News

NetIQ to Ship Change Administration Tool

NetIQ will ship a new Windows-based tool next week aimed at simplifying user change administration.

Change Administrator 1.0 provides a more granular level of user rights assignment than Active Directory alone, according to statements by San Jose, Calif.-based NetIQ.

"Domain administration of groups on servers has become problematic [keeping track of] who does what and what they have access to," says Jim McGrath, NetIQ's senior director for product management.

Change Administrator is designed to enable IT managers to delegate administration of servers on a role-based model that is both "granular" and "time-based," according to company statements. It also provides for so-called "just-in-time" permissions.

The package helps manage complexity by enabling a "super administrator" to create "proxy" accounts for lower-level administrators that enable them to perform specific tasks. Rather than assigning expanded privileges to the administrators' own native accounts, the proxies provide the necessary permissions.

"You would keep your regular account [and instead] we will create and maintain a separate account [and] when you're not using it, we take it out of use," McGrath says.

That includes time-based credentials. For instance, it may be entirely appropriate for an administrator to be performing particular tasks in the middle of the workday but perhaps not in the middle of the night. The idea is to ensure that unmanaged changes are limited, while not crippling the staff during a crisis. Additionally, Change Administrator documents who did what in emergency situations so that postmortem analysis can be performed.

But making providing centralized control of who makes changes and what those changes are only deals with half of the problem. In NetIQ's model, Change Administrator becomes the hub through which all administration tasks and details are handled, making it the logical point at which to draw log data and reports.

It's not surprising, then, that NetIQ has a second tool in development to provide regulatory and audit compliance tracking and reporting. Change Guardian, due out later this year, will provide logging and reporting capabilities when combined with Change Administrator, officials say.

However, Change Administrator does provide reporting capabilities. The package provides reports on who can access which servers at what times, which servers those accounts can access, and who made which changes. It also generates reports tied to specific trouble tickets or change requests.

Change Administrator 1.0 runs on Windows Server 2003, Windows XP Professional (any Service Pack level), and Windows 2000 Server (SP4 or higher), and requires Microsoft SQL Server 2005. Pricing starts at $2,000 per server.

About the Author

Stuart J. Johnston has covered technology, especially Microsoft, since February 1988 for InfoWorld, Computerworld, Information Week, and PC World, as well as for Enterprise Developer, XML & Web Services, and .NET magazines.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.