Compliance regulations are bringing new demands for accountability and the need to keep track of changes made...
To that end, Quest Software Inc. this week became the latest software vendor to release a tool that helps IT managers to do real-time change checking and tracking of Microsoft's Active Directory. Quest's Change Manager for Active Directory provides a log that captures before-and-after values, can reverse unwanted changes and does not depend on native auditing.
Jeremy Moskowitz, a Wilmington, Del.-based independent consultant, said Active Directory itself isn't great for identifying and tracking changes, but that capability is becoming a greater priority for organizations concerned with achieving regulatory compliance.
There are several other products that are similar to Quest's new software, including Group Policy Guardian, made by NetIQ Corp., San Jose, Calif., and Change Auditor, from NetPro Computing Inc., Phoenix. Tools such as these help with the "blame game," Moskowitz said.
They are especially important in companies where there are multiple administrators who are all working on different things, because Microsoft doesn't offer a way to track that information down, Moskowitz said.
From 'messy' to streamlined
For most companies, having a secure system across the enterprise is of paramount importance. Inergy Automotive Systems, a French
maker of plastic fuel systems and fluid storage technologies, recently completed its migration off Windows NT and onto Windows Server 2003 in its 35 global facilities.
The extensive migration helped the company move from its previous "messy" environment with separate networks and no central way to manage change, to a streamlined environment that requires just one or two change management tools, according to Arun DeSouza, chief information and security officer at Inergy, which is based in Paris.
"We consolidated in Active Directory and now we want to secure the whole system," DeSouza said. With tools such as these, which DeSouza's company is currently evaluating, he could be alerted if anyone makes any changes.
Pricing for Change Manager for Active Directory starts at $12 per enabled Active Directory user account, Quest executives said.