Identity consolidation and privileged access management across Windows, Linux, and UNIXEnterprise Edition
Detailed auditing of privileged user sessions on Windows, Linux and UNIXPlatinum Edition
Dynamic segmentation and isolation of cross-platform systemsApplication Edition
Secure, centralized single sign-on to on-premises business applications
Single sign-on and unified management for cloud and mobile apps and devicesMac Edition
Centralized security and management for Macs and mobile devicesPremium Edition
SaaS and Mac Editions combined with mobile security management
Centrify Server Suite delivers the industry's most comprehensive support for extending Group Policy to non-Windows systems. It is the only solution to provide both user and computer policies, and advanced features such as group filtering and loopback processing. Group Policy functionality is seamlessly integrated into the all-in-one Centrify UNIX Agent; there’s nothing else to buy, nothing else to install. The Server Suite provides the only solution that manages authentication, access control, and Group Policy for non-Microsoft systems through a single agent.
Enabling [Group Policy] support in our tests was as simple as adding the centrifydc.adm template to a new GPO. We were surprised by just how many options you can configure, including password policies and UNIX login settings.
Darren Ehmke & Eric B. Rux, Windows IT Pro Magazine
With Server Suite’s DirectControl feature set you can use Active Directory Group Policy to centrally enforce security and configuration policies across your Linux and UNIX systems.
When combined with Centrify’s patented Zone technology, Group Policy gives you granular control over Zones of related Linux and UNIX systems. By adding a Zone to an Active Directory Computer Group, you can strengthen security by ensuring all computers in that Zone share a consistent configuration and that updates propagate securely to every computer in that Zone.
On Windows computers, Group Policy works by forcibly setting user and computer registry keys. Since almost all of a Windows system is configured through registry settings, this is a very natural and simple way to enforce almost any policy.
On Linux and UNIX systems, there is no equivalent to the Windows registry. The de-facto standard for configuration is through text-based configuration files. To enforce Active Directory's Group Policies on these non-Microsoft platforms, the DirectControl feature set creates a “virtual registry” to hold the Group Policy configuration settings that apply to that managed system and the users logging in to it. For each configurable application that a policy applies to, the DirectControl feature set provides a specific mapping program that translates these virtual registry settings and updates the appropriate configuration file for that application with the settings defined by the policy.
On each Server Suite-managed computer, the Centrify UNIX Agent is responsible for contacting Active Directory to determine the relevant policies and copying them down to a set of virtual registry files. These policy files are refreshed in the same way they are on Windows systems: when a user logs in, on computer restart, and at periodic intervals defined by Group Policy. Administrators can also update Group Policy on demand.
Server Suite's Group Policy feature has been designed so that it integrates seamlessly with existing Group Policy features in Active Directory. Your policies for Linux and UNIX systems and users will work just like Windows policies do in terms of how they are linked to targets (sites, domains, organizational units, groups and individual users or computers), how these settings are inherited, and so on within Active Directory. The Windows default administrative template even has some settings, particularly those that specify refresh intervals for policy updates that the DirectControl component will apply to the Linux and UNIX systems it manages for a consistent global policy.
Just like Windows policies, the DirectControl feature set’s policies are used in two ways: