FullArmor this week is expected to introduce a service designed to help companies use policies to manage Windows-based mobile laptops and remote machines that are not routinely connected to a network.

FullArmor's hosted service, called PolicyPortal, is a centralized hub from which administrators can set, deploy and enforce usage procedures via the group-policy features of Microsoft's Active Directory. Windows client machines are outfitted with a small software agent, FullArmor's GPAnywhere client, that regularly checks the portal for new or updated policies when the machines are connected to the Internet.

The service is targeted at companies that want to centrally manage users who are not regularly connected or ever connected to Active Directory, including roaming laptop users, remote or home clients and corporate contractors, as well as kiosks, point-of-sale terminals and ATMs. It also is targeted at companies that do not use Active Directory and at service providers.

Service providers such as Chicago-based Itility are eyeing PolicyPortal as part of disaster-recovery plans for mobile users.

"We want to use PolicyPortal for things such as restoring folder icons on a desktop, mapping drives or reestablishing Outlook profile settings," says Rick Neubauer, Itility's CTO. The company provides a data backup for mobile users who lose or have their laptops stolen, and the company plans to augment that with a one-click service that would restore all of a user's settings and configurations via policy once they get a new laptop.

"We can't do that now. For those people in the field you spend hours with them on the phone. Not all that is alleviated, but a good chunk of it is," Neubauer says.

PolicyPortal, which FullArmor says is likely to be released in the future as an appliance that can be deployed internally, is tapping into a growing interest in group policy to manage servers and machines.

Group policy, which is supported on Windows 2000 and XP, and Windows Server 2003, lets administrators manage, customize and lock down desktop and server settings based on a set of policies maintained in the directory.

The foundation of PolicyPortal is Active Directory running on a 64-bit version of Windows Server 2003 Release 2 with Web-based software that provides the management interface.

The package lets administrators log on and upload digitally signed policies. The policies are stored in a database and each company has its own table to ensure privacy. In the PolicyPortal management interface, administrators can see the machines they are managing and set policies for individual machines or groups of machines. Also included is a management dashboard that shows whether machines are in compliance with security policies, identifies which settings are enforced or not enforced, and provides a log of changes and who made them.

"This is very much like [automated] patching," says Danny Kim, CTO for FullArmor. "It is an automatic update - that is how the policy works."

FullArmor also is integrating its Intellipolicy, which provides extensions for group policy, with PolicyPortal so users also can automate tasks as printer setup, local administrator setup or denying the use of USB drives.