Product Reviews

Who’s Got a Hand in Your Policy?

Policy Auditing with FullArmor’s Fazam Auditing 1.0.

FullArmor’s Fazam Auditing tracks Group Policy changes in Windows 2000. It runs on any Win2K server version and tightly integrates with an existing systems management framework, like Microsoft Operations Manager (MOM) or NetIQ’s App and Security Manager. FullArmor is also dedicated to scaling its product to fit most of the bigger framework management tools like HP OpenView and BMC Patrol, which are scheduled for support in the coming year.

For this review, I concentrated on Fazam’s integration with MOM. Fazam completely relies on MOM’s backend event monitoring engine and agents, eliminating the need to push out any more agents. Upon installation, Fazam’s rule sets are sent to the existing MOM agents and ultimately to the MOM UI for action management. There’s no Fazam console; only your MOM console, in which you can manipulate your FAZAM auditing events and alerts. Although MOM captures and manages many alerts in the Win2K environment, all the FAZAM auditing alerts will show up with “Fazam Auditing” as the source, so you can easily sort and find Group Policy Object (GPO)-related events. You can also customize the source of each event.

Getting used to the MOM console to manage Fazam events takes a bit of time. If you’re new to MOM, configuration of event change will be a bit more time-consuming. After you’re comfortable with the UI, configuring event-specific triggers is a breeze. You can divide each GPO event trigger by user or computer type changes. For example, you can configure an alert to fire on “computer specific” setting changes only, for one GPO or all. I especially liked the granularity built into the product. You can set a generic alert (“Alert me if anyone changes the Default Domain Policy GPO”) or a very specific alert (“Only alert me if the default password length value changes in the Default Domain Policy GPO”).

Fazam’s best feature by far is its effortless reporting capabilities. Built into an easy-to-view Web interface is the ability to pull GPO change data and report on it. You can set report criteria including start and end times, domain, user, domain controller where the change was made, and the GPO you’re looking for. You can also specify the maximum number of events to report.

Fazam's Auditing Reporter Console
The Fazam Auditing Reporter Console provides a simple Web-based interface for tracking Group Policy changes. (Click image to view larger version.)

Regardless of whether or not MOM is configured to capture specific GPO alerts in its UI, the Fazam Database captures and stores all GPO changes. So, if you forget to set up an event trigger and your boss asks who turned off the mandatory company screen saver, simply click on the Fazam Auditing Report shortcut, fill in a few dates and the name of your Screen Saver GPO and find the culprit.

Change control management is also built in. Fazam Auditing truly conquers the hassle of GPO change conflict with its Check-In/Out process. It further has the ability to run through an approval process before changes are put into production and keeps track of all version history in its repository.

For enterprise networks configured with many Group Policies—and many Group Policy admins—I highly recommend this product. The real-time GPO change alerting Fazam Auditing offers saves hours of troubleshooting, which means bottom-line savings for your company. If you’re willing to invest in the somewhat costly price of MOM and have a SQL 2000 server already in place, the $9 per user figure is a small price to pay.

About the Author

Kirk Vigil, MCSE, MCSA, is a systems engineer for Netbank Inc. He's worked with the Windows NT/2000 line of products for more than 10 years, focusing on enterprise messaging. He specializes in the design and implementation of Win2K.

comments powered by Disqus

Reader Comments:

Mon, Aug 18, 2003 Ron Rosenkoetter Kansas

How many users do Jack A. and Preston Thomas have I wonder??

Fri, Aug 15, 2003 Preston Thomas Anonymous

Great article. I have been thinking about getting this product and after reading Kirk's review I am going to.

Fri, Aug 15, 2003 Jack A. Anonymous

You pay for value. The tool works great - we'll worth the price. Mr. Vigil did a nice job with the review as well - hopefully we'll see more articles from him!

Thu, Aug 14, 2003 Anonymous Anonymous

Kirk, since you know that FAZAAM works in a large server farm I know that Fazaam will catch on and really save companies alot of money.

Thu, Aug 14, 2003 Anonymous Anonymous

Kirk is a great writer the and is a very intellectual individual.

Thu, Aug 14, 2003 Anonymous Anonymous

He's right too expensive

Thu, Aug 14, 2003 Ron Rosenkoetter Kansas

The problem is, $9 a user is NOT a small price to pay... We have about 4000 users and $36,000 for a tool that will benefit only the 5 people allowed to make GPO changes is not going to fly. I see this ALL time. A small third-party company comes out with a nice extension to Windows, and then wants to charge per user for it. When I first heard about FAZAM, I said to myself, we could REALLY use that tool (this was before GPMC came out). This is a piece of software that 5 people will use.. The licenses should be based on that... Say $500 a license - $2500... THAT I could have gotten past my manager... $36000 is $7000 per Admin to track and report on our rather infrequent GPO changes. COME ON! Price the product in the $3000 range, and FAZAM would make a LOT more sales.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.