bug where the automated backed process would stop after 2 consecutive backups
Fixed issue where favicon.ico request failure was being logged when viewing API documentation page
Google Authenticator was incorrectly logging the authentication method when using Forms Based Authentication
For a user's Preferences, selecting 'Separate Password' for authenticating to Passwordstate was not exposing the password field
Auditing Graphs were not filtering on Activity Type - was querying on 'all activities' no matter what you selected
Could not close the Add/Edit Password screen if typing the value of an Account Type which doesn't exist
Instructions for performing backups had a double-slash before the Username field when it shouldn't have
Search icon for Quick Navigation textbox was scrolling with list of Password Lists/Folders
Passwordstate Application Pool in IIS was not being created when selecting Forms Authentication
ScramblePad Authentication was not retrieving various user settings, resulting in failed authentication attempts
Fixed a DBNull to String error when trying to clone Password Folders
Under some circumstances, using the 'Search for Passwords' API call may not have returned the correct values for some Generic Fields
If a user account wasn't found after authenticating, you weren't given the opportunity to log in with a different user account
Fix Password Strength image alignment issue for Internet Explorer 8
Fix an issue where under certain circumstances the value of the Password field was not being saved on the Edit Password screen
The system option which restricts searching for users who are in the same security group as you, was applying to the Templates section in the Administration area when it shouldn't have been
Fixed 'Object variable or With block variable not set' error when trying to edit a Password record from the Passwords Home or Password Folder pages
Fixed various HTML formatting issues with Internet Explorer 8
The Administer Bulk Permissions feature was showing Password Lists with Time-Based Access or Handshake Approval as selected, instead of disabled
Standard Permissions Report for a Password List was showing the column 'Expires On Password Change' when it shouldn't have been
If Password Folders were set to inherit permissions from nested Password Lists, options to set Expiry Time and Access Notes where not disabled
DB role required error message was stored in the wrong path
The 'Actions' drop-down menu on the Passwords Home page is being cut off at the bottom of the displayed grid for Search Results or Favorite Passwords
The 'Toggle All Password List Visibility' option was not working for Internet Explorer
If selecting the authentication option 'Use System Wide Settings' for a User Account Policy, users were being logged out immediately after logging in
Automatic backups could only be opened with programs like 7-zip or Winzip, not with Windows Explorer
Fixed some formatting issues with Internet Explorer 9
Testing of backup permissions was not successfully stopping and starting the Passwordstate Windows Service
Automatic Password Rotations was occurring for passwords which were in the recycle bin
Fixed an issue where records where trying to be inserting into the database when using the High Availability Instance of Passwordstate
Password Move auditing activity was not showing on some auditing screens - could not be reported properly
Fixed an issue where Active Directory user accounts where not being synchronized if the userPrincipalName attribute was blank
Creation of new Private Password Lists was being affected by the 'base settings on Template' option when it shouldn't have been

New in Passwordstate 5.6 Build 5650 (May 16, 2013)

New in Passwordstate 5.6 Build 5644 (May 1, 2013)

New in Passwordstate 5.6 Build 5638 (Apr 10, 2013)

New in Passwordstate 5.6 Build 5635 (Mar 21, 2013)

New in Passwordstate 5.6 Build 5626 (Mar 1, 2013)

New in Passwordstate 5.6 Build 5623 (Feb 26, 2013)

New in Passwordstate 5.6 Build 5617 (Feb 12, 2013)

New in Passwordstate 5.6 Build 5606 (Dec 20, 2012)

New in Passwordstate 5.6 Build 5603 (Dec 12, 2012)

New in Passwordstate 5.5 Build 5595 (Nov 28, 2012)

New in Passwordstate 5.5 Build 5581 (Nov 10, 2012)

New in Passwordstate 5.5 Build 5570 (Nov 6, 2012)

New in Passwordstate 5.5 Build 5565 (Nov 1, 2012)

New in Passwordstate 5.5 Build 5556 (Oct 25, 2012)

New in Passwordstate 5.5 Build 5547 (Oct 15, 2012)

New in Passwordstate 5.5 Build 5532 (Sep 29, 2012)

Redesigned the Add New Password List screen so it was more obvious you could copy settings and permissions from other Lists or Templates (Ref 55.11)
Made further improvements to securing pages which required a separate password to login, by preventing blank passwords from being allowed (Ref 55.12)
URL field is now included when searching for Passwords (Ref 55.13)
Email notifications are no longer sent to disabled users accounts (Ref 55.14)
Added option to allow permissions to be applied more than once for users/security groups to the same Password List (Ref 55.15)
Added date support for all cultures listed in the .NET Framework (Ref 55.16)
An option has been provided to allow users to copy/move/link passwords to Password Lists they don't have access to (Ref 55.17)
An option has been provided to allow users to copy/move/link passwords to Password Lists they only have View access to (Ref 55.18)
For the AD Integrated version of Passwordstate, we now check if the web server is joined to the domain upon initial setup (Ref 55.19)
Added email notification for denied access requests to Passwords or Password Lists (Ref 55.20)
Added progress indicator to Save buttons when importing users/groups from Active Directory (Ref 55.21)
Permalinks are now automatically inserted into email notifications (Ref 55.22)
Updated the the latest version of ASP.NET Ajax Controls - for IE10 support (Ref 55.23)
Bug Fixes:
When adding/editing passwords, using certain special characters was causing javascript errors preventing saving or cancelling the operation (Ref 55.241)
Fixed an issue where 'Use Manually AD Authentication only after logout' option was not working under certain conditions (Ref 55.25)
Fixed a bug of 'Object reference not set to an instance of an object - cs_lib.SecurityGroupUAPs' under certain conditions where Additional Authentication Options were set (Ref 55.26)
When you have chosen to create new Password Lists based on an existing Template (a setting under the Preferences area) the permissions for the Template were not being applied (Ref 55.27)
Having an unmasked password highlighted on the screen whilst the password was being hidden, caused a Null exception error (Ref 55.28)
Some special characters in the password field was causing issues with authenticating using the Manual AD Authentication option (Ref 55.29)
Bookmarking manual login screens was causing issues with authenticating - no response when clicking on Login button (Ref 55.30)
The ScramblePad 'Generate initial pin number' link was showing on the login screen if this option was set to Mandatory for all users - showed even if the user already had a pin number (Ref 55.31)
Renaming the 'Default Policy' for Password Strength Policies caused the page not to render (errored) when adding a new Password List (Ref 55.32)

New in Passwordstate 5.5 Build 5510 (Aug 27, 2012)

New in Passwordstate 5.5 Build 5508 (Aug 24, 2012)

New in Passwordstate 5.4 Build 5421 (May 7, 2012)

New in Passwordstate 5.4 Build 5410 (Apr 25, 2012)

New in Passwordstate 5.3 Build 5300 (Dec 22, 2011)

New - We've introduced a new feature called Emergency Access. This access is only meant to be used when other forms of user authentication are not possible i.e. AD is unavailable, or users are unavailable (Ref 52.11)
New - Recycle Bin for deleted passwords. You can now restore deleted passwords from the recycled bin if required (Ref 52.12)
New - You can now specify which users (all, none, individuals or security groups members) can create Password Lists, Password Folders, Administer Password List Templates, or request access to passwords (Ref 52.13)
New - Provided the feature whereby you can link passwords copying them between Password Lists - all details are synchronized between Password Lists (Ref 52.14)
New - Multiple Password Generator options are now possible allowing you to assign each Password Generator to different Password Lists (Ref 52.15)
New - User can now choose exactly which email notifications they would like to receive or suppress (Ref 52.16)
New - You can now synchronize the enabled/disabled status of an Active Directory account in Passwordstate (Ref 52.17)
New - When an Active Directory account is deleted, you can now either choose to delete, disable or ignore the matching user account in Passwordstate (Ref 52.18)
New - Modify permissions for Password Lists now has the following options - Add, Edit or Delete passwords (Ref 52.19)
New - When users has 'Guest' access to a Password List, you can now choose to allow them to also create new password records (Ref 52.20)
New - You can now choose to receive a Daily Audit Report via email showing the past days activities for the Password Lists you have access to (Ref 52.21)
New - Provided the option to disable the feature which allows you to purge all auditing records (Ref 52.22)
New - Provided option to View or Email another user a direct link to a Password record (Ref 52.23)
Update - Updated the automatic time-out popup to use a blank background page to prevent gaining access to password records using tools such as Firebug or Chrome's Developer Tools (Ref 52.24)
Update - Clicking the Password List Guide icon now opens the Guide in a separate window for easier viewing (Ref 52.25)
Update - When specifying the initial database connection settings, you must now click on the 'Test Connection' button before proceeding (Ref 52.26)
Update - Updated the page which identifies issues when querying for new builds of Passwordstate - better description and you can specify proxy settings on this page (Ref 52.27)
Update - Updated to the latest version of .NET Ajax Controls (Ref 52.28)
Update - Provided descriptions for what each of the Email Templates are intended for (Ref 52.29)
Update - Provided options to enable or disable all Email Templates (Ref 52.30)
Update - Updated Installer to check for web server prerequisites prior to performing the installation (ref 52.31)
Fixed - The inactivity timeout was not being reset when users click to view or copy a password to the clipboard (Ref 52.32)
Fixed - Fixed error of DBNull conversion error when copying passwords between Password Lists (Ref 52.33)
Fixed - When the Passwordstate Windows Service was sending the Expiring Passwords Email report, it was registering an error if the user did not have an associated email address (Ref 52.34)
Fixed - Auditing function for general users was not filtering records correctly (Ref 52.35)
Fixed - View Security Group Membership Graphic not showing properly on 'Add from AD' screen (Ref 52.36)
Fixed - Using Chrome, the Grid on the User Accounts page was expanded horizontally beyond the page width (Ref 52.37)
Fixed - Importing AD Accounts with a blank surname caused 'Conversion from type DBNull to type String is not valid' when adding the account as a Security Administrator (Ref 52.38)
Fixed - Popup message when saving changes to a Password Folder was incorrect (Ref 52.39)
Fixed - When Passwords where exported as part of the 'Bulk Update' process, Security Administrators where not being alerted via an email (Ref 52.40)
Fixed - Audit events for enabling an Email Template was not reflected properly (Ref 52.41)
Fixed - When adding a new password record, the password values can be cleared from the textbox if you change the Account Type image after entering the password (Ref 52.42)
Fixed - When searching from the Passwords Home page, not all records were being returned if multiple permissions where applied to the same Password List (52.43)

New in Passwordstate 5.2 Build 5200 (Oct 5, 2011)

New - Passwordstate now supports Region Settings (Locales) for individual user accounts which are in different time-zones (Ref 51.38)
New - You can now upload documents and attached them to individual Password records (Ref 51.39)
New - You can now have multiple Password Strength Policies, and apply them to different Password Lists (Ref 51.40)
New - You can now hide the Auditing tab from users if required (Ref 51.41)
New - Multiple options are now available for automatically hiding visible passwords - a set time period, or variable time periods based on password complexity or length (Ref 51.42)
New - Security Administrators can now be alerted via email if users export passwords to a csv file (Ref 51.43)
New - Provided option to hide the Recent Activity Grid from all users based on their permission to the relevant Password List (Ref 51.44)
New - On the main Passwords page, you can now choose to display the Actions Toolbar (Add Password, Import Passwords, List Administrator Actions, etc) at either the top, bottom or top & bottom of the Passwords Grid (Ref 51.45)
New - You now have the ability to administer Password Folders from the Administration area of Passwordstate (Ref 51.46)
New - Security Administrators can now choose to make the ScramblePad Authentication option mandatory for individual user accounts (Ref 51.47)
Update - You can enable/disable the following options - Create Shared & Private Password Lists, as well as Password Folders (Ref 51.48)
Update - You can now decline a Handshake Approval without the second approver being online (ref 51.49)
Update - Improved Email Template Editor and provided help and functionality for inserting various Variables (ref 51.50)
Update - Security Administrators can now specify most User Preferences for them within the Administration -> User Accounts area (Ref 51.51)
Update - Updated to the latest version of ASP.NET Ajax components (Ref 51.52)
Update - Now show progress animated graphic when navigating between pages in Grids (Ref 51.53)
Update - The Passwordstate web site now has it's own dedicated Application Pool in IIS (Ref 51.54)
Fixed - Dramatically improved the performance of query large Password Lists which had duplicate permissions applied for users or security groups (Ref 51.55)
Fixed - On occasion, some 'action' drop-down menus within Grids was not being displayed correctly (Ref 51.56)
Fixed - Fixed issue where the 'star' Password Strength indicator graphic would remain on a fixed position on the screen when the page was scrolled (Ref 51.57)
Fixed - Fixed issue with Internet Explorer browser where Password List navigation tree was not being automatically updated when a new Password List or Folders were added (Ref 51.58)
Fixed - Fixed scrollbars not appearing on some pages when using small screen resolutions (Ref 51.59)
Fixed - System.Threading.Thread.AbortInternal() error when apply permissions for a Security Group which had no members belonging to it (Ref 51.60)
Fixed - When viewing some Permission 'Access Notes', error Conversion from type 'DBNull' to type 'String' is not valid was experienced (Ref 51.61)
Fixed - The Passwordstate Windows Service was unable to read the database connection string in the web.config file is the connection string was encrypted. It can now successfully decrypt the connection string (Ref 51.62)
Fixed - Clicking on a visible Password in the grid view was not immediately hiding it (Ref 51.63)

New in Passwordstate 5.1 Build 5118 (Jul 13, 2011)

New in Passwordstate 4.5 (Nov 9, 2010)

New in Passwordstate 4.4 (Oct 31, 2010)

New in Passwordstate 4.3 (Oct 25, 2010)

New in Passwordstate 4.2 (Oct 25, 2010)

New in Passwordstate 4.1 (Dec 27, 2009)

Fix - When enumerating an Active Directory security group, it did not clear the results of the 'Users' textbox each time you enumerate - it appended to the existing entries (Ref 40.01)
Fix - For any date fields in grid view, the filter icon was wrapped to a second line, regardless of how wide the column was (Ref 40.02)
Fix - Filtering on 'Status' in User Accounts grid was not functioning correctly (Ref 40.03)
Fix - Error when using 'Editor' componenent - could not find a part of the path 'c:windowssystem32inetsrv~App_CodeRadEditorToolbar.xml'. Moved xml file to App_Data to support new ASP.NET precompilation (Ref 40.04)
Fix - System Setting Screen - hour drop down list was not visible properly like minutes (Ref 40.05)
Fix - UAP data wasn't added to the database when upgrading from version 3, and when changing between using and not using a UAP, the navigation panel wasn't updated unless you refresh the whole browser window (Ref 40.06)
Fix - When turning on password protecting the Administration area, the requirement to log in wasn't working until you next started to use Passwordstate (Ref 40.07)
Fix - If a user tried to add a record to the database which has either of the characters < or >, they get an error about 'A potentially dangerous Request.Form value was detected from the client' (Ref 40.08)
Fix - After viewing a password history record within the 'Shared Password Lists' section, returning to previous screens by clicking the 'Back' button would produce an error reading the database (Ref 40.09)
New - Provide further protection against the decryption of sensitive data by someone writing targeted asp.net code (Ref 40.10)
New - Made improvements to all grid objects to improve loading time (Ref 40.11)
Fix - Fixed issue where Database Administrators could change ownership of Personal Passwords via the back-end database (Ref 40.12)
Fix - Fixed issue where password strength was not being correctly reported within the 'Administration' area (Ref 40.13)
New - Password fields of the same value no longer show the same encrypted value in the database (Ref 40.14)

New in Passwordstate 4.0 (Oct 15, 2009)

Password Strength Policy:
Security Administrators are now able to specify a Password Strength Policy, providing users with visual representation of password strength when either entering passwords, or reporting against them
Grid View Improvements:
Various improvements have been made to the grid view on all pages, relating to usability and compliance to web standards
Highlighting of Expiring Passwords in Grid View:
Expired, or expiring passwords, are highlighted in red on the grid view, providing users with a reminder that the password must be reset
Save Grid Layout Notification:
Users are now notified each time they save any changes to the grid view layout
Enable/Disable Email Templates:
Security Administrators are now able to enabled or disabled individual email templates, preventing users from being notified when certain events are triggered
User Acceptance Policy Improvements:
‘Mandatory User Acceptance Policy’ must now be read and accepted prior to users being able to use Passwordstate – previously closing the popup window would allow access
Log failed attempts at Accessing the ‘Administration’ area:
An audit record is now added when non Security Administrators try to access the ‘Administration’ area
Export and Purge Audit Table Records:
Security Administrator’s are now able to export and purge all records from the Audit table, assisting with archival of aged data
Popup Window Improvements:
When a popup window is displayed e.g. User Acceptance Policy, background information is now greyed out, giving the popup window more focus
Password Masking on Add/Edit Pages:
A preference option is now available to all users allowing them to show or hide (mask) passwords on each of the add/edit pages. This default preference can also be overridden on each of the pages if the user chooses to
Multiple Active Directory Domain Support:
Multiple Active Directory domains are now supported, including domain account authentication, and cross domain querying for account management
Audit Visibility for all Users:
Audit information is now available to all users, providing history of changes to personal passwords, and any shared passwords they have been granted access to
Expiring Passwords Calendar View:
A calendar view is now available showing when passwords are scheduled for expiry. The calendar shows both personal and shared passwords
New Passwords Home Page:
A new ‘Passwords Home Page’ has been added with the following features (users can choose between multiple different default home pages):
Quick Search – Search across all personal and shared passwords
Password Favourites – A grid view of a user’s favourite personal and shared passwords
Recent Activity – Shows recent audit events for personal and shared passwords
Password Strength Charts – Shows password strength summary based on policy settings set by the Security Administrator(s)
The ‘Password Home Page’ can also be customised in the following manner:
Show or hide Favourite and Recent Activity grid views
Customise the grid views – number of records, show or hide headers and footers
Show or hide password strength charts
Modify the width and height of password strength charts
Email Improvements:
In addition to sending emails via anonymous SMTP, sending from an authenticated mailbox is now possible
Expiring Passwords Email Report:
The Expiring Passwords popup window reminder has now been removed, and replaced with an automated email report. System Administrators can specify at what time of the day the emails are generated, and users can elect to receive the report either daily, weekly or monthly
Emailing From Grid View:
Security Administrators can click on a users email address in the User Accounts grid view, initiating the creation of a new email through the user’s email client
Updated Ajax Components:
All Ajax components have been updated to the current release, providing better performance and patches to known bugs
Password Strength Compliance Report:
Based on the predefined password strength rules set by the Security Administrator(s), a report can now be run showing policy compliance
Improved Online Help:
Improvements have been made to the online help within Passwordstate, with detailed instructions now available for all screens