Hi AJ,
Unfortunately, there are no noteworthy improvements in this area in
Windows
Server 2008. We did recieve numerous requests for improving specific
aspects
of delegation, but due to time and resources constraints many of these had
to
be postponed.
I do hope that you guys did find the simple tools like dsrevoke and the
delegation paper useful, which we worked hard to deliver at our earliest
convenience.
Some of us have personally made contributions to make improvements in this
area. For starters, in order to help IT admins better understand the many
aspects of delegation, I commissioned the development of a website to
provide
comprehensive information on this subject to the community - <a
href="
http://www.activedirsec.com">
http://www.activedirsec.com</a>.
In addition, at Paramount Defenses Inc, we have developed and delivered
the
world's only accurate delegated access asessment, verification and
reporting
solution for Active Directory, called the <a
href="http:/
www.paramountdefenses.com/goldfinger.php">Gold Finger</a>.
With <a href="
http://www.activedirsec.com">
http://www.activedirsec.com</a>
and <a href="http:/
www.paramountdefenses.com/goldfinger.php">Gold
Finger</a>,
we hope to help organizations efficiently and effectively assess, lockdown
and maintain secure Active Directory delegations, which are fundamental to
organizational security.
This is a very important and sensitive subject from a security
perspective,
and we hope wish organizations well in their efforts to run a secure
Active
Directory infrastructure based on the principle of least privilege.
Best wishes,
<a href="
http://www.sanjaytandon.com">Sanjay Tandon</a>
Formerly Microsoft Program Manager for Active Directory Security,
(Author of Microsoft's official whitepaper on Delegation in Active
Directory)
__________ Information from ESET Smart Security, version of virus
signature database 4148 (20090611) __________
The message was checked by ESET Smart Security.
http://www.eset.com
