Released on 01.10.2024
Service pack released on 13.11.2024
- Bluetooth logon support (including offline)
- Central policy management for client stations directly from MMC
- Improved log view in MMC, providing more space for text and ...
- Log view controls optimisations
- Token list view is now sortable and filterable
- New token creation experience when assigning tokens to users
- Clearer user view for users without tokens
- Improved installation experience with DC script deployment
- QR code and push on ADFS even in mobile mode
- MMC resiliency for services in remote locations
- MMC and PowerShell resilience for missing system groups
- Alerts for expiring tokens
- UPN enforcement now in PowerShell
- Location awareness for diagnostics
- Better event handling in logs
- Better handling of mail server TLS behaviour
- Offline/Online transition fix
- Fix formatting bug in Tools
- Fix automatic deployment via GPO
- Fix New-SystoLockToken secret calculation for some scenarios
- Fix PowerShell examples in PowerShell docs
- Fix missing GPO during installation
- Fix installation problems on non-domain machines
- Relax PSKC import format to accommodate OneSpan tokens
- Signal MFA capability to Entra ID in federated scenarios
- Move some server events around for easier viewing
- Correct wrong client default for KSP usage
- Correct password rotation scheduler
- Correct PEAP interpretation in VPN client
- Improve client installer resilience
Released on 08.05.2024
- New phishing resistant ECDH-based token type
- New token creation defaults
- Full ADCS management by SystoLOCK server
- Automatic certificate re-enrollment for SystoLOCK server
- Application proxy for smart login
- Server time checker background task
- MMC sorting in list views
- License updates directly in MMC
- Prevent HSTS on CRL endpoints
- Deleting functionality for roaming devices
- Contact management for urgent notifications
- Granular control for provisioning of priviledged accounts
- Support for external keys in PSKC files
- SystoLOCK client aggregated log for Event Viewer
- 20 new PowerShell Cmdlets
- Re-branding
- White label capability
Various improvements in:
- Token provisioning in MMC
- MMC token list views
- Online and offline login experience
- Certificate template management via PowerShell
- Parameters for New-SystoLockCertificate
- Rights management component
- Push notification component
- Logon screen resilience
- Offline login detection
- Server diagnostics
- Client diagnostics
- Client logging component
- Management components usability
- MMC help
- Application installers
- Background task engine
- Error code resolver in the control panel
- Windows 11 driver installation compatibility
Original version released on 24.08.2023
Service pack 1 released on 30.10.2023
Service pack 2 released on 29.01.2024
- Improved user, token and computers view in MMC
- Total items count in status bar of MMC
- Improved token search in MMC and PowerShell
- Copy-able rows in diagnostics
- Lookup for error values in client diagnostics
- Easier push notification management on server level
- Designated VPN push notifications and their attribution
- Correct deprovisioning of push notification configuration
- Password-deleting functionality for retained passwords
- Automatic password management for smartcard-based accounts
- Better clarity on choosing host certificates
- New host certificate template
- New management CmdLets
- Push notifications for named tiles
- Offline login: new and improved approach
- New autonomous offline mode
- Simplified offline provisioning and ...
- Automatic offline deprovisioning
- QR code login for UAC prompts
- Extended NPS plugin configurability
- Remove reboot requirements for offline registration
- New server installation experience
- Management console is now part of server installer package
- Client diagnostics DNS improvements
- Workgroup members diagnostics improvements
- Installer improvements for workgroup members
- Diagnostics in AD FS components
- Diagnostics of an external domain
- Improvements in diagnostics CmdLets
- Accommodation of MS KB5014754 changes for certificate authentication
- New server installation experience
- Full support for locally managed CA instances
- Improved granularity for certificate template installation
- Tooltips in MMC dialogs
- Logging engine and log viewer improvements
- New release delivery formats (ISO)
- Credential provider overrides in CredUI
- SystoLOCK-Enabled users can now be easier discovered by components
- Smart use of KSP/Smart card subsystems based on scenario
- Local AD CS instance installer and management
- New certificate template for the host
- Better RADIUS configurability
- Simplified CRL publishing
- New TCP port 21571 for CDP endpoints
- Username display on AD FS adapter form
- TPM support for offline login
- No x86 builds for Windows client as standard (available on request)
- Imporvement in bulk token import resilence for duplicates
- Descriptions for SystoLOCK AD groups
- Corrections on keyboard handling in the Tools app
- Focus maintenance in credential UI with QR code displayed
- Help for Setup and Diagnostics PowerShell modules
- Allow autonomous group to be processed
- Review service exceptions handling in regards to SCP restart policies
- Add secure boot and device guard configuration status to client diagnostics
- Rename One-Time Password on CredUI tiles
- Improve server installer wrapper GUI
- Improve changing 'smart-card' only users password on regular basis
- Fixed: Client service crashes when machine is offline
- Fixed: Copying from tracer to clipboard does not work sometimes
- Fixed: MMC crash if policy is not present
- Fixed: Wrong default values for OATH policies
- Fixed: Diagnostics is not displayed localized
- Fixed: Test-SystoLockEnrollmentService: Add error handling for incorrect config strings or hosts
- Fixed: Credentials not valid on assignment view
- Fixed: Unhandled error upon OTP reuse
- New logo
- Small MMC fixes
- Conditionally allow DNs in subjects for issued certificates
- Correct error lookup in client tools
- Fix roaming devices handler in MMC
- improve MMC debugging for in release mode
This is the last release to fully support Windows 7 / 2008 R2 as a client.
Original version released on 22.12.2022
Service pack released on 27.03.2023
- Offline Login:
- Full offline login for environments without internet (preview)
- Guided inputs for offline login
- Better offline registration
- Offline login client management
- Password policies for offline login
- DPAPI secrets management for offline login (preview)
- Management improvements:
- Automatic password policy management
- Diagnostics enhancements
- Diagnostics module direct in MMC
- MMC resilience improvements
- Expiring certificates logging
- PSKC import for ZIP-containers
- User and token lists improvements in MMC
- Disabled and locked tokens handling in MMC
- PowerShell improvements
- New Components:
- RADIUS plugin for NPS
- Autonomous certification authority
- AD Interfacing improvements:
- AD sites detection improvements
- Special charachters handling improvements
- Support for custom location of Program Data
- Client service for tasks offloading
- Server setup experience improvements
- Introduction of AD CS local setup
- Client logging improvement
- Fixes:
- Correct AD FS IdP installer to mitigate Microsoft's flaws
- Correct server installer missing new scripts
- Correct Test-SystoLockInstance irregularities
- Correct various MMC crashes
- Correct handling of special characters in DN paths
- Correct LogonUI going offline with no reason
- Correct LogonUI freeze upon tile change
- Improvements:
- Improve CA Templates installer granularity
- Improve Offline computers registration
- Remove default values from registry in RADIUS plugin
- Change logging channels for AD FS components
- Set default OTP validation window to 1 Minute
(Warning: manual adjustment might be required for exiting installations with drifted physical tokens)
- Remove 32-bit client installation from distribution (available upon request)
Released on 04.05.2022
- New license models: Free, Standard, Full, NFR
- Full management for push notifications
- Phone owner management
- Token and domain policies
- Brute force protection
- Multi-Domain support for MMC
- MMC stability improvements
- Better password retention management
- GC discovery improvements
- DNS scavenging solution
- Clearer messages in logs
- CRL and time skew checks in infrastructure diagnostics
- Introduction of operational master
- RDS Gateway multi-domain enhancements
- Installer improvements for RD-Servers and elevated run
- Fixed Windows 7 regressions
- Fixed native VPN connectivity problems
- Missing AD sites solutions
- Multiply NICs solution for clients
Released on 20.01.2022
- Multi-Domain installer improvements
- Multi-Domain infrastructure tests
- Multi-Domain licensing support
- Token Lock / Unlock
- Token Disable / Enable
- PDF-embedded license support
- Error-reporting improvements
- Credential provider granular control
- Self-provisioning enhancements
- Server-side diagnostics enhancements
Original version released on 25.10.2021
Service pack released on 13.12.2021
- RDS Web Portal support
- RDS Gateway plugin
- Server and RDS installers now elevate privileges upon start
- Improved rights assignments in AD
- New and faster method for serving data to Companion App
- Missing UPNs handling on token assignment
- Ad-hoc permission corrections via MMC
- Bulk and parametrized token creation in MMC
- Show used up licenses on license panel
- Optionally disable automatic search as an MMC setting
- Control LDAP Query policies from MMC
- MMC now uses separate port 21573 with Kerberos instead of 21572 with TLS
- Pre-provisioning QR codes in MMC and PowerShell
- ConvertTo-SystolockQRCode now supports -CopyToClipboard
- Migrated diagnostics and client settings into SystoLOCK Tools
- More configurable Client options
- Fast login support on secure screens
- Password retention for self-provisioned users
- Cisco AnyConnect VPN support
- Hostname in keep-aliver allows to distinguish between various sessions
- Improved logging of failed authentication attempts
- Credential provider should not apply filters on Login UI
- Discovery resilience for duplicated DNS entries
- Grant-SystoLockAccountManagementPermission uses wrong DN
- Set-SystoLockRoamingDevice invalidates PN token
- Use secure random number generator for session TSGW session ids
- IdP crash if metadata fetching results in error
- Push notifications for ADFS
- Detect VLV problem upon directory search
- Windows VPN client improvements and fixes
- MMC crash if DNS entries were missing
- MMC crash if users or tokens are moved or deleted
- Focus is lost if QR is displayed
- Documentation updates
- Clarifications on diagnostics for RDS hosts
- Show token drift on property pages
- Property pages lacked borders
- Better LDAP query policy conditions
- Corrections to satisfy faulty Gemalto PSKC files
- IdP language generalisations, add Italian
- Extend logging to include token ID upon logins
- Provide more control for self-provisioning users
- Preserve IdP configuration on update
- Cisco AnyConnect client enhancements
- Compatibility enhancements in AD FS Identity provider
Released on 12.05.2021
- VPN connection improvements, PLAP compatibility
- Microsoft certification for protected proceses
- Push notifications for SystoLOCK Companion
- Push notifications control via PowerShell
- Preserve SSL binding configuration across service re-installation
- Persistent connection management in PowerShell
- Inactive sessions detection
- RDP keep-aliver for remote apps
- RDP farm helper multi-farm environments
- Stand-alone IdP for older ADFS setups
- MMC localisations
- New Client control panel (tools)
- New client options defaults
- Tracing now works without elevation
- Confirmations in destructive PowerShell Cmdlets
- Client installer auto-reboot suppression
- AD FS Installer might not detect OS Version correctly
- Indirect 'domain admin' group membership in server installer
- Grant user management rights on adminSdHoler template upon installation
- Improvements to working with DNs containing special characters
- Better session handling for RDP (and other) sessions
- Cannot choose a date range for the log view
- Enabling offline for a computer leads to errors
- Import-License should resolve file path
- License expiration prevented service from start
- Provisioning QR code improvements
- Client logs improvements
- MMC UI improvements
- LDAP connection management improvements
- On secure screen "Show QR code" appears after executing provisioning dialog
- Parent certificates gets cached and it is a problem
- Client Diag on x86-machine falsely looks for a x64 module
- AD related PowerShell setup commands should use the same domain controller
Released on 14.09.2020
- VPN support
- ADFS plugin QR code login support
- Certificate-based login support for Active Sync
- MS Office ClickToRun sandbox compatibility
- IP address functions for siting API
- Client option self-provisioning and smart/fast login
- Certificate expiration notification in MMC
- Computers node in MMC for offline computers managing
- Client diagnostics
- License error reporting improvement
- CA errors diagnostics
- KSP crashes on Windows 10
- Handle 127.0.0.1 in Machine Resolution
- Make fast-login tile to live longer than 30 seconds
- Credential provider attempts to double submit after fast login
- Server Installer should try doing best effort to install all components
- Network diagnostics hangs under non-domain user
- Change password screen is broken on Windows 10
- Icons for start menu
- MMC stability
- Setup PowerShell clashes with psreadline module
- Referrals problem in subdomains
Released on 28.02.2020
- Implement data protection service
- Make Get-SystolockService -Site * to work
- Use SHA256 instead of SHA1 for default software token
- Make Get-Clipboard | Import-License possible
- ADFS provider
- Token View Needs a Help on Filter Syntax
- PSKC import should auto detect suite based on the key length
- Confusing Get-SystoLockEndpointPermission output
- License load exception
- Windows 2008 R2 does not tolerate zero pKIOverlapPeriod
- FastLoginClientContext should check COMPUTERNAME$ case
- Do not accept fast login credentials if session is inactive
- RDP does not work with KSP
- Make dynamic smart-card masking enabled by default
Released on 18.12.2019
- User Property Page redesign
- Configuration diagnostics tool
- Synchronize button is disabled for unassigned tokens
- Token property page redesign
- Improved Users filtering by token assignment
- Event logs aggregation
- Server service status page
- Allow creating new token from the "Choose Token to Assign" dialog
- Copy QR code to clipboard by double click on it
- KeysContainerInstaller does not remove Authenticated Users read ACE
- Token release does not work on disable users
- Reader driver won't install on Windows 1903
- Server property page disappears by clicking on certificate thumbprint link
ConventTo-QRCode -File file.name is broken- Add-SystoLockCertificateBinding ignores Force parameter
- DNS record installer should check existing SRV RR record presence
- Token Status is Needed in the Token list
- Pre-provisioned tokens should have user name in URL
- ISecurityAuthority service should support hashed PIN
- Error installing in a site without a domain controller
Released on 09.03.2019
From now on all releases relate to Version 2.0
- Allowed controlling SmartcardLogonRequired option during provisioning
- Events filtering is service view
- Preferred domain controller property support in management module
- Expose machine unique identifier via Discovery service
- Expose client fine tuning options to UI and PowerShell
- Importing Wrong File Crashes MMC
- No Need in Milliseconds in Service Property
- Service Installer should add recovery options
- Service won't start upon reboot
- Logs are too verbose on user DNs
- Management UI does not work on Windows 2008 R2
- Credential UI wont load with a MUI file present
- Management UI package should include PowerShell manifest files as well
- Management UI crashes if SystoLock servers RPC unavailable
- Non-canonical ACLs are created
- NCryptEnumAlgorithms causes event log error
Released on 22.10.2018
- User search improvements
- New Multilingual User Interface (MUI) modules
- Fixed: Installer should check elevation status on uninstall
- Handle remove service event logs unavailability
- Token list improvements
- Fixed: Try validating PIN upon receiving it via CardAuthenticatePin
- Fixed: Display service instance certificate
- Various property page changes
- New Copy as PowerShell command
- Fixed: Confirmation massage boxes should have Yes, No, Cancel buttons
- Fixed: Crash upon clicking on a list view column header
- Fixed: Could not assign token from the user property page
- Handle server exceptions while searching for tokens
- Management UI cosmetic changes
- Fixed: Confirmation dialogs title text do not contain token id
- Fixed: Copy Powershell button looks weird
- List view error list margins need better calculation
- Fixed: Service certificate information window requires two clicks to close
- Fixed: Choose Token dialog should not enable Ok button unless a token is selected
- Fixed: UPN based provisioning does not work
- Updated token property page icon
- Fixed: Handle service Fault when performing a server operation
Released on 31.07.2018
- Added Active Directory rights delegation management command
- Fixed: Timeout exception while installing event log
- Fixed: Service should round-robin through available enrollment services
- Added Subject parameter to Add-SlockCertificateBinding command
- Fixed: Certificate templates require Network Service account enrollment right ACE
- Fixed: Server should log startup error
- New Server licensing engine
- Prefix all PowerShell verbs with SystoLock and remove default module prefix
- Removed version from the client settings path
- Fixed: OtpToken should contain information if the user completed provisioning
- Fixed: Client should push its information to the server
- New Property Page for ADUC snap-in
- Fixed: "User name is empty" error when unlocking workstation
- Added thumbprint awareness to the NT Authority certificate list
- Implemented license information support
Released on 30.04.2018
- Fixed: New-SlockToken -Algorithm SHA256 generates an invalid URL
- Fixed: Token assignment should be 1 to 1 entity
- Fixed: Windows 7 credential tile multiple Advice/Unadvice calls
- New: Add New-HotpSecret command
- Fixed: Add-SlockTokenAssignemnt should understad token object when it comes from pipeline
- Test-SlockService output does not contain hostname
- Fixed: ConvertTo-SlockXxxxString should accept value parameter from pipeline
- Fixed: ConvertTo-SlockQRCode should understand token and token assignment types
- Fixed: Add-SlockAssignment: make -PIN parameter optional
- New: Add Set-SlockAssignmentPin command
- Fixed: Add-SlockAssignment do not suggest User parameter in some cases
- Support CA certificate fetching via IDiscoveryService
- Fixed: Change Get-Token default parameter set from Filter to TokenID
- Fixed: ETW rights adjustment does not seem to work or is broken
Released on 02.04.2018
- Key storage provider (KPS) based login support
- Fixed: Certificate template installer is broken
- Fixed: Reboot is required after installing service on a machine
- Add IOCTL_SMARTCARD_GET_LAST_ERROR support
- Keys container security rights corrected
- Fixed: Logon screen should not show currently logged on users
- fixed: Get-SlockCertificateBinding does not work (but netsh does)
- Positional arguments support
- Certificates without subject are ignored
- Fixed: Certificates without private key should be excluded
- New: Management module installer
Released on 27.10.2017
- Kerberos authentication proxy for non-domain RDP clients
- Update installer with code signing public key
- Fixed Reader locks
- Fixed: Status is not updated while executing custom actions
Released on 31.05.2017
- Enabled EWT logging in native modules
- In CPUS_CREDUI scenario the Ok button is not active / default selected
- Expired certificates garbage collection
- Unlock scenario now works properly
- Implemented authority for medium-term certificates
- Change PIN operation support
- Implement Change PIN operation
- Dynamic masking of the smart-card provider
Released on 12.08.2016
- Checks for assigned tokens count
- WEB based frontend
- Multiple tokens support
Released on 01.14.2014
Paradigm change
- OTP URLs parsing support
- RFC 6030 support (PSKC)
- Installer repacked
- mOTP support
- DNS SRV registration
Released on 13.12.2013
- Improved logging
- TSGW authentication support
- HOTP security policy config section
- Generic form based authentication support
- OTP rollout wizard
- HTTP SSL registration
Initially released in May, 2011