The Release Notes provide a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary. For the Specops Authentication Client Release Notes, click here.
Current Release: 6.9.19283.1
- Operations could fail for users running the latest version of Specops Password Policy settings due to incompatibility with latest policy setting files. This could result in the following error message: “An item with the same key has already been added.“
- Message about disallowed reset because of unfulfilled password age requirement could show negative time (“Must not change in -x minutes.“)
- Added audit event to user history when helpdesk verifies user.
Released October 10, 2019
- Added support for Captcha to prevent username harvesting. For more information, see here.
- Added support for sending a mobile code using Twilio’s text message sender service.
- Added support for sending a mobile code using GOV.UK’s text message sender service (UK only).
Note: For more information on how to configure text message senders, see here.
Released February 18, 2019
- Windows update (KB4462928), in environments where deprecated versions of TLS/SSL (such as SSL and TLS 1.0) are disabled, resulted in the following error on the Specops Password Reset web, and administration tool: “The client and server cannot communicate, because they do not possess a common algorithm.”
- Note: Before updating Specops Password Reset, ensure that you running Microsoft .Net framework version 4.7.2 or later.
Released October 31, 2018
- Added missing audit log when a helpdesk user unlocks an account.
- If password dictionaries were disabled during a password reset, the server side rule validation could result in an error message.
Released September 6, 2018
- Support for the renamed Specops Authentication Client (formerly known as the uReset Client). For updates to the Specops Authentication Client, click here.
Released April 19, 2018
- Server and Web: In scenarios where the user had more than one custom question defined, their answers to secret questions during helpdesk verification were not validated against the correct question.
Released April 4, 2018
- Policies using mobile code (only) did not display the password rules in the user’s selected language.
Released March 13, 2018
- Fix issue where locked out users could not unlock their account if the minimum password age rule was defined.
Released February 7, 2017
- Improved handling and logging for “helpdesk password reset” email notifications, when the target user had no e-mail address defined.
- Importing license failed in some scenarios.
- Specops Password Reset now acknowledges the ”minimum password age” password policy rule (if defined). While this may be a drawback for users attempting password resets, it was a necessary change to comply with changes in Microsoft’s password APIs. For a better user experience, it is recommended to use Specops Password Policy, which permits password resets, but restricts password changes when the “minimum password age” is defined.
Released January 3, 2017
- When used in delegated security mode, helpdesk initiated password resets could result in access denied message
- Resetting failed attempts with QandA could fail if HelpDesk was configured to use delegated security
- Custom translation to English based languages, such as en-GB was not working
Released September 22, 2016
- Security updates from Microsoft (described in Microsoft Security Bulletin MS16-101) introduced a regression in the way password changes take place in Windows. As a result, password resets and changes in Specops Password Reset started to fail. To solve this, the Specops Password Reset Server has been changed to use LDAP for password resets, as opposed to the traditional Win32 API.
Released August 31, 2016
- The event id used during user unlock was incorrect.
- Toggling between password rules and phrases could fail (If Specops Password Policy and Specops Password Reset were used together).
- New step in the Setup Assistant for downloading the client installation files.
- New step in the Setup Assistant for installing the client ADMX file.
Released May 26, 2016
Released March 10, 2016
Released March 3, 2016
- The installation for Specops Password Policy, Sync, and Reset is now separated to 3 different Setup Assistants.
- Changed helpdesk search using Ambiguous Name Resolution.
- Customizable attributes to search the helpdesk.
- Fixed an issue where the delegate security button in admin tool did not grant access for the SPR service account to read value of attribute msDS-User-Account-Control-Computed. During reset password, this could result in failure to detect if user was locked out or if the password had expired.
- The send SMS button, in the enroll and reset wizard, can only be clicked once before entering a code to prevent spam clicking.
- If the useonlydefaultlanguage registry key was used, the enrollment reminder page was displayed in Czech when English was specified as the default language.
- Autoenrollment did not work when QA and SMS was enabled in the policy.
Released February 24, 2016 | 6.4.60217.2
Version 6.3 Maintenance Release 4
- Full Windows 10 support.
- If a user was moved in Active Directory during User Count, the Password Reset Server crashed.
- The Specops ADUC menu extensions failed to load in certain environments.
Released August 18, 2015 | Build number: 6.3.50813
Version 6.3 Maintenance Release 3
- Added an option to use LDAP APIs to reset passwords, rather than Win32. In most cases, this should not be used. If for some reason this is required, Specops Product Support can assist you.
- Web: The Password Reset web page displayed the yellow Dictionary rule, when it should have been hidden.
Released May 11, 2015 | Build number: 6.3.50506
Version 6.3 Maintenance Release 2
- Windows 10 support for the Specops Password Client and the Administration Tools.
- When an administrator, in a multi-domain environment attempted reporting from all domains, they received an error that the domain configuration from the registry cannot load.
- A “failed to send enrollment” event was wrongfully logged for users with no configured enrollment reminder.
- If more than one domain was configured, license counting could fail for domains other than where the Specops Password Reset server was installed.
Released April 17, 2015 | Build number: 6.3.50414
Version 6.3 Maintenance Release 1
- Setup Assistant: When an administrator started the Specops Setup Assistant on a server outside of the domain, the Setup Assistant failed to initialize.
Released August 6, 2014 | Build number: 6.3.40731
- Passphrase policy support when used in conjunction with Specops Password Policy 6.3.
- New setting that allows you to send the mobile verification code to a email address instead of a phone number.
- Separate event log messages are now generated for unlock account and password reset.
- Traditional and Simplified Chinese language support.
- Improved search performance when processing users in Active Directory.
- Helpdesk Portal: When an administrator reset a user’s password, the confirmation message was not displayed.
- Helpdesk Portal: If the delegated security model was used, members of the helpdesk admin group were able to force users to re-enroll, even if the active directory permission was set to prohibit that.
- PowerShell: When an administrator auto-enrolled users with known enrollment data, the answer to the questions were not validated correctly during Password Reset and Helpdesk user validation.
- Setup Assistant: In rare circumstances, when an administrator created a Group Policy Object in the Setup Assistant, they received the following error: “Object reference not set to an instance of an object.”
- Setup Assistant: When an administrator started the Specops Setup Assistant on a server outside of the domain, the Setup Assistant failed to initialize.
- Server: If the DNS zone name was different from the Active Directory DNS name, the administrator was unable to install and use Specops Password Reset.
- Web: When the “user cannot change password” setting was set for an Active Directory user, the user was still able to reset their password, however they were no longer able to logon.
Released June 17, 2014 | Build number: 6.3.40617
Version 6.2 Maintenance Release 1
- Korean and Romanian language support.
- Specops Password Reset server installation compatibility with Windows Server 2012 R2.
- Better search logic in the helpdesk yielding faster and more precise results.
- New setting that allows you to disable the “Password Reset Link” if it conflicts with other third party credential providers. This setting allows you to use the Specops Password Client, even if you are unable to use the Password Reset Link.
- New setting that allows you to disable the creation of Specops Password Policy Client shortcuts in the start menu.
- Renamed ADMX template settings to enhance the end users understanding of logon tile configuration.
- Configuration Tool: When an administrator edited the domain configuration, the Configuration Tool would crash if they closed and reopened the window.
- Configuration Tool: When an administrator selected Email Settings in the navigation pane, the “License reminder recipient” was not fully visible in the SMTP settings.
- Helpdesk Portal: When an administrator tried to reset a password using the Helpdesk Portal, for a user who had been locked out, the option to force user reenrollment was not present in the Helpdesk Portal.
- Helpdesk Portal: When an administrator tried to send a mobile verification code to a user that had not enrolled, the administrator would receive an error and the user was unable to reset their password.
- Helpdesk Portal: When an administrator searched for a user in Internet Explorer 11 by entering the name of the user in the search field and pressing “Enter,” the helpdesk was unresponsive.
- Helpdesk Portal: When a user tried to change their password in Internet Explorer 11, the password they entered in the password field disappeared and they received an error.
- Reporting Tool: When an administrator upgraded to Specops Password Reset 6.2 from version 5.0, the existing reporting statistics for password resets and changes received an invalid timestamp and were no longer correct.
- Server: In rare circumstances, when a user reset their password, the user was prompted to change their password at the next logon.
- Server: When a user unlocked their password without changing it, the resulting email incorrectly used the template for resetting a password instead of unlocking a password.
- Web: In rare circumstances, when a user tried to enroll for Specops Password Reset, the wrong language was displayed in the question list on the enroll page.
- Web: When a user tried to enroll, change, or reset their account, the user was not recognized if the web server was outside of the domain.
- Web: When an administrator installed the Specops Password Reset Web component, they received an error during SCP creation if part of the OU where the computer resides had special characters (such as “/”).
Released December 5, 2013 | Build number: 6.2.31205
- Improved stability in the mobile apps.
- Improved error messages in the Specops Password Reset web pages.
- Small improvements in the Setup Assistant.
- Improved support for Network Level Authentication (NLA) in the Specops Password Client.
- Fixed a problem with changing the password for user accounts required to “change password on next logon.”
- Fixed a problem with editing the event notification email templates in the Group Policy settings.
- Fixed a number of minor problems in the mobile apps.
Released June 25, 2013
- Support for running the Specops Password Reset components on Windows Server 2012 and Windows 8.
- Mobile apps for Android, iPhone and Windows Phone makes it possible to reset your Active Directory password from your smartphone.
- Added ability to securely reset cached user credentials on computers without contact with the domain when the password reset takes place.
- Reporting capabilities extended to allow tracking individual user activity.
- Added web service component to handle mobile app communication.
- Added access throttling ability which restricts the number of access attempts each individual client may make within a specified time window.
- Added further language translations.
- Added support for using HTML tags in notification e-mails.
- Added support for using TLS and using authentication credentials in the Specops Password Reset Server e-mail configuration.
- Added support for displaying web pages in languages which use the right-to-left reading direction.
- Fixed a problem when using Specops Password Reset over multiple domains.
- Fixed a problem where it would sometimes take a long time to display the Windows logon prompt in Windows 7 if there were no contact with the domain.
- Minor improvements to the UI.
Released November 27, 2012
- Improved reporting capabilitiies.
- Support for co-existence with other software which doesn’t play nice with the Windows credential provider architecture.
- Added license management to the configuration tool.
- Added further language translations.
- Fixed a problem where the reporting component would get confused about GPOs with the same name from different domains.
- Fixed some minor issues with the Specops Password Reset Server Service.
- Various other minor UI fixes.
Released June 4, 2012
- New architecture based on Windows Identity Foundation permits using Specops Password Reset across multiple domains.
- Added support for enrolling users with Specops Password Reset from outside the internal network.
- New web customization tool allows easy theme based editing of the web interface graphics.
- Customization tool also allows editing all UI texts, including full support for adding or changing language localizations.
- Improved enrollment enforcement options allows different setting to encourage or force users to enroll.
- Several fixes to the error handling in various components.
- Help desk tool should no longer generate an error if used with a user account for which no Password Reset policy has been configured.
- Fixed a few of issues regarding starting the Specops Password Reset Server service
Released June 30, 2011
- New option in the registry allows the Helpdesk to answer a user secret question for manual authentication of users who call in.
- The server can now be configured to use a custom attribute as the source of a user’s email address rather than using the default attribute.
- The client can now be configured to always connect to a specified web server, instead of using the Service Connection Point discovery
- Overriding the SMTP settings in a GPO now has an effect in the product.
- Leaving the “Confirm password” text box empty when resetting a password is no longer allowed.
- ”Soon to expire” and ”expired” license messages in the event log now show the correct number of licensed users, for both the “full” and “affected” license models.
Released November 18, 2010
- Rewritten setup for an easier, intuitive installation The Setup Assistant has been rewritten to make the installation even easier and intuitive.
- Reporting A reporting web page has been added that can be used to see enrollment, reset and license statistics in the system.
- Email notifications Option in the configuration to send email notifications when certain events takes place in the system. The events implemented are password reset by user, password reset by helpdesk, user enrollment, user locked out from SPR, account unlocked by user and enrollment reminders.
- Mobile enrollment with validation An option in the configuration allows for users to update their mobile number, in Active Directory, during the enrollment process. There’s also an option that requires validation of the entered mobile number by sending a verification code to it.
- Custom Wizard Messages A custom message can be showed for the end-user when the user has completed an enrollment, a password reset or a password change.
- Forced re-enrollment Re-enrollment can be forced either through the Helpdesk for a single user or through the Group Policy Object for all users affected by the GPO.
- The new Specops theme The new Specops theme has been applied to all web pages and administration tools.
- “User must change password at next logon” option in Helpdesk When a password is reset through Helpdesk, the option “User must change password at next logon” can now be set.
- User initials column displayed in the Helpdesk search result pageThe “initials” attribute is now displayed in the Helpdesk search result page to make it easier to distinguish users.
- “Reset password…” link enabled when computer is locked In Windows Vista or Windows 7 the “Reset password…” link is shown when a computer is locked.
- Command-line tool to manage SPR objects The administration tool now contains a command-line utility (SPOBJMGR.EXE) that can be used to manage SPR sub-objects in Active Directory.
- Turkish language added.
- Helpdesk stopped responding when searching for all users In an environment with a lot of user accounts the Helpdesk stopped responding if the result was to large.
- Alt-Gr now works in the secured browser The Alt-Gr button didn’t work in the secured browser, making it impossible to type some kind of characters.
- Double login issue automatically handled Connecting to a server where the client component was installed forced the user to enter the credentials twice. Only applies when connecting from a Vista/Windows 7 client to a Windows Server 2008 (or later).
- View certificate” button is disabled if an invalid certificate dialog is shown If an invalid certificate was used at the Web server the certificate warning dialog showed up, making it possible for end-users to browse the file system without being logged on. The “View certificate…” button in the dialog is now disabled.
Released May 5, 2010
- Support for installing the client component on a Citrix server [Client].
- Trying to “Unlock account and reset password” for a user affected by the Default Domain Policy (or a fine-grained password policy) would generate the error “The referenced account is currently locked out” [Server].
- If the client component was installed on a Windows Server 2008 (or higher), a Remote Desktop Connection (using the RDP 6.0 client or higher) to that server would require two logins [Client].
- Trying to view a user residing in an OU containing a slash (/) would generate the error “Unknown error (0×80005000)” [Server].
- Errors in the Norwegian translation file would show incorrect information [Web].
- The default language (English) was not added to the list of available languages for the Reset and Change web pages [Web].
- Before using mobile phone numbers configured in Active Directory, all special characters and white spaces except the plus (+) sign are removed [Server
Released September 9, 2009
- The “Show characters” option in the Enrollment and Reset web pages doesn’t work when using Firefox.
- If the “Passwords must meet complexity requirements” option is enabled in the Default Domain Policy, the “Disallow user name in password” rule doesn’t work as expected. Both the “Must not contain your username” and “Must not contain any part of your username” rules are displayed, but only the “Must not contain your username” should be displayed.
- The Specops Password Policy (SPP) rule “Disallow user name in password” doesn’t work as expected. If the option “Disallow full user name in password” is selected in the SPP policy, both the “Must not contain your username” and “Must not contain any part of your username” rules are displayed. If the option “Disallow part of user name in password” is selected in the SPP policy, then none of the rules are displayed.
- The “Reset password…” link doesn’t show up if the Welcome registry value has been configured on the client. If the registry value “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Welcome” has been configured on the client, then the “Reset password…” link is not displayed.
Released June 16, 2009
- Autoenrollment of users.
- Helpdesk can now be configured to use a delegated security model.
- If a user has been locked out from the password reset service, a reminder (balloon tip) for enrollment will be shown at logon.
- Answers entered during Enrollment and Reset is now by default secured by password characters. A “Show characters” option has been added to be able to see the characters entered.
- Improved language selection handling.
- Hungarian language added.
Released May 5, 2009
- Improved Setup Assistant to simplify the installation process.
- The “Reset password…” link in the login dialog box can be configured to be available when the computer has no contact with the domain. This makes it possible to reach the Password Reset web page, that’s exposed to the Internet, from the login dialog as soon as the computer has an Internet connection.
- The enrollment notification balloon on clients only shows up when a new enrollment is required. The recommendation balloon has been removed.
- Change password page now requires user name and password before the affecting password rules are shown. Prevents unauthorized users from finding out affecting password rules for other users.
- Long timeout (10–15 seconds) when entering a wrong answer during password reset. This only happened when DNS reverse lookup (IP address to DNS name) wasn’t configured in the DNS. The logging function on the server timed out when trying to get the DNS name for an IP address. The DNS name is no longer used, only the IP address.
- “Object reference not set to an instance of an object” error when trying to use the Reset Password web page and only mobile verification code is used as authentication.
Released December 18, 2008