Better than native Active Directory delegation?
The Active Directory in Windows 2000 and Windows Server 2003 offers
object-based delegation of authority. The design of this system allows
for nearly unlimited granularity, so that you can even assign the permission
to change only ZIP codes. Administation and management of this system is
time-consuming and does not produce a clear overview of delegated permissions.
Furthermore, it doesn't work on Windows NT4 or Exchange 5.5 based environments.
See the comparison details below.
Comparison Table
|
|
|
Active Directory
|
Forms & Delegation
|
Support for Windows NT4
|
None, the Active Directory Delegation of Control
Wizard supports delegated control over Active
Directory objects
|
Yes, Forms & Delegation allows delegation of tasks
rather than objects. Tasks can be performend on user
objects from Active Directory or Windows NT4.
|
Delegate control over resources
|
Limited, while native Active Directory delegation can
enable a helpdesk user to create a mailbox, home directory
creation and setting permissions cannot be delegated
|
Yes, Forms & Delegation allows delegation of tasks
rather than objects. Tasks can contain any combination
of resources such as mailboxes, group memberships and
home directories with shares and permissions
|
Task based delegation
|
The Active Directory Delegation of Control Wizard delegates
authority over Active Directory objects. The administrator
has to compose MMC Snap-ins to enable a helpdesk user
to perform the task. Delegating a "create user" task
in the Active Directory requires the delegation of authority
over various objects.
|
Forms & Delegation lets you compose your custom
task. A "create user" task can contain the
actions to create a user account in a specific OU, set
appropriate group memberships, create a home directory
and create an Exchange mailbox.
|
Customizable user interface
|
Limited, the Active Directory allows for management
through MMC Snap-ins. These small tools can be customized
to the extent that a helpdesk user only sees the delegated
objects. All properties and configuration settings will
still be visible, however they can be disabled.
|
Forms & Delegation lets you assign a form to a
task. A "create user" task would only require
input fields for first, middle and last name, and a job
type or location selection to determine OU location,
home server and mailbox store automatically. The helpdesk
user only sees exactly what he/she needs to do. Learn
more...
|
Security
|
Uses the Windows authentication model, which takes
the logged on user when you start the management tools
to perform tasks.
|
Uses the Windows authentication module which takes the
logged on user by default when you operate the Windows
Forms client. This client connects to the Delegation
engine, downloads and executes Forms submitted by a delegated
user. The Windows Web client (coming soon) will feature
SSL encryption.
|
Name and password generation
|
None, the Active Directory does not support automatic
name and password generation
|
Forms & Delegation allows for complex name and
password generation, such as usernames, display names,
smtp e-mail addresses and random passwords based on complexity
rules. Name generation features advanced formatting functions
and duplicate handling. Learn
more...
|
Configuration and management overhead
|
Using the Active Directory Delegation of Control
Wizard is relatively easy, but management afterwards
causes a lot of overhead. Configuring additional users
or groups to the same object priviliges is not possible
without running the wizard again and there is no clear
view on who is delegated to do what.
|
Users and groups are directly assigned to forms which
are connected to tasks. This provides a transparent view
of which user or group is allowed to do which task.
|
|
|
I have some questions, can you guide me through?
Of course, we are so convinced that User Management Resource Administrator
works for your environment whatever the size, we can show you the product
and its capabilities in just 30 minutes in our own test facility for free!
