News

Tool Provides Change Control for Active Directory

• By Stuart J. Johnston
• November 08, 2005

Change Guardian provides the ability to audit and report on configuration changes throughout Active Directory deployments. The package is part of San Jose, Calif.-based NetIQ’s Operational Change Control product line.

The tool, which can be used from within either Microsoft Operations Manager (MOM) or NetIQ’s own Security Manager, provides both real-time alerting as well as forensic reporting on past changes, and is meant to help organizations meet requirements for regulatory compliance.

NetIQ’s Change Guardian automates the manually-intensive process of cataloguing and classifying all changes made across an Active Directory environment to help increase the level of security.

“We’ve broken [compliance auditing and reporting] down into a managed approach,” says Sacha Dawes, NetIQ senior product marketing manager.

Change Guardian monitors changes based on risk to the Active Directory environment and provides flexibility in how administrators receive alerts. According to Dawes, it audits changes made through authorized change processes, and also identifies changes made outside of the change process, such as an unauthorized administrator changing user accounts directly.

Additionally, it tracks high-profile changes, monitoring and reporting on changes made to critical objects within Active Directory, such as the Domain Admins group, providing rapid feedback on changes that may grant extended privileges or access to sensitive information.

NetIQ Change Guardian 1.0 costs $1,200 per domain controller.