Answering this question is hard enough just for the Windows/AD environment, even more so for your entire IT environment. Yet getting an accurate answer to this question is crucial to security, IT and compliance requirements. Every single compliance framework I’m familiar with (PCI, SOX, COBIT, FISMA, HIPAA, et al) directly address access control and entitlement.
In IT Audit series webinar I’ll be sharing what I’ve learn over the years on what it takes to be in control of “Who has access to what?” and how to document this crucial question. I’ll cover many areas including:
1. The fact that access control in the Windows/AD environment are object-centric – not user-centric
2. The importance of group structure and naming convention
3. The growing role of Active Directory as a central control point for authentication and access control
4. Integration of AD into other apps, databases and operating systems and its impact on this subject
5. Using the security log to document changes in role assignments and permissions
I will show you how you can use built-in features of AD to document the objects and application resources to which a given group has access. You will find out how nested group membership should be structured to separate roles from entitlements and how to use the OU structure to control authority over group maintenance - even tying it to the business owner.
I will show you a valuable utility in Windows for finding all the files a given user or group has access and you'll see why it's so important to be able to report on group membership.