Change log
Last updated
Was this helpful?
Last updated
Was this helpful?
[FIX] Fixes an issue where the installer would not run if the machine did not have internet access.
v2.1 of Access Manager moves from .NET 6 to .NET 8, to ensure extended support with the .NET Lifecycle. Please check the , as some platforms such as RHEL7 are no longer supported.
[CHANGE] .NET 8 ASP.NET and Desktop runtimes are now required to install the Access Manager Service
[CHANGE] .NET 8 is now used for the Linux agents. Due to .NET compatibility issues, arm32 builds are no longer supported.
[CHANGE] .NET 8 is now used for the macOS agents.
[CHANGE] The arm64 build of the Windows agent now uses .NET Framework 4.8.1, rather than .NET Core, as the framework version is built into the operating system.
[FEATURE] Adds support for excluding forests and domains from being rendered in the UI via the Get-AmsServiceConfig and Set-AmsServiceConfig cmdlets. This is useful for cases where some domains may not be reachable from the AMS server, and cause the UI to hang when navigating and saving.
[FIX] Fixes an issue where the installer could not upgrade instances uses an encrypted connection string
[FIX] Fixes an issue with the installer not correctly detecting .NET desktop runtime installation
[FIX] Fixes an issue where chpasswd may fail on linux by increasing the default timeout for commands running on unix-based hosts to 15 seconds
[FIX] Fixes an issue with macOS uninstall script not working
[FIX] Fixes an issue where a password rollback event does not correctly re-promote the current password
[FIX] Fixes a handle leak when making calls to a domain controller
[FEATURE] Adds support for Ubuntu 24.04
[FIX] Fixes an issue where the wrong DC may be used to perform a JIT operations against a computer if the JIT operation is first performed when the computer is off
[FIX] Updates the Graph API endpoint used to retrieve Windows LAPS passwords from Azure AD
[FIX] Fixes an issue where the app upgrade check may hang, causing the UI to be unable to start
[FIX] Improves logging when the service is unable to read critical attributes about users from the directory due to missing permissions
[FIX] Fixes an issue where a JIT removal job does not get removed when a JIT request fails, preventing subsequent JIT access requests for the same user and computer to fail
[FEATURE] Adds support for Debian 12 (Bookworm)
[FEATURE] Adds support for Fedora 38
[FEATURE] Adds support for Fedora 39
[FIX] Fixes an issue where an error message appears after clicking on the help link in the Azure AD tenant information screen
[UPDATE] Updates installer .NET package prerequisites to 6.0.18
[UPDATE] Updates macOS and Linux agents with latest .NET dependencies
[FIX] Updates logic to prevent the Access Manager Agent from starting when Windows LAPS is in use
[FIX] Fixes an issue where the agent is unable to change the local admin password when the 'Server' service is disabled
[FIX] Fixes an issue when exporting permissions that would result in target names being exported as SIDs instead of friendly names
[FIX] Fixes an issue where a recently re-imaged machine with the Access Manager agent may not change its password until the next scheduled check in time
[FIX] Fixes an issue where the web UI reports that an Azure AD device does not have a LAPS password
[FIX] Fixes an issue where the installer was unable to validate an Azure SQL connection string
[FEATURE] Adds support for reading Windows LAPS passwords from Azure AD
[FIX] Fixes an issue decrypting Windows LAPS passwords
[FEATURE] Allows community edition to access encrypted Windows LAPS passwords
[FIX] Fixes an issue where agents behind a reverse proxy may not be able to change their local admin passwords. Note both the agent and server must be running at least v2.0.9417
[FIX] Fixes an issue where agents behind a reverse proxy may not be able to change their local admin passwords. Note both the agent and server must be running at least v2.0.9417
[FIX] Fixes an issue where Windows agents do not start if the Server service is disabled.
[FIX] Fixes an issue where the JIT group creation service would not create groups where multiple rules were configured pointing to the same source OU
[FIX] Fixes an issue where searching for a computer in a different forest by its DNS name would not work
[FIX] Fixes an issue where an error message would be shown in the UI when there was no certificate configuration deployed to Active Directory
[FIX] Fixes an issue where the effective access calculator would show 'access denied' for LAPS history when an enterprise license was not present
[FIX] Fixes an issue where changes to the JIT group creation settings do not trigger a restart required message
[FIX] Fixes an issue where upgrading from v1.1 to v2.0 may fail
[FIX] Fixes an issue where you cannot JIT into a group that contains a slash character
[FIX] Fixes an issue where AMS-managed device password history was not purged according to policy settings
[FEATURE] Adds support for using certificate authentication when Access Manager is behind a load balancer
[FEATURE] Adds additional UI helpers for common agent and API misconfigurations
[FEATURE] Adds the ability to target a JIT role operation against a specific site or a specific DC
[FEATURE] Improves logging for agent-side issues such as server name misconfigurations, registration modes not being enabled, and API not being enabled
[FIX] Fixes an issue where the SQL express installer does not execute when upgrading from v1.x and using the manual download option
[FIX] Fixes an issue where API authentication fails if the server and client are configured with host names differing by case
[FIX] Fixes an issue where the installer would continue the installation if the SQL Express installer failed, leading to an incomplete installation
[FIX] Fixes an issue where saving the config without a TLS certificate results in an "Object reference not set to an instance of an object" error
[FIX] Enables installer logging by default. Installer will create an MSIxxx.log file in %localappdata%\temp
[FIX] Fixes an issue where smart-card authentication would not work after upgrading from v1 to v2
[FIX] Fixes an issue where permissions for AMS admins group were missing from the registry
[FIX] Fixes an issue where the JIT group targeting algorithm may not select the correct DC, resulting in delays accessing servers after a successful JIT operation
[FEATURE] Modifies the silent installer for Windows to not require command line parameters to configure it for AD mode, allowing for a simpler deployment via group policy
[FEATURE] Updates PowerShell diagnostic cmdlet to include logs as well as config
[FEATURE] Adds the ability to generate a diagnostic log package from the 'Help' page in the config app
[FEATURE] The roles list is now free-text searchable
[FIX] Fixes an issue where API authentication fails if the server and client are configured with host names differing by case
[FIX] Allows silent installation of Windows agent to default to AD mode without requiring MSI transforms or parameters
[FIX] Fixes an issue where the service installer may fail on a non-English language Windows system
[FIX] Fixes an issue where the New-AmsComputerAuthorizationRule and Set-AmsComputerAuthorizationRule report an error
[SECURITY] Addressed issue in System.Text.Json
[SECURITY] Addressed issue in Microsoft.Data.SqlClient
[FIX] Fixes an issue where the service incorrectly goes into recovery mode when the November 2022 Windows updates are applied to a DC and the regarding RC4 is in play. Now the service will instead just terminate with a message that domain connectivity is not available.
[SECURITY FIX] Updates the SQL client libraries to resolve
Initial release of v2. Review the to learn about the major changes since Access Manager v1