News Stay informed about the latest enterprise technology news and product updates.

NetIQ security suite includes new Windows tools

Among the new administration and security tools being offered by NetIQ, one related to Resultant Set of Policy (RSoP) calculations is the real "killer feature" of the bunch, according to a Windows expert.

NetIQ Corp. this week hopes to strengthen its position as a Windows administration tools provider with the release of refreshed and new elements in its security suite for Active Directory.

The company will deliver several products as part of its Security Administration Suite. One is the Directory and Resource Administrator (DRA) 7.0, which helps administrators update their directory data and manage computer resources in greater detail.

DRA is mainly an automation tool and an auditor that helps systems administrators give end users a way to do small tasks, such as making minor changes to their accounts. By doing so, it can eliminate many incidental help desk calls, the company said.

The Secure Password Administrator (SPA) 1.0 is a new product that provides secure self-service password reset and unlocking features for Windows NT and Active Directory environments.

The Group Policy Administrator (GPA) 4.0 has two notable functions. First is its ability to save Resultant Set of Policy (RSoP) calculations. Today, there are two modes for RSoP. One determines what is happening with a user's system now, and a second determines what happens if the user moves. NetIQ has added a third mode, which goes back to determine what the RSoP was the previous week, said Jeremy Moskowitz, a Wilmington, Del.-based Windows consultant.

With this information, administrators can view which policies may have created a change, so they can more easily figure out why a particular user had a problem in the first place, Moskowitz said. "For me, that's the killer feature," he said.

GPA 4.0 also adds the ability to make changes to group policy in an offline setting, which is less risky than doing so while the system is operational. It also helps administrators better manage recovery time because testing offline helps to ensure that they won't impact their infrastructure, said Neil Chapman, president of NLighten Inc., a Raleigh, N.C.-based integrator.

Only DRA 7.0 and SPA 1.0 are available today. The Security Administration Suite will ship in its entirety later this quarter. The suite also includes a fourth product, Directory Security Administrator 2.0. The suite will cost $2,800 for a 100-user license.

Experts said that NetIQ's Security Administration Suite represents an effort by the company to differentiate its products from those of competitors such as Bindview Corp., Houston; Aelita Software Corp., Dublin, Ohio; and Quest Software Inc., Irvine, Calif.

Microsoft gives vendors a free rein in Active Directory administration. For the most part, directory administration and management has been up for grabs, said Earl Perkins, an analyst at the Meta Group, a Stamford, Conn., consulting firm.

Aelita's expertise is in security in multi-forest administration and design. Quest, with its FastLane products, and NetIQ, with its acquisition of Houston-based Mission Critical Software Inc. in 2000, are also leaders in Active Directory administration, Perkins said.

Perkins said that the market for directory administration software bears watching, particularly now that Microsoft has started to cast itself as an identity management company. Last July, Microsoft introduced its Microsoft Identity Integration Server (MIIS), which is built on the foundation of its Metadirectory services offering. The software helps users synchronize identity information among various directories.

"All four of these companies look like they've been generating some fairly healthy money," Perkins said. "Even during the downturn of the economy, these companies were flat or increasing."

Active Directory has been available for about four years, but it's really only starting to emerge as the chosen identity infrastructure of many companies. Today, Microsoft offers only rudimentary directory management products, but it's possible this could change, Perkins said.


Article: Administrators crave instrumentation guidance

Article: New tools to squeeze more from Active Directories

Article: Active Directory goes mainstream

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.