SecurityUpdate Extra
The following is an advertorial sponsored by ScriptLogic.
December 16, 2008
IT Staff Uses Active Administrator to Protect and Serve Data in Active Directory The San Diego County Sheriff's Department is the chief law enforcement agency in the County of San Diego, Calif. The department is comprised of approximately 4,000 sworn officers and professional support staff. The department enforces law and administers eight jail facilities in San Diego County spanning 4,200 square miles. In addition, the department provides specialized regional services throughout the County, whether they are needed in incorporated cities within the county or in the unincorporated areas not serviced by a city law enforcement agency.
The Challenge
San Diego County Sheriff’s Department has been keeping the peace since 1850. The organization’s mission—to protect and serve the public—has not changed in over a century. What has changed is the technology necessary to support the men and women who keep the County safe. Approximately 4,000 officers and professional support staff rely on the department’s nearly 3,500 desktops and 150 servers. Michael Malone, a senior IT engineer for the organization, ensures the infrastructure remains operational and secure at all times.
Not long ago, Malone faced two challenges: The organization needed help in managing Group Policy changes and worried about the repercussions should an administrator accidentally delete a group or even an Organizational Unit (OU) containing many user or computer accounts. Microsoft’s Active Directory restore mode recovery was not an option the Department was willing to accept, especially considering the complexity of the environment.
Malone decided to meet these challenges head on. Aside from making the Sheriff’s Department more efficient, he was determined to protect the organization against the kind of IT disasters he had seen on the front pages of newspapers. Companies whose users lose the ability to log on and connect to applications and data stores, or who get unwanted access to unsecured resources face hours of lost productivity and expensive measures recovering lost or stolen data. That was an occurrence Malone was eager to avoid.
To resolve his two concerns, Malone investigated a variety of Group Policy and Active Directory management solutions. Initially, he and his team members met with little success. No tool quite addressed their particular networking and recovery needs. But it was a magazine review that ultimately helped Malone find answers.
The Solution
An avid reader of technology trade magazines, Malone read several glowing reviews of ScriptLogic’s Active Administrator, a comprehensive management and auditing solution enabling administrators to efficiently manage Active Directory security and Group Policy in Windows-based networks. As Malone read about Active Administrator’s various features, which included an object-level backup and restore functionality, it seemed that he had finally found a solution that could help him achieve rapid object recovery in the event of a catastrophe.
After more research, and at Malone’s insistence, the Sheriff’s Department agreed to purchase an Active Administrator license for 5,000 users (the product is priced according to the number of users in Active Directory), which the IT staff rolled out with remarkable ease: “We had no trouble installing Active Administrator,” said Malone. “It was a slam dunk.”
Once implemented, Active Administrator enabled Malone to regulate work flow, helping him manage Group Policies and track changes made in Active Directory with event auditing and assign roles based on preexisting templates. Active Administrator also permitted custom inspection, search and reporting on user permissions. While this functionality improved efficiency and simplified network administration, it was the backup and restore capability that truly impressed Malone. “Active Administrator gives me peace of mind,” said Malone. “If we ever have an issue with a deleted or modified object, it’s as simple as one click. One major occurrence of this type and the software will have paid for itself.”
The Benefits
Active Administrator has allowed Malone to meet and exceed his two core objectives of regulating his Active Directory environment and ensuring quick and easy recovery in the event of lost active directory objects.
The solution’s “self-healing” capabilities have been instrumental. If permissions assigned to a user with an Active Template are later modified or removed, Malone can be alerted and the permissions automatically repaired. Active Administrator has also allowed Malone to safely edit Group Policy Objects (GPOs). Once copied into Active Administrator’s offline repository, they can be edited without affecting the live environment.
While Malone admits compliance was not a major factor in his decision to roll out Active Administrator, the solution can be used to help meet government regulations, including the Health Insurance Portability and Accountability Act (HIPAA).
To download a demo of Active Administrator, an enterprise-class Active Directory management, auditing, and recovery solution, please click here. |
No comments:
Post a Comment