Downloads

Downloads and version history


v7.5.3.0

Released: 9 September 2017

Release notes

This release brings capability to maintain password of domain accounts and seamlessly to retrieve/reset it  it by users with appropriate permission. This allows scenarios such as easy secondary admin logon on machine, RDP logon – all without the need to even know the password of account used to logon. In addition, password of the domain account is regularly changed by PDS itself, so there is no chance for password being long time the same for potentially powerful user accounts.

No changes on client side in this release.

Installers x64

CSE: AdmPwd.E.CSE.Setup.x64.zip

PDS and management tools: AdmPwd.E.Tools.Setup.x64.zip

Installers x86

CSE: AdmPwd.E.CSE.Setup.x86.zip

PDS and management tools: AdmPwd.E.Tools.Setup.x86.zip

APPX PACKAGE FOR WINDOWS 2016 NANO SERVER

Also includes PowerShell DSC configuration that allows to create AdmPwd.E client configuration in registry (as there is no GPO client on Nano server that would distribute it)

AdmPwd.E.Client.Nano.zip

INTEGRATION LIBRARY FOR .NET

Executable: AdmPwd.E.PdsWrapper.zip

Reference documentation (CHM format): PDS_Wrapper_Documentation.zip


v7.5.2.1

Released: 30 May 2017

Release notes

This is maintenance release of CSE installer. There was a regressin in installer that in some cases improperly registered CSE with Event viewer, so events produced by CSE were not visible in Application event log.

Packages for other componets are unchanged and remain on version 7.5.2.0

INSTALLER X64

CSE: AdmPwd.E.CSE.Setup.x64.zip

INSTALLER X86

CSE: AdmPwd.E.CSE.Setup.x86.zip


v7.5.2.0

Released: 27 Mar 2017

Release notes

Client for Nano server

No new features, just code optimization
Nano server still does not support starting/stopping of services during AppX install/uninstall, so it is still required to explicitly stop AdmPwd.E Client service before uninstall and start it after install.

PDS

PDS now supports new type of keystore – CryptomathicCSGKeyStore. Developed together with guys from Cryptomathic, this keystore supports protection of PDS decryption keys using Cryptomathic Crypto Service Gateway (CSG) for even better protection of decryption keys! Available as separately licensed add-on.

Extended IKeyStore interface to support various functionality levels of keystores – see GitHub for updated interface and for download of interface assembly.

CSE

CSE completely rewritten to use CNG for all cryptography operations – password generator and encryption. No more CryptoAPI!

This means that starting this version, CSE is no longer supported on Windows XP/2003. Previous version of CSE (7.5.1.0) is still supported for those who still run XP/2003 in their environment. Also, PDS still can decrypt passwords encrypted using previous versions of CSE, and coexistence of previous and current versions of CSE is supported for easy upgrade.

CSE MSI setup now blocks installation on XP/2003.

ADMX templates for configuration management of CSE now allow to distribute both CryptoAPI and CNG encryption keys – so older and current clients can be managed with the same GPO and load proper encryption key from GPO.

Note: PDS by default generates CryptoAPI keys. To make it produce CNG key, change cryptoForNewKeys setting in PDS config file to "CNG"

Downloads

INSTALLERS X64

CSE: AdmPwd.E.CSE.Setup.x64.zip

Management tools: AdmPwd.E.Tools.Setup.x64.zip

INSTALLERS X86

CSE: AdmPwd.E.CSE.Setup.x86.zip

Management tools: AdmPwd.E.Tools.Setup.x86.zip

APPX PACKAGE FOR WINDOWS 2016 NANO SERVER

Also includes PowerShell DSC configuration that allows to create AdmPwd.E client configuration in registry (as there is no GPO client on Nano server that would distribute it)

AdmPwd.E.Client.Nano.zip

INTEGRATION LIBRARY FOR .NET

Executable: AdmPwd.E.PdsWrapper.zip

Reference documentation (CHM format): PDS_Wrapper_Documentation.zip

Summary of changes

CSE

  • CryptoAPI replaced by CNG for all cryptographic operations
  • MSI setup now blocks installation on XP/2003

PDS

  • Added support for keystore integrated with Cryptomathic CSG for key protection
  • Updated format of license file, to allow embedding of license info for licensed add-ons

ADMX/ADML

  • Added policy for distribution of RSA_CNG encryption key; policy for distribution of RSA_CryptoAPI key is still in place

v7.5.1.0

Released: 23 Jan 2017

Release notes

Client for Nano server

This is first release of AdmPwd.E client for Windows 2016 Nano server.

For encryption, AdmPwd.E.Client uses CNG RSA algorithm, as CryptoAPI is not available on Nano server.

Known issues

  • After installation via Add-AppxPackage cmdlet, AdmPwd.E.Client service is not started and you need to start it explicitly. This is because of limitation of AppX installer in Nano server that is expected to be addressed this year.
  • For the same reason, you are expected to stop AdmPwd.E.Client service before uninstalling Client for Nano server via Remove-AppxPackage cmdlet

PDS

PDS now supports creation of both CryptoAPI and CNG RSA keys. Switching between them is possible via AdmPwd.Service.exe.config file – there is new attribute cryptoForNewKeys in KeyStore config section, with default set to “CryptoAPI“. To switch to CNG, set value of this attribute to “CNG“.

Future versions of PDS will only support CNG for new keys.

We will, however, maintain capability of PDS to decrypt passwords encrypted by both CryptoAPI aCNG RSA keys for at least 1 year. This also means that PDS will be able to load CryptoAPI keys.

Important: PDS changed persistence of keys: instead of storing private and public key blob in separate files, now only single file is used. Migration of existing keys can be done manually as a preparation for migration and is simple: copy all files <n>_privKey.dat to <n>_Key.dat (1_privKey.dat becomes 1_key.dat, etc.) and put them in the same folder. After you install 7.5.1.0 version of PDS, it will load new key files, and you can remove previous key files (<n>_pubKey.dat and <n>_privKey.dat).

The above also means that proper way of getting public key for GPO and DSC configuration is via PowerShell, such as the command below that creates file key.txt containing public key 1:

(Get-AdmPwdPublicKey -KeyId 1).Key | out-file .\Key.txt

PowerShell

PowerShell module now contains new cmdlet Get-AdmPwdPublicKeys that lists all public keys managed by PDS.

Also, output type from Get-AdmPwdPublicKey and Get-AdmPwdPublicKeys contains more information about keys: size of key in bits, and algorithm used to generate the key. Currently supported algorithms are CryptoAPI_RSA and CNG_RSA

CSE

This is last version that uses CryptoAPI. Next versions will switch to CNG. Still, next versions of PDS will understand CryptoAPI and will be able to decrypt passwords encrypted with CryptoAPI RSA keys.

This change also means that this is the last version that supports Windows XP and Windows 2003 as managed clients. Next version will not run on those platform, and lowest supported platform will be Windows Vista and Windows 2008.

Next version of CSE will also slightly change Event IDs, so as to be consistent with those now in place in Client for Nano. Reason for this change is that we will also switch from legacy logging to WEVT channel logging that was not available on XP/2003, and there are some limitation in usage of the same event IDs with different severity.

PDS integration library

Name of file changed from AdmPwd.ServiceUtils.dll to AdmPwd.PDSWrapper.dll

Downloads

INSTALLERS X64

CSE: AdmPwd.E.CSE.Setup.x64.zip

Management tools: AdmPwd.E.Tools.Setup.x64.zip

INSTALLERS X86

CSE: AdmPwd.E.CSE.Setup.x86.zip

Management tools: AdmPwd.E.Tools.Setup.x86.zip

AppX package for Windows 2016 Nano Server

Also includes PowerShell DSC configuration that allows to create AdmPwd.E client configuration in registry (as there is no GPO client on Nano server that would distribute it)

AdmPwd.E.Client.Nano.zip

INTEGRATION LIBRARY FOR .NET

Executable: AdmPwd.E.PdsWrapper.zip

Reference documentation (CHM format): PDS_Wrapper_Documentation.zip

Summary of changes

PDS

  • Support for creation of CNG RSA keys. You can create CNG keys for encryption of passwords generated by AdmPwd.E Client on Nano server
  • Simplified persistence of keys – single file for key pair instead of 2 files
  • Fixed bug that caused error when forest name was not provided
  • PDS now requires .NET Framework 4.6 to be installed – because of missing support for CNG in previous versions of .NET Framework

CSE

  • Bug fixed that may have caused password incorrectly reported to password history

PowerShell

  • New commandlet Get-AdmPwdPublicKeys; allow retrieval of all public keys maintained by PDS
  • More data returned about public keys

Fat Client

  • Fat Client now supports retrieval of password and password history from deleted computer object. When more computers with the same name is found in deleted objects, password of most recently deleted computer is returned
    Note: This feature works regardless AD Recycle Bin feature is activated or not
  • Fixed regression that caused error when running client from network

ADMX/ADML

  • Fixed typos

Active Directory

  • Solution specific rights “Read Local Administrator password” and “Reset Local Administrator Password” renamed to “Read Administrator Password” and “Reset Administrator Password”

v7.5.0.2

Relesed: 22 Nov 2016

Downloads

Installers x64

CSE: AdmPwd.E.CSE.Setup.x64.zip

Management tools: AdmPwd.E.Tools.Setup.x64.zip

Installers x86

CSE: AdmPwd.E.CSE.Setup.x86.zip

Management tools: AdmPwd.E.Tools.Setup.x86.zip

Integration library for .NET

Executable: AdmPwd.E.PdsWrapper.zip

Reference documentation (CHM format): PDS_Wrapper_Documentation.zip

Changes

This is initial release. Main features:

  • password encryption
  • password history
  • easy to understand and reliable audit trail in PDS event log
  • protection against manual password manipulation
  • password recovery from deleted computer object

For detailed functional specification, see documentation