NetVision Company Blog

A Discussion on Effective Audit of User Access

Comparative Review: Active Directory Auditing Tools

Tags: , , , , , ,

NetVision was recently featured in a Windows IT Pro product comparative review on Active Directory audit solutions. The full article is available in the September issue and on the Windows IT Pro web site under the title Comparative Review: Active Directory Auditing Tools. But, we just wanted to call out a few of our favorite quotes:

Trying to find the culprit using Event Viewer is like looking for a needle in a haystack. You need a tool that can lay out the data in a clear and concise manner—you need a good Active Directory (AD) auditing tool.

NetVision should be your first choice if you’re looking for a turnkey solution. No matter whether you want to use the physical appliance, virtual appliance, or managed service, it’s the best for hands-free AD auditing.

Overall, I was impressed with [NetVision's] product. It’s extremely robust

Each one has its own strengths and weaknesses, but the one that impressed me the most was [NetVision] NVAssess, which is why it earns the Editor’s Choice award.

Well said Windows IT Pro!

Of course, to get the details, please read the full article. And let us know if you have any questions.

Identity Intelligence

Tags: ,

A phrase we’ve been hearing over the past six months or so when talking to industry analysts is Identity Intelligence. This is how the Identity and Access Management industry is viewing the reports and monitoring provided by software vendors  like NetVision. We don’t provide provisioning tools or SSO solutions, but our focus on access rights – Who has access to what? How did they get access? and How are they using access?  makes us a compelling addition to the enterprise Identity landscape. I’m stating it that way because many NetVision customers don’t have enterprise Identity solutions and don’t think in those terms, but for those that do, the phrase Identity Intelligencemight help put NetVision in perspective.

Here are two recent posts from Gartner’s Earl Perkins on the subject:

The Real Meaning of “Intelligence” in IAM
IAM: To Control, Observe, and Inform

Let us know if you have others to include in the discussion.

Reporting on Delegated Admin Rights

Tags: , ,

Management of Active Directory is commonly delegated to local or departmental administrators.  This means that certain individuals are (for example) granted permission to create user accounts and manage security groups within a given area of the directory.  Microsoft provides a built-in wizard (known as the Delegation of Control Wizard) to delegate these tasks which does the work of applying all the underlying permissions associated to the task.

For example, here are just a few of the many underlying permissions granted when you delegate the task [Create, delete, and manage user accounts] over an OU:

  • List Contents
  • List Object
  • Delete Object
  • Delete Subtree
  • Read Permissions
  • Read All Properties
  • Modify Permissions
  • Modify Owner
  • etc.

There are potentially hundreds of underlying permissions for any given delegated task.  The challenge, therefore, lies in being able to understand and report-on which rights have been delegated over time.  How do you know who has been delegated those permissions?  How do you know when underlying permissions are updated after the wizard has applied the task?  Or when rights are applied directly without using the wizard?  How do you know who has rights to create accounts through their group memberships when groups may be several levels deep?

NetVision’s Access Rights Inspector has built-in ability for in-depth reporting on rights over Active Directory objects and that includes reporting on the tasks delegated via the Delegation of Control Wizard.  It provides extremely useful reports and removes the guesswork and manual effort associated with understanding what tasks have been delegated throughout Active Directory.

NetVision is Hiring

Tags: ,

We’re looking for an experienced engineer to help with software builds, installation, and configuration management.  More details here.

NetVision Announces Relationship with Sparxent

Tags: ,

Today, NetVision announced our partnership with Sparxent.  More details here.

Quoted from the release:

“Today’s enterprises are strapped for resources and very often lack the expertise needed to meet compliance and audit demands,” said David Rowe, CEO of NetVision, Inc. “We’re pleased to be partnering with a value-add solutions developer like Sparxent who brings a true ground-level understanding of the business challenges related to audit and compliance. We see Sparxent as an integral part in extending our reach here and in the EMEA, where our customers will receive hands-on, localized support professionals to help them improve their audit results.”

The Business Value of Effective Audit

Tags: ,

There’s a new white paper on the NetVision Knowledge page titled:

The Business Value of Effective Audit

Effective access auditcan be a powerful business enabler providing significant value beyond protecting against malicious insiders. This paper identifies the business challenge, how the industry is approaching the challenge, and NetVision’s unique approach to access rights reporting and monitoring.

TryIt! Free Access Rights Answers

Tags: , , , ,

Today, NetVision released the free TryIt! edition of Access Rights Inspector. You can now download a small scanner to run on your own server and get four useful reports:

  • User or Group Report – report on all resources to which a given user or group has access.
  • File or Folder Report – report on all accounts that have access to a given file or folder.
  • Direct User Assignments – report on all instances of permissions being assigned directly to user accounts (instead of via groups).
  • Explicit Deny Entries – report on all instances of explicitly denied permissions.

Like the full version of Access Rights Inspector, this one accounts for groups, nested groups, inherited permissions, deny entries, object ownership, share permissions, and more.  So, if you have questions like ‘Who has access to this file?‘ or ‘What does that person have access to?‘, this is a quick and free way to get the complete answer on a single server.

If you’re looking for something more powerful, we of course would like you to take a look at this 3-minute demo of the full version of Access Rights Inspector.

Access Rights Inspector

Tags: , ,

NetVision is proud to introduce Access Rights Inspector.

Access Rights Inspector provides effective rights on Active Directory objects and Windows File System. It removes the complexity of rights assignments, nested group memberships, explicit rights granted directly to users, deny entries, and inherited permissions.

To get the basics, take a look at this 5 minute video presentation

Baby got Back(ing)

Tags: ,

You might have seen today that NetVision recently secured Series B financing.  If not, please take a look at the release.  Obviously, we’re happy and proud to get an edorsement from the great minds at vSpring and PEC.  This round enables us to stay focused on innovation in delivering solutions such as the SIMON managed service.  …stay tuned for future innovations that are currently on the design table!

3-Minute Introductory Demo

Tags: , ,

We put together this quick-and-dirty 3-minute introduction into one of NetVision’s core product offerings – directory monitoring.  In this example, we make a few common changes in Active Directory and show how the changes show up in our reports.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.