Quest InTrust for Active Directory. Product Overview Version 2.5



Similar documents
Implementing Database Development Best Practices for Oracle

Gain Control of Space with Quest Capacity Manager for SQL Server. written by Thomas LaRock

4.0. Offline Folder Wizard. User Guide

8.3. Competitive Comparison vs. Microsoft ADMT 3.1

Defender Delegated Administration. User Guide

2.0. Quick Start Guide

formerly Help Desk Authority Quest Free Network Tools User Manual

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

Overcoming Active Directory Audit Log Limitations. Written by Randy Franklin Smith President Monterey Technology Group, Inc.

Legal Considerations for Archiving Why implementing an effective archiving solution can help reduce legal risk

Big Brother Professional Edition Windows Client Getting Started Guide. Version 4.60

Pragmatic Business Service Management

Quest ChangeAuditor 4.8

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Manage, Extend, and Simplify Group Policy using Quest Group Policy Solutions

10.6. Auditing and Monitoring Quest ActiveRoles Server

Storage Capacity Management for Oracle Databases Technical Brief

Dell InTrust 11.0 Best Practices Report Pack

Quest Management Pack for AS400. Written by Quest Software, Inc.

FOR WINDOWS FILE SERVERS

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Quick Connect Express for Active Directory

formerly Help Desk Authority HDAccess Administrator Guide

Quest Privilege Manager Console Installation and Configuration Guide

How To Send E Mail From An Exchange 2007 To A Domain Name Address Book On A Domain Address Book (For A Domain) On A Pc Or Mac Xp (For An Ipod) On An Ipo (For Windows 2007) On Your Ip

Spotlight Management Pack for SCOM

10.2. Auditing Cisco PIX Firewall with Quest InTrust

Copyright Quest Software, Inc All rights reserved. DISCLAIMER TRADEMARKS

Quest Collaboration Services How it Works Guide

Defender 5.7. Remote Access User Guide

White Paper. Better Together: Auditing with Microsoft Audit Collection Services (ACS) and Quest Software

Spotlight on Messaging. Evaluator s Guide

Dell InTrust Preparing for Auditing CheckPoint Firewall

Adaptive Management to Achieve Java Application Service Levels

ChangeAuditor 5.7. What s New

Technical Brief. Unify Your Backup and Recovery Strategy with LiteSpeed for SQL Server and LiteSpeed Engine for Oracle

DATA GOVERNANCE EDITION

Web Portal Installation Guide 5.0

Quest vworkspace Virtual Desktop Extensions for Linux

formerly Help Desk Authority Upgrade Guide

Quest Collaboration Services 3.5. How it Works Guide

Top 10 Most Popular Reports in Enterprise Reporter

10 Simple Steps for Boosting Database Performance in a Virtualized Environment

Microsoft Active Directory Backup and Recovery in Windows Server written by Shawn Barker Product Manager, Quest Software, Inc.

Enterprise Single Sign-On 8.0.3

Quest ChangeAuditor 5.1. For Windows File Servers. Events Reference

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Dell InTrust Preparing for Auditing Microsoft SQL Server

Foglight Experience Monitor and Foglight Experience Viewer

4.0. Attribute Mapping Rules

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

Quest Software Product Guide

Go beyond basic up/down monitoring

8.7. Resource Kit User Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Enterprise Single Sign-On Installation and Configuration Guide

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

6.7. Administrator Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

6.7. Quick Start Guide

Enterprise Reporter Report Library

Quest Management Agent for Forefront Identity Manager

Foglight. Dashboard Support Guide

Foglight. Managing Hyper-V Systems User and Reference Guide

How To Protect Your Active Directory (Ad) From A Security Breach

Filling the Gap in Exchange Auditing. Written by Randy Franklin Smith Monterey Technology Group, Inc.

Object Level Authentication

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Spotlight Management Pack for SCOM

Dell One Identity Quick Connect for Cloud Services 3.6.1

8.7. Target Exchange 2010 Environment Preparation

Logging and Alerting for the Cloud

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Best Practices for an Active Directory Migration

ActiveRoles 6.8. Web Interface User Guide

formerly Help Desk Authority HDAccess User Manual

Built-in Plug-ins User s Guide

Dell InTrust Auditing and Monitoring Microsoft Windows

Getting the Most From. Your Help Desk

Introduction to Version Control in

Dell Statistica Statistica Enterprise Installation Instructions

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

5.5. Change Management for PeopleSoft

System Requirements and Platform Support Guide

Transcription:

Quest InTrust for Active Directory Product Overview Version 2.5

Copyright Quest Software, Inc. 2006. All rights reserved. This guide contains proprietary information, which is protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of Quest Software, Inc. WARRANTY The information contained in this document is subject to change without notice. Quest Software makes no warranty of any kind with respect to this information. QUEST SOFTWARE SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTY OF THE MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Quest Software shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this information. TRADEMARKS All trademarks and registered trademarks used in this guide are property of their respective owners. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 www.quest.com e-mail: info@quest.com U.S. and Canada: 949.754.8000 Please refer to our Web site for regional and international office information. Quest InTrust for Active Directory Updated April 26, 2006 Software version 2.5

CONTENTS ABOUT QUEST SOFTWARE, INC....3 CONTACTING QUEST SOFTWARE... 3 CONTACTING CUSTOMER SUPPORT... 3 BUSINESS PROBLEM STATEMENT...5 SOLUTION: QUEST INTRUST FOR ACTIVE DIRECTORY...6 HOW IT WORKS...7 KEY FEATURES... 7 Tracking Changes to Active Directory Objects and GPOs... 7 Centralized Reporting on Change Information... 8 Notification upon Active Directory and GPO Changes... 8 Protection of Critical Active Directory Objects and GPOs... 9 CONCLUSION...10 i

ABOUT QUEST SOFTWARE, INC. Quest Software, Inc. delivers innovative products that help organizations get more performance and productivity from their applications, databases and Windows infrastructure. Through a deep expertise in IT operations and a continued focus on what works best, Quest helps more than 18,000 customers worldwide meet higher expectations for enterprise IT. Quest s Windows Management solutions simplify, automate and secure Active Directory, Exchange and Windows, as well as integrate Unix and Linux into the managed environment. Quest Software can be found in offices around the globe and at www.quest.com. Contacting Quest Software Phone: Email: Mail: Web site 949.754.8000 (United States and Canada) info@quest.com Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com Please refer to our Web site for regional and international office information. Contacting Customer Support Quest Software s world-class support team is dedicated to ensuring successful product installation and use for all Quest Software solutions. SupportLink Email at www.quest.com/support support@quest.com. You can use SupportLink to do the following: Create, update, or view support requests Search the knowledge base Access FAQs Download patches 3

4

BUSINESS PROBLEM STATEMENT Active Directory administration is one of the most important IT infrastructure servicing tasks for enterprises. Active Directory administrators must find out the best ways to protect Active Directory from accidental and unwanted changes. Accidental deletions, poorly planned changes and careless modifications of crucial objects cause stoppages, security breaches, and process breakdowns. This impacts business-critical applications. 5

Quest InTrust for Active Directory SOLUTION: QUEST INTRUST FOR ACTIVE DIRECTORY Quest InTrust for Active Directory helps watch and prevent undesirable changes. In particular, the solution does the following: Tracks all changes to Active Directory and Group Policy Provides for real-time alerting and notification whenever a change is caught Allows you to protect critical Active Directory objects and GPOs Offers centralized, automated reporting on changes and change attempts discovered The following figure shows the most important tasks that InTrust for Active Directory helps achieve and the components that take part in these tasks. object protection auditing reporting reports Active Directory InTrust for Active Directory InTrust for Active Directory log InTrust Server real-time monitoring alerts 6

Product Overview HOW IT WORKS Quest InTrust for Active Directory installs a Windows service that runs on the domain controller. The service inspects all change requests that are made to Active Directory, regardless of where they come from Windows Active Directory management tools, user-developed scripts, or 3rd party applications. InTrust for Active Directory logs the details behind each Active Directory and Group Policy change to the InTrust for Active Directory event log. In addition, InTrust for Active Directory protects objects that you specify. Protection prevents such actions on Active Directory and Group Policy objects as deletion, creation and modification. Key Features Tracking Changes to Active Directory Objects and GPOs InTrust for Active Directory keeps a close watch on changes to all critical areas of Active Directory, including service accounts, administrative groups, and Organizational Units. Also, it registers changes to Group Policy objects and to individual Group Policy settings, ensuring you know when changes that could affect thousands of users are made. InTrust for Active Directory tracks such occurrences as new object creation, changes to existing objects, object moves and deletions. It provides the administrators with detailed information on: What object was changed When and how it was changed (for example, user account was added to or deleted from the administrative group) Who initiated the change Object information before and after the change These changes are tracked on all domain controllers where the changes occur For example, a particular benefit of InTrust for Active Directory auditing is being able to track user rights assignment. Built-in auditing of user rights changes is not comprehensive, and Security logs must be gathered from all domain computers to get the most out of them. InTrust for Active Directory lets you track all information about user rights changes and get all that information from the domain controller. 7

Quest InTrust for Active Directory Centralized Reporting on Change Information InTrust for Active Directory offers a streamlined, automated workflow for collection and reporting on all changes and change attempts discovered. This workflow includes: Periodic collection of all events logged by InTrust for Active Directory into the specified repository Import of the necessary data to the database Generation of ready-to-use reports Clean-up of unnecessary information This functionality is based on the two-tier data storage model which involves repositories for centralized, long-term data storage, and databases for data analysis and reporting. You can set up central or local reporting, and build up a data gathering and report generation workflow which best fits your organization's requirements. Reporting presents events in an ordered form without unnecessary information, and groups events logically. Reports make sense of data and concentrate on activity that you are interested in. They spare you the effort of browsing raw event data. Some good uses for reports are creating change statistics, detection of abnormal numbers of changes (compared to what was registered previously) or investigation of policy violations. Notification upon Active Directory and GPO Changes With alerting and notification capabilities, you can keep an eye on changes and attempts to modify Active Directory and Group Policy objects in real time. The real-time monitoring engine tracks the InTrust for Active Directory log. As soon as a change or a change attempt is discovered, a corresponding alert is issued, and the responsible personnel get a notification message. Authorized users can work with alerts using web-based Monitoring Console. In addition to Active Directory and Group Policy object changes, you can watch InTrust for Active Directory availability and operation. You can benefit from real-time notification about certain types of changes or even change attempts. For example, you may want to get notified as soon as someone makes a change to the membership of an administrative group. 8

Product Overview Protection of Critical Active Directory Objects and GPOs InTrust for Active Directory makes sure that the most sensitive objects and attributes in Active Directory stay safe from inadvertent or undesirable changes. You can specify objects that cannot be changed under any circumstances by any personnel. Protection can be turned on for any Active Directory or Group Policy object that you consider critical. Examples of such objects are Organizational Units, Group Policy objects and service accounts. 9

Quest InTrust for Active Directory CONCLUSION Quest InTrust for Active Directory offers an efficient solution for controlling changes to the most critical parts of the Windows environment Active Directory and Group Policy. The solution's scope includes the following: Tracking Reporting Notifying Protecting Therefore, InTrust for Active Directory can help strengthen Active Directory integrity, reduce the possibility of breakdowns and security breaches caused by inappropriate modifications of critical objects. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information