NetPro adds group policy management to Active Directory

NetPro last week bolstered its security and compliance suite for Microsoft's Active Directory with software that lets users delegate who can set and change policies used to manage desktops and servers.

NetPro's ChangeManager is a workflow-based change management system for the group policy objects (GPO) of Active Directory. GPOs, which are supported on Windows 2000, XP and Windows Server 2003, let administrators manage, customize and lock down desktop and server settings based on a set of policies maintained in the directory.

ChangeManager is designed to let companies build workflow and approval processes around management of GPOs.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

NetPro last week bolstered its security and compliance suite for Microsoft's Active Directory with software that lets users delegate who can set and change policies used to manage desktops and servers.

NetPro's ChangeManager is a workflow-based change management system for the group policy objects (GPO) of Active Directory. GPOs, which are supported on Windows 2000, XP and Windows Server 2003, let administrators manage, customize and lock down desktop and server settings based on a set of policies maintained in the directory.

ChangeManager is designed to let companies build workflow and approval processes around management of GPOs.

The use of group policy is catching on because users are starting to get the infrastructure pieces in place, including Win 2000 or XP Professional on the desktop and a server infrastructure that includes Active Directory.

IDC says as many as 80% of users in North America have Active Directory deployed.

"The next logical thing to do is to take advantage of group policy; it's pretty powerful," says Al Gillen, an analyst with IDC. "But if you use group policy to manage desktops and servers, you need to track and audit changes, and that is where this software comes into play. I would guess to some extent that the drive toward regulatory compliance is influencing this space."

NetPro's software features role-based delegation of group policy management using roles of requester, reviewer and approver. NetPro has added a workflow engine to link the three roles. Users also can create customized roles within each of the three categories.

With the Active Directory GPO tools, administrators can be assigned to manage specific GPOs. But with ChangeManager, an administrator could be restricted to requesting changes or the ability to request changes only on specific settings within a GPO.

The software lets users test GPO changes before submitting them to the workflow- approval process. Once a change is approved, it is added to a deployment schedule and automatically rolled out by ChangeManager. The software also features rollback so GPOs can be reset if problems occur when they are deployed.

"Users are finding generic change management [software] doesn't get down to the level of detail they need to get to, and they also are finding they have to document these workflow processes for compliance reasons," says Brad Hibbert, vice president of strategy for NetPro.

ChangeManager also integrates with NetPro's ChangeAuditor, which lets users audit any changes made to the directory, including group policy settings. NetPro also is working to integrate ChangeManager with its SecurityManager, which eventually will detect if GPO changes violate network security policies.

NetPro plans to have ChangeManager support third-party extensions to GPO in future releases of the software. It also plans to expand the workflow capabilities to include management of changes made to user and group data stored in the directory.

NetPro competes with DesktopStandard, FullArmor and Quest. It also competes with Special Operations Software and NetIQ, both of which plan to release in November upgrades to their group policy software.