C http://en.wikipedia.org/wiki/Dennis_Ritchie

LISP http://techcrunch.com/2011/10/24/creator-of-lisp-john-mccarthy-dead-at-84/

• Firefox 5.0 and 6.0
• Google Chrome 13
• Safari 4 and 5
• Windows Internet Explorer 7.0, 8.0 and 9.0

ActiveRoles w/3663 installed running on Google Chrome displayed with altered color scheme.

It is interesting that the release notes don’t mention IE 6.0, but with information like this (http://en.wikipedia.org/wiki/Internet_Explorer_6) being prevalent around the Internet it is not surprising.  With the everyday increase in hacking and exploits attacks – anyone still using IE 6 should be afraid, very afraid and move to a secure and supported browser immediately.  My installation experience was good. Installation went as expected with no surprises and things continued to work including the add-ins for QAS and Defender. Changing the color scheme is a bit tricky since you really are setting a single color that will be used in place of the standard Blue UI color. But for many customers this will be a welcome change from modifying XML files with new color codes.

Customers can download the update from Quest support https://support.quest.com/Search/SolutionDetail.aspx?id=SOL78214.

http://www.microsoft.com/pathways/bhold/

http://blogs.gartner.com/ian-glazer/2011/09/23/bhold-wins-the-microsoft-iag-lottery/

Token Management from the ActiveRoles Web Console

I was working with a customer this week who had a requirement to manage Quest Defender two factor tokens through the ActiveRoles MMC console. While I knew this was under development, I did not realize you can get it today without waiting for the next release of Defender. Integration with the ActiveRoles MMC can be critical for customers who are primarily using the MMC for day-to-day or help desk operations.

Token Management from the ActiveRoles MMC
(click to enlarge)

The ActiveRoles integration pack on the Defender 5.6 CD installs property pages and commands into the ActiveRoles Web Interface only. Separately, Defender Software update 5.6.0.2593 adds token management and property tabs into the ActiveRoles MMC on user property pages. This update can be obtained through the Quest support site and you will need to install two components 1) Defender ARS Integration Pack_Update_5.6.0.2593 and 2) Defender Administration Console_Update_5.6.0.2593.

http://www.nfcrumors.com/08-17-2011/is-the-htc-incredible-s-the-next-google-wallet-enabled-nfc-phone-it-just-passed-through-the-fcc/

 http://fedscoop.com/tv/quest-federal-cto-dmitry-kagansky-on-security-in-government/

1. Logon as a DS Admin to the web interface you wish to modify.
2. Click “Click here to customize this form”
3. Locate the top field and click (edit…) at the far left end of the entry name.
4. In the Entry name: field enter the text you want to display at the top of the form. Make sure to add any text to the left of the field name already in that entry so that it will continue to display properly.
5. For example:
   Directions<BR>Contacts may not be used for authentication.You have two choices at this point.<BR><BR><ol><li>If the person will need to authenticate against Active Directory, you should create a user account object on their behalf.</i><li>Continue creating this Contact object.</i></ol><BR> First Name
6. Click Save
7. Click Reload

Navigate to the form in the UI so that you can validate your work.

The first thing that struck me was how many good resources are available for learning Microsoft’s PKI. Back in 2000 when I first installed a Microsoft CA (Certificate Authority) there didn’t seem to be enough detailed information and over the past eleven years I have only had infrequent occasions to use the software. At this point I want to recommend Brian Komar’s book Windows Server 2008 PKI and Certificate Security (I got the Kindle version for about $39). I also wanted to mention Vadim Podans’ white paper on PKI and using the Quest AD Commandlets to managed. You can download the white paper here and you can get the latest version of the AD CMDLETS here.

I also wanted to give a special thanks to Chen and John from SafeNet for hooking me up with SafeNet middle-ware tools (above) and smart cards that I used for to prep for the session. The software was both intuitive and easy to deploy.

http://dmitrysotnikov.wordpress.com/2011/08/01/quest-software-kirk-powergui-powershell/

1. Purpose Built for Active Directory -Unlike other solutions, ActiveRoles was purpose built for Active Directory while other solutions were built to manage the Windows NT account database.  Because solutions originally built for Windows NT could only be retrofitted to perform AD management they are not able to take advantage of core AD features many of which are discussed in this brief.
    
2. Integrated and timely support for key Microsoft platforms -Active Directory, Exchange, ADLDS SharePoint, ADSI and PowerShell are critical platform components that must be supported. While other products may take years to support the latest versions of these products, ActiveRoles typically supports them on the day they are released or at a maximum of 60 days post release.
    
3. Compatibility with Active Directory’s Security Model – The Active Directory permission model is based on a set of Access Control Lists that link directory rights to delegate trustees allowing the delegated admin to exercise those rights to perform some task in AD. Unlike ActiveRoles Server, most solutions require the use of a proprietary permission that have little or no understandable correlation to AD rights they grant. When the ActiveRoles service starts, the service creates a virtualized version of the AD rights used in the ACLs and then extends the list with several virtual permissions. To the person administrating security in ActiveRoles they seen an almost identically list of rights with the same look and feel of the native AD rights. ActiveRoles Server also has the added advantage of combining these rights into Roles for clarity and accuracy of security assignment and easy delegation of administration. A side benefit of compatibility with the Active Directory Security Model is the vast knowledge available on how AD permissions work and which permissions are required to perform specific tasks.
    
4. Compatibility with Active Directory Service Connection Points – A standard Active Directory service known as Service Connection Points (SCPs) allow applications to inform Active Directory of the applications presence in the enterprise. It is important to note that SCPs require no agents, customer configuration or changes to Active Directory. When the ActiveRoles Service executes it registers an SCP so that any console or web UI can locate the service instantly.
    
5. Compatibility with Active Directory’s DirSync service – A standard Active Directory services known as DirSync allow applications to instantly see what changes are happening within AD. This is the same service Domain Controllers use to exchange change information to determine what items need to be replicated. . It is important to note that the DirSync service requires no agents, customer configuration or changes to Active Directory. The ActiveRoles service listens to the DirSync service for changes made directly to Active Directory that may require ActiveRoles to perform some action such as enforce a group’s membership or send a change notification.
    
6. Virtual Unified Schema – Unlike other solutions that use a fixed schema and won’t recognize schema extensions, ActiveRoles uses a virtual unified schema built from the schemas of the domains being managed. When the ActiveRoles service starts it reads the schema of each domain being managed and adds that schema the ActiveRoles unified virtual schema. This unified virtual schema also includes any schema extensions that may be present in a particular domain so that applications that require data be populated during user provisioning or cleared during user deprovisoning can be supported. ActiveRoles also adds a set of virtual attributes to allow for more granular delegation over attributes or to allow other data not stored in AD to be associated with an object.
    
7. Real-time vs. Cached Data -To avoid the chance that two administrators open an AD object and view different information the retrieval of AD data must be done without caching of the data. Unlike many solutions that either load object data into a cache or into a separate database before an administrator accesses the object,  the ActiveRoles service retrieves the data in real-time.
    
8. Security Integrated Workflow -The role based delegation of administration provided by ActiveRoles Server not only allows the customer to control what AD operations each administrator, help desk admin or end user can perform it also provides the security context for change approval and workflow. By integrating a workflow engine and workflow editor directly into ActiveRoles, the customer avoids the need to configure and maintain multiple products and maintain multiple delegation models.
    
9. Unified Storage -Unlike other solutions that may require both Microsoft SQL and Microsoft AD LDS or Microsoft Access, ActiveRoles requires only Microsoft SQL Server for operation. Both ActiveRoles Configuration and reporting utilize Microsoft SQL Server. Less moving parts make ActiveRoles is simpler to deploy and maintain.
    
10. Embedded Extensibility - Because no off the shelf product will meet every need a customer may have the ability for the solution to be extended easily and in a maintainable way. In addition to both an external ADSI and PowerShell interface, ActiveRoles provides an embedded script editor, script library directly in the product so that the system can run a script in response to some event such as when a user performs an operation in Active Directory.