PCShield

Protecting your desktop computers against unwanted access is a major chore. Windows 95 doesn't provide much protection against unwanted access, nor does it let you audit local workstation activity. Windows NT offers some auditing and access control, but room for improvement exists. You don't have to wait for Microsoft to make improvements, however. You can use AXENT Technologies' PCShield, a software add-on that enhances NT and Win95 desktop security. The software adds new features and control mechanisms to your OS's existing security setup. In addi-tion, PCShield scales well and fits into most networks.

Installation
To install PCShield, you must install the software's Security Manager component, build a security database by configuring security settings, and build an installation kit. After I built the security database, I used the installation kit to install PCShield on my client workstations.

To install the Security Manager, I defined an installation directory, and the setup wizard copied all the necessary files into this directory. Then I clicked Security Manager on the Start menu.

When I ran Security Manager for the first time, the software's Getting Started dialog box guided me through each step of creating the security database and installation kit. To create the database, I clicked File, New. Then I defined a password and passphrase for the database, to which only security administrators would have access. I defined a directory path to store the database on and I modified the security policies.

PCShield has eight built-in security policy templates for desktop, notebook computer, and Microsoft Office users. The software also includes a standard system security policy template, as Screen 1 shows. You can configure PCShield to accommodate a range of user needs. For example, to prevent users from placing malicious software on your company's systems, you can configure PCShield to let only programmers create files with extensions ending in .exe and .dll.

For my test, I modified an existing desktop template to provide security for my network. After I defined the policies, I added users who were authorized to access PCShield-enabled systems. I also defined groups and assigned these groups to workstations. PCShield's user-group architecture is similar to NT's architecture. However, the software's architecture doesn't integrate into NT's user database, so you might need a substantial amount of time to add more than a dozen users.

PCShield doesn't have an interface you can use to import user information from NT servers. You can use the software's import facility to import workstation and user information from text files, but you must create a comma-delimited text file before you can import the files. You can use a Microsoft Windows NT Server 4.0 Resource Kit tool to dump a list of users out to a file.