New Boundary's Policy Commander is not at the same level as the other products we tested. This product is best suited for small to midsize companies that run only Windows servers and desktops.

This product has multiple components - a channel server (which manages communication with the clients), a database server, a Web server, an administrative console, client agents and a policy editor.

Client agents needed to be installed locally and could not be distributed through the administrative console. Also, unless Active Directory groups have been imported for system grouping, administrators must manually move new agents into the appropriate groups. Most of the other products tested automatically grouped agents by operating system.

Policies could not be managed directly from the compliance-administration console, but had to be exported from the console to the policy editor for changes. The finished policy then had to be exported to the console for use against systems.

New Boundary offers some good policies out of the box, but all fall into standard regulatory and guideline categories.

To define a policy within the policy editor, the user selects an applicability group, defines the compliance check and configures enforcement settings.

The product appears to be simple to use, but that appearance is deceptive. In general, navigation was confusing at times, especially the information displayed as we drilled farther down. We could not find an easy way to show all the out-of-compliant checks for a given system.

Access control was very limited and offered virtually no detail. According to New Boundary, this functionality will be included in Version 2.0, expected to ship in late summer.

Reporting, limited to HTML format, shows overall compliance across all systems and all policies, reports for specific system groups, and reports for specific policies.

One great feature of this product was its ability to provide offline remediation and enforcement, so that a system can remain in compliance even if it is disconnected from the company network.

Another nice feature is its ability to set smart-update rules for dynamic compliance requirements, such as making sure clients are running the latest anti-virus signature file. This feature allows an administrator to specify a master system to watch the specified area for changes and update the compliance rule to the latest change to ensure all other systems have the same settings.