IT - Build or Buy

Automating Group Management: Build or Buy?

I know what you’re thinking: “They’re just going to say buy.” Admittedly, given that we make the best group management solution in the industry, we are a little biased. However, we also recognize that using a third-party solution to simplify the management of Active Directory groups doesn’t necessarily fit every environment. So, the answer isn’t…

Group Management Delegation

Less Work, More Secure

I remember standing in front of a group of IT pros, talking about how to handle daunting tasks, and I jokingly asked, “By a show of hands, does anyone want to work for a living? Anyone?” I think we all know that working in IT can sometimes involve working with some very cool technologies, but…

Active Directory Scripts

The Dangers of Scripting Active Directory Group Management

Now more than ever, scripting in the Microsoft world has extended the administrative abilities of an IT pro well beyond the simple use of built-in tools. You have, in essence, an unlimited ability to automate just about any part of the administration of your Microsoft environment — including Active Directory — with Powershell and other…

Group Access Card

Groups: Active Directory’s Access Card

RFID access cards are commonplace in many companies. These cards provide access to different sections of the office, often limiting access to the appropriate people, so that not everyone has access to all locations within the building. For example, not everyone has access to the server room. And sometimes, because of this, many of us…

Dynamic Group Management

Managing Group Memberships Dynamically

Because organizations like yours depend on distribution lists and security groups to do their jobs every day, inaccuracies in these lists or groups can have a significant adverse impact. For example, a single employee who’s missing from a distribution group could cause that person to miss the registration deadlines  for health insurance. Or a security…

Group Hoarding

Hoarding and the Value of Expiring Memberships

I must admit: I’m a bit of a hoarder. Not in the “you can barely move around in my house amidst my 47 cats” kind of way; just in the “I probably keep things a bit too long” kind of way. I’m probably not going to use that rubber washer or that set of small…

I still have the keys

If You Don’t Care, Neither Will They

In the TV show called Bait Car, the show’s team leaves a car with its keys in it as bait, and the subsequent theft of the car is recorded for the audience’s viewing pleasure. The premise of the show is that some people lack the personal integrity to simply not steal someone’s car, just because…

Password Resets via Helpdesk

Password Resets, Self-Service, and Security

I called the bank the other day, and even though I was only asking a simple question, I had to provide the last 4 digits of my social security number, my birthdate, and my verbal password. These security measures are in place in order for the banks to protect the assets they deem critical (which…

Privilege Misuse

The State of Insider and Privilege Misuse, 2016

In several previous articles, this blog has focused on the importance of the relationship between privileges and Active Directory group management. The two go hand-in-hand: if groups aren’t properly managed, permissions tend to get out of control. Given the importance of this relationship, let’s examine the current state of what users are able to do…

Group Vault

The Role of Group Management in PAM Strategy

Privileged Account Management (PAM) is a key part of any security strategy. For those of you who may not be familiar with it, PAM focuses on improving the security of privileged accounts and providing more controlled access to those accounts — from an account with Enterprise Admin rights all the way down to an account…