Bobel's Active Directory, Identity, Access & SaaS Blog » ActiveRoles Server

Microsoft PKI/Certificate Management made easier

Bob Bobel — Wed, 08 Sep 2010 17:40:12 +0000

Dmitry Sotnikov posted a brief article talking about the new PowerGUI power pack based on the ActiveRoles PowerShell CMDLETS (a.k.a. Quest’s AD CMDLETS) for Microsoft PKI management.

Read the article here.

Download the latest version of CMDLETS here.

Remaining ActiveRoles Server User Group Meetings for 2010

Allison — Wed, 08 Sep 2010 15:03:07 +0000

An ActivecRoles user’s group meeting may be headed for a city near you.

Düsseldorf, Germany Oct 6th (TEC)
Cleveland, Ohio Oct 12
Boston, MA Oct 14th
London, England October 18th or 19th (Date to be determined)
Houston, Texas October 26th

Please email Allison Main or Bob Bobel for additional information or to register.

Absolute Power: Controlling the Risk of Domain Admins

Allison — Wed, 08 Sep 2010 14:56:53 +0000

Upcoming Live Webcast

9/21/2010 11:00:00 AM EST

Register Today!

One of my frequent consulting activities is performing audits of Active Directory for corporate Internal Audit departments and hardly an audit has gone by where I wasn’t obligated to bring to Board’s attention the number of all-powerful administrators present in Active Directory. This is a real risk that has to be addressed. With an infrastructure security technology like Active Directory you can’t have scores of people with admin authority. There’s just too much room for mistakes and malicious acts. And the worst does happen – I’m sure you’ve heard the horror stories.

I’ve long preached about Active Directory’s built-in delegation of control feature that allows you to follow least privilege within the IT department. In this webinar I will show you how to get the majority of people out of the Domain Admins group and grant them just the granular authority they actually need.

I will also show how can audit both the delegation of admin authority as well as the use of admin authority. What I mean is using the security log to monitor when you make Bob an admin/subadmin as well as when Bob uses that authority to do something like creating a new user account.

Then I’ll look at ways to ensure that emergencies can still be handled after removing basically everyone from the domain admins group.

Even with all these capabilities though I find that many companies fail to secure admin authority and implement least privilege. Plus I find so many IT departments where admins are wasting time doing the basically clerical tasks of carrying out the menial and repetitive access control and account management changes already initiated and approved by managers and the HR department. With that in mind you will be interested in seeing how this webinar’s sponsor, Quest, can take you beyond the capabilities I demonstrate and make it so easy and manageable to follow least privilege and reduce IT staff workload through self-service and automation. So you’ll see how you can solve these problems using native AD functionality and then how to take it to the next level.

Automatically Provisoning and Deprovison Postini

Bob Bobel — Thu, 02 Sep 2010 12:07:45 +0000

Today our team uploaded an Policy Extension to the ActiveRoles community for Postini! This policy will both provision and deprovision Postini gateway accounts when the associated Active Directory account is updated. To use this policy you simply download the policy, install it in ActiveRoles Server then configure the policy with your Postini account details. The new policy is free for ActiveRoles customers and you can download the the new policy here: DOWNLOAD NOW

ActiveRoles Change History showing Postini Provsioning

AD CMDLETS 1.4 now live!

Bob Bobel — Thu, 15 Jul 2010 14:07:16 +0000

The 1.4 version of the ActiveRoles AD CMDLETS went live a few moments ago and you can download them here http://www.quest.com/powershell/activeroles-server.aspx.

AD CMDLETS Version 1.4 (Early look)

Bob Bobel — Tue, 18 May 2010 13:23:30 +0000

In late June or early July, a new version of the Active Directory PowerShell CMDLETS will be released. I wanted to give everyone a teaser about the new features to be added.

Here you go!

-        Certificate management
-        Support for cross-domain group membership
-        inactive accounts enumeration
-        single command to search in multiple containers
-        progress indication
-        proxy addresses management

Stay tuned and I will blog with more details around each feature over the next several weeks.

ActiveRoles DC User’s Group

Bob Bobel — Tue, 27 Apr 2010 16:00:36 +0000

Late last week I was in Washington DC where we held our first DC User’s group at our Rockville, MD location. It was a pleasure to speak with the attendees and to discuss their requirements around ActiveRoles. It still amazes me that when I was given the ActiveRoles product we had around 60 customers and now we have user groups around the world.

ActiveRoles Toronto User’s Group

Bob Bobel — Sun, 25 Apr 2010 23:34:06 +0000

Early last week I had a great opportunity to meet with customers in Toronto to speak about ActiveRoles and our future direction. The secret is that I actually got more out of the session than they did by hearing the challenges they face every day as they meet the expectation of their employers. On the way out to the airport I got to see the Toronto Star building – Hemingway worked for the Star as a journalist early in his career.

Moving from Group to Access Management

Allison — Mon, 29 Mar 2010 20:37:15 +0000

Managing access to applications and data resources can be a time-consuming and error-prone process. IT administrators are often asked to grant access to sensitive data without knowing the business justification why a user should have it. The result may be inappropriate authorization, access delays, or groups that are bloated, outdated and inaccurate. This lack of accountability may cause security breaches and compliance audit failure. During this archived webcast, you’ll see how ActiveRoles Server enables:

Access Accountability
Authorizing groups today using roles and attribute access control (ABAC) to resources
Authorizing groups in the future with emerging technologies
Moving from Group Management to Access Governance and the keys to success

Presented by:
Robert Bobel, Platform Director of Product Management, Quest Software
Jason Barnett, Partner and Information Security Practice Manager, Ingenuity Associates,

View Archived Webcast

ActiveRoles Server added to 115 UK schools!

Bob Bobel — Wed, 10 Feb 2010 00:09:21 +0000

I stumbled upon a really interesting article about how Unity Partnership (a venture between Mouchel and Oldham Councils in the UK) was deploying ActiveRoles Server to provide group provisioning and to control management rights for the staff and students. To read the article here.

Windows IT Pro Editor’s Choice: ActiveRoles

Bob Bobel — Tue, 26 Jan 2010 15:40:35 +0000

Eric Rux at Windows IT Pro magazine took on the job of installing and reviewing a bunch of AD Administration and Provisioning products to help readers select the most comprehensive and complete solution. Eric compared four different products and to me it was no surprise that ActiveRoles came out on top as the clear winner.

What is our secret? Simple, customer driven development, strong expertise and a team that is passionate about their work.

http://windowsitpro.com/Windows/Articles/ArticleID/103318/pg/4/4.html

My next web cast:Access Accountability and Sustained Compliance

Bob Bobel — Tue, 12 Jan 2010 23:19:21 +0000

On January 27th I’ve been asked to deliver another web cast showing how you can ac hive Access Accountability and Sustained Compliance with Quest’s ActiveRoles Server. I’m going to demonstrate the new features of ActivceRoles Server and Self-Service Manager that allow you to get control over the access granted within your organization while at the same time sustaining compliance; a happy auditor is a quite auditor.

To register visit: http://www.quest.com/events/listdetails.aspx?contentid=10866&searchoff=true&technology=&prod=183&prodfamily=&loc

Quest Password Manager 4.6 ships!

Bob Bobel — Tue, 15 Dec 2009 09:35:26 +0000

My friend Stuart Harrison just announced that a new version of Quest Password Manager has just been released. This new version contains several really cool integration points with ActiveRoles Server and ActiveRole Quick Connect to provide a seamless cross-platform credential management solution.

Other new features include:

Windows 7 support

Windows 2008 R1/R2 support

IE8 support

Captcha

Granular minimum/maximum password age

Quick Connect Integration providing cross platform password management

Integration with ActiveRoles Server Web UI (Help Desk site)

Reporting support for SQL/SRS 2008

Defender Integration enabling use of OTP to change password/unlock account and now for initial registration with QPM

Various reporting enhancements including email and Help Desk stats

For more information see Stuart’s blog: http://stuharrison.blogspot.com/2009/12/quest-password-manager-46-launched.html

New: ActiveRoles AD CMDLETS v1.3

Bob Bobel — Wed, 25 Nov 2009 15:07:52 +0000

Along with the release of ActiveRoles Server 6.5 we have also updated the Active Directory PowerShell CMDLETS. This release will continue to work with the supported versions of Active Directory as it has in the past. When you are using PowerShell with ActiveRoles Server it is only compatible with ActiveRoles Server version 6.5 and no other.

Two things of which you should be aware regarding AD CMDLETS & ActiveRoles Server:

1) If you try to install the 1.3 version of the cmdlets on a server running any version other than 6.5 you will get an error that warns you of the incompatibility.

2) If you try using the 1.3 version of the cmdlets to connect to a server running any version other than ActiveRoles Server 6.5 you will recieve an error.

To download the new version go to: http://www.quest.com/powershell/activeroles-server.aspx

ActiveRoles Server 6.5, Generally Available!

Bob Bobel — Thu, 19 Nov 2009 21:20:51 +0000

I am extremely proud to announce the public release of ActiveRoles Server 6.5 with enhanced work-flow, extensibility and broader platform support. This release is accompanied by ActiveRoles Self-Service Manager 2.0 that both defines and enforces Access Accountability while streamlining access management providing sustained compliance.

Congratulations and thank you to the collective Quest team for making this one of the best releases in the products 7 year history!

Now we can begin working on “the Next Generation”!

- Bob Bobel

10 hot new features in ActiveRoles Server 6.5

Click here to see how ActiveRoles integrates with other Quest products.

Click here to see the report by Kuppinger Cole on ActiveRoles.

Click here to visit the ActiveRoles community.

Click here to download ActiveRoles Server.

See how ActiveRoles fits into the Quest One Identity Management portfolio.