Managing Group Policies for Non-Windows Computers through Microsoft Active Directory
|
|
- Felicity Fleming
- 7 years ago
- Views:
Transcription
1 White Paper Managing Group Policies for Non-Windows Computers through Microsoft Active Directory Abstract Administrators currently have the option either to use Open Source tools or implement professional, scalable, and supported solutions like PowerBroker Identity Services Enterprise when standardizing identity management on Windows. The present paper discusses the advantages and disadvantages of both approaches. BeyondTrust 2173 Salk Avenue Carlsbad, California Phone:
2 Contents Executive Summary... 3 Managing Group Policies... 4 Predominance of Windows Platform... 4 Group Policy Management... 4 Schema Extension... 4 Ease of Use... 5 Uniformity of Management... 5 Policy Management Features Available through Active Directory... 5 Management Complexities in the UNIX Environment... 6 Cross platform Challenges... 7 Limitations of sudo... 7 Limitations of NIS/NIS Limitations of RBAC... 7 Kerberos Authentication... 7 Limitations of File Permissions in UNIX... 8 Managing Policies Across Different Flavors of UNIX/Linux... 8 Advantages of Managing UNIX Policies with BeyondTrust... 9 Complexities of Managing Policies in Mac OS X Environment BeyondTrust Solution for Mac Desktop Policy Management Summary Contact Information Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
3 Executive Summary Currently, midsize and large enterprises have to manage identities and policies uniformly across a heterogeneous platform base. This need arises from increasing node management costs, the desire to improve security posture, and industry regulatory requirements. The most efficient way to manage policies and identities on non Windows platforms in these environments is to choose Windows as a common ground for the storage, management, and enforcement of such policies. Windows is chosen as a common ground, because it is a scalable and reliable platform with excellent, intuitive management tools. Administrators can use Open Source tools or professional, scalable, and supported solutions like PowerBroker Identity Services Enterprise when standardizing identity management on Windows. The present paper discusses the advantages and disadvantages of both approaches. This white paper discusses how PowerBroker Identity Services Enterprise enables organizations to integrate and manage their UNIX, Linux, and Mac computers using Microsoft Active Directory tools. The paper briefly describes the proliferation of Windows and then moves on to describe how Active Directory features, such as Group Policy and extensions to Active Directory schemas, enable the management of UNIX like systems. The paper then discusses why Windows well-known ease of use advantages make management of non Windows systems through Active Directory an attractive alternative. The remainder of the white paper provides a more technical discussion of UNIX management complexity and why incorporating a Windows Policy based management alternative provides organizations with a uniform use and management model for their computing environments. Finally, the paper describes how PowerBroker Identity Services Enterprise works to bring together Active Directory and UNIX management under Windows Group Policies. 3 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
4 Managing Group Policies Predominance of Windows Platform Microsoft Windows Server and Active Directory have come to dominate business computing. This has resulted in the need for non Windows devices and applications to interoperate with and even be managed within a Microsoft Windows Active Directory environment. Besides being one of (if not the) most widely deployed scalable directory solutions, Active Directory is also the widest deployed and most robust commercial implementation of Kerberos. Over the years, Microsoft has been successfully able to deliver a scalable computing solution from the server to the client, particularly because of the ease of use of its graphical user interface. Besides addressing the operating system, directory, and storage markets, Microsoft s enterprise class applications such as Exchange and SQL Server depend upon directory based authentication. In addition, many third party applications such as PeopleSoft and SAP incorporate AD authentication. Given the roadmap offered by Microsoft, this interconnection of the directory side and the application side will only increase. The following sections describe the advantages of Microsoft Windows marketplace success from a heterogeneous environment perspective. Group Policy Management Unlike the other directory vendors, Microsoft has delivered profile and desktop management on a large scale. Unlike vendors such as Novell or Sun Microsystems who only have partial solutions, Microsoft is able to automatically push policies through the domain from the server to the client. The enhanced group policy implementation in Windows Vista and Windows Server 2008 have allowed administrators to centrally manage a greater number of features and component behaviors than were possible in the previous versions. With the continuing consolidation of IT vendors, the enterprise computing landscape will be undoubtedly be geared more and more toward Windows platforms. Schema Extension Over the years, Microsoft has lessened its aggressive stance toward UNIX, starting with adding some interoperability in Microsoft Services for UNIX 3.0 (SFU 3.0), and extending that in SFU 3.5. Most recently, in Windows 2003 Server R2, Microsoft has incorporated most of the features of SFU 3.5, adding the ability to extend AD schema with UNIX compliant attributes in accordance with RFC This simplified the integration of cross platform identity management by eliminating the need to choose between the storing of UNIX object credentials in the existing classes (so called non schema mode) and the non supported extension of the AD schema. Now administrators can take advantage of RFC 2307 by using UNIX and Linux specific attributes that are built into the AD schema. 4 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
5 Ease of Use It is generally accepted that Windows management tools are easier to use that their UNIX and Linux counterparts. This is one of the major reasons that Microsoft has won the desktop client and server enterprise management battle. Administrators today very infrequently must be involved with the error prone manual editing of configuration files or rely on writing scripts and executing them from the command line. In fact, creating and pushing the enterprise policy across thousands of clients can be performed with few mouse clicks from one of the policy management plug ins for the Microsoft Management Console. Uniformity of Management The various vendors UNIX and Linux platforms are notoriously different from one another: they have different management tools and different desktop interfaces. Looking at a number of popular Linux distributions from Red Hat, SUSE, and Ubuntu, it becomes clear that Linux did not deliver the uniformity hoped for. Since it is clear that UNIX and Linux must inevitably interoperate with Windows, there is a heightened need for standardized authentication and management tools. Fortunately, Microsoft now offers such common ground: the combination of an Active Directory framework and Group Policy management. This is where UNIX administrators can take a lazy approach, since both the framework and the management tools have been already written, scaled, tested, and delivered to the enterprise. All it takes is to tap into this offered technology and use AD for uniform policy management. Policy Management Features Available through Active Directory Windows policy management allows administrators to automatically and intuitively enforce a large number of end node parameters across the domain in a hierarchical fashion. These parameters include security settings, wired and wireless settings, startup and shutdown scripts, software restrictions, QoS, IPSec, remote software installation settings, access restrictions to local hardware, and many more. Increased group policy settings appearing in Microsoft Vista and the upcoming Windows 7clearly indicates that this is the desktop management approach that Microsoft has chosen. All these policies are edited and enforced from the Microsoft Group Policy Management Console (GPMC), a comprehensive and intuitive suite of policy management tools available as a Microsoft Management Console (MMC) snap in. GPMC allows administrators to launch the Active Directory Users and Computers (ADUC) console to apply policy objects to the desired OU (Organizational Unit) level and launch Group Policy Object Editor (GPOE) to modify group policy settings within group policy objects. Overall, the above-described suite of tools allows administrators to easily create multiple group policies and enforce them at different OU levels. 5 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
6 Management Complexities in the UNIX Environment Interoperability between Windows and UNIX has always been a problem repeatedly addressed with limited success from both OSs. While porting applications across platforms is often impractical, cross platform authentication allows administrators to deliver UNIX applications (particularly Web based applications) to the Windows realm, providing a faster and more convenient solution. By the same token, allowing Windows users to authenticate and manage UNIX systems simplifies tracking identities, making the overall UNIX user experience more pleasant. Some attempts to have Windows and UNIX interoperate have met with moderate success. Microsoft Services for UNIX (most features of SFU have been incorporated into Windows Server 2003 R2 and Windows Server 2008) offers limited interoperability between AD and NIS, plus a password synchronization utility. Specifically, SFU offered a service that would synchronize UNIX UIDs/GIDs and Windows user and group identities (SID) bi-directionally in one to one and many to one mode. Additionally, SFU offered bidirectional Windows to UNIX and UNIX to Windows password synchronization that supports both local and domain account Windows password synchronization. However, these features did not support very many UNIX flavors while requiring a fair amount of manual configuration work to be implemented. Documents for UNIX and Linux platforms also offer limited interoperability at the cost of extensive manual labor associated with editing configuration files, sometimes on each participating host. This is a tedious and error prone procedure. Several how to documents of this kind have been maintained since the year 2000, particularly addressing authentication through pluggable authentication modules. Unfortunately, not all the UNIX and Linux flavors are supported and the implementation requires laborious manual configuration and extensive testing. An incorrect configuration can not only result in failed user authentication but also make the UNIX host less secure. There are similar documents for Samba, Apache, and SSH authentication. Additionally, the recommendations and implementations change from application to application, particularly in the versions of supported tools and the location and format of the configuration files. Frequently, the recommended modifications are not supported by either the UNIX or Linux vendors or Microsoft, which makes it difficult to implement these changes in a production environment. Therefore, should the particular platforms need to be supported, administrators need to have extensive knowledge of both platforms and rely on often untimely free technical advice from Internet forums. Supporting cross platform authentication in such a manner is stressful and counterproductive. 6 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
7 Cross platform Challenges The following sections describe the cross platform challenges administrators must face. Limitations of sudo sudo is used as an alternative to the extensive use of the root account for management purposes. sudo allows non privileged accounts to execute privileged commands. While a great idea, as typically implemented sudo has a number of drawbacks. Among these are the need to manually apply and maintain the sudoers file across all the managed systems, test each configuration change, and make modifications to each node when a new administrator joins or leaves the company. Limitations of NIS/NIS+ While NIS is still widely used for domain authentication, the technology has known security limitations (a client can retrieve the entire NIS password database for offline inspection), is not very scalable, and has inefficient replication processes. While NIS+ has fixed a number of NIS drawbacks, by being hierarchical, requiring server authentication, and allowing permissions on operations, NIS+ is difficult to administer, requires special backup procedures, and has limited scalability particularly with multiple domains and over 1,000 clients. In this regard, the scalability and robustness of Active Directory offers a far better alternative. Limitations of RBAC Role based access control (RBAC) is another approach at restricting system access to authorized users. RBAC is based on roles that are created for various job functions. The operations permissions are assigned to roles rather than users. Rights management is simplified by assigning a user to a particular role, simplifying operations. However, in large heterogeneous environments management of RBAC memberships becomes extremely complex as it lacks hierarchical creation of roles and privilege assignments. Additionally, not all the users have the same role on different systems, which further complicates the administration process. Kerberos Authentication Kerberos configuration requires running a daemon, synchronizing time between the server and the client via NTP, installation of the pam_krb5 module, and making applicable changes to the sample configuration files provided with the distribution. Administrators, therefore, have to rely on an extensive knowledge of both platforms and on the not always timely third party help from the Internet forums to get Kerberos implemented within a UNIX or Linux environment. Obviously, handling domain authentication in such a manner is time consuming and prone to error. 7 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
8 Limitations of File Permissions in UNIX In UNIX, a file has three classes of permissions: the owner, the group, and everyone. Each class has three levels of access rights: read, write, and execute. This offers far less flexibility than a Windows environment, where multiple local and domain based file permissions can be granted for users and groups. Linux Security Modules (LSM), which are included with the SELinux 2 security framework, offer more granular file access but at the cost of CPU overhead. Managing Policies Across Different Flavors of UNIX/Linux In heterogeneous environments, administrators have to enforce standard policy settings across multiple flavors of UNIX, each often using different desktop environments (GNOME, KDE, Sun Java Desktop System, etc). These desktop environments differ in the parameters that can be modified and in the format and location of the configuration files. Thus, when pushing policies, administrators have to manually filter the enforced settings on a per target platform basis requiring either polling the system OS or maintaining lists containing the systems and corresponding OSs. This is another timeconsuming and error prone process. 8 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
9 Advantages of Managing UNIX Policies with BeyondTrust PowerBroker Identity Services Enterprise is capable of solving all the above problems in a simple and intuitive fashion. The technology offers seamless integration of over a hundred different UNIX/Linux operating systems with Active Directory for both authentication and policy management needs. PowerBroker Identity Services Enterprise offers centralized management of identities, desktop environments (including 2500 plus Gnome policy parameters), credential caching for off line connection, OS based client policy filtering, NIS and user migration tools, as well as auditing and reporting functionality. With PowerBroker Identity Services Enterprise technology, administrators can easily deliver Kerberos based single sign on for such applications as telnet, FTP, SSH, rlogin, rsh, LDAP queries against AD, and Apache HTTP server. BeyondTrust simplifies account management by assigning each user a unique ID, which is provisioned and centrally managed through Active Directory. BeyondTrust s unique cell technology can map users to different UIDs and GIDs for different computers, eliminating the need for multiple local user accounts. The BeyondTrust extension to the Microsoft Active Directory User and Computers MMC snap in allows administrators to create an associated cell for an OU and then use the cell to manage UID GID numbers. This allows AD user to access non Windows node in selected BeyondTrust cells: 9 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
10 The above features let administrators integrate non Widows nodes into a Windows AD authentication and management framework with adequate policy management, user provisioning, and reporting tools. Complexities of Managing Policies in Mac OS X Environment Over the years, the Apple Macintosh computer has maintained a small but stable share of the computing environment. While being used primarily for audio, video, and graphics editing, the Macintosh offers extreme ease of use compared to Windows (not to mention UNIX) coupled with a plethora of high end graphics applications designed and compiled for the Macintosh platform. Apple s marketing effort is maintaining and somewhat expanding the OS X market share, which has now surpassed 8 percent. Part of this success can be attributed to the use of a stable UNIX kernel in OS X and more standard PC components, such as Intel microprocessors, PCI E slots, and DDR memory. This introduced Apple to a pool of hardware that is more reliable, less expensive, and comes in wider variety than the components in older RISC processor based Macintoshes. Unfortunately, from an enterprise computing perspective, Apple does not have robust enterprise management tools. There are a number of reasons for this. First, the Macintosh has never been a widespread enterprise class platform, so Apple never needed to address the issues of scalable directory service, terabytes of storage, or centralized computational facilities. Thus enterprise messaging and data management applications such as Microsoft Exchange, Lotus Notes, SQL Server, and so forth have never been ported to Apple s Macintosh servers. Even now few enterprise class products are available for the OS X platform. Secondly, the primary use of Macintoshes is in the graphics departments, a technologically and organizationally secluded group that requires sharing among Macintosh users only and interoperating with the rest of the IT infrastructure via sharing printers, storage, and Internet access. This situation certainly did not call for provisioning and identity solutions to the depth and scalability of its Windows counterparts. On the bright side, since Apple did not excel in enterprise management tools, others such as Microsoft, Novel, and Sun have created the infrastructure allowing Macintosh users to tap into a reliable framework of user and desktop provisioning. The Macintosh platform uses a recently added Workgroup Manager (WGM) to manage users, groups, shares (with access permissions), and client preferences. The application allows administrators to modify accounts (including users, groups, and computer lists), assign privileges, manage share points, and modify desktop preferences that define the user experience for clients bound to Apple s Open Directory domain. WGM requires an OS X Server as a centralized repository of user information. While being a big step for Macintosh management, the product pales in comparison with widely recognized enterprise user provisioning solutions. 10 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
11 BeyondTrust Solution for Mac Desktop Policy Management The BeyondTrust solution for managing Macintosh desktops allows administrators to store settings in Active Directory rather than on a Macintosh OS X Server. Besides decreasing the cost of the solution and offloading AD maintenance to Window administrators, Macintosh user settings are now stored in a more robust and scalable directory. Since storing third party data in Active Directory requires either irreversible schema changes (which may not be agreeable with Windows administrators) or using non standard fields (which is cumbersome); initially non Windows vendors were reluctant to store user credentials in AD. This is where BeyondTrust comes to the rescue. By taking advantage of RFC 2307, PowerBroker Identity Services Enterprise integrates user authentication with Active Directory (in the same way as Macintosh Active Directory Plug In allows Macs to authenticate to Macintosh OS X Open Directory) offering a mechanism that allows Workgroup Manager settings to be stored in Active Directory Group Policy Objects. PowerBroker Identity Services Enterprise contains a utility to join Macs to Active Directory, letting them participate in AD based user authentication and in group policy processing. From that point on, administrators can connect to Active Directory from the Workgroup Manager interface and store settings in the GPO. From the Windows side, administrators can use GPMC to store and manage Mac policy settings. 11 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
12 As a result, PowerBroker Identity Services Enterprise brings together the advantages of the Macintosh Workgroup Manager with the robustness and uniform policy management tools of Active Directory in a seamless and intuitive fashion. Summary PowerBroker Identity Services Enterprise allows for seamless enforcement of group policies from Windows Active Directory Group Policy Manager across UNIX, Linux, and Macintosh platforms. It does this with Windows GUI based policy management interfaces for authentication of non Windows users and applications against Microsoft Active Directory. Additionally, PowerBroker Identity Services Enterprise offers adequate reporting and troubleshooting tools. All the above, along with a very affordable per seat cost, make PowerBroker Identity Services Enterprise indispensible for heterogeneous enterprises that require tight user and policy management. Contact Information For more information about this report or if you have any questions, please contact: BeyondTrust Corporate Headquarters 2173 Salk Avenue Carlsbad, CA (tel) info@beyondtrust.com 12 Managing Group Policies for Non-Windows Computers through AD BeyondTrust Software, Inc.
White Paper. Managing Group Policies for Non Windows Computers through Microsoft Active Directory
89 Fifth Avenue, 7th Floor New York, NY 10003 www.theedison.com 212.367.7400 White Paper Managing Group Policies for Non Windows Computers through Microsoft Active Directory Printed in the United States
More informationUsing PowerBroker Identity Services to Comply with the PCI DSS Security Standard
White Paper Using PowerBroker Identity Services to Comply with the PCI DSS Security Standard Abstract This document describes how PowerBroker Identity Services Enterprise and Microsoft Active Directory
More informationIdentity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities
Identity and Access Management Integration with PowerBroker Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 4 BeyondTrust
More informationOpen Directory. Apple s standards-based directory and network authentication services architecture. Features
Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data
More informationLikewise Security Benefits
Likewise Enterprise Likewise Security Benefits AUTHOR: Manny Vellon Chief Technology Officer Likewise Software Abstract This document describes how Likewise improves the security of Linux and UNIX computers
More informationUsing Likewise Enterprise to Boost Compliance with Sarbanes-Oxley
Likewise Enterprise Using Likewise Enterprise to Boost Compliance with Sarbanes-Oxley IMPROVE SOX COMPLIANCE WITH CENTRALIZED ACCESS CONTROL AND AUTHENTICATION With Likewise Enterprise, you get one user,
More informationidentity management in Linux and UNIX environments
Whitepaper identity management in Linux and UNIX environments EXECUTIVE SUMMARY In today s IT environments everything is growing, especially the number of users, systems, services, applications, and virtual
More informationAuthentication in a Heterogeneous Environment
Authentication in a Heterogeneous Environment Integrating Linux (and UNIX and Mac) Identity Management in Microsoft Active Directory Mike Patnode VP of Technology Centrify Corporation mike.patnode@centrify.com
More informationWHITE PAPER. Take Back Control of Your Active Directory Auditing
WHITE PAPER Take Back Control of Your Active Directory Auditing Table of Contents An Intro to Active Directory 3 Needs for Auditing and Reporting in Today s Active Directory Environment 3 Up Time 3 Speed
More informationActive Directory and DirectControl
WHITE PAPER CENTRIFY CORP. Active Directory and DirectControl APRIL 2005 The Right Choice for Enterprise Identity Management and Infrastructure Consolidation ABSTRACT Microsoft s Active Directory is now
More informationWhat s New in Centrify Server Suite 2014
CENTRIFY SERVER SUITE 2014 WHAT S NEW What s New in Centrify Server Suite 2014 The new Centrify Server Suite 2014 introduces major new features that simplify risk management and make regulatory compliance
More information89 Fifth Avenue, 7th Floor New York, NY 10003 www.theedison.com 212.367.7400. White Paper. How to Avoid the High Cost of Security Audits
89 Fifth Avenue, 7th Floor New York, NY 10003 www.theedison.com 212.367.7400 White Paper How to Avoid the High Cost of Security Audits Printed in the United States of America. Copyright 2009 Edison Group,
More informationUsing SUSE Linux Enterprise Desktop with Microsoft * Active Directory Infrastructure
Technical White Paper DESKTOP www.novell.com Using SUSE Linux Enterprise Desktop with Microsoft * Active Directory Infrastructure * Using SUSE Linux Enterprise Desktop with Microsoft Active Directory Infrastructure
More informationFunctions of NOS Overview of NOS Characteristics Differences Between PC and a NOS Multiuser, Multitasking, and Multiprocessor Systems NOS Server
Functions of NOS Overview of NOS Characteristics Differences Between PC and a NOS Multiuser, Multitasking, and Multiprocessor Systems NOS Server Hardware Windows Windows NT 4.0 Linux Server Software and
More informationNetwork operating systems typically are used to run computers that act as servers. They provide the capabilities required for network operation.
NETWORK OPERATING SYSTEM Introduction Network operating systems typically are used to run computers that act as servers. They provide the capabilities required for network operation. Network operating
More informationOracle Desktop Virtualization
Oracle Desktop Virtualization Oracle Desktop Virtualization Portfolio Oracle Desktop Virtualization Portfolio Software. Hardware. Complete. Oracle Virtual Desktop Infrastructure VDI desktops to users on
More informationRed Hat Enterprise ipa
Red Hat Enterprise ipa Introduction Red Hat Enterprise IPA enables your organization to comply with regulations, reduce risk, and become more efficient. Simply and centrally manage your Linux/Unix users
More informationPowerBroker Identity Services. Group Policy Guide
PowerBroker Identity Services Group Policy Guide Revision/Update Information: May 2014 Corporate Headquarters 5090 N. 40th Street Phoenix, AZ 85018 Phone: 1 818-575-4000 COPYRIGHT NOTICE Copyright 2014
More informationChapter 1 - Web Server Management and Cluster Topology
Objectives At the end of this chapter, participants will be able to understand: Web server management options provided by Network Deployment Clustered Application Servers Cluster creation and management
More informationSecuring VMware Virtual Infrastructure with Centrify's Identity and Access Management Suite
WHITE PAPER CENTRIFY CORP. MARCH 2009 Securing VMware Virtual Infrastructure with Centrify's Identity and Access Management Suite Securing and auditing administrative access to the Virtual Infrastructure
More informationCentralized Management for UNIX, Linux, Mac and Java with Active Directory and DirectControl
WHITE PAPER CENTRIFY CORP. APRIL 2006 Centralized Management for UNIX, Linux, Mac and Java with Active Directory and DirectControl Centrify DirectControl delivers secure access control and centralized
More informationThis unit contains the following two lessons:
Unit 5 Networking Operating Systems Overview Description This unit contains two lessons. The first lesson describes the characteristics of the four major Internetworking Systems, including Windows NT Server,
More informationConnecting to Windows
Connecting to Windows The easiest way to get a non-windows operating system like Macintosh or UNIX/Linux to connect to a Windows computer is to make that non-windows system look like another Windows computer
More informationIntegration with Active Directory. Jeremy Allison Samba Team
Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory Unlike the earlier Microsoft Windows NT 4.x Domain directory service which used proprietary DCE/RPC calls,
More informationVirtualization Case Study
INDUSTRY Finance COMPANY PROFILE Major Financial Institution. BUSINESS SITUATION Internal security audits found that VMware ESX, Red Hat Linux, and Solaris systems lacked an efficient way to control access
More informationNetWrix USB Blocker. Version 3.6 Administrator Guide
NetWrix USB Blocker Version 3.6 Administrator Guide Table of Contents 1. Introduction...3 1.1. What is NetWrix USB Blocker?...3 1.2. Product Architecture...3 2. Licensing...4 3. Operation Guide...5 3.1.
More informationSamba in the Enterprise : Samba 3.0 and beyond
Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org jeremy.allison@hp.com Where we are now : Samba 2.2 The current Samba is a credible replacement for a Windows server providing
More informationCentrify Suite 2012 Express
Centrify Suite 2012 Express Administrator s Guide November 2011 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject to the terms
More informationWHY EXTENDING GROUP POLICY MAKES SENSE FOR YOUR WINDOWS ENTERPRISE
Specops Software presents: WHY EXTENDING GROUP POLICY MAKES SENSE FOR YOUR WINDOWS ENTERPRISE By Derek Melber, MCSE, MVP Why Extending Group Policy Makes Sense for Your Windows Enterprise... 3 Every Active
More informationCentrify Server Suite 2014
Centrify Server Suite 2014 Administrator s Guide for Linux and UNIX June 2014 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject
More informationCentralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac
Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment. Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac 2011 ENTERPRISE DEVICE
More informationWindows Security and Directory Services for UNIX using Centrify DirectControl
SOLUTION GUIDE CENTRIFY CORP. SEPTEMBER 2005 Windows Security and Directory Services for UNIX using Centrify DirectControl With Centrify, you can now fully leverage your investment in Active Directory
More informationCONFIGURING ACTIVE DIRECTORY IN LIFELINE
White Paper CONFIGURING ACTIVE DIRECTORY IN LIFELINE CONTENTS Introduction 1 Audience 1 Terminology 1 Test Environment 2 Joining a Lenovo network storage device to an AD domain 3 Importing Domain Users
More informationvisionapp Remote Desktop 2010 (vrd 2010)
visionapp Remote Desktop 2010 (vrd 2010) Convenient System Management P roduct Information www.vrd2010.com Inhalt 1 Introduction... 1 2 Overview of Administration Tools... 1 2.1 RDP Administration Tools...
More informationWhitepaper: Centeris Likewise Identity 3.0 Security Benefits
Whitepaper: Centeris Likewise Identity 3.0 Security Benefits Author: Manny Vellon VP, Product Development Centeris Corporation Abstract This document describes how Centeris Likewise Identity improves the
More informationUnit 10 : An Introduction to Linux OS
Unit 10 : An Introduction to Linux OS Linux is a true 32/64-bit operating system that run on different platforms. It is a multi-user, multi-tasking and time sharing operating system. Linux is a very stable
More informationIntegrated Approach to User Account Management
Mission Critical Enterprise Systems Symposium 2006 Integrated Approach to User Account Management Kesselman, Glenn and Smith, William Lockheed Martin Mission Services Quest Software Public Sector October
More informationReview from last time. CS 537 Lecture 3 OS Structure. OS structure. What you should learn from this lecture
Review from last time CS 537 Lecture 3 OS Structure What HW structures are used by the OS? What is a system call? Michael Swift Remzi Arpaci-Dussea, Michael Swift 1 Remzi Arpaci-Dussea, Michael Swift 2
More informationActive Directory and Linux Identity Management
Active Directory and Linux Identity Management Published by the Open Source Software Lab at Microsoft. December 2007. Special thanks to Chris Travers, Contributing Author to the Open Source Software Lab.
More informationGroup Policy 21/05/2013
Group Policy Group Policy is not a new technology for Active Directory, but it has grown and improved with every iteration of the operating system and service pack since it was first introduced in Windows
More informationBest Practices for Auditing Changes in Active Directory WHITE PAPER
Best Practices for Auditing Changes in Active Directory WHITE PAPER Table of Contents Executive Summary... 3 Needs for Auditing and Recovery in Active Directory... 4 Tracking of Changes... 4 Entitlement
More informationVMware Server 2.0 Essentials. Virtualization Deployment and Management
VMware Server 2.0 Essentials Virtualization Deployment and Management . This PDF is provided for personal use only. Unauthorized use, reproduction and/or distribution strictly prohibited. All rights reserved.
More informationPatch Management SoftwareTechnical Specs
Patch Management SoftwareTechnical Specs 1. Scalable: a. The PMS (Patch Management Software)must be scalable(can grow as network grows). b. The PMSmust be able to support more than 10k nodes from a single
More informationNetWrix USB Blocker Version 3.6 Quick Start Guide
NetWrix USB Blocker Version 3.6 Quick Start Guide Table of Contents 1. Introduction...3 1.1. What is NetWrix USB Blocker?...3 1.2. Product Architecture...3 2. Licensing...4 3. Getting Started...5 3.1.
More informationThe Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway
The Essentials Series: Enterprise Identity and Access Management Authentication sponsored by by Richard Siddaway Authentication...1 Issues in Authentication...1 Passwords The Weakest Link?...2 Privileged
More informationAn Analysis of Propalms TSE and Microsoft Remote Desktop Services
An Analysis of TSE and Remote Desktop Services JULY 2010 This document illustrates how TSE can extend your Remote Desktop Services environment providing you with the simplified and consolidated management
More informationStellar Active Directory Manager
Stellar Active Directory Manager What is the need of Active Directory Manager? Every organization uses Active Directory Services (ADMS) to manage the users working in the organization. This task is mostly
More informationCentrify-Enabled Samba
CENTRIFY CORP. Centrify-Enabled Samba DECEMBER 2009 The easy-to-manage enterprise solution for Active Directory-enabled Samba file sharing ABSTRACT Samba is one of the most popular open source technologies
More informationGetting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.
Preface p. ix Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p. 6 Common Linux Features p. 8 Primary Advantages
More informationSymantec Client Management Suite 8.0
IT Flexibility. User Freedom. Data Sheet: Endpoint Management Overview of Symantec Client Management Suite Symantec Client Management Suite automates time-consuming and redundant tasks for deploying, managing,
More informationCentrify Server Suite Management Tools
SERVER SUITE TECHNICAL BRIEF Centrify Server Suite Management Tools Centrify Server Suite includes - at no extra charge - a powerful set of management tools in all editions: Centrify Identity Risk Assessor
More informationautomates system administration for homogeneous and heterogeneous networks
IT SERVICES SOLUTIONS SOFTWARE IT Services CONSULTING Operational Concepts Security Solutions Linux Cluster Computing automates system administration for homogeneous and heterogeneous networks System Management
More informationUsing Centrify s DirectControl with Mac OS X
WHITE PAPER CENTRIFY CORP. OCTOBER 2008 Using Centrify s DirectControl with Mac OS X Centralized, Active Directory-based authentication, access control and policy enforcement for Mac OS X systems in Windows
More informationMac OS X and Directory Services Integration
Mac OS X and Directory Services Integration Neha Setia 1 and Tarun Dalal 2 1 M.Tech Scholor, CBS Group of Institutions, CSE Department, MDU Rohtak, India setia_neha@yahoo.co.in 2 Assistant Professor, CBS
More informationEnterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)...
CONTENTS Enterprise Solution for Remote Desktop Services... 2 System Administration... 3 Server Management... 4 Server Management (Continued)... 5 Application Management... 6 Application Management (Continued)...
More informationPROPALMS TSE 6.0 March 2008
PROPALMS March 2008 An Analysis of and Terminal Services: Contents System Administration... 2 Server Management... 3 Application Management... 5 Security... 7 End User Experience... 8 Monitoring and Reporting...
More informationManage, Extend, and Simplify Group Policy using Quest Group Policy Solutions
Manage, Extend, and Simplify Group Policy using Quest Group Policy Solutions Technical Brief written by Darren Mar-Elia Chief Technology Officer Windows Management Quest Software, Inc. Copyright Quest
More informationEnterprise Remote Support Network
Enterprise Remote Support Network Table of Contents I. Introduction - Executive Summary...1 Managing Remote Support in a Secure Environment...1 The Challenge...2 The Solution...2 II. SecureLink Enterprise
More informationChapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:
Chapter 10 Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Implement and troubleshoot Group Policy. Create a Group Policy object (GPO). Link an existing GPO. Delegate administrative
More information4.1 Introduction 4.2 Explain the purpose of an operating system 4.2.1 Describe characteristics of modern operating systems Control Hardware Access
4.1 Introduction The operating system (OS) controls almost all functions on a computer. In this lecture, you will learn about the components, functions, and terminology related to the Windows 2000, Windows
More informationUtilizing Solaris 10 Security Features. Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005
Utilizing Solaris 10 Security Features Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005 Solaris 10 Security Features Outline Solaris Development Least Privilege RBAC Service
More informationLowering Storage TCO with Iomega NAS
Brief ing March 2002 Version 3 s Lowering Storage TCO with Iomega NAS Summary Today s organizations no longer think of storage as a device. Instead, it is an architecture constructed with storage technologies
More informationDiscovering Computers
Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet Chapter 9 Operating Systems Objectives Overview Define an operating system Describe the start-up process and shutdown
More informationSmall Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent
T R A I N I N G C O U R S E S T H E # 1 L I N U X A N D O P E N S O U R C E P R O V I D E R I N S A U D I A R A B I A Introd uction to Linux Administra tion Adva nce Linux Ad ministrati on Linux Identity
More informationIPA Identity, Policy, Audit Karl Wirth, Red Hat Kevin Unthank, Red Hat
IPA Identity, Policy, Audit Karl Wirth, Red Hat Kevin Unthank, Red Hat What is IPA? A) India Pale Ale B) Identity, Policy, and Audit C) An open source project D) A Red Hat solution offering E) All of the
More informationSECURELINK.COM ENTERPRISE REMOTE SUPPORT NETWORK
ENTERPRISE REMOTE SUPPORT NETWORK I. INTRODUCTION EXECUTIVE SUMMARY MANAGING REMOTE SUPPORT IN A SECURE ENVIRONMENT Enterprise computing environments often include dozens, even hundreds of different software
More informationDeploying Ubuntu Server Edition. Training Course Overview. (Ubuntu 10.04 LTS)
Deploying Ubuntu Server Edition Training Course Overview (Ubuntu 10.04 LTS) 1. Deploying Ubuntu Server Edition Course Overview About the Course and Objectives This advanced 40-hour course will provide
More informationIBM Tivoli Endpoint Manager for Lifecycle Management
IBM Endpoint Manager for Lifecycle Management A single-agent, single-console approach for endpoint management across the enterprise Highlights Manage hundreds of thousands of endpoints regardless of location,
More informationFall 2009. Lecture 1. Operating Systems: Configuration & Use CIS345. Introduction to Operating Systems. Mostafa Z. Ali. mzali@just.edu.
Fall 2009 Lecture 1 Operating Systems: Configuration & Use CIS345 Introduction to Operating Systems Mostafa Z. Ali mzali@just.edu.jo 1-1 Chapter 1 Introduction to Operating Systems An Overview of Microcomputers
More information7 Tips for Achieving Active Directory Compliance. By Darren Mar-Elia
7 Tips for Achieving Active Directory Compliance By Darren Mar-Elia Contents 7 Tips for Achieving Active Directory Compliance...2 Introduction...2 The Ups and Downs of Native AD Auditing...2 The Ups!...3
More informationLifeSize Control Installation Guide
LifeSize Control Installation Guide April 2005 Part Number 132-00001-001, Version 1.0 Copyright Notice Copyright 2005 LifeSize Communications. All rights reserved. LifeSize Communications has made every
More informationRed Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment
Red Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment WHAT IS IT? Red Hat Network (RHN) Satellite server is an easy-to-use, advanced systems management platform
More informationKaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE
Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE A P P L I C A T I O N V E R S I O N : 8. 0 Dear User! Thank you for choosing our product. We hope that this documentation will help you in your
More informationRed Hat Satellite Management and automation of your Red Hat Enterprise Linux environment
Red Hat Satellite Management and automation of your Red Hat Enterprise Linux environment WHAT IS IT? Red Hat Satellite server is an easy-to-use, advanced systems management platform for your Linux infrastructure.
More informationCentralized Identity and Access Management of Cross-Platform Systems and Applications with Active Directory and the Centrify Suite
WHITE PAPER CENTRIFY CORP. OCTOBER 2008 Centralized Identity and Access Management of Cross-Platform Systems and Applications with Active Directory and the Centrify Suite The Centrify Suite is an integrated
More informationA+ Guide to Managing and Maintaining Your PC, 7e. Chapter 2 Introducing Operating Systems
A+ Guide to Managing and Maintaining Your PC, 7e Chapter 2 Introducing Operating Systems Objectives Learn about the various operating systems and the differences between them Learn about the components
More informationWhat s New in Centrify Server Suite 2015
C E N T R I F Y S E R V E R S U I T E 2 0 1 5 W H A T S N E W What s New in Centrify Server Suite 2015 Centrify Server Suite Standard Edition Hadoop support Big Data adoption by industry is around 25%
More informationHow To Configure Vnx 7.1.1 (Vnx) On A Windows-Only Computer (Windows) With A Windows 2.5 (Windows 2.2) (Windows 3.5) (Vnet) (Win
EMC é VNX dm Series Release 7.1 Configuring VNX dm User Mapping P/N 300-013-811 Rev 01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Copyright â 2009-2012
More informationWhy Free Patch Management Tools Could Cost You More
Why Free Patch Management Tools Could Cost You More Selecting the right solution can save your organization time and money By KACE & Lumension Table of Contents 1.0 Introduction... 3 2.0 Point Patching
More informationMicrosoft Windows Server 2003 and Tecplot Software
Microsoft Windows Server 2003 Customer Solution Case Study Visualization Software Company Extends Windows-based Security Model and Management Tools to Linux Systems Overview Country or Region: United States
More informationChapter 9 Understanding Complex Networks
Chapter 9 Understanding Complex Networks Objectives Explain how to implement a multivendor network environment Discuss the differences between centralized and client/server computing Define the client/server
More informationEnabling Active Directory Authentication with ESX Server 1
1 Enabling Active Directory Authentication with ESX Server 1 This document provides information about how to configure ESX Server to use Active Directory for authentication. ESX Server system includes
More informationKASPERSKY LAB. Kaspersky Administration Kit version 6.0. Administrator s manual
KASPERSKY LAB Kaspersky Administration Kit version 6.0 Administrator s manual KASPERSKY ADMINISTRATION KIT VERSION 6.0 Administrator s manual Kaspersky Lab Visit our website: http://www.kaspersky.com/
More informationHow the Quest One Identity Solution Products Enhance Each Other
Better Together How the Quest One Identity Solution Products Enhance Each Other Written by Quest Software, Inc. Business Brief 2009 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary
More informationActive Directory Integration
SwiftStack Gateway Active Directory Integration Summary There are two main ways of integrating the SwiftStack Gateway with Microsoft Active Directory authentication: RID, using winbind LDAP For most implementations
More informationIntegrating UNIX and Linux with Active Directory. John H Terpstra
Integrating UNIX and Linux with Active Directory John H Terpstra CTO, PrimaStasys Inc. jht@primastasys.com Slide 1 Agenda Definition of the Integration Problem Technical Background Review of Solution Choices
More informationInstalling Management Applications on VNX for File
EMC VNX Series Release 8.1 Installing Management Applications on VNX for File P/N 300-015-111 Rev 01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Copyright
More informationCDAT Overview. Remote Managing and Monitoring of SESM Applications. Remote Managing CHAPTER
CHAPTER 1 The Cisco Distributed Administration Tool (CDAT) provides a set of web-based facilities that allow the service-provider administrator to perform two different sets of tasks: Remote managing and
More informationNETWORK ATTACHED STORAGE DIFFERENT FROM TRADITIONAL FILE SERVERS & IMPLEMENTATION OF WINDOWS BASED NAS
INTERNATIONAL International Journal of Computer JOURNAL Engineering OF COMPUTER and Technology (IJCET), ENGINEERING ISSN 0976-6367(Print), ISSN 0976 & 6375(Online) TECHNOLOGY Volume 4, Issue (IJCET) 3,
More informationINTRODUCTION ADVANTAGES OF RUNNING ORACLE 11G ON WINDOWS. Edward Whalen, Performance Tuning Corporation
ADVANTAGES OF RUNNING ORACLE11G ON MICROSOFT WINDOWS SERVER X64 Edward Whalen, Performance Tuning Corporation INTRODUCTION Microsoft Windows has long been an ideal platform for the Oracle database server.
More informationRed Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments. Dragos Manac 01.10.2008
Red Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments Dragos Manac 01.10.2008 Agenda The Need for Identity & Access Management Enterprise IPA Overview Pricing Questions to
More informationThe Challenges of Managing Privileged Access on Windows Desktops and Servers
White Paper The Challenges of Managing Privileged Access on Windows Desktops and Servers ` By Darren Mar-Elia Microsoft Group Policy MVP & founder of gpoguy.com and sdmsoftware.com February 2011 www.beyondtrust.com
More informationPowerBroker for Windows
PowerBroker for Windows Desktop and Server Use Cases February 2014 1 Table of Contents Introduction... 4 Least-Privilege Objectives... 4 Least-Privilege Implementations... 5 Sample Regulatory Requirements...
More informationDirectory-enabled Lights-Out Management
Directory-enabled Lights-Out Management white paper Abstract... 2 Remote management products... 2 Business needs... 3 Customer environment... 3 Benefits... 3 Directory architecture... 4 Overview... 4 Objects...
More informationProduct Life Cycle Management
Engineering Change Control Systems (atecc) Product Life Cycle Management Enterprise information boundaries are disappearing as corporations open their networks to allow external access by manufacturing
More informationMaximize the Productivity of Your Help Desk With Proxy Networks Remote Support Software
FAST, RELIABLE, & JUST WORKS! White Paper Maximize the Productivity of Your Help Desk With Proxy Networks Remote Support Software Proxy Networks, Inc. 877-PROXY-US or 617-453-2700 www.proxynetworks.com
More informationKaseya IT Automation Framework
Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation
More informationHow to monitor AD security with MOM
How to monitor AD security with MOM A article about monitor Active Directory security with Microsoft Operations Manager 2005 Anders Bengtsson, MCSE http://www.momresources.org November 2006 (1) Table of
More informationFile Services. File Services at a Glance
File Services High-performance workgroup and Internet file sharing for Mac, Windows, and Linux clients. Features Native file services for Mac, Windows, and Linux clients Comprehensive file services using
More information