Review: Policy Commander 2.0

by Joseph Moran

Protecting your company's sensitive data and complying with industry or government regulations can be challenging and costly. Policy Commander offers a simple, affordable option.

Today a veritable alphabet soup of regulations ‑ like GLBA, HIPAA, and PCI ‑ govern how firms must handle and safeguard confidential or sensitive data, and chances are that one (or more) of them apply to your business.

Policy Commander screen shot
Policy Commander's Compliance Summary offers a snapshot view so you can see which systems are in compliance and which aren't.
(Click for larger image)

Compliance with these regulations takes more than anti-virus software and a firewall; it also involves securing every employee’s computer by finding and fixing the hundreds of potential vulnerabilities they likely harbor. Although this process can be time consuming and costly, especially for small businesses, the consequences of non-compliance or a security breach can be also be quite severe.

Policy Commander 2.0 from New Boundary Technologies offers small organizations a simple and cost-effective way to expose potential security problems on Windows-based systems and then remedy them through the application of security policy. The software consists of a number of individual components including a server, database, policy editor and management console, which can be deployed on separate systems if necessary depending on network configuration or administrative needs.

Setting Up

Getting the various pieces of Policy Commander up and running is a relatively painless affair thanks to heavy use of well-designed wizards. We used Policy Commander on a network consisting of a Windows 2003 server and a number of XP Professional desktops.

Once you install the aforementioned foundation components, you must then install client software on the systems you want to manage. Through Policy Commander’s console, you can select the applicable systems and automatically push the client down to them or create an installation file to add manually via a shared network folder, portable media, etc.

The console employs a very clean and well laid-out user interface that shouldn’t require a steep learning curve. With it, you can apply security policies to specific systems, or create organizational groups to do it across multiple systems at once.

New Boundary maintains a Knowledge Base that contains a number of ready-to-use security policy templates you can download and apply to your systems. These include policies designed to meet specific regulatory requirements such as those mentioned at the top of the article, as well as others based on security guidelines developed for specific operating system versions or system configurations (e.g. server, desktop, laptop) by Microsoft or security bodies like the NSA (National Security Agency) and NIST (National Institute of Standards and Technology).

You can either use templates in their entirety, or select the specific parts of a template that apply to your situation. Templates can include anything from deactivating unneeded user rights or network components/services to verifying the presence of the latest operating system patches and service packs to disabling the Print Screen function or preventing the use of USB storage devices. (All of the templates are specific to Windows client and server operating systems like Windows 2000, 2003, XP and Vista.)

To enable a security policy, you select it and then right-click to choose which systems or groups you want it applied to, and once a policy is in effect you can check its status via a tab that indicates which systems and/or groups are in compliance and which aren’t.

Policy Commander screen shot
You can assign policies to individual computers or to groups of systems organized by whatever criteria you wish.
(Click for larger image)

Correcting Non-Compliance

When you find non-compliant systems, you have a number of options ‑ ranging from e-mail notification to automatic enforcement, to manual enforcement – available with a few mouse clicks. If non-compliance is due to missing software, you must remedy the situation directly on the affected system or use a separate software deployment or patch management tool (like New Boundaries own, called PRISM, which is sold separately).

Policy Commander also provides a summary view that gives you at-a-glance compliance status across the entire organization and the software can generate numerous top-level as well as detailed logs and reports for internal and external auditing.

A particularly handy aspect of Policy Commander is its Configuration Groups feature. It automatically organizes your managed systems by a number of pre-defined criteria, such as which operating system revision is in use or which version of Web browser or Microsoft Office is installed. This lets you more easily apply or view policies that are appropriate for only a particular subset of systems. You can also create custom configuration groups using specific criteria you choose. 

Another nice feature of Policy Commander is that policy enforcement doesn’t stop when computers aren’t logged into the network. We found that policies remained in effect even on systems that lacked a network connection, since the client-side component handles the enforcement. 

Policy Commander costs $30 per managed system (up to 100), which puts it within reach of all but the most budget-constrained organizations. You can also download a fully functional copy of the software on a 30-day trial basis, and the company offers prospective customers technical support during the evaluation process.

Policy Commander 2.0 makes applying, enforcing and maintaining security policies on Windows systems much easier and less error prone that attempting to do it manually or through something like the Group Policy feature of Windows servers. If you’re looking to secure your systems with as little time and money as possible, Policy Commander 2.0 is worthy of a close look.

  • Price: $30 per managed computer; a minimum of 100 licenses
  • Pros: easy-to-use interface; attractive pricing
  • Cons: only supports Windows systems; a minimum of 100 licenses

Joe Moran spent six years as an editor and analyst with Ziff-Davis Publishing and several more as a freelance product reviewer. He's also worked in technology public relations and as a corporate IT manager, and he's currently principal of Neighborhood Techs, a technology service firm in Naples, Fla. He holds several industry certifications, including Microsoft Certified Systems Engineer (MCSE) and Cisco Certified Network Associate (CCNA).

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

This article was originally published on Monday Jun 16th 2008
Mobile Site | Full Site