TOM KEMP'S CENTRIFY BLOG
What's New in DirectControl 4, Part 2: Enhanced Cross-Platform Group Policy and Compliance Reporting
Monday, November 12, 2007
This is the second of a few blog posts on some of the highlights of DirectControl 4, which we shipped last week. In this post, I am going to highlight some of the enhancements we have made in the areas of Group Policy for UNIX, Linux and Mac, as well as improvements we have made to our DirectControl Report Center that delivers important compliance reporting capabilities. As a reminder we are having a webinar on November 13 for people to learn more about the new features we have added - click here to register.
Enhanced Cross-Platform Group Policy Features in DirectControl 4
We have consistently heard from customers and industry analysts that Centrify DirectControl delivers the industry's most comprehensive support for extending Group Policy to non-Windows systems. It is the only solution to provide both user and computer policies, Mac-specific desktop lockdown policies, and advanced features such as group filtering and loopback processing. In addition, we provide more than 225 Group Policies out of the box, well more than what other solutions offer. And this Group Policy capability is part and parcel of the DirectControl architecture, as opposed to a separate architecture that needs to be managed and configured.
A major new feature in DirectControl 4 is a streamlined Group Policy Object Editor interface that makes it even easier to create and edit Group Policies within the standard GPO Editor. This new interface provides a rich editing environment for many policies where multiple lines of text need to be entered or edited after initial entry, such as the sudo or firewall policies. In addition to the new user interface, DirectControl 4 also provides several new and improved Group Policies, including ones to set sudo rights, copy files and control SSH settings.
Because sudo is a powerful tool for fine-grained privilege management in the UNIX environment, we made it even easier to edit the sudo rights policy with a free-form editor. This editor has the ability to insert all standard commands with a simple right-click, as well as the ability to browse and select names of Active Directory objects and to find their appropriate UNIX name where needed. Additionally, since the policy must adhere to a defined syntax, we made this editor check for proper syntax before allowing you to move on to the next policy.
;)
Group Policy for UNIX. DirectControl 4 delivers free-form editing, a syntax checker, and the ability to insert all standard commands and Active Directory object names make it even easier to manage sudo Group Policies for fine-grained privilege management. (Click to see an enlarged version.)
While the Sudo Rights Group Policy provides a robust interface for managing the contents of that file, we also find that many IT departments prefer to simply copy a common sudoers policy file to the various computers under administrative control. DirectControl 4 provides a File Copy Group Policy to simplify the task of securely distributing files, such as syslog or Samba config files, from the SYSVOL share to DirectControl-managed computers.
Finally, DirectControl 4 is the only solution that lets you enforce best practices for remote access by centrally configuring and enforcing sshd settings. For example, you can specify which users can ssh to a set of systems, or prevent root logins. This new Group Policy to manage SSH server settings can control many of the security-related parameters, including those required to comply with the Center for Internet Security (CIS) Level 1 benchmark. When the Centrify OpenSSH server is combined with the Centrify distribution of PuTTY, which Centrify now ships with its own set of Group Policy controls, the administrator now has full control over the security and ssh experience for users across the environment.
Expanded Reporting Center in DirectControl 4
DirectControl's built-for-compliance architecture has always made reporting a central feature, enabling IT auditors to report on user access to systems, Zone and group membership, and more. With DirectControl 4, Centrify has significantly expanded the Reporting Center with the following features:
- You can now take snapshots at specific points in time for historical reporting.
- Reports are generated from live Active Directory data for up-to-the-second authorization and configuration reporting. You can now right-click on an object in a report to drill down into its details or to edit its properties. For example, if you notice the access report for a specific computer contains a user who shouldn't have access, you can immediately open that user's UNIX properties and remove his access. In other words, you can take actions within the report (assuming you have the proper permissions to do so).
- New reports are included for IT auditors and managers, such as the Zone Delegation Report, which shows the administrators of each Zone and the permissions granted to them.
- Expanded customization features let you select the data sets you need to create a wide range of ad-hoc reports. You can choose and order data columns, set filters and sort orders, and change report formatting.
- The new Report Wizard guides you through the creation of your own custom reports, which you can save to disk for distribution to other administrators.
;)
DirectControl Reporting Center. A powerful tool to meet compliance requirements (Click to see an enlarged version.)
Bottom Line: Industry's Most Comprehensive Cross-Platform Group Policy and Compliance Reporting
As you can see DirectControl 4 delivers additional policies and enhanced cross-platform Group Policy features that give IT managers even more granular control over security configurations for both users and computers, as well as expanded reporting that provides IT auditors a comprehensive view of the access controls in place and verification that they are working as expected. In my next Centrify blog posting I will talk about the improvements we made to DirectControl in the areas of new platform support and enhanced NIS and LDAP integration solutions that enable organizations to further leverage their Active Directory infrastructure to secure even more of their non-Microsoft environment.
< Previous Article: What's New in DirectControl 4, Part 1: Interface of Your Choice
> Next Article: What's New in DirectControl 4, Part 3: Further Extending Active Directory to non-Microsoft Platforms
About Tom
Tom Kemp is President and CEO of Centrify. He blogs regularly on the topics of Entrepreneurship and Centrify. (Full biography.)
Recent Posts
- Superuser Privilege Management
- We've Moved!
- Centrify LISA Presentation on Integrating Linux with Microsoft Active Directory
- Strong Authentication for the Mac
- How DirectAuthorize Compares to sudo for Root Access Control
- How DirectAuthorize Leverages Active Directory to Enable Privilege Account Management on UNIX/Linux
Categories
- Centrify (56)
- Centrify Suite (4)
- Customers and Press (38)
- DirectAudit (13)
- DirectAuthorize (5)
- DirectControl for Databases (27)
- DirectControl for Systems (48)
- DirectControl for Web Apps (25)
- Group Policy (38)
- Regulatory Compliance (36)
- Mac OS X (19)
- Partners (9)
- Open Source Tools (7)
- All (73)
Other Blogs
Subscribe
RSS Feed
