Applying Full Armor to the Network

What would a network administrator's job be without dealing with inexperienced, even negligent end users? Less stressful, yes, but that's your job and you have to deal with it.

To alleviate some of the headaches, there are tools that monitor, block, and protect client machines their less-than-perfect users.

In a recent case study of the Tennessee Valley Authority's (TVA, deployment of Full Armor Zero Administration, or FAZAM, from Full Armor Corp. (, research firm Dataquest ( found that management software, on top of Windows NT/2000 can significantly lower management costs.

The implementation included an initial 100-PC pilot program at the TVA. After a study of the effects, the TVA deployed FAZAM across all 10,000 of its desktops.

Released last month, FAZAM 5.5 includes new features to create policies, lockdown control panels, customize message boxes, generate one-time passwords, and disallow listed CD-ROMs.

FAZAM takes advantage of existing Windows NT technology and adds its own to take a proactive approach to maintain hardware and application configurations.

The FAZAM configuration interface includes a number of Tabs that manage different parts of the user experience. There is now a Templates Tab, which recreates the Microsoft Policy Editor so all policy creation can be done in the Full Armor environment, while still being able to open and edit previously created policies.

The Shell Tab locks down the Control Panel, and enables the administrator to disable items from Windows, such as My Computer, Printers Folder, Dial-up Networking, Explorer, and more.

The Execute Tab includes a feature that lets the Microsoft System Management Server (SMS) agent automatically override a Full Armor protection by listing the process name in the Suspend Protection list. The Drives Tab adds the ability to selectively disallow listed CD-ROMs from being used, while allowing administrators to hide any drive letter from the Explorer user interface.

A new Analysis Tab allows selective Full Armor message boxes to be customized. The Admin Tab added the ability of Log Only Mode, which won't prevent users from violating policies but will log and report violations.

Dataquest's analysis of the TVA implementation finds that from an event-compression perspective, average helpdesk call time was reduced 25 percent.

"Although the TVA's deployment of Full Armor may have disgruntled a few former network Doom combatants, TVA internal satisfaction studies peg end-user satisfaction levels at over 90 percent," states the Dataquest report. The report also warned that most call centers will receive an increase in calls initially as end users reach out to find why they don't have access to the same resources as before.

Dataquest's take on Full Armor is that while the TVA implementation positions the company further into the enterprise market, Full Armor still "lacks the geographic scope and infrastructure required to support hundreds or thousands of end-user accounts." The TVA reports it has accomplished all of its goals with FAZAM, which resulted in estimated annual savings of $8.8 million.