Centrify DirectControl delivers the industry's most comprehensive support for extending Group Policy to non-Windows systems. It is the only solution to provide both user and computer policies, Mac-specific desktop lockdown policies, and advanced features such as group filtering and loopback processing. Group Policy functionality is seamlessly integrated into the all-in-one DirectControl Agent; there's nothing else to buy, nothing else to install. DirectControl is the only solution that provides authentication, access control, and Group Policy for non-Microsoft systems as a single, seamlessly integrated agent.
Enabling [Group Policy] support in our tests was as simple as adding the centrifydc.adm template to a new GPO. We were surprised by just how many options you can configure, including password policies and UNIX login settings.
Darren Ehmke & Eric B. Rux, Windows IT Pro Magazine
With DirectControl you can use Active Directory Group Policy to centrally enforce security and configuration policies across your UNIX, Linux and Mac systems.
When combined with DirectControl's unique Zone technology, Group Policy gives you granular control over Zones of related UNIX, Linux and Mac computers. By adding a Zone to an Active Directory Computer Group, you can strengthen security by ensuring all computers in that Zone share a consistent configuration and that updates propagate securely to every computer in that Zone.
On Windows computers, Group Policy works by forcibly setting user and computer registry keys. Since almost all of a Windows system is configured through registry settings, this is a very natural and simple way to enforce almost any policy.
On UNIX, Linux and Macintosh computers, there is no equivalent to the Windows registry. The de-facto standard for configuration is through text-based configuration files. To enforce Active Directory's Group Policies on these non-Microsoft platforms, DirectControl creates a "virtual registry" to hold the Group Policy configuration settings that apply to that managed system and the users logging in to it. For each configurable application that a policy applies to, DirectControl provides a specific mapping program that translates these virtual registry settings and updates the appropriate configuration file for that application with the settings defined by the policy.
On each DirectControl-managed computer, the DirectControl Agent is responsible for contacting Active Directory to determine the relevant policies and copying them down to a set of virtual registry files. These policy files are refreshed in the same way they are on Windows systems: when a user logs in, on computer restart, and at periodic intervals defined by Group Policy. Administrators can also update Group Policy on demand.
DirectControl's Group Policy feature has been designed so that it integrates seamlessly with existing Group Policy features in Active Directory. Your policies for UNIX, Linux and Macintosh computers and users will work just like Windows policies do in terms of how they are linked to targets (sites, domains, organizational units, groups and individual users or computers), how these settings are inherited, and so on within Active Directory. The Windows default administrative template even has some settings, particularly those that specify refresh intervals for policy updates, that DirectControl will apply to the UNIX, Linux and Mac systems it manages for a consistent global policy.
Just like Windows policies, DirectControl policies are used in two ways:
DirectControl delivers a streamlined Group Policy Object Editor interface that makes it easy to create and edit Group Policies within the standard GPO Editor. It provides a rich editing environment for many policies where multiple lines of text need to be entered or edited after initial entry, such as the sudo or firewall policies. In addition to the new user interface, DirectControl 4 also provides several new and improved Group Policies, including ones to control SSH settings, set sudo rights, and copy files.