M101003: Administration server and Distribution server version 8.2 patch: Enhanced Password Store Encryption

This patch increases the security of the Password Store used for Remote Execution in ManageSoft for Administration servers and ManageSoft for Distribution servers. This patch may be installed on versions 8.2 and 8.2.1.

Customers should consider deploying this patch if they require stronger encryption for passwords than the default DES algorithm. With this patch, ManageSoft servers will use the AES algorithm on Windows XP SP1, Windows Server 2003 and later platforms, and 3DES on Windows 2000 and Windows XP Gold.

Installation

To install, run:

msiexec /l*v %TEMP%\MgsKB101003.log /qb- /p MgsKB101003.msp REINSTALL=ALL

Use the additional msiexec parameter REBOOT=ReallySuppress to suppress any reboot at the time of patch installation.

Installing the patch for the 8.2 product requires Windows Installer 2.0 and for the 8.2.1 product requires Windows Installer 3.1.

Changes made by installing this patch

Installing this patch makes the following changes:

  • Installs a new [INSTALLDIR]\RemoteExecution\mgsdisco.exe (file version 8.32.768.7147)
  • Installs a new [INSTALLDIR]\RemoteExecution\mgspswd.exe (file version 8.32.768.7147)
  • Installs a new [INSTALLDIR]\RemoteExecution\mgspswdw.exe (file version 8.32.768.7147)
  • Installs a new [INSTALLDIR]\RemoteExecution\mgsresa.exe (file version 8.32.768.7147)
  • Installs a new [INSTALLDIR]\RemoteExecution\plink.exe (file version 0.60.7155.0)
  • Installs a new [INSTALLDIR]\RemoteExecution\pscp.exe (file version 0.60.7155.0)
  • Sets the registry entry HKLM\SOFTWARE\ManageSoft Corp\ManageSoft\Patches\KB101003 = 8.2.768.7155

Usage

Any existing passwords in the Password Store will be left at their existing encryption level. Any passwords created or modified after installing the patch will be saved using the new stronger encryption. The command line mgspswd --recrypt may be used after installing the patch to upgrade all existing passwords to stronger encryption without modification.

Uninstallation

Uninstallation is only possible on Windows XP SP2, Windows Server 2003 SP1, or later platforms, or on earlier platforms running Windows Installer 3.0 or later.

Known Issues

Installing the patch reverts any customized LogFileSize registry entries to the default value of 4000000.

Uninstalling the patch reverts any customized Reporter\CurrentVersion\DefaultDomain registry entry to the default.

After uninstalling the patch, you may need to re-enter the scheduled task user's password on the following tasks:

  • Import ManageSoft application usage logs
  • Service the ManageSoft database
  • Generate ManageSoft system status information

If the above tasks are configured to run as the System user on the Administration server, uninstalling the patch will reconfigure them to run as a domain user.

Problems fixed by this patch

This patch fixes the following problems:

  • 73902 Enhanced Encryption for ManageSoft Password Store

Comments

Powered by Zendesk