FullArmor extends the reach of Microsoft Group Policy

It surprised me to learn that there are still many, many places running the Windows 2000 server operating system and Windows Server 2003 without implementing Active Directory. But that’s what Danny Kim told me last week, and he should know. Kim is CTO of FullArmor, a company whose livelihood relies on extending the power and the reach of Microsoft’s Group Policy technology. And Group Policy, as you all should know, relies on Active Directory.

As just one example, he cited Wal-Mart – the world’s largest retailer. Each Wal-Mart store has between 10 and 15 desktops running Windows – but no Active Directory. Still, Sam Walton didn’t grow the world’s largest retailer by employing dummies, so Wal-Mart liked the idea of using Group Policy to lock down (and monitor) the activity on all those computers. Enter FullArmor.

The company has three major products:

* IntelliPolicy for Clients – Intelligent/location-aware end-point policy enforcement.

* GP Anywhere – Portable end-point policies.

* PolicyPortal – Internet-based policy deployment, enforcement and compliance.

IntelliPolicy is the heart of the system, and is used to create and maintain policies covering five broad areas:

* Enhanced security settings

* Application configuration

* Network resources

* Performance and maintenance

* User environment

GP Anywhere extends the reach of Group Policy beyond Windows desktops to mobile devices (Windows embedded devices and cell phones); kiosks; and non-Windows networks (NetWare, Unix); as well as  to disconnected Windows devices (home workers, mobile workers with laptops, etc.).

The third part of the trio of applications, PolicyPortal, is a Web-based portal to manage Policy on Windows 2000/XP machines over the Internet. PolicyPortal is aimed at what I consider non-traditional Windows network markets:

* Enterprises with disconnected, remote and kiosk machines.

* Small and midsize businesses that do not have Active Directory.

* Managed-services providers that want to centralize the Policy for all customers.

* ISPs that need to apply Policy for their software and provide an additional service offering. 

But Kim assures me that there are many, many enterprises like that out in the real world. In particular, he emphasized that these target markets are reluctant (or unable) to implement Active Directory either for the entire network or for the affected machines.

As it stands right now, FullArmor’s products can’t completely hide Active Directory (it has to be reachable by the system, just not constantly in touch). But some day, real soon, you’ll be able to institute not only Group Policy but also FullArmor’s enhanced Group Policy without ever knowing or seeing Active Directory. And, to some, that’s a good thing. If that’s you, or if you simply want to pump up your Group Policy, check out the details at FullArmor’s Web site. While you’re there, request an evaluation copy so you can try it out for yourself.