Enterprise Group Policy

Vintela Authentication Services - When Non-Windows Systems Become "Full Citizens" in Active Directory

One of the unique benefits of the identity integration approach offered by Vintela Authentication Services is the fact that Unix, Linux, and Mac systems can become “full citizens” in Active Directory. This enables those systems to achieve the same benefit of Windows systems. Only when non-Windows systems fully participate in the AD “trusted realm” do the full benefits of AD extend to those systems. Along with authentication and access control, the ability to extend the capabilities of Windows Group Policy to Unix, Linux, and Mac is at the forefront of that list.

Of all the approaches to cross-platform identity and access management Only Vintela Authentication Services allows the benefits of Windows Group Policy to expand into true “Enterprise Group Policy”. An approach pioneered by Quest Software in the Vintela Authentication Services product. Quest continues to lead the charge to innovate and expand this powerful concept.

For Unix, Linux, and Mac systems, nothing similar to Group Policy exists natively in the various operating systems. Consequently, Unix is the world of one-on-one, manual interaction with multiple systems to implement and enforce any level of change and configuration management. But if those non-Windows systems can participate as “full citizens” in Active Directory, all the benefits Group Policy offers to the Windows platform immediately become available for Unix, Linux, and Mac as well.

Enterprise Group Policy through Vintela Authentication Services

Vintela Authentication Services seamlessly extends the existing Windows Group Policy framework to non-Windows systems. It provides extremely robust and flexible functionality for centrally managing thousands of Unix settings from the existing Group Policy Management Console (GPMC) without requiring any additional components or infrastructure. This patent-pending technology offers a number of significant benefits including:

• Increases efficiency and profitability by eliminating the box-by-box administration typically required with Unix, Linux, and Mac systems.
• Provides a means for ensuring consistent policy across the entire Unix, Linux, Mac environment
• Alleviates the risk of mis-configuration and errors inherent in repetitive manual management processes
• Allows Group Policy Management solutions—such as Quest Group Policy Manager—to also extend their functionality to non-Windows systems
• Provides the most flexible and powerful options available in the industry for non-Windows, policy-based management.
• A powerful management interface—built on the AD GPMC—that delivers maximum flexibility, power, and scope of policies

Vintela Authentication Services’ enterprise Group Policy architecture provides an MMC snapin to the Windows Group Policy Object Editor (GPOE). Its powerful design uses innovative client-side extensions (CSE) to translate settings and apply them to local non-Windows machines for both user and computer policies. Vintela Authentication Services provides a number of valuable and powerful Group Policies as well as customizable capabilities that allow for powerful extension of policy-based management to Unix, Linux, and Mac.

For more information on Enterprise Group Policy through Vintela Auathentication Services, please see the Quest Technical Brief titled Vintela Authentication Services - Enterprise Group Policy

Flexibility and Innovation

Vintela Authentication Services fully supports ADM template-style Group Policy. ADMs are often a convenient and practical method for creating new Group Policies. However, Quest has taken the time and effort to provide enhanced Group Policy extensions for Unix, Linux and Mac policies.

While either option is viable, this extra effort allows Vintela Authentication Services to provide a number of benefits that make utilizing Group Policy for non-Windows systems easier and more intuitive. This approach allows Vintela Authentication Services to provide benefits that other solutions cannot offer. These benefits include:

• A more intuitive, more powerful interface for policy management - One drawback with ADM templates is that they are very limited in the interface they can present. Vintela Authentication Services provides a much more powerful and intuitive interface for the full range of non-Windows policies it supports. This extended functionality, based on a deep understanding of the way Group Policy is used in the real world, makes administering non-Windows policies simpler and more efficient.
• The ability to remotely import settings from non-Windows machines - Another powerful benefit of this approach is the ability to import the settings from an existing machine. The extended interface provides this capability to securely connect to remote systems and import their settings directly into the Group Policy
• Better data validation - Vintela Authentication Services’ extended Group Policy interface provides the intelligence to only accept appropriate settings. This eliminates the need to wait for the policy to apply to a remote system before catching invalid settings.
• Intuitive search capabilities - The Vintela Authentication Services Group Policy interface provides search capabilities to make finding particular settings from among the hundreds of available settings simple and intuitive. 
• An unmatched File Copy policy - This policy allows any file to be configured in Group Policy for retrieval by any non-Windows system. The extended interface allows an administrator to easily browse for the file to use in the file copy policy. When the file is imported through the interface, all permissions and ownership are maintained to help eliminate any mistakes that often result from manual data input.
• The easiest macro support - With macro support, the same GPO can be used for multiple systems to reduce duplication and efficiently solve one-off challenges. The policy allows administrators to define a macro that will affect each individual host. Macros provide a powerful mechanism. Vintela Authentication Services’ extended interface makes setting up and configuring macros in a policy a simple process.  

Group Policies for Open Source Utilities

Vintela Authentication Services provides commercial support for a number of popular open-source utilities (See Quest's Resource Central site for more information). To further extend the value and provide tighter integration, Vintela Authentication Services also provides built-in policies to better manage these tools. 

Group Policy for Unix Access Control

The ability to enforce access control on non-Windows systems based on Active Directory is enhanced through Group Policy-enabled capabilities. This also means that for organizations that already use Group Policy for access control on Windows systems, those same policies can be extended for non-Windows systems as well. In addition, new non-Windows-specific policies—such as allow/deny based on service—can easily be implemented for access control from Active Directory for systems that previously could not enjoy the benefits of policy-based management of access.

Examples of Group Policy-based access control include:

• Access this computer from the network
• Allow log on locally
• Deny access to this computer from the network
• Deny log on locally

Extending “Native” AD Group Policies to Non-Windows Systems

Vintela Authentication Services also seamlessly extends many “native” Active Directory Group Policies to non-Windows systems. These policies include:

• Active Directory password policy extended to Unix, Linux, and Mac for password history and complexity enforcement
• Access control policies such as:
  • Access this computer from the network
  • Allow log on locally
  • Deny access to this computer from the network
  • Deny log on locally

Client Tools for Group Policy Management

Vintela Authentication Services includes several powerful client tools that make Group Policy administration and deployment on non-Windows systems safer, more efficient, and more practical. These tools include the ability to:

• Manually force a policy update
• View the Resultant Set of Policies (RSoP)
• See detailed information about the policy and its setting from the client-side command line

Integration with Quest Group Policy Manager

Quest offers a powerful solution to provide a higher level of control and increased safety when managing Group Policy. Quest’s Group Policy Manager provides GPO version control, off-line editing, testing prior to deployment, approval, and roll-back for Windows Group Policy. Because Unix, Linux, and Mac systems participate as “full citizens” in Active Directory through Vintela Authentication Services, the management functionality of Group Policy Manager seamlessly extends to all Group Policies and Group Policy functionality available to non-Windows systems through Vintela Authentication Services.