Tools such as Group Policy Objects (GPO) in Active Directory make it easy to enforce consistent authentication...
polices for all members of the Active Directory domain.
In addition, directory services have centralized reporting features for auditing user activity and for producing access management reports required for compliance with regulations like the Sarbanes-Oxley Act (SOX).
Another nice feature of directory services is they can mesh with two-factor authentication systems – one-time password (OTP) tokens, smart cards and biometrics. For stand-alone systems, such configuration would have to be done on each individual workstation.
Using stand-alone authentication systems makes it harder to centralize access management across an organization. It can lead to inconsistent access management policies on different workstations in a network, which would be chaotic in a large company with many users. It would also make tracking users and their access -- and removing stale accounts -- quite difficult.
The only advantage to standalone authentication systems would be if there were only a few desktops or workstations, as in a small company, or for specialized access that needs to be segregated from the rest of the network. A possible scenario would be a workstation dedicated to high-risk transactions or for unique access to an external network.
Unless the cost of Active Directory is prohibitive because of the size of your business, standalone setups aren't recommended.
- Which is more secure: card space or user IDs and passwords? Read more.
- Joel Dubin makes complex password requirements simple.
Dig Deeper on Identity and access management
Related Q&A from Joel Dubin
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures ... Continue Reading
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading