Group policy vendors adding better control to their wares

Desktop and server management vendor Special Operations Software this week plans to release an extension to Microsoft's Group Policy technology that lets administrators tighten network security by controlling the strength of passwords assigned to individuals or groups of users.

Another vendor, DesktopStandard, says later this year it will ship two extensions to Group Policy for change management that focus on software deployment and inventory.

Microsoft's Group Policy, which is supported on Windows 2000, XP and Windows Server 2003, lets administrators centrally manage, customize and lock desktop and server settings based on a set of policies maintained in the directory. Administrators can tune security settings and prevent end users from making changes to their desktops.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Desktop and server management vendor Special Operations Software this week plans to release an extension to Microsoft's Group Policy technology that lets administrators tighten network security by controlling the strength of passwords assigned to individuals or groups of users.

Another vendor, DesktopStandard, says later this year it will ship two extensions to Group Policy for change management that focus on software deployment and inventory.

Microsoft's Group Policy, which is supported on Windows 2000, XP and Windows Server 2003, lets administrators centrally manage, customize and lock desktop and server settings based on a set of policies maintained in the directory. Administrators can tune security settings and prevent end users from making changes to their desktops.

"There is a lot you can do because an object exists in a directory," says Scott Crawford, an analyst with Enterprise Management Associates. "In principal, any object in a directory can be given any attributes that you want to give it. Group Policy is taking more advantage of the capabilities that Active Directory has to offer."

With Specops Password Policy, Special Operations is eliminating the limitation in Active Directory requiring that the same password policies apply to every user in a domain. That means all users adhere to the same rules about how a password is constructed, such as requiring the use of numbers and letters, and on what cycle it must be changed.

Password Policy gives administrators the ability to apply password policies based on group membership, organizational unit and individual user accounts. CEO and IT administrators managing many systems can have a very complex password construction that is difficult to hack, while regular end users can have something that is easier to remember but potentially less secure. Password Policy also extends the options for constructing a complex password and defines the complexity rules a password must meet.

The software requires the installation of a Dynamic Link Library on a Microsoft domain controller, which is used to run Active Directory, to support the password extension. It also includes a snap-in for the Microsoft Management Console and an option to install client software that displays a dialog box on a user desktop with an explanation about how to construct a password.

Special Operations plans to follow Password Policy, which is priced at $1,200 per domain and $3 per user, with another Group Policy extension called Specops Inventory, which will ship in March. The extension is focused on asset management.

Rival DesktopStandard also plans to ship a new product in its PolicyMaker line of Group Policy extensions called Change Management that focuses on software deployment and inventory.

"Microsoft's Group Policy system offers deployment natively but it is limited," says Eric Voskuil, CTO of DesktopStandard.

Change Management will include options for scheduling and bandwidth throttling in the deployment extension. The inventory tool will tie in with DesktopStandard's Dragnet reporting tool to collect inventory data from network desktops and servers. The company also plans to integrate its Dragnet reporting software with all the extensions in its PolicyMaker lineup and those offered natively from Microsoft.