Documentation forAccess Rights Manager

Access Rights Manager 2019.4 Release Notes

 

Release Date: November 7, 2019

Last updated: Wednesday, March 11, 2020

 

Download a translated PDF: ARM 2019.4 Release Notes (Versionshinweise, deutsch)

These release notes describe new features and improvements in the Access Rights Manager 2019.4 release.

 

New Features and Improvements

New installation & configuration wizard

The new installation and configuration process consists of three steps:

  1. Installation wizard
  2. Base configuration wizard
  3. Scan configuration wizard

Within the installation wizard you choose between Express or Advanced Installation.

The Express Installation includes all required ARM components including SQL Express 2017 and comes with everything preconfigured - the easy way to start an evaluation. The scan configuration wizard lets you easy setup your first Active Directory and file server scan. After completing the wizard, the scans continue to run in the background.

The in the setup included SQL Server Express 2017 does not run on Windows Server 2008 R2.

 

In Advanced Installation mode you are able to customize all installation options, for example use an existing SQL server or install single components in a distributed environment.

The wizards come with the same look and feel as other SolarWinds products. Despite the same look, ARM is not an Orion Platform product and should not be installed on a server that already runs the Orion Platform.

 

Web client administrator dashboard

If you login to the web client as an ARM administrator you will be greeted with the new administrator dashboard. The dashboard contains the following widgets:

  • Environment
    Gives you an overview of your configured domains, resources, users, groups and computers.
  • Active Directory summary
    Displays details on users (disabled, inactive, never expiring passwords), groups and computers.
  • Latest scans
    Overview and status of your latest resource scans.
  • Recent changes
    Quick look at the latest access rights management activities.
  • Risk assessment
    Short overview of your access rights security status with a quick link to the Risk Assessment Dashboard for further details.
  • Request
    Overview of your open GrantMA requests.

 

AD Logga improvements

In previous versions the AD Logga only recorded the event of Group Policy Object (GPO) changes. The new AD Logga will show you in detail, what has changed. The change details are calculated by ARM comparing the previous group policy with the new one. The details are visible in the ARM logbook and in the AD Logga report.

 

Alerting improvements

Create alerts for domains/OUs

In previous versions alerts based on the AD Logga could only be created for single users or groups. With the new version we added the possibility, that you can create an alert for a complete domain or an OU. For example you are now able to trigger an alert if any user account in a domain is locked with one alert configuration.

 

New alert action: write to Syslog

For all kinds of alerts we added a new alert action: write to Syslog. This offers many new possibilities to interact with other SolarWinds products like KIWI Syslog Server or SEM, or any other SIEM system.

You can add as many Syslog servers as you want.

 

Extended support of Office 365

With ARM 2019.4 you can create a new user in Azure Active Directory (AAD, managed domain only), assign a Office 365 license and create a mailbox in Exchange Online in one go. The template that is used for showing the input dialog is completely customizable with all the ARM custom template features what makes creating new users/mailboxes easier, faster and more standardized.

In hybrid environments, you are now able to assign a license to a new user in AAD that was previously created in your on-premise AD and then synched down to your AAD. Assigning a license that includes Exchange Online creates a mailbox.

Due to the new O365 features, it is necessary to perform new scans of Azure AD and OneDrive after the upgrade before you can perform changes to this resources.

 

Support for Microsoft 2019 products

ARM now supports:

  • Windows Server 2019
  • Exchange Server 2019
  • SharePoint Server 2019

 

Increased product security

Communication between components is now based on .NET framework 4.8 which is included in the setup. An ARM server reboot will be required in most cases.

The automatic collector update is only working if the collector already has the .NET 4.8 framework installed. The automatic collector update does NOT push .NET 4.8 framework installation on collectors because of the required reboot. SolarWinds recommends that you update all collector servers with .NET framework 4.8 before upgrading ARM to version 2019.4.

 

Fixed issues

With the release 2019.4 the following issues were fixed:

  • A problem with the "Who has where access" report, which under certain circumstances did not display group memberships properly, has been fixed.
  • A problem with the "Who has access where" report, which could have been empty in certain DFS configurations, has been fixed.
  • The update speed in case many alerts are configured has been increased.
  • The FS Logga report now correctly displays detailed ACL changes.
  • The Exchange scan no longer fails if there are no distribution groups.
  • No more code page errors with scans on multilingual systems.
  • The tree view is fully expanded to the mailbox level when you click on a search result.
  • A bug where already configured data owner resources are missing has been fixed.
  • Fixed a bug where newly created mailboxes were not saved in the correct OU category.
  • FS scans should no longer fail if local accounts cannot be accessed.
  • A server startup issue when there are too many jobs to work on has been fixed.
  • Trial licenses can now be replaced by a full license.

 

With the service release 2019.4.1 the following issues were fixed:

Release Date: December 12, 2019

  • An issue where a mailbox with a comma in cn (common name) was not correctly categorized has been fixed.
  • The use of a wrong password increases the badpassword count now only by 1.
  • A problem, where under some circumstances a login for users from foreign domains was not possible, has been fixed.
  • The settings for ARM user roles regarding Sharepoint Online and OneDrive Logga Reports are now correctly applied.
  • The ARM server itself is now again the first collector in the ranking and only one collector is used for AD queries.
  • FS Logga now automatically considers newly added sub shares on NetApp file servers when their parent share is already being monitored.
  • An issue with the SSL certificate selection on the ARM server during the installation has been fixed.
  • Assigning an O365 license is now properly displayed in the logbook.
  • The Configuration Wizard now shows an appropriate error message if the required Powershell version 5.1 is missing.
  • Security has been improved.
  • The LDAP attributes LASTBADPASSWORDATTEMPT, BADLOGONCOUNT and LOGONCOUNT are now displayed properly in analyze scenarios in the web client. Please note, that these attributes are not included in a default scan of Active Directory and have to be added as described in the chapter Load additional LDAP attributes.

 

With the service release 2019.4.2 the following issues were fixed:

Release Date: January 16, 2020

  • Problems with the update of the FS Logga filter driver installation on Windows file servers under Windows 2008 R2 and Windows 2012 were fixed.
  • Fixed an error in the Web Dashboard for Administrators calculating users with expired passwords.

 

With the service release 2019.4.3 the following issues were fixed:

Release Date: March 10, 2020

  • Improved scanning performance for distributed file systems (DFS) in some system configurations.
  • OU-based Licensing: By default new users will no longer be added automatically to the license scope if they are created outside a licensed OU. The default behavior can be changed by editing the configuration file.
  • A problem with the OneDrive Logga and SharePoint Online Logga retrieving events has been fixed.

 

Known issues

The ARM server goes into a restart loop after updating to the new version when Azure scans are configured and resources are offline. You can resolve the problem by making the Azure resources available online again. This error occurs only once after the update.

When adding a new SharePoint resource, the SharePoint 2019 version is missing from the selection, although it is already supported. Solution: Select SharePoint 2016 to add a SharePoint 2019 resource. Full functionality is thereby ensured.

 

New customer installation

Installing ARM onto a server that has an Orion Platform installation is not recommended. ARM and Orion Platform products should be installed on separate servers. Note that ARM is not an Orion Platform product.

For information about installing Access Rights Manager see the "ARM Installation Guide" from the Success Center.

 

How to upgrade

If you are upgrading from a previous version, please refer to the chapter "Perform an update installation" from the Success Center.

The ARM server is renamed from pnServer.exe to armServer.exe. Please note this if you have set up appropriate firewall rules.

 

End of support

This version of ARM no longer supports the following software:

Type Software
Browser

Internet Explorer

 

Deprecation notices

This version of ARM deprecates the following platforms and features.

Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.

For information about supported version of SolarWinds products, see Currently supported software versions.

Type Deprecation
Windows Server 2008 R2

This operating system is deprecated for the ARM Server as of this release. Although you can install ARM on Windows Server 2008 R2 this version is deprecated and will not be supported in future versions of ARM. SolarWinds strongly recommends that you upgrade your operating system at your earliest convenience.

SQL Server 2008 This SQL Server version is deprecated as of this release. Although you can use SQL Server 2008 as ARM database server this version is deprecated and will not be supported in future versions of ARM. SolarWinds strongly recommends that you upgrade your SQL Server at your earliest convenience.
SQL Server 2008 R2 This SQL Server version is deprecated as of this release. Although you can use SQL Server 2008 R2 as ARM database server this version is deprecated and will not be supported in future versions of ARM. SolarWinds strongly recommends that you upgrade your SQL Server at your earliest convenience.

 

Legal notices

© 2019 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.