Network Computingwww.networkcomputing.com

We were pleased that bv-Control supports a wide variety of OSs; we tested with Windows 2000 Pro and Server, Red Hat Linux 7.3 and Solaris 8--the latter two required agents. Within a few minutes of a successful install we were happily generating reports using the many predefined formats and figuring out ad hoc queries. The reports were readable, though not as informative as those generated by Symantec's Enterprise Security Manager or Configuresoft's Security Update Manager.

Reports could be run against all the computers in the domain at this point, but sometimes we wanted to run reports against a subset. "Scopes" define a subset of targets and act as a grouping mechanism. Computers can be added manually to a scope--an easy process--but we preferred Configuresoft's approach of defining a scope according to properties, so computers are automatically added per group.

Generating basic reports was painless using one of the canned formats: We set the scope and ran the report; bv-Control remotely queried the target computers and gathered the data. Targets that were unreachable showed up as errors. We liked that we could export reports to a variety of formats and data sources. And we customized several reports with the scope and report format and saved to a personal or shared folder.

Pricing click to enlarge

Although bv-Control doesn't have an internal scheduler, any scheduler, including Microsoft's, can be used to run reports. We created a task list (a list of reports to be run) that included reports that discovered user accounts that were due to expire in 15 days, had not logged in for 30 days, or had been locked out. We defined the credential database that would be used and the scope of the reports, and we defined the report format. Then, in Microsoft's Scheduler, we created the task, which called a bv-Control command-line program, and passed the task list as an argument.

Policy Operations Center is a hosted service that let us create a written security policy and distribute it to our end users. Several templates are available, or we could import our own policy. End users log into the site, read the policy, and acknowledge that they read it. Unfortunately, when we went to the selected URL in the guise of an end user, we were prompted to supply only a first and last name and an e-mail address. No authentication is required, and to make matters worse, there isn't a way to compare a list of users who should read the policy against a list of users who did read the policy. BindView told us that this feature will be available in a future release. In our opinion, for thirty-five grand, user authentication and tracking should be standard.

Coming in on the low side of the middle tier, cost-wise, bv-Control has a lot of features for a good price. If we add in the $35,000 for a one-year subscription to Policy Operations Center, the total jumps to the high end of the middle-tier pricing--$171,858 for the first year.

bv-Control 7.2 and Policy Operations Center 4.2, BindView Corp., (800) 813-5869. www.bindview.com