NetIQ on Monday released two security tools for Microsoft's Active Directory to help administrators manage access controls and group policy settings.
NetIQ introduced Directory Security Administrator (DSA), which provides controls to search for and modify directory-controlled access to files and network resources; and NetIQ Group Policy Administrator (GPA), which automates the management of policies that help lock down desktop and server configurations.
The software is the newest addition to NetIQ's Administration Suite 2.0, which includes tools to manage Windows NT and 2000, Active Directory and Exchange 5.5 and 2000.
With the 2.0 version, NetIQ is breaking the suite into two editions: Standard, which now features DSA; and Advanced, which adds GPA, a re-branded version of FullArmor's Fazam 2000 group policy management tool.
With the new tools, NetIQ is hoping to give administrators a measure of security control that is lacking or is manually intensive in the native Microsoft tools. Quest Software's ActiveRoles software has similar tools to manage access control and group policy.
With DSA, directory administrators get an enterprisewide view of directory objects and their assigned access permissions. The tool can be used to modify access controls and includes a search feature to track permission settings.
"You can see where explicit permissions are set and how they are inherited," says Dave Peterson, senior product manager for NetIQ. "The goal was to create a tool where you could visualize and search for permissions set using Active Directory."
In addition, NetIQ also is adding a tool to unravel the complexities of group policies.
Active Directory's group policy feature can be used to lock down desktop and application configurations, guarantee consistent computer settings across the enterprise, and aid in the automated distribution of software. For example, a group policy may prevent a collection of end users from installing certain applications or changing default settings on their desktop computers.
But the policies are built on a hierarchy of inheritance and can become a quagmire for security risks where one policy can ultimately override another. GPA helps untangle that mess and provides a clear view of how policies flow through the directory and a mechanism to manage and manipulate those policies.
The advanced version of Administration Suite 2.0, which features GPA, is priced at $30 per user. The standard addition is priced at $24 per user. The GPA and the Directory Security Administrator both can be purchased separately for $9 per user.
The suite supports Windows NT 4.0, 2000 and the forthcoming Windows.Net Server.
RELATED LINKS
