organizations must address both AD security and server ... Server security â Organizations rely on their file ... and
Active Administrator and Security Explorer Simple and streamlined security for Active Directory and Windows servers
The information stored in Active Directory (AD) and Windows servers is highly sensitive and needs to be protected. In order to effectively mitigate security threats across the Windows network, organizations must address both AD security and server security together. Here’s why. • Active Directory security — Administrators perform sensitive tasks like creating users, auditing AD event logs and implementing Group Policies. Security best practices mandate that AD administrative roles should be segmented among staff members to lessen the chance that any one individual can cause significant damage. Unfortunately, many organizations don’t have the time or resources to properly delegate administrative AD roles and instead give administrators complete control of the domain.
• Server security — Organizations rely on their file, Exchange, SharePoint and SQL servers to store valuable data — data that only authorized users should be able to create, delete or modify. However, permissions are stored directly on the resource rather than the server, making it extremely difficult to manage who should have access to what. As a result, many organizations inadvertently make sensitive data accessible to users across the network.
These two issues are interrelated because AD administrators dictate who is in a group, and permissions to server resources are usually assigned at the group level. If AD roles aren’t regulated, unauthorized users might be added to a group and gain access to resources for which they don’t have clearance.
As a bundle, Active Administrator and Security Explorer simplify and streamline security for Active Directory and Windows-server-based environments.
BENEFITS: • Assess AD and Windows server environments to identify who has and who should have permissions and administrative roles • Assign permissions and administrative roles to users and groups with pinpoint accuracy across AD and Windows servers • Recover security settings and AD objects when inevitable mistakes occur • Report on security across Windows servers and AD domains
FEATURES
SYSTEM REQUIREMENTS For complete system requirements, please visit: ACTIVE ADMINISTRATOR quest.com/products/activeadministrator SECURITY EXPLORER quest.com/products/securityexplorer
Assess — Quickly and accurately identify who across the Windows network is over-permissioned, or who in the environment doesn’t have enough permission. With the Quest® solutions, you can see a hierarchical view of group and organizational unit membership, and easily search for permissions and administrative roles and associated users across Active Directory, file servers, SharePoint, Exchange, SQL Server, users and groups, services and tasks. Assign — Assign permissions to the right users with pinpoint accuracy. You can easily delegate control to only the users who need it in AD, and prevent data loss by granting server permissions to only the necessary business users. Customizable and reusable templates make it easy to delegate permissions to AD and Windows servers. You can even segment management responsibilities so different IT administrators have designated areas of responsibility. Recover — Prepare yourself against inevitable mistakes. The Quest solutions mitigate security inconsistencies by enabling you to recover permissions and security settings to a pristine state. The solutions also mitigate the risk of
Quest
4 Polaris Way, Aliso Viejo, CA 92656 | www.quest.com If you are located outside North America, you can find local office information on our Web site.
AD object and Group Policy Object (GPO) loss by enabling you to granularly recover AD objects and their attributes. You can also recover GPOs or roll back a GPO to a previous known good state. Report — Be able to respond quickly and easily to requests from auditors and management with formatted reports on the state of Active Directory and server security, including lists of permissions and associated users. Be in the know when AD security events occur by auditing AD for security changes and configuring alerts for when specific AD events occur. ABOUT QUEST Quest helps our customers reduce tedious administration tasks so they can focus on the innovation necessary for their businesses to grow. Quest® solutions are scalable, affordable and simple to use, and they deliver unmatched efficiency and productivity. Combined with Quest’s invitation to the global community to be a part of its innovation, as well as our firm commitment to ensuring customer satisfaction, Quest will continue to accelerate the delivery of the most comprehensive solutions for Azure cloud management, SaaS, security, workforce mobility and data-driven insight.
Quest, Active Administrator, Security Explorer and the Quest logo are trademarks and registered trademarks of Quest Software Inc. For a complete list of Quest marks, visit www.quest.com/legal/trademark-information.aspx. All other trademarks and registered trademarks are property of their respective owners. © 2017 Quest Software Inc. ALL RIGHTS RESERVED. DataSheet-ActiveAdmin-SecurityExplorer-US-KS-26299
