NetIQ Corp.s Security Administration Suite 5.0 capably manages user privileges in Windows environments.
Click here to read the full review of Security Administration Suite 5.0.
2
NetIQ Corp.s Security Administration Suite 5.0 capably manages user privileges in Windows environments.
The suite combines three products: NetIQs GPA (Group Policy Administrator), DRA (Directory and Resource Administrator) and DSA (Directory Security Administrator). Version 5.0 started shipping last month and costs $24 per user, regardless of the number of accounts associated with that user. This pricing is comparable to rival Quest Software Inc.s price scheme for Quest Management Suite for Windows.
In eWEEK Labs tests, Security Administration Suite made short work of integrating information from a number of Active Directory forests and the domains within those forests. To simulate an actual IT environment, we created numerous accounts with only passing regard to Windows security assignments. It was a minor miracle that Security Administration Suite put things in order so quickly.
The suites DRA component is tightly coupled with Windows SAM (Security Account Manager), so we could use DRA to manage all privileged accounts in our Active Directory environment. DRA also made it simple for us to delegate functions such as account resets, and we could modify Microsoft Corp. Exchange mailbox rights via DRAs Exchange Administrator subset.
NetIQ has cleaned up the DRAs user interface compared with previous versions, but it was still too easy to open a jumble of administration screens. This sometimes made it hard to figure out exactly where we were in the account management process.
For the most part, however, DRA satisfactorily presented account and resource information in both screens and reports.
Big Change in GPA
The suites revamped GPA utility makes it easier to create, modify and deploy group policies than with earlier versions of the product, or even Microsofts built-in tools. We used GPA to create policy objects that prevented users from changing their Windows 2000 Professional desktops.
Unlike Microsofts native Windows administration tools, NetIQs GPA allowed us to create policies offline. Rather than making changes directly to Active Directory, GPA let us experiment with changes and allowed time for others to review our work before rolling out changes.
Every NetIQ Security Administration Suite component has a penchant for opening up myriad windows to present management information. However, we found the Domain Policies, Domain Controllers and the handy NetIQ Recycle Bin with relative ease.
The NetIQ Recycle Bin is a storage location for old policies and Active Directory objects that arent needed but that might be useful in the future. During tests, we returned to the NetIQ Recycle Bin more than once to recover policies. However, we found NetIQs Group Policy Repository server was a better place to store policies to reuse later.
Senior Analyst Cameron Sturdevant can be contacted at cameron_sturdevant@ziffdavis.com.
/zimages/3/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif