Unauthorized access to Active Directory could compromise the security of whole network. In fact, all permissions and privileges in network are managed by Active Directory.
One the most important concern of IT managers and administrators is to be assured that all servers are configured properly and delegation process is controlled and non-invasive. Active Directory itself, in general, is secure, but intentional deeds and unintentional mistakes of IT technicians contributes to the breach of security.
Reducing Security Risks Caused by Unintentional Mistake
Careless activities of IT staff can potentially contribute to security issues. For instance, adding users in an unrelated group may give them unnecessary permissions to access sensitive information and perform harmful operations; Or enabling users to logon to all computers may allow them to access unnecessary information.
Borna has several features which greatly ease the delegation process, as follows:
It is possible to make some important fields mandatory in user templates and ensure that a technician will fill them. Moreover, you could set default values for some fields which is sometimes needed particularly for security settings.
Borna can restrict users and technicians access based on their domain and OU.
Borna can also restrict access to certain objects. For instance, it is possible to prevent a technician from changing group and department members.
Borna provides a very efficient fine-grained permission control for technicians.
Borna can generate comprehensive reports to display all changes executed by users. These details can also be seen in real time.
Active Directory Cleanup
Over time, several objects including user and computer accounts remain in AD which are not needed anymore. For instance, HR department may not inform IT staff about an employee who is not working in the organization anymore. These unneeded user accounts may cause potential security risks.
IT department should have a certain policy to remove all obsolete and unneeded objects periodically. This process is called Active Directory clean-up.
Borna makes cleanup process extremely easy by which all security concerns will be obliterated. The following list contains some important feature of Borna in AD cleanup process:
By using Recently Inactive Users report, you can see a list of inactive users for specified duration (e.g. 30 days) and removing them by a few clicks.
By using Groups Without Members report, you can remove all unneeded and unused groups.
By using Last Logged on Based report, a list of unused computers is shown with which you can take necessary actions.
By using Users Never Logged on report, you can see a list of all users who has never logged on.
Since these useful reports can directly and indirectly imrpove security of your domains, they are referred to as security-related reports.