Product Reviews

Who’s Got a Hand in Your Policy?

Policy Auditing with FullArmor’s Fazam Auditing 1.0.

FullArmor’s Fazam Auditing tracks Group Policy changes in Windows 2000. It runs on any Win2K server version and tightly integrates with an existing systems management framework, like Microsoft Operations Manager (MOM) or NetIQ’s App and Security Manager. FullArmor is also dedicated to scaling its product to fit most of the bigger framework management tools like HP OpenView and BMC Patrol, which are scheduled for support in the coming year.

For this review, I concentrated on Fazam’s integration with MOM. Fazam completely relies on MOM’s backend event monitoring engine and agents, eliminating the need to push out any more agents. Upon installation, Fazam’s rule sets are sent to the existing MOM agents and ultimately to the MOM UI for action management. There’s no Fazam console; only your MOM console, in which you can manipulate your FAZAM auditing events and alerts. Although MOM captures and manages many alerts in the Win2K environment, all the FAZAM auditing alerts will show up with “Fazam Auditing” as the source, so you can easily sort and find Group Policy Object (GPO)-related events. You can also customize the source of each event.

Getting used to the MOM console to manage Fazam events takes a bit of time. If you’re new to MOM, configuration of event change will be a bit more time-consuming. After you’re comfortable with the UI, configuring event-specific triggers is a breeze. You can divide each GPO event trigger by user or computer type changes. For example, you can configure an alert to fire on “computer specific” setting changes only, for one GPO or all. I especially liked the granularity built into the product. You can set a generic alert (“Alert me if anyone changes the Default Domain Policy GPO”) or a very specific alert (“Only alert me if the default password length value changes in the Default Domain Policy GPO”).

Fazam’s best feature by far is its effortless reporting capabilities. Built into an easy-to-view Web interface is the ability to pull GPO change data and report on it. You can set report criteria including start and end times, domain, user, domain controller where the change was made, and the GPO you’re looking for. You can also specify the maximum number of events to report.

Fazam's Auditing Reporter Console
The Fazam Auditing Reporter Console provides a simple Web-based interface for tracking Group Policy changes. (Click image to view larger version.)

Regardless of whether or not MOM is configured to capture specific GPO alerts in its UI, the Fazam Database captures and stores all GPO changes. So, if you forget to set up an event trigger and your boss asks who turned off the mandatory company screen saver, simply click on the Fazam Auditing Report shortcut, fill in a few dates and the name of your Screen Saver GPO and find the culprit.

Change control management is also built in. Fazam Auditing truly conquers the hassle of GPO change conflict with its Check-In/Out process. It further has the ability to run through an approval process before changes are put into production and keeps track of all version history in its repository.

For enterprise networks configured with many Group Policies—and many Group Policy admins—I highly recommend this product. The real-time GPO change alerting Fazam Auditing offers saves hours of troubleshooting, which means bottom-line savings for your company. If you’re willing to invest in the somewhat costly price of MOM and have a SQL 2000 server already in place, the $9 per user figure is a small price to pay.

About the Author

Kirk Vigil, MCSE, MCSA, is a systems engineer for Netbank Inc. He's worked with the Windows NT/2000 line of products for more than 10 years, focusing on enterprise messaging. He specializes in the design and implementation of Win2K.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus