New Tools Strengthen Windows Server Security

In an era of heightened security worries, ScriptLogic, Boca Raton, Fla., and DesktopStandard (formerly AutoProf), Portsmouth, N.H., have stepped up with new offerings for Windows Server 2000/2003 that enable administrators and partners to limit access privileges and permissions on a more granular basis.

ScriptLogic's Cloak, which began shipping earlier this month, enhances enterprise security by allowing companies to conceal secured files and folders on Windows Server NT File System (NTFS) volumes. It also provides a more accurate auditing of the file system for administrators.

Once Cloak is installed on the server, users will only see the folders and files they have permission to access from their Windows desktop or thin client. The software does not require desktop configuration changes to individual desktops or installation of agents onto desktops, the company said.

Cloak is useful for companies in industries under increased scrutiny for security practices, such as financial, government and health-care services, and for companies migrating from Unix or NetWare to Windows Server, solution providers say.

One Microsoft Certified Partner said the software provides server-based security for Windows and eases migration for Novell customers to Windows Server.

"In Windows 2000 and 2003 when you share a folder and a user has connected to that share, they will be able to access that folder and they will also get a listing of every subfolder below that one, even if they do not have permission to open and read the contents of those folders. Cloak creates a more secure environment to not show or hide these subfolders if a user does not have access to them," said Greg Brown, senior systems engineer at Enterprise Networking Solutions, Sacramento, Calif. "This prevents users from being overloaded with resources they do not need and providing hackers less information to work with to corrupt the server."

This cloaking capability currently exists within the NetWare server, so having a similar service for Windows gives clients migrating from Novell's NOS to Microsoft's server a familiar experience, Brown added. "Cloak is going to allow us to replicate that functionality from the NetWare servers onto the Microsoft server," he added. "Providing a Microsoft-based environment that very closely resembles their older NetWare environment makes the transition much easier on the user population."

DesktopStandard's application, meanwhile, offers more granular access control to Windows Server and the ability to implement "least-privilege" security settings to limit risk. PolicyMaker Application Security, an add-on to the Group Policy in the Windows Server Active Directory, enables administrators and solution providers to reduce or elevate permission on a per-application or per-task basis, the company said.

The new product allows administrators using the Group Policy Management Console to adjust application privilege levels to the lowest possible point to limit possible damage stemming from attacks or user error. It also helps companies meet federal mandates such as Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley, the company said.

PolicyMaker Application Security is available from DesktopStandard and from authorized resellers. Pricing starts at $25 per seat for enterprises with up to 500 computers, including one year of upgrade assurance and technical support. PolicyMaker supports Windows 2000, XP and 2003 Server, Terminal Server, MetaFrame and all versions of Outlook, Office and Internet Explorer.

Scriptlogic's Cloak is also available through resellers and ships in two editions. The Standard Edition is priced at $495 per server and supports an unlimited number of users; the Small Business Edition for Windows Small Business Server 2003 is priced at $249 and supports a maximum of 75 users.