Windows RSoP and GPO Scanning Now Available in UpGuard
Updated on April 19, 2018
Managing complexity in heterogeneous infrastructures is a challenge faced by all enterprise IT departments, even if their environments are relegated to *NIX or Windows. In the case of the latter, UpGuard's new RSoP/GPO scanning capability streamlines remediation and compliance efforts by enabling Windows operators to easily scan and monitor the disparate security configurations of their Active Directory (AD) instances and Windows endpoints.
Group Policy Objects (GPOs) are used in large Windows environments to manage the security settings of AD instances, which in turn manage and organize network resource settings: user accounts, passwords, and other details. GPOs provide a centralized mechanism for managing and configuring OS instances, software applications, and user settings in the Windows AD environment—essentially defining what instances will look like and how they will function per user group.
However, in many cases multiple GPOs will be applied to an AD instance, resulting in AD settings derived from different GPOs' policies. On top of that, local policies may also be in effect, especially on computers that aren't members of the AD domain. How does an admin go about figuring out which settings/policies are in play?
The answer is with Resultant Set of Policy (RSoP) reports. By running a RSoP report, an admin can identify which GPO or local policies are being applied and understand the cumulative effect a series of policies have on a given machine and user.
How does UpGuard scan RSoPs/GPOs?
RSoP enables Windows operators to understand the true state of their machines, but not without some elbow grease: the report generation process is typically a manual, CLI-based affair; additionally, reports must be first parsed/prepped in order to glean actionable information for remediation or compliance purposes. UpGuard's new RSoP/GPO scanning feature alleviates these difficulties by automatically ingesting and visualizing GPOs and RSoP reporting results as configuration items.
UpGuard enables admins to scan GPOs on AD machines and local policies on non domain endpoints as configuration items and view/manage their settings via the platform's node visualization. Similarly, UpGuard will run RSoP reports and display the results as configuration items in the node visualization. And because they are ingested as standard IT asset configuration items, security states can be captured and enforced via policy, remediation can be automated, and compliance can be proven more easily, without breaking a sweat.
Why does this matter?
Detecting problematic issues quickly is critical for preventing costly systems downtime and data breaches. RSoP reporting provides an effective mechanism for understanding key security configurations in complex Microsoft Windows environments, but the results take time to generate and make actionable. UpGuard provides a way to track GPOs and RSoP reporting results as standard configuration items for ongoing monitoring and compliance reporting purposes. With this new feature, enterprises can immediately get a firm grasp of the true security/governance state of their machines and bring non-compliant systems back into alignment quickly and efficiently.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.