Maximizing benefits of

Active Directory
Oliver Keizers
Regional Manager
[email protected]

Agenda
What We Will Cover
Maximizing Your Return on Active Directory

Lower the Cost of Administration

Increase Internal Security
Ensure Regulatory Compliance
Whats New
Summary

What You Should Walk Away With

How to securely manage users
Ways to automate account management
How to utilize more of Active Directory

Maximizing Your Return On Active

Directory

Challenges Managing With AD

Task

Challenge

Administering Users &

Resources

Too many user admin requests, too little time

Maintaining Directory Info &

Leveraging for App Dev

Information is not up to date

Securing & Maintaining the

Directory
Desktop Configuration &
Lockdown

Spending majority of time on repetitive tasks

Information is inconsistent, poorly formatted

Too many privileged administrators in AD
Auditing and reporting on access to AD
Compliance with government regulations
No safeguards for making native changes
Changes to GPOs applied w/o knowledge

NetIQ Administration Solutions

NetIQ Administration solution helps:
Lower the Cost of Administration
Task delegation
End user self service
Provisioning automation
Increase Internal Security
Layered security
Change control
Ensure Regulatory Compliance
Secure delegation
Centralized auditing

Security Administration Suite

Task Appropriate Directory Access
Securing and Maintaining
the Directory
AD Architect /
Security Admin

Administering
Users/Resources and
Maintaining Directory
Info

Desktop
Configuration and
Lockdown

Desktop Management /
Group Policy Admin

LAYERED SECURITY ARCHITECTURE

Departmental Admin /
Help Desk Admin

Security Administration Suite

Task Appropriate Directory Access

AD Architect /
Security Admin
Direct/native access for auditing and management of the
Active Directory security model and similar tasks that require
a high level of privilege.

Offline access for sensitive tasks that can

impact the entire enterprise environment if
performed online.

Desktop Management /
Group Policy Admin

Protected access for tasks that require low levels of

privilege, and high levels of auditing, automation and
extensibility.

LAYERED SECURITY ARCHITECTURE

Departmental Admin /
Help Desk Admin

Security Administration Suite

Task Appropriate Directory Access

AD Architect /
Security Admin

Desktop Management /
Group Policy Admin

Departmental Admin /
Help Desk Admin

Lower Administration Cost

Lower The Cost of Administration

Task Delegation
Allow service administrators to control group membership
Allow help desk to start/stop services or print queues
Allow NT and AD management from same console

Provisioning
HR driven account creation
Create home dir w/new user

Self Service
White pages updates
End user password reset

End User Password Self Service

Lowers Costs: Reduce help desk calls.
Web-based, self service for password resets and unlocks
Synchronizes password change across affiliated accounts

Enhances Security: No more Post-Its.

Challenge response authentication lets users securely reset their
own passwords, so they dont need to write it down

Increases Productivity: Less user downtime.

Automatically direct reset to users nearest domain controller so
updates happen near real time
Kiosk account so locked out user can get to
My Passwords
self service site
-a67RTu11
-bb4567aw

Increase Security

Increase Internal Security

Centralized Auditing
Who reset CEOs password last night?

Layered Security Architecture

Protect your corporate jewels
Minimize direct access to the vault

Secure Group Policy Mgmt

Offline test environment
Online changes are immediate!
No native permissions needed
Real time monitoring of changes

Ensure Regulatory Compliance

Segregation of Duties
Secure delegation No way to escalate privilege
Take away privileges when roles change
Centrally audit activity

Permissions Management
Who has access in AD
Who has access to files
Implement role based security

Change Control
Prevent live GPO changes

Whats in it?

Directory & Resource Administrator

The What
Secure Delegation
Centralized Auditing
Automate Tasks
Enforce Policies

Unique single console for NT and AD

The Why
Offload tasks to help desk
Know who accessed what,
when
Reduce repetitive work
Keep AD content accurate
The How
No users have privilege in AD
All actions logged
Pre and post action triggers
Client side enforcement

Directory Security Administrator

The What
Native ACL Administration
Role Based Security
Permissions Search
The Why
Manage within Active Directory
Easier privilege management
See who can do what
The How
Store data within AD
Support for security templates
Search and reporting features

Group Policy Administrator

The What
Change & Release Mgmt
Offline RSoP
Secure Delegation
The Why
Prevent configuration errors
What-if analysis w/o
deploying to production
No need for permissions in AD

Unique offline management capability

The How
Offline Group Policy Repository
Offline change simulation
Similar model as DRA
delegation

Whats more?

Group Policy Guardian

What Does It Do?
Real-time change monitoring
Audit trail of activity
Why Is This Important?
Large investment bank lost
hours of trading due to
undetected setting change!
Not if they had GPG.

Native integration to AppMgr, MOM, SM

Secure Password Administrator

Key Capabilities
Password Resets & Unlocks
Password Synchronization
Secure Self Service

Why Is This Important

Reduces calls to help desk
Keeps accounts in synch
Prevents account hijacking

Extending Beyond Native

Tools

Extending Beyond Native Tools

Unique Capability

Value

Centralized Auditing

Find out who did what, when

Advanced Automation

Provision users automatically

Secure Un\Delegation

Delegate w/o AD permissions

Content Enforcement

Keep AD content accurate

Ease of Use

Web console and wizards

Web Console!
NetIQ

ADU&C

Extending Beyond GPMC

Unique Capability

Value

Offline RSoP

What-If analysis w/o deploying into

production

GPO Comparison

Identify differences between policies

Version Control &

Rollback

Recover from inappropriate

modifications to policies

Secure Delegation

Limit need for AD privileges

Wizards & Taskpads

Make group policy mgmt easy

Wizards!
NetIQ

GPMC

Summary

Summary: Why NetIQ and SAS?

Fastest Time to Value
Quick install, ease of use, superior customization

Unique Layered Security Architecture

Enhance security AND lower TCO

Unique Administration Products

Offline management and real time alerting on Group Policies
Delegated file level security management

Unique End to End Windows Management

Migrate: User and account & Exchange migration, server consolidation

Manage: AD, NT, Exchange, file security & password mgmt
Monitor: Systems and Applications management
Secure: Vulnerability and security management

Questions?

Oliver Keizers, Regional Manager, [email protected]