NT as a whole includes a number of separate security-oriented tools, such as Domain User Manager, Server Manager, and Access Control List Editor. However, configuring and analyzing security on an enterprise-wide basis is a complex task. The fact that customers must resort to a series of utilities makes security administration less reliable and predictable than it should be. Moreover, NT 4.0 has only Event Viewer for analyzing security policy on a server-by-server basis, and it isn't adequate for enterprise needs. To handle these problems, the Security Configuration Editor--which Microsoft says will be available later this year with NT 4.0 Service Pack 4--will be able to configure and analyze security on a system wide basis. Security Configuration Editor will be a snap-in component of Microsoft Management Console. It will provide a simplified user interface for defining and installing security templates system-wide and for analyzing system security settings against established templates. In this sense, Security Configuration Editor will supplement the individual security-oriented tools such as Domain User Manager. Security Configuration Editor will give enterprise administrators a mechanism for applying consistent security policy across the enterprise, while allowing local administrators the option of fine-tuning local policy. For example, it may be corporate policy to prohibit Printer Operators from also serving as Backup Operators, but still allow specific exceptions in individual departments. Security Configuration Editor will also use established security templates to audit established security policies across the enterprise and build a database from the results. Central administrators will be able to quickly spot occurrences where local policy diverges from central guidelines, and then either modify the local policy in question or revise the template to conform with established practice.
|
|
|
|
|
|
|
|