Introduction
Effective management of locally defined user accounts and group memberships is required to address common enterprise problems. As part of any Windows-based system deployment or client management task, enterprises need to secure accounts that possess local administrative rights to the host. Usually large enterprises define a single, static password for use across thousands of computers. Given the ease by which even complex passwords can be compromised, the disclosure of passwords can jeopardize the security of an entire enterprise.
Altiris® Local Security SolutionTM provides centralized management that quickly and easily provisions and manages local administrative users and groups within the environment. Local Security Solution's automated policy enforcement of group membership and randomization of administrative passwords across systems secures the corporate network from malicious attacks on the organizations information assets.
With Local Security Solution you can:
- Gain visibility and control over users and groups. Install the Local Security Agent on your managed computers, allowing the Local User Security Solution to obtain local user and group inventory. It also lets you implement random password generation.
- Create Provisioned Users for local accounts you want to manage and prevent from making configuration changes or interfering with system security.
- Create Provisioned Groups to represent groups of local accounts you want to manage collectively. By provisioning groups, ensure that unauthorized users are not maliciously or mistakenly added to administrative group accounts.
- Create a local user or group provisioning policy and add the provisioned users and groups you want. When this policy is activated selected users and groups are provisioned and ready to manage.
- Randomize and cycle passwords. The random password policy lets you generate random passwords automatically, in a schedule, for a defined collection.
- Detect account anomalies in your environment by generating compliance reports that detail all account-related differences between a known secure baseline system and a corresponding collection of systems.