Infrastructure security Active Directory and beyond.

Quest solutions & Financial industry. Financial organizations of all sizes use Quest solutions in their security and compliance strategies. 2

Advantages of Active Directory. AD is already there. AD is scalable. AD is reliable. AD is an extensible technology platform. AD already controls the access to a lot of resources. AD is used by all corporate users already. AD is already there. 3

ActiveRoles Server 4

ActiveRoles quick facts. Globally ActiveRoles is used to provision, manage and secure more than 25 million user accounts Deployments range in size from 500 to 800K+ users Product has been in existence since 2003 Features: Deep dive Active Directory Management Role based security Exchange Provisioning & Management Home folder provisioning IM & Mobile device provisioning Self-Service & Attestation Time based access assignments Integration with complimentary Quest AD management tools ADSI, PowerShell and Web services extensibility 5

Role Based Granular Delegation AD Architect Sr. Administrator Exchange Admins OU Admins / Help Desk End user Self-Service Application / Data Owners Day-to-Day Admin Create OUs Create Objects Join Computers Mailbox Admin Create/Remove Mailboxes Move Mailbox Update Addresses Service Desk Create Users/Groups Create Groups Reset Pwrds, Unlock Accounts Self-Service Update personal Information Request Access Update Phone # App/Data Owners Access Management Assign Assistants Attestation AD / AD LDS Computers Domain Controllers APAC EMEA North America New York Mexico City Cross-platform Applications Databases Directories Platforms Job Function Roles Access 6

Rule Based Data Integrity Business Rule Examples Generate Display Name Description cannot be left blank Phone number must contain 1- ### - ### - #### E-mail address = first letter of first name + last name@quest.com http://www.quest.com/people/ 7

AutoProvison Policies for AD & Beyond Location, Unique Logon Generation, Strong Password Generation, Remote Access Location, NTFS permissions, Share permissions Controlled Store Selection, Alias Generation Access Control / Email Distribution Lists Cross Platform for non AD Integrated Linux/Unix/Java Enabled Create Configure Centralized Provisioning Manual Other Identity Manager Managers, HR and Support Inform Affordable / Efficient / Error Free Completed in Minutes 8

AutoDeprovision Policies for AD & Beyond Disable Account, Set/Clear Attributes, Move to Recycle Bin and Schedule for Deletion in 60-90 Revoke Access, assign permissions to Managers/Admins Assign Self, Hide from GAL, permissions for Mgr/Admins Remove and Record Security and Distribution Group Memberships Initiate Cross Platform Deprovisioning Linux/Unix/Java Disable Lockdown Configure Deprovision ADLDS Manual Other Identity Manager Managers, HR and Support Inform Affordable / Efficient / Error Free Completed in Minutes 9

Workflow Policies Initiators Approval & Activities Configuration Users Multi-Level Approval Object Owners Managers Specific User Specific Group Graphical Workflow Designer Applications or Scripts PowerShell Extensibility Email Approve/Reject Email Notifications Web Based Approval Management Branching / Stopping Audit & Visibility Provides segregation of duties and tracking of request and responses to help with security and compliance 10

Authentication Services 11

InTrust + for AD: Audit and Protection 12

Defender: 2-Factor Authentication Full RADIUS Authentication Server AD-Integrated Token Agnostic 13

Recovery Manager for AD + Forest Edition 14

K.I.S.S. 15