Security and Active Directory - two subjects very high on my priority list - are frequently embodied in the excellent products from NetPro Computing. And that's certainly apparent in this week's release of the company's DirectoryLockdown 4.0.When Version 3 was released just over two years ago, I called it a tool designed to "watch the watchers" or "guard against the guards" - the directory administrators. That's still true, but the new version does add a boatload of new features.Primary among the features of DirectoryLockdown 4.0 are these 5:1. Change Prevention - DirectoryLockdown tightens change control by filtering all infrastructure changes and preventing unauthorized changes from occurring.2. Change Forensics - details who attempted what changes, and where and when they were attempted.3. Tamper Resistance - features its own anti-tamper mechanism, dispatching encrypted notification to the enterprise admin when intrusion is inferred.4. Change Console - provides a user interface to centralize everything from agent controls to notification and permitted changes.5. Speedy Deployment - deployment wizard enables simple and flexible deployment, as well as integration with key platforms such as Microsoft Operations Manager (MOM) and HP OpenView (HPOV).This is a tool that any organization's chief compliance officer should want to have installed everywhere, because DirectoryLockdown 4.0 locks down and hardens enterprise-wide Domain Controllers against both internal and external security threats, while detailing who attempted what changes, and where and when they were attempted. Regulatory compliance is all about who did what to which data, and when did they do it.But it's more than just a compliance logging or auditing tool since it can also stop unauthorized (or inadvertent) changes to the schema from being propagated throughout the forest, forestalling would could be a major headache (at best) or a blatant malicious attack (at worst).If you have DirectoryLockdown 3, you really should upgrade to the new version. If you don't have it, then you need to investigate Version 4 for your network. Browse to the NetPro Web site for all the details about DirectoryLockdown 4 and the other fine tools the company offers. For a lighter moment, visit the Weblog of NetPro CTO Gil Kirkpatrick and follow the adventures of the rubber chickens (e.g., "The Rubber Chicken as Terrorist Weapon"; "The Rubber Chicken as Market Research Device" and more!).