Reaching Outside Active Directory

Review: FullArmor PolicyPortal provides policy version control and client status information that one just can't find with Group Policy alone.

FullArmor PolicyPortal extends the management and security goodness of Microsoft Group Policy to remote workstations, kiosks or other Windows-based systems that are not members of a Microsoft Active Directory.

And with a nice Web-based management console, PolicyPortal provides policy version control and client status information that one just cant find with Group Policy alone.

/zimages/6/28571.gifClick here to read a review of Winternals Softwares Protection Manager 1.0.

PolicyPortal, which started shipping last December, costs $1 per month for each managed computer, plus a one-time setup fee of $1,500 for each PolicyPortal administrator.

PolicyPortal consists of a central management Web portal that is hosted by FullArmor and a client agent that needs to be installed on all managed workstations.

The client agent, which can be installed on Windows 2000-, Windows XP- and Windows Server 2003-based computers, periodically checks in with the central portal to pull down the latest assigned policy and apply settings to each machines Local Computer Group Policy Object.

From the well-designed Web-based console, we organized our managed clients into groups, and to these groups we could then apply policy. PolicyPortal allowed us to maintain a large stable of policies that we could easily deploy to groups with a few clicks.

We were disappointed that we could apply only one policy at a time to each group, however, we would prefer to organize policies into smaller, grouped batches, but the Local Group Policy Object does not allow this.

The PolicyPortal console interface includes a full Group Policy editor, with which we could build policy configurations, or we could instead import existing policy templates built with FullArmors GPAnywhere product.

We especially liked PolicyPortals versioning feature, which automatically retains prior versions of existing policies, allowing us to easily roll back to an earlier build if we encountered problems.

We simply needed to identify which revision we wished to publish, and the settings automatically propagated to members of the group the next time each client checked in with the Portal.

/zimages/6/28571.gifClick here to a review of DesktopStandards PolicyMaker Application Security 2.5.

The PolicyPortal summary screen provided high-level information about our managed systems, offering at-a-glance insight into our clients current update status. This allowed us to quickly identify systems that had not downloaded and installed the most current policy settings.

The PolicyPortal management interface makes heavy use of ActiveX controls, so management via browsers other than Internet Explorer is out of the question. To make sure the interface worked optimally, we also needed to add to our list of Trusted Sites in IE.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.