Additional Resources

Security Policy Enforcement

Centrally enforce security and configuration policies across Linux, UNIX and Mac systems using familiar Windows Group Policy tools

The Challenge

As the number of systems and users grows in an organization, centralized, rules-based management of security and configuration policies becomes critical. In large heterogeneous environments, accomplishing something as simple as enforcing a consistent password change interval, or locking a screen after a period of activity, is impractical because each UNIX vendor or Linux distribution may have different methods for accomplishing these tasks - if they can be done at all. Once systems are joined to Active Directory, enforcing something like a consistent Kerberos credential renewal policy across platforms may be critical to meet specific compliance or security requirements, and a centralized and automated method is the key to ensuring the policy is in force and can be reported on to satisfy security or compliance audits.

Many current policy solutions require a separate policy server infrastructure that is frequently fragile to maintain reliably and represents a security risk because policies travel "in the clear" across the network. Such solutions require you to maintain a separate identity store of systems and users, and usually rely on proprietary scripting and database formats. Policy updates may also be slow to propagate across systems.

The Centrify Solution

You realize some security policy benefits immediately when the Centrify Suite is used to join Linux, UNIX and Mac systems to Active Directory. For example, the Centrify agent automatically enforces Active Directory rules for password length, complexity and expiration across all managed systems. To provide rules-based enforcement of security and configuration policies, the Centrify Suite also enables IT managers to use Windows Group Policy to centrally push policies to more than 225 versions of UNIX, Linux and Mac platforms. Centrify's solution for Group Policy for Linux, UNIX and Mac has several advantages:

Leveraging your existing Active Directory infrastructure is far more cost effective than setting up a separate policy server, and far more reliable since you benefit from the scalability and fault-tolerance of your corporate domain controller setup.
IT staff can centrally configure and distribute policies using familiar Windows tools without needing detailed Linux, UNIX or Mac domain knowledge.
Policies are stored securely in Active Directory and communicated over an encrypted and authenticated connection to the target systems.
Policies are consistently refreshed at a periodic interval, and also at system startup, user login, and on-demand.
When configured along with Centrify's unique Zone-based access controls, Group Policy becomes a powerful way to apply consistent policies to logical groups of systems and delegate policy admin rights. Adding a computer to a Zone automatically deploys policies to that computer, providing automated security and configuration management for new systems.

Centrify delivers industry-leading Group Policy support for Linux, UNIX and Mac. Here are a few unique advantages of Centrify's solution:

Support for both user and computer policies
Support for advanced features such as filtering and loop-back processing
Wide array of out-of-the-box policies (225+)
Desktop lockdown policies optimized for Macs

For an introduction to Windows Group Policy and a detailed look at the benefits and features of Centrify's solution, see our white paper Top Five Benefits of Using Windows Group Policy to Secure and Manage UNIX, Linux and Mac Systems (co-authored by Group Policy guru Jeremy Moskowitz).

It is worth noting that using Windows Group Policy to deploy sudo files for privilege management is appealing for many of the reasons noted above, and Centrify provides an easy-to-use sudo editor with a syntax checker as part of its Group Policy tools. However, sudo has significant limitations in large or complex environments, and for this reason Centrify designed DirectAuthorize as the foundation for its solution for superuser privilege management on Linux and UNIX.

Learn More

White Paper	Top Five Benefits of Using Windows Group Policy to Secure and Manage UNIX, Linux and Mac Systems
On-Demand Webinar	Top Five Benefits of Using Windows Group Policy to Secure and Manage UNIX, Linux and Mac Systems
Video Chalktalk	Group Policy for UNIX, Linux and Mac
Video Chalktalk	Configuring Mac OS X Workstations Using Windows Group Policy

Next Steps

Product Information

The Centrify Suite

View a 5-Minute Demo

3-Part Webinar Series What Gartner Says About Using Active Directory for Centralized Authentication, Auditing and SSO

White Paper Centralized Identity and Access Management with Active Directory View
Now

Video Chalktalk Library Detailed overviews of Centrify solutions and technology

Microsoft recognizes Centrify as a new Microsoft Gold Certified Partner for demonstrating its expertise in providing customer satisfaction with Microsoft products and technology.

Allison Watson
Vice President
Worldwide Partner Sales and Marketing
Microsoft Corp.

Solutions