What makes using Group Policy so challenging?
January 23, 2012
Recently on Spiceworks, I shared a handy resource for users interested in Group Policy management. The post was well received by the community and I was quite pleased to have provided it. Basically, it was a TechNet resource called the Group Policy Search Tool. Its purpose is to help you find the desired setting you need in the Group Policy editor.
Without a resource like this, many pointed out that when it comes to using Group Policy, one of the most time-consuming and challenging tasks is simply recalling or locating what setting is needed for the particular task. Group Policy management allows you to control just about every user or machine behavior in your environment. The list of things you can manage with GPO settings is long and likely the primary reason why it’s so difficult to use it effectively unless you work with it every day.
Most administrators out there juggle multiple responsibilities and know how difficult it can be to acquire a high level of skill in a technology especially one that isn’t used often. Group Policy management can fall into this category. Many GPO settings for objects and behaviors such as enforcing a password policy and setting default desktop backgrounds are familiar and easily found and understood. Lesser known GPO settings are more like mythical creatures. You’ve heard a setting exists yet you can’t say for certain you’ve seen it let alone use it.
If you need more control over what’s going on in your environment and want to implement change auditing for Group Policy management and GPO settings, take a look at the NetWrix Group Policy Change Reporter. It audits all changes in Group Policy and automatically sends detailed e-mail reports showing who made what changes, when and where as well as before and after information. Furthermore, it can store this data for seven years or more and can generate custom reports.
I hope you visit the links above and get a chance to check out this great free tool to help your Group Policy management tasks. What is your most strange, mythical, mystical or odd Group Policy setting you worked with and how did you use it? Share your stories below and let me know if you found this tool useful too:
Posted in Articles | Tagged gpo settings, group policy editor, group policy management | Leave a commentRecent Download Poll Suggests IT Spending is on the rise
January 17, 2012In the month of December, we saw one of our most active months for software downloads. Prior to download, a web-based form asks each visitor to choose what motivated them to download the product from a short list of potential answers. One such answer common to all software downloads is simply, “Casual Interest/Cannot Disclose”.
Interestingly, more than 60% of our product poll responses this month showed an increase in this answer as compared to last month’s results. The percentage of increases for this particular answer ranged from 4% to more than 22% per product with an average increase of just over 9% per downloaded software installer. You may be asking yourself, “Why didn’t they just choose an answer that best suits their situation?” My answer to that is, with the arrival of 2012, organizations needed to plan in advance for additional software licensing as they are more frequently being accepted as essential to the operation. However, to what extent they are essential may not yet be fully defined hence the increase in “Casual Interest” responses.
When I look at these numbers I also believe they tell a story of recovering IT budgets. New and heightened needs in various industries and other economic factors are driving IT spending. While they may not have supplied a more accurate answer, Administrators are few in number and constantly pressed for time. They recognize the need for efficient and cost-effective IT auditing solutions to help them demonstrate regulatory compliance, address important security challenges and simplify day-to-day management tasks. They need constant oversight of their network resources and detection of even the smallest of changes or problems to keep users safe and productive. Information needs to be stored centrally and reported on automatically without all the noise associated with traditional native logging data. While there may be widespread acceptance of these needs, each organization and IT team have different needs and may now be exploring their options through casual trial of various applications that may help them better define their requirements.
Products such as the NetWrix Change Reporter Suite are designed to help administrators implement change auditing throughout the enterprise. Managing users can be one of the most time consuming help desk tasks. With the NetWrix Account Lockout Examiner, IT staff can get users back onto the network and productive quickly. All of our tools are cost-effective and robust while simple to operate and manage. If you need to improve your security and/or meet regulatory requirements, download one of our many free titles to see if they might meet your needs. If you need more features, all products are available in full-featured edition trials as well.
Are you seeing more spending at your organization for 2012? Does this make you more or less likely to investigate new tools to help you manage your environment? Please share your thoughts below.
Posted in Articles | Tagged auditing solutions, IT Budgets, IT Spending, software downloads, Software Licensing | Leave a commentTechRepublic names audit logging among top 10 best practices for Windows security
January 10, 2012
TechRepublic recently produced a list of 10 best practices for Windows security. In it was mention of audit logging as a best practice to improve Windows security. They consider Windows auditing challenging because of the vast amounts of raw data that typically is produced.
If too much logging occurs, it makes the value next to nothing and more like searching for a needle in a haystack. There’s also the risk of logs being overwritten if they aren’t set to handle all the events. It’s essential to know what is necessary and only audit those changes instead of using a broad approach hoping critical problems will jump out at you. Trying to keep up with all the native security data each day is nearly impossible without the proper resources. But what if you aren’t ready or able to commit to only a few aspects and need a broader overview? This is where you need the help of a tool that can automatically gather all the logs, remove unnecessary noise and produce readable reports in plain language you can understand.
Fact is, organizations that implement audit logging are far less at risk of a security or compliance problem than without even if they may be unsure at the outset what is and isn’t important. With NetWrix Change Reporter Suite, you can audit effectively and easily without the massive volumes of raw data and monitor changes that are important. In addition to Windows Servers, this solution audits changes to Active Directory, Group Policy, Exchange, SQL, SharePoint, VMware, EMC, NetApp, File Servers, Network Devices such as Cisco firewalls and more. It shows who made what change, when and where as well as many before and after settings in easy-to-read reports. It scales to environments large or small, sets up quickly and is cost-effective.
Have you tried Windows security auditing on your own successfully (be honest!)? What were the results? How more/less effective were you at maintaining Windows security before/after implementing a procedure to audit your environment or more specifically, your Windows systems? Please share your experiences, thoughts and comments below:
Posted in Articles | Tagged audit logging, windows security auditing | Leave a commentThe ABCs of Security and Compliance
January 3, 2012
Understanding Security and Compliance is as easy as ABC: Access, Breaches and Changes. At a distance security and compliance share many similarities. As you get into the details, what you’ll find is that their implementation differs though the steps to achieve end result (Secure and Compliant) may achieve both.
(A) Access control to the network resources is the most important role for IT. Granting, denying, monitoring all involved some form of privileged and systemic action to meet the needs of your end users. You will want to see who has access to what in snapshot reports of your environment including what access did users have previously as compared to the current state. For example, who has access to this folder now and who had access to it 6 months ago.
(B) Breaches are your virtual border crossings of information and access. For security and compliance, you need to report when users do something in case it is incorrect or damaging. Because of network complexity and existing rights that may not suit the users roles, you need to monitor who breaches data and resources using their granted permissions and rights. Just because a user has a right or permission does not mean they should be exercising it. You need detailed access reports on all uses of permissions both failed and successful throughout the environment.
(C) Changes are your worst enemy when it comes to meeting security and compliance objectives. You need change auditing to uncover the details of each change including who changed what permission and when on files, Active Directory OUs, SharePoint sites, SQL databases and so on. Knowing who changed what security groups and when, and even who changed the security policy to retain logs from 30 days to 2 helps sustain compliance and improve security. Do this change auditing task on a regular basis and you are simultaneously improving both security and demonstrating compliance.
Access, breaches and changes are your three ABCs to meeting your security and compliance goals. This is an ongoing activity of producing snapshot reports, access reports and change auditing must be performed daily if not very frequently in order to be successful at these two objectives. NetWrix provides the Change Reporter Suite for your compliance and security ABCs simply and easily. Using AuditAssurance™ and AuditIntelligence™ technologies, data is complete and accurate extracted from multiple sources, stored as single records and reported daily (or more frequently) to show your access, breaches and changes throughout the network.
Are you already following the ABCs of Security and Compliance or do you have your own simple approach to conceptualizing meeting your security and compliance goals?
Posted in Articles | Tagged improving network security, security auditing, security concepts | Leave a commentLetter to Customers from NetWrix CEO
December 27, 2011Dear Customers,
As 2012 approaches, I want to extend my best wishes to you, your family and your colleagues for a healthy and Happy New Year. Thanks to your continued support, 2011 has been the best year yet exceeding even our own expectations. We have continued to grow in all directions: technology innovation, sales, customer service, regional support. And we look forward to another successful year of win-win partnership between you and NetWrix.
NetWrix prides itself on its relationship with its customers and that includes maintaining open communications with NetWrix senior management. So please feel free to contact me personally about anything at any time – reply to this post or connect with me on LinkedIn.
Thank you for being our valued customer!
Warmest Regards,
Michael Fimin
CEO and President
NetWrix Corporation
Three Simple Concepts to Improving Network Security
December 27, 2011Security means different things to different people. For IT, it means securing the network from external intruders and protecting valuable data from prying eyes internally. Since the dawn of the information age, readily available information has come with a price. Securing information in our interconnected world is not always as easy as putting a lock on the virtual door. There is an entire world filled with all kinds of people having varying motivations. Time and again we see headlines of intrusions wreaking havoc. Those responsible for security auditing scramble to provide answers and plug the holes. Here I’ll discuss three simple security concepts you must know and integrate into your technical consciousness.
Control Access: Use password policies to keep users honest and secure machines so passersby can’t sit down and rewrite the company financials for the past quarter. You need to know who’s accessing your network including who is successful and who’s not and from where. Segregate information on the network such that you can implement tighter controls over your more valuable assets. As simple as it sounds, lock your server room or data center. Require people to sign-in and out for access. Require identification. Lock servers and configure them to all logout after a period of inactivity. Physical security is widely overlooked and the simplest measure to implement. If you have a dispersed network of locations and mobile users, this information needs to be automatically logged and centrally stored so it can be reviewed on an ongoing basis. Find a tool that will let you do this easily and quickly.
Determine what is at risk: Document not only where the outside meets the inside, but also internal network segmentation and structural topology. These will be the points where you will want to carefully watch who is attempting to come in, from where and using what services. Document what’s accessible from the outside as well as what can be accessed between the internal borders of your network. Eliminate or manage through auditing your entry and exit points. Look for ways to close off ports that are unnecessary and retire old systems where possible. Make documentation a top-3 or top-5 priority. If you share responsibilities with other administrators, teams or subordinates, it’s time to get everyone on the same page and make network security a cultural priority.
Know your 4Ws: Changes are the single most important thing to be aware of. Know who is changing what, when and where. By detecting and reporting on changes, you are in a far greater position than someone waiting for the phone to ring or that e-mail to tell you there’s a problem. Most who will do harm or steal information want to do so as silently as possible. Reporting on changes provides greater visibility into the day-to-day activities in your environment and keeps everyone more honest and accountable.
Your responsibility is to implement standards and controls for users and systems, understand what is at risk and what changes are taking place each day while. At NetWrix, we provide change auditing solutions for the enterprise focusing on robust, easy-to-use and affordable software solutions. Our products detect changes on Active Directory, Group Policy, Exchange, SQL, File servers and appliances, VMware, Server Configurations, Event Logs, Password Management, User Management and a wide variety of tools for other areas aimed at securing your environment such as our USB blocker. Our widespread use of snapshot reporting gives you immediate visibility into who has access and to what. Many of these products are packaged as suites, such as our Change Reporter Suite that includes a number of our products bundled together to address a wide variety of needs.
What are you doing to secure your environment? Do you have your own set of basic principles for security? Share your thoughts below:
Posted in Articles | Tagged improving network security, security auditing, securtiy concepts | Leave a commentNetWrix Change Reporter Suite – Voted WindowSecurity.com Readers’ Choice Award Winner
December 23, 2011We are pleased to announce that NetWrix has just been honored with another great award – this time thanks to WindowSecurity.com readers – making it the 17th award within the two-month period.
NetWrix Change Reporter Suite was selected the winner in the Network Auditing Software category of the WindowSecurity.com Readers’ Choice Awards. GFI LANguard and Admin Report Kit for Windows Enterprise (ARKWE) were runner-up and second runner-up respectively.
“Our Readers’ Choice Awards give visitors to our site the opportunity to vote for the products they view as the very best in their respective category,” said Sean Buttigieg, WindowSecurity.com manager. “WindowSecurity.com users are specialists in their field who encounter various network security solutions at the workplace. The award serves as a mark of excellence, providing the ultimate recognition from peers within the industry.”
WindowSecurity.com conducts monthly polls to discover which product is preferred by Network Security administrators in a particular category of third party network security solutions. The awards draw a huge response per category and are based entirely on the visitors’ votes.
Just about a month before getting this honor NetWrix VMware Change Reporter won a VirtualizationAdmin.com Readers Choice Award which made it a second important award from TechGenix Media – one of the largest providers of free high quality technical content to IT professionals all over the World.
Posted in News | Tagged awards, change auditing software, change reporter, Change Reporter Suite, Readers' Choice Awards, winner | Leave a commentWhy do some IT pros dislike Facebook?
December 19, 2011Recently on Spiceworks, I posted an announcement about a new Facebook group to discuss IT Auditing, Compliance, Security, and Forensics. I did not expect some of the negative responses I received. Some IT pros don’t like Facebook, though, I should clarify.
Many of the responses could be grouped into two categories. The first group said that Facebook was for personal things and not well suited for business or technical discussion. The second group felt that because Facebook has a well documented history of security and privacy problems, using it to host a group on security topics might be like having former ENRON executives give lectures on business ethics.
Both groups make a fair point. Facebook is most commonly for personal things that you share among friends and other people close to you in some way. Facebook does have a history of security problems and in principal, I see their point. I don’t entirely agree or disagree with these two positions.
How you use Facebook is a personal matter. I know of many professionals (including myself) that happily incorporate personal friends and business relationships via Facebook. There’s so much value in Facebook at so many different levels, I and millions of others are willing to accept the responsibilities that come with having an account in return for what it has to offer. Some in the post did state that it is a matter of personal preference and what you are comfortable with. If you would like to control interaction between personal, professional and other friends on Facebook, see this helpful post on how to do that.
Security is an entirely other matter. To not use Facebook for discussions could be a huge mistake because of the size of the audience. If you want to participate and benefit from a group, joining one on Facebook opens up the possibility of millions of potential contributors. There are risks and having the ability to moderate and establish guidelines is important. Here’s a great article on IT and Facebook responsibilities. Note that in group settings on Facebook, you do not need to be friends with someone to be part of a group. While there are many examples of groups gone bad because of a few, again, I would argue it’s an acceptable risk to see where it goes and hope that people will contribute constructively and be decent to one another.
From IT and non-IT perspectives, tell me if this is going to crash and burn or if you think it has an opportunity to thrive? Do you have any opinions on why not to start or join a group on Facebook? Is it time to let the individual decide if they can be responsible enough to have a Facebook account and can personal and professional worlds intermingle successfully?
Posted in Articles | Tagged group settings on Facebook, IT Auditing, IT Pros, security | 2 CommentsNetWrix announces the Bulk Password Reset full-featured edition is now available for Free
December 15, 2011As of today, our full-featured edition of the Bulk Password Reset tool is now totally 100% free including all the standard edition features not found in the previous freeware version. Use it as you wish up to 1 million users. The License code is provided on the download page after a brief registration. We are very excited to offer this tool for free to anyone who can make use of it and it should be especially helpful to those environments that need a one-time mass-reset of local passwords on multiple systems including the local Administrator account. This is often found in environments that have seen many stale, unused or unknown local accounts and need to do this for security purposes.
Too often, accounts left unattended are hacked and used for malicious purposes. Resetting passwords in bulk is a great way to reset your primary defense when it comes to these idle local accounts. Some notable features that are now included for free that previously required a paid license:
• Reset passwords on all local accounts.
• Enable or disable local accounts.
• Re-processing of password reset attempts both automatic and manual if for example, the host system were powered off during the first or previous attempts.
• Scheduled processing of password resets including multiple retries.
• Ability to specify alternate account credentials for network access.
• Support for workgroup environments (non-domain) via alternate account access.
• Specify systems individually, by Domain, or select the entire organization.
• Specify systems by text file.
|
With just a few mouse clicks, you can reset all your local user and Administrator accounts on multiple machines at once. Please also have a look at our Privileged Account Manager for managing of Administrative accounts without having to store logins and passwords in unsecured spreadsheets and text files and also to track who used what admin accounts and when.
What are you doing now to prevent unauthorized account usage on your systems? Have you experienced security problems when local accounts are accessed fraudulently? Please share your thoughts and experiences below:
Posted in Freeware, New Releases, News | Tagged bulk password reset tool free, privileged account management, reset bulk admin passwords | 3 CommentsNetWrix VMware Change Reporter wins a VirtualizationAdmin.com Readers Choice Award November 2011
December 6, 2011Yet again, a great award announcement for NetWrix this time coming from www.virtualizationadmin.com. The NetWrix VMware Change Reporter received a second runner-up award for “Best VMware Security Product” in the 2011 Readers Choice surveys. This brings our total awards to 16 for 2011! This includes 9 awards from Windows IT Pro and 6 awards from Redmond Magazine.
Virtualizationadmin.com is a Virtualization resource site attracting more than 70,000 administrators and specialists each month. Their site provides the latest Virtualization news, articles and tutorials by leading Virtualization experts. To receive recognition from this community is truly an honor of distinction.
NetWrix VMware Change Reporter helps organizations audit and monitor VMware changes throughout the enterprise. Using AuditAssurance™ technology, no event or change is missed. With automated e-mail and web-based reporting, organizations can maximize their investments in virtualization technologies such as VMware while sustaining compliance, improving security and promoting detailed oversight of their VMware deployments. The product supports detailed VMware auditing for VI3 and later, vSphere, ESX and ESXi to detect daily changes occurring in VMware installations and can for example help manage VMware sprawl through daily reports.
What VMware resources do you use to maintain your installations? What administration needs exist for VMware that are not currently being met by the marketplace? Share your thoughts below:
Posted in News | Tagged monitor VMware, virtualizationadmin, VMware Security | Leave a comment← Older posts
