11.4.3 Updated Release Notes: Thycotic Application Control (build 3225)
Only 11.4.2 and 11.4.3 (original release / build 3220) have the Virtual Service Account requirements. Delinea strongly recommends upgrading directly to this 11.4.3 Update (build 3225) from 11.4.1 and earlier.
Release Schedule
Privilege Manager Cloud Release – Tuesday, February 21, 2024
Privilege Manager On-prem Release - Tuesday, February 21, 2024
Windows Agent Software
11.4.3235 Bundled Privilege Manager Agent Installer
11.4.3235 Core Thycotic Agent (x64)
11.4.3235 Core Thycotic Agent (x86)
11.4.3235 Application Control Agent (x64)
11.4.3235 Application Control Agent (x86)
11.4.3235 Local Security Solution Agent (x64)
11.4.3235 Local Security Solution Agent (x86)
11.4.3235 Bundled Privilege Manager Core and Directory Services Agent
11.4.3032 Directory Services Agent (x64)
macOS Agent
11.4.3.033 Privilege Manager macOS Agent (Catalina and later)
10.8.27 Privilege Manager macOS Agent (Catalina and previous)
Privilege Manager exclusively supports operating systems (OS) that have not reached their official End of Support. For optimal performance and compatibility, it is recommended to utilize Privilege Manager on a supported and actively maintained OS.
Delinea recommends as a best practice to create system restore points prior to doing system changes such as patches.
Service Process Update for LSA Privileges
The Thycotic Application Control service is no longer configured to use a virtual service account; it is now configured to run as NT AUTHORITY\SYSTEM (local system) again.
A different mechanism is now used to ensure that the service process has all of the Local Security Authority (LSA) privileges required for it to function properly. LSA privileges do not need to be explicitly granted for the service to run properly, and there is zero need for GPOs (Group Policy Objects) to be created or modified as part of deploying the agent.
