FullArmor this week introduced software to let customers centrally manage desktops using a set of intelligent filters connected to capabilities within Microsoft's Active Directory.
FullArmor's IntelliPolicy for Clients provides corporations a single spot to manage security, administrative and configuration settings. The software also lets those settings follow users and will dynamically alter their desktop configuration based on where they are logged into the network. The settings, such as personal firewall configurations or designated network printers, are pushed onto corporate desktops where users are blocked from changing them.
The software enhances the Group Policy capabilities of Active Directory and adds an additional 100 Group Policy settings that FullArmor is introducing with IntelliPolicy, including the ability to disable USB ports and lock out other devices.
Group Policy is a feature of Windows Server and Active Directory and in essence is a set of "rules of operation" that can be applied to desktops or servers. Group Policy settings that users create are collected into a Group Policy Object that can be applied universally to groups of users or computers stored in Active Directory. Users say, while helpful, native Group Policy controls Microsoft provides don't allow much flexibility and don't include features like USB port blocking.
"We like the ability to lock out devices like USB ports on our sensitive machines," says one administrator for a financial institution who asked he not be named. "It prevents users from downloading information and disappearing with it." The administrator says he uses hundreds of Group Policies to control more than 100,000 computers. "Group Policy is very strong but it is very limited. FullArmor is one step closer to centralized control for our entire user environment."
With IntelliPolicy for Clients, which plugs into Microsoft's Group Policy Edit tool, FullArmor is adding a level of management and intelligence to Group Policy using a set of filters. The filters allow dynamic changes to policy. For example, a user based in Boston that visits a remote site in London would have the proxy settings for Internet Explorer changed based on the IP address where they are logged on so they could access the corporate intranet in London. Also, users changing floors within a building would automatically have their printer settings changed so they could use the nearest printer.
"We do a lot of filtering that is not there natively in Group Policy," says Rich Farrell, CEO at FullArmor.
IntelliPolicy has a GUI interface but also allows the use of custom scripting. Farrell says IntelliPolicy for Clients is the first in a series of IntelliPolicy software that will rollout over the next two years including a version for servers.
FullArmor competes with the likes of AutoProf, NetIQ and Quest Software.
IntelliPolicy supports Windows 2000 and higher.