Universal Policy Administrator includes features for centralized security policy management, orchestration and enforcement solution, which unifies previously disparate policy silos across all enterprise devices and identities, on premise and within the cloud.
We designed this product in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in Opentext Forums, our online community that also includes product information, blogs, and links to helpful resources.
UPA works in conjunction with AD Bridge agents. Please refer to the AD Bridge release notes for details and requirements when using these products together.
The following sections outline the key features and functions in this release:
NOTE:This release includes an updated Gateway and Gatekeeper binary for Universal Policy Administrator to address minor installation issues. All agents remain at version 3.5.
Universal Policy Administrator Gateway and Gatekeeper Installer (UPAOPG_3_5_0_1.zip)
The UPA user interface now features a dark theme.
UPA now supports Windows Server 2022.
UPA now supports SAML\OIDC authentication integration.
UPA now allows you to configure and manage various Preference settings for Windows operating systems. For more information, see Managing Windows Preferences.
UPA now allows you to set Group Policy settings for applications using 3rd party ADM files. Administrators can import ADMX/ADML files from a Central Store on the DC or Gateway machine server into the UPA Web console. For more information, see Support for ADMX Templates.
UPA now allows you to seamlessly transition Group Policy Objects (GPOs) from the Group Policy Administrator (GPA) platform to the Universal Policy Administrator (UPA) environment. For more information, see Migrating from GPA to UPA.
UPA now allows you to create a Gold Universal Policy that serves as a template for other universal policies. For more information, see Managing Gold Universal Policy.
UPA now allows you to view RSoP Analysis and Planning Reports for both Cloud and Domain OUs. For more information, see Viewing RSoP Analysis Reports and Adding and Viewing RSoP Planning Reports.
UPA now allows you to view a Conflict Analysis Report that shows any other Universal Policies that have the same settings as the selected Universal Policy, but have one or more values on that setting that differ. For more information, see Conflict Analysis Report.
UPA now allows you to view the Universal Policy Differences report between the current version of a specific universal policy and the last checked-in version, the last approved version, any two versions, and the version present in the GPO in AD. For more information, see Universal Policy Differences Report.
UPA now allows you to view the Settings Report of the universal policies. For more information, see Universal Policy Settings Report.
UPA now allows you to manage the scope of policy application to selected users or groups with Security Filtering. For more information, see Managing Security Filtering.
For detailed information about hardware requirements, supported operating systems and other software requirements, see Universal Policy Administrator 3.5 System Requirements.
The installation of Universal Policy Administrator, involves multiple components. For a detailed description about installing these components, see Installing Universal Policy Administrator.
Resolved an issue where the proxy server properties provided in an Internet Explorer 10 Preference setting were not being exported to the GPO. (#638007)
Resolved an issue where the UI did not allow users to type the entire icon file path in a Shortcut Preference setting. (#617022)
Resolved an issue where the UI did not allow users to add Actions to Immediate Task Preference settings on Windows 7 or later. (#617021)
Resolved an issue where the UI did not allow users to select the Create or Replace Action on a Computer File Type Folder Options Preference setting. (#617020)
Resolved an issue where, if all language-specific ADML files for the same ADMX file did not have consistent capitalization casing, the UI in the Include Policy Templates dialog incorrectly indicated that there were no files available for addition. (#634182)
Resolved an issue where, if the Central Store holding ADMX files included a file with an extension other than .admx, the UI in the Include Policy Templates dialog incorrectly indicated that there were no files available for addition. (#634107)
Resolved an issue where importing a GPO with defined Windows Security settings incorrectly included the Unicode and Version settings in the Universal Policy. (#638052)
Resolved an issue where, when adding a Computer or User setting for a Windows setting identified as both, the UI added both settings to the Universal Policy. (#638054)
Resolved an issue where all unsupported Windows Security settings would not load into a Universal Policy from a GPO. (#648295), (#648296), (#646285), (#647288), and (#648297)
Resolved an issue where, upon installation of the UPA Gateway, it would start a job to collect AD User, Group, and Computer accounts, preventing the exclusion of specific account types. (#637031)
Resolved an issue where the UI did not refresh after a Synchronization Target UP was removed from the Source UP, causing the Target UP to incorrectly display as still being connected to the Source UP for synchronization. (#608297)
Resolved an issue where the UI did not display AD OUs from all managed domains when attempting to add an AD OU to a Delegation View. (#634166)
Resolved an issue where the Gateway job responsible for checking if Universal Policies (UPs) created from Group Policy Objects (GPOs) in AD were still in sync did not reflect the correct sync status. (#626226)
Resolved an issue where setting up delegation for a user or group to export UPs to an Organizational Unit (OU) of a specific AD was unclear. (#634162)
Resolved an issue where the Gateway's Repository Load job did not allow for AD Group Policy Objects (GPOs) from import into the UPA based on a specific naming convention. (#645010)
Resolved an issue where the Cloud OU RSoP Report was missing header and footer details. (#646260)
Resolved an issue where UPA did not fully support Group Policy Object (GPO) Security Filtering. (#646286) (#647289)
Resolved an issue where the Export Dialog for Universal Policies created from an Active Directory Group Policy Object automatically selected the original GPO for export. When the GPO picker was opened to select a new or different GPO, it would erroneously include the original GPO, resulting in duplicates and causing issues with the radio buttons. (#656365)
Resolved an issue where the database connection string provided during the Gatekeeper installation process could contain a password when Integrated Security was not used, leading to security concerns due to its storage in plain text within the configuration file (Web.config). (#647119)
Resolved an issue where the Audit Event View allowed searches based on event and user fields, but did not support searching by the comment field. (#658002)
Resolved an issue where the Audit Event View search results could span multiple pages, but the sharing functionality only shared the current page. (#656002)
Resolved an issue where Gatekeeper certificates generated with newer versions of OpenSSL (for self-signed certificates) or the Microsoft Certificate Authority caused the Gatekeeper installer to fail. (#671132)
Resolved an issue where a GPO with Software Restriction policy or EDR settings, when imported in a Universal Policy, is imported as a EDR provider setting instead of a Machine registry setting and the Universal Policy domain is set to EDR. (#647117)
Resolved an issue where the LPA cannot create a AD_Joined agent computer account in the Active Directory, when the trailing "$" character is missing. (#636087)
We strive to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: When importing AD GPOs into UPA, changes made to a GPO may not replicate if AD replication has not completed when the domain has multiple DCs.(Defect #604352)
Workaround: Add ‘<add key="preferredDC" value="Machine Name"/>’ in the Gateway web.config file in the appsettings section.
Issue: When adding more than 100 ADMX policies to a single Universal Policy in UPA, the operation time significantly increases. This delay affects various actions such as saving, checking in, and submitting policies for approval, making these operations noticeably slower.(Defect #602400) (Defect #603389)
Workaround: Consider adding fewer (no more than 50) ADMX policies to a single Universal Policy.
Issue:A root-level Delegation OU cannot be created if a root-level Cloud OU with the same name already exists. (Defect #533856)
Workaround:Ensure that no duplicate names exist by renaming the existing root-level Cloud OU to a unique name before creating the root-level Delegation OU.
Issue:Unable to manage child, trusted, and untrusted domains. (Defect #534641)
Workaround:Configure the domains that cannot be managed in the Hardened UNC Paths Setting. For more information, see Troubleshooting.
Issue:When UPA 3.5 is uninstalled, the Gateway/Gatekeeper deletes all the Universal Policies. (Defect #586089)
Workaround:Back up the Universal Policies, before uninstalling UPA 3.5 Gateway/Gatekeeper. This product stores the Universal Policies in a git repository on the Gateway machine.
Issue:Custom configuration file settings, particularly those related to yes/no and true/false options, are overriding other existing settings even when the overwrite field is not checked, leading to incorrect application of configurations. (Defect #602085)
Workaround: When adding custom configuration files, it is recommended to use the 'Deploy File Policy' or create a DIA command policy.
Issue:When you re-import an OU hierarchy, new UPs imported and linked to an OU in that hierarchy may show as a linked UP with no name. (Defect #603170)
Workaround:Wait for the import process to finish, then refresh the OU view. The name should be displayed correctly.
Issue: Unable to save added planning policies configurations to the OUs in the UPA web console as UPA admin, when attempting to generate RSoP analysis and planning reports for OU level. (Defect #611020)
Workaround: Ensure required policies are added when generating the report.
Issue:When logged into the UPA web console as a UPA Admin and attempting to remove a domain after successfully setting it up, there is no option available in the web console to remove the domain. (Defect #533855)
Workaround:Ensure not to add the domain twice.
Issue: In the Internet Settings preference, under the Security tab in Custom Level settings, the option "Display video and animation on a webpage that does not use external media player" is missing the word "not." (Defect #607152)
Workaround:No workaround.
Issue:All the settings (check boxes) under Universal Policies tab > Selected UP > Windows Group Policy > Windows Preferences > User Preference > Control Panel Settings > Start Menu > General > Recent Documents for Start Menu (At least Windows Vista) are not pre-selected. (Defect #552156)
Workaround: Manually select the Settings.
Issue:When a UP is removed as a synchronization target from its Gold UP, the target UP does not update in the user interface to reflect that it is no longer a target of the Gold UP. (Defect #608297)
Workaround:To update the old target Universal Policy, check out the UP, then revert the checkout.
Issue: The Hapi Auth login group mappings do not update the local groups. (Defect #611278)
Workaround: Use new ADMX files, with replacement instructions.
Issue: The action added to an Immediate Task (At least Windows 7) preference setting is not saved in the computer preference > Control Panel Settings > Scheduled tasks->Immediate Task (At least Windows 7) wizard. (Defect #617021)
Workaround:Use a Scheduled Task (At least Windows 7) setting with the required action.
Issue: In User Preferences under Windows Settings > Shortcuts, the Icon File Path tab exits unexpectedly when a single character is entered. (Defect #617022)
Workaround: Copy the complete icon path and paste it in one action, or place the cursor in the text box every time you type the text.
Issue: When you attempt to add a folder option preference with the create or replace action under Computer Preferences >Control Panel Settings > Folder Options, the Web Console displays an invalid warning and does not allow it. (Defect #617020)
Workaround: Using GPMC, create an unlinked GPO in Active Directory with the desired Computer Preferences > Control Panel Settings > Folder Options setting. Then, import that GPO into a new Universal Policy. You can modify the Universal Policy with other settings as needed.
Issue: The runtime LPA account cannot be used to add an agent in hybrid mode. Only a domain admin account can add such a computer in Active Directory. (Defect #620051)
Workaround:To add one or more agents in hybrid mode, change the domain runtime credentials to a Domain Admin user. Add the agent(s), then revert the credentials back to a Least Privileged Account. To set the credentials, go to the Organization view in the Web console, select the domain you are adding the agent into, and set the read and write credentials.
Issue:When a Group Policy Object (GPO1), is linked to an Organizational Unit (OU1) in Active Directory, importing the GPO into Universal Policy Administrator as a Universal Policy (UP1) and subsequently exporting UP1 to a new GPO (GPO2) results in GPO2 being linked to OU1. However, the original link between GPO1 and OU1 is removed. (#671121)
Workaround:
Export the Universal Policy to the original Group Policy Object and detach it from the repository Organizational Unit (OU1) to prevent updates to the link for that Organizational Unit.
Use native tools to link the Group Policy Object to the desired Organizational Unit.
Issue:When you attempt to log in to a Linux agent using an Active Directory account that is a member of a BUILTIN group, an error message appears. This issue occurs if the domain users group includes members with special characters. (#634129)
Workaround: No Workaround.
Issue:When you import a Universal Policy with unsupported Windows security settings, some Universal Policies do not display the "Your system is missing some ADMX policy templates" message. (#675015)
Workaround: No Workaround.
We want to hear your comments and suggestions about this book and the other documentation included with this product. You can use the comment on this topic link at the bottom of each page of the online documentation, or send an email to MFI-Documentation-Feedback@opentext.com.
For specific product issues, contact Open Text Support for Micro Focus products at https://www.microfocus.com/en-us/support.
© Copyright 2024 Open Text or one of its affiliates.
The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.