The Release Notes provide a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary. For the Specops Authentication Client Release Notes, click here.
The updates made to the Specops uReset Cloud do not require any action from the customer. The Gatekeeper does not need to be updated to receive the uReset Cloud updates.
Current Release: 7.12.19185.3
- When entering a new password, and a user was effected by Specops Password Policy with Breached Password Protection Express enabled in the policy, no rules were displayed. The Gatekeeper must be updated to resolve this, or upgrade to Specops uReset 8.0. For more information on uReset 8.0, including migration details, click here.
Released July 8, 2019
- In environments where TLS 1.0 was disabled, and FIPS compliance was enabled, the Gatekeeper connection would fail if the latest patches from the Windows Update were applied.
- Username lookup in multi Active Directory domain environments would fail.
- The current domain was incorrectly used in multi Active Directory domain environments.
Released November 20, 2018
7.12.18178.1 (Gatekeeper & uReset Cloud update)
- Added option to allow the end-user to enter their North American local numbers, without entering a country code, when using the Mobile Code identity service. The setting can be configured from the Mobile Code settings in the policy.
- Enrollment reminder emails did not work with placeholders for %EnrollURL% and %ResetURL%.
- Searching for a user with a manager in Active Directory, that was disabled, resulted in Internal server error.
- User lookup by user principal name failed if multiple accounts in Active Directory had the same e-mail address as that user principal name.
- Added button for copy distinguished name of settings container to clipboard.
Released July 4, 2018
7.12.18101.2 (Gatekeeper & uReset Cloud update)
- Delegated permissions for Gatekeeper installation. Gatekeepers can now be configured by a user that does not have administrative permissions on the domain level. The user can configure uReset for an organizational unit where they are an administrator.
- Support for multiple domains in the same forest.
Released April 12, 2018
7.11.18009.1 (Gatekeeper & uReset Cloud update)
- If the casing of the registered domain name did not match the user’s domain name, email notifications to those users did not work.
- The Questions identity service did not work with all supported languages.
- On the Mobile Code identity service, the resend code button is now configured to appear by default.
Released January 16, 2018
7.11.17319.2 (uReset Cloud update)
- Added support for command line / scripted installation of the Gatekeeper.
- Added the ability to remove the “Unicode” password rules text displayed to the end-user during a password change.
Released November 23, 2017
7.11.17265.1 (uReset Cloud update)
- The email notifications did not support multiple recipients.
- The link to the Specops uReset enrollment page took users to the user home uReset page instead of directly to the enrollment.
- Improved error handling to prevent “customer does not exist” error on the password reset mobile app.
Released September 27, 2017
7.11.17249.1 (uReset Cloud update)
- Re-enabled option to toggle the reCAPTCHA on and off.
Released September 6, 2017
7.11.17243.1 (Gatekeeper & uReset Cloud update)
- Added missing log out button to the uReset web pages.
- Enforced previously optional “ReCaptcha” on all uReset login pages. Users may receive an “I’m not a robot” validation request.
- Added option to force the Gatekeeper service to use a specific domain controller.
- Notification emails will verify that the “From” and “To” domains are registered domains for the customer account.
Released August 31, 2017
- Password handling for users affected by “disallow username in password” rule, and display-name containing brackets, resulted in an error that rejected the password.
Released June 9, 2017
- In rare cases, the Gatekeeper could fail to reconnect to uReset.
- Read-only domain controllers in the domain could cause the nightly Gatekeeper user count and user enrollment to fail.
- In a locked down environment, configuration of the Active Directory scope could fail with “The specified directory service attribute or value does not exist” resulting in access denied when writing to the user’s enrollment (e.g. nightly user count or enroll).
Released March 22, 2017
- In some scenarios, the helpdesk was unable to reset passwords for users if Windows Identity was not in the Helpdesk policy.
- In some scenarios, selecting Duo Security on the Reset Wizard or Multi-login page, resulted in “Duplicate session, try again” loop.
- Improved the default behaviour for mobile code enrollment.
- Improved Gatekeeper reconnect functionality when connection to uReset is lost.
- Improved uReset performance when handling large numbers of Gatekeepers.
Released November 28, 2016
- Support for Symantec VIP as an identity service.
- New password reveal button on the uReset Web.
- The “Enrollment” Reports page crashed when there was a high volume of affected users.
- The “All users” Reports page crashed when a filtering parameter was set for a policy that did not contain any users.
- Some of the reporting pages crashed if the language was set to French.
- If several scopes were configured in the same level in Active Directory, the helpdesk search could fail to find users.
- Helpdesk Identity Verification resulted in an error if the user had already logged in with the same identity service.
- In some scenarios, the customized text on the uReset web did not update after being changed.
- In some scenarios, the full screen uncloseable enrollment browser did not display the close button after a successful enrollment.
- In some scenarios, the user did not receive a confirmation message after being remotely verified by their manager.
- The settings page for Duo Security will now indicate if the secret key had been previously configured.
- Added a check in the Android Fingerprint App to ensure that the device supports fingerprint scanning.
- The “All users” Reports page optimized for a high volume of users.
- Added enable/disable capability to the identity verification feature for non Active Directory users.
- Users can now select the uReset web display language.
- New per policy setting for Mobile Verification Code that allows an administrator to control whether users are allowed to enter mobile phone number during enrollment (never, always, or if mobile number is missing in active directory).
- Improved the Start page for basic login and where username is entered to start the password reset process.
- Improved error message in the event log when an invalid email address is stored in Active Directory.
- Improved error message when the wrong password is entered during Manager Identification process.
- Improved error message when the code from the Specops Authenticator is not provided, and verify code is clicked.
- Improved error message if attempting to export a report that did not contain users.
Released November 10, 2016
- Granular control using security as configured in Active Directory, over who is allowed to reset passwords via delegated security for the helpdesk.
- Multifactor authentication policies for Administrators and Helpdesk users accessing the uReset web.
- Identity verification for non-Active Directory users with Mobile Code and Mobile Bank ID.
- Dynamic display of captcha, after a configurable number of failed logins, to prevent user name harvesting.
- Security enhancements for the Gatekeeper installation account such as account lockout after 10 unsuccessful password attempts, and email notifications when changes are made to the account, and password.
- Gatekeeper installation now includes configuring Remote Access between the Specops uReset Administration tool and the Specops uReset Gatekeeper.
- New Admin tool category with support for troubleshooting Remote Access issues between Specops uReset Administration tool and Specops uReset Gatekeeper.
- The number of users displayed on the helpdesk search was incorrect.
- If the helpdesk user was out of the scope of management, an empty display name appeared in the “password reset by” information in the user statistics.
- If a user entered the identity verification wizard without a request from the helpdesk, the wrong error message was displayed.
- When the “Hide Manager Name” setting was enabled, the manager username still appeared on the screen if local verification was used (“Manager is here” was selected).
- When entering a new password, the “must not contain username” rule appeared twice.
- Writing configuration changes to Active Directory failed when the Administrations tools were running on a different computer than the Gatekeeper server.
- Missing translations for various error messages.
- The statistics for a user from the helpdesk tab had events omitted from the list.
- Changing the custom mobile attributes from the administration tool was not refreshed in the Gatekeeper.
- When viewed from a mobile device, the drop-down menus on the helpdesk and setting page displayed the wrong text.
- In some scenarios, the user count did not display the correct number of users.
- Added confirmation dialogs for removing Gatekeepers from the uReset Web, and identity verification requests from the helpdesk.
- Improved error message if the required version of .NET Framework is not installed during the Gatekeeper installation.
- Changed permission to only display helpdesk link to members of the helpdesk group.
- Improved Fingerprint App behaviour: When enrolling with the Fingerprint App from a mobile browser on an iOS or Android device, the Fingerprint app is closed once the user is authenticated, and the user is returned to the enrollment web page.
- Improved error message when a user without a policy tried to enroll in the system.
- Added eventlogging in the application log for end user password reset/changes.
- Added logging for Mobile Bank ID events.
- Added help text for editing the Mobile number AD attribute name and the required security configuration.
- Added information for re-enabling the service after the user replies STOP to the SMS notifications.
- Improved the policy error that is displayed when an administrator enrolls a user with Mobile Verification Code.
- Removed option for configuring where the Duo Security proof is stored.
- Added information in the uReset Admin tool UI about what Identity Service exist in a GPO.
Released August 17, 2016
- If “Hide part of the mobile number” was enabled in the policy, the user was unable to authenticate with the mobile code.
Released May 3, 2016
- In some scenarios, the web request did not reach the Gatekeeper, and instead of a retry, an error was displayed.
Released April 26, 2016
- Support for additional identity services including Duo Security, and the Specops Fingerprint Authenticator.
- New customization features on the uReset web, including text customization for all supported languages, and ability for customer to set their own styles using a custom bootstrap CSS.
- End user identity verification during the helpdesk password reset process.
- Requirement for the user to change password at next logon following a helpdesk password reset.
- Customizable Active Directory attributes to search the helpdesk.
- Client download from the Server Admin Tool.
- Client deployment using Group Policy Software Installation from the Server Admin Tool.
- Gatekeeper upgrade notifications, and option to download the latest installation files, from the Server Admin Tool.
- Allowing uReset Admins and Helpdesk users to be outside the uReset scope of management.
- New identity services, not supported by the installed version of the Gatekeeper, instruct upgrade on the License page in the Server Admin Tool.
- Simplified enrollment process for the Specops Authenticator when accessed from a browser on an iOS or Android device.
- The DateTime for the statistics on the helpdesk page displayed incorrectly, if the uReset Server computer did not use Coordinated Universal Time.
- The Manager authentication “Completed at” information, in the Tasks menu, displayed the incorrect date or an “Invalid date” text.
- When editing a uReset extended Group Policy, the uReset Gatekeeper group was granted read permission on that GPO.
- If an old Gatekeeper used a license containing a new Identity Service that it did not support, the administrator was unable to edit any policies.
- Password expiration reminder messages, from the Specops uReset Client, were displayed using the selected enrollment reminder mode, instead of always displaying as a balloon tip notification.
- When launched from the uReset mobile application, the password reset page for a user that had 6 or more identity service enrollments, did not allow the selection of an identity service that appeared on the bottom of the page.
- The Administration Tool started off screen if it was closed on a monitor that had since been disabled.
- A user with a Manager Identification enrollment was flagged as not enrolled during user count.
- The reminder interval policy setting was always enabled, regardless of the “When to remind” configuration.
- Various logging fixes including messages and level.
- Split pages on the Server Admin Tool for simplified navigation.
- Concurrency control when editing a uReset policy, to prevent overriding changes, if the policy is edited by more than one user at the same time.
- Individual selection of the Authenticator apps (Specops, Google, and Microsoft) in the user interface.
- Improved mobile usability for the helpdesk pages.
Released April 19, 2016
- Support for the new Specops Password Policy online dictionary feature.
Released February 26, 2016
- If the administrator did not run PowerShell with elevated permissions, they received a permission error when using the administrator enrollment cmdlets.
- Security enhancements for all Gatekeepers older than 7.7.60217 when attempting the following operations: change admin password, upload license, and unregister gatekeeper.
Released February 22, 2016
- Fixed the incorrect remote verification link provided in the email to managers during user authentication.
Released February 17, 2016
- Star Bar UI improvements on the uReset web including animated cues and an added tool-tip.
- Reporting improvements including an “All users” report, and ability to export data to CSV.
- New enrollment enforcement/reminder settings UI in the Administration Tools.
- New eventlog message for the uReset client when a user’s password has expired.
- Client improvements including caps lock and current keyboard language indicator, as well as a progress indicator when loading pages in the secured browser.
- Gatekeeper information collection from the Administration Tool including log files and eventlogs.
- New registry setting that allows you to specify the domain controller to use.
- Toast message on Android when a code generated by the authenticator app was copied.
- Administration Tool UI improvements including resizing window size to adjust to smaller screens.
- New link to the uReset Web Settings page from the Administration Tool.
- Improved cmdlet naming and parameters to follow PowerShell guidelines and added help for the Add-uResetIdentityServiceEnrollment cmdlet.
- Question and Answer enrollment fixes including restarting the process when clicking the back button on an incomplete enrollment, and ability to change the selected question.
- Clicking Save or Verify multiple times on the uReset web page during enrollment or password reset, resulted in an error.
- A duplicate user appeared in the database if the user moved out, and back into the scope of management.
- The default weight of an unselected Identity Service was lost if the minimum weight was reduced below the weight of the unselected Identity Service.
- Error handling fixes when a group policy was unable to load due to replications error, or access denied.
- The uReset Servers group was not granted permission, during Active Directory scope selection, to read value of attribute msDS-User-Account-Control-Computed. During reset password, this could result in failure to detect if user was locked out or if the password had expired.
- When a user pasted the verification codes from the Specops Password Reset, and Specops Authenticator app into the web for authentication, the verify button remain disabled until a keypress was made.
- An error during the user count, resulting in an incorrect policy name being displayed in the eventlog.
- Missing/incorrect Swedish translations on the uReset web.
- When a user migration was initiated twice in the migration tool, without restarting the migration tool in-between, the UI displayed duplicate scope of management and users.
- Attempting to logon using Windows integrated logon from a browser running on the Gatekeeper computer to the uReset Web, failed due to the Windows loopback security feature. Rather than displaying an error message, the user will now be redirected to use basic login.
- Fixed an issue where the code generated by the authenticator app couldn’t be verified.
- An invalid code was displayed if the user switched in and out of the authenticator app.
- Insufficient information for helpdesk if a user’s uReset policy is broken.
- When adding users/group to local group, the Name attribute was used instead of SAM-Account-Name, resulting in error during the Gatekeeper installation.
- The SalesForce login was broken when used from SecuredBrowser as localsystem.
- When a user entered an incorrect Mobile Verification Code, they did not receive an error message and the button to verify the code remained on the page.
- Missing information in the eventlog if a Text Message failed to send.
- Duplicate Identity Services appeared on the enrollment page if the Cancel button was clicked when re-doing the enrollment.
- The user count operation timed out, and displayed an error, if the count took longer than 2 minutes.
Released February 3, 2016
- Support for weighted identity services, which allows the administrator to assign a specific weight for each identity service, ultimately deciding that one identity service is worth twice as much as another during authentication. In the user interfaces, for both the end users and administrator, the weights are represented by stars.
- Support for migrating Specops Password Reset policy settings to uReset policy settings, in the same Group Policy Object.
- German and French language support.
- Customization improvements for the end user interface, including support for non-square customized logos.
- Support for proxy server configuration during Gatekeeper setup.
- Support for authentication with the SITHS identity service from the Windows Logon screen.
- Improved usability for the helpdesk with a new Unlock and Reset button, which is displayed when a user is locked out from Active Directory.
- Support for context menus in the administration tool.
- Load performance improvements for the uReset web pages.
- UI improvements including responsive design during the enrollment and reset process.
- When a user enrolls in the uReset service using a mobile device, they are redirected to basic login, as opposed to integrated authentication.
- The end user is now notified when their manager has approved their authentication request.
- When a uReset policy was removed, it continued to appear on the Specops Reporting page.
- During reinstallation, if an administrator switched from LocalDB to SQL, the reinstallation failed.
- When an administrator removed a Gatekeeper from the uReset web, the first Gatekeeper was always removed, instead of the selected Gatekeeper.
- Password reset enrollments can now only be migrated if the user is within the uReset AD scope.
- When a user selected enroll, reset, or change from the start menu, but was not affected by a uReset policy, an exception message was displayed.
- If a proxy server was used, the administrator was unable to edit uReset policies.
- The default policy name displayed the customer domain name, instead of “Default Policy.”
- When a password was reset from the helpdesk, the password rules still appeared for the administrator, instead of the helpdesk landing page.
- If the password history policy was not fulfilled during a password change or reset, the password rules were not displayed correctly.
- When the uReset web pages were accessed from Internet Explorer 11, the session was dropped unexpectedly.
- When setting a new password failed, the server side validation rules reordered with the client side rules.
- If a domain had domain controllers with both Windows 2003, and Windows 2008 and newer operating systems, it could cause password resets to fail.
- Improved usability in the Specops Authenticator app with the introduction of a numeric keyboard for mobile verification codes.
- The version number of the Specops Authenticator app has been fixed to display correctly.
Released November 11, 2015
- Windows 10 support for the Specops uReset Client.
- Swedish language support.
- Coordinated Universal Time to all timestamps on the uReset Web.
- Support for Microsoft LocalDB to simplify installation and maintenance for on premise installations. Full SQL Server is still supported as an alternative. LocalDB is recommended.
- Support for creating SPN in Active Directory during Gatekeeper installation/upgrade. This enables running the administration tool from a computer other than the Gatekeeper computer.
- New “uReset Gatekeepers” security group during installation/upgrade. This group is assigned permissions in Active Directory for handling enrollment data.
- Gatekeeper can now be configured to go through a HTTP proxy server when connecting to the uReset cloud.
- In some scenarios, the Specops uReset Client failed to update cached credentials. This caused issues for users resetting passwords without a connection to a domain controller.
- When a user was denied access to a resource, the user was redirected to login, and automatically logged in as themselves in an infinite loop.
- When a user accessed Identity Service reports, they received an object reference error.
- Improved the error message displayed by the Specops uReset Client when a user not affected by a policy selected to enroll/reset/change from the start menu. Note: This change has been implemented for Specops Password Client version 7.5.50917.1.
Released September 15, 2015
- The Specops uReset Gatekeeper now supports proxy server configuration.
- When a user from the Helpdesk group logged in to perform a password reset on behalf of a user, they were prompted to re-authenticate, during which they received an error.
Released July 27, 2015
- The Specops uReset Gatekeeper now supports Windows Server 2008/2008 R2.
- The Specops uReset default policy can be enabled/disabled and configured from the uReset Administration Tool.
- When enrolling with a mobile verification code, the user’s phone number can be stored in additional AD attributes other than “Mobile.”
- New security questions settings including the ability to create custom questions, import questions, edit questions, and use multiple languages.
- The Specops Authenticator app for iOS, Android, and Windows phone.
Note: Check the app store regularly to find the Specops Authenticator app when it becomes available in the near future.
- Support for Google Authenticator and Microsoft Authenticator.
- The administrator password that is created when creating an uReset customer password, and required for downloading the Gatekeeper, can now be changed from the Specops uReset Administration Tool.
- Modified PowerShell cmdlets so administrator can enroll on behalf of a user using secret questions.
Released June 25, 2015