Active Directory Security and Active Directory Delegation play a mission-critical role in global security and present an open challenge. A good Active Directory Audit Tool / Active Directory Reporting Tool / Active Directory Auditing Tool / Permissions Analyzer for Active Directory can help Audit Active Directory, generate Active Directory Reports and mitigate Active Directory Risks such as Active Directory Privilege Escalation, and find out who can reset your windows password.
Monday, October 29, 2012
I administer a small Windows Server based network comprised of a few 100 user accounts here in Dubai. Recently we had a situation wherein we needed to find out where all one of our service accounts has permissions in Active Directory, so we went searching for a Permissions Analyzer for Active Directory.
I initially came across a tool called Permissions Analyzer for Active Directory from a company called SolarWinds, so I downloaded it but found that it does not actually analyze permissions in Active Directory, but only does some on files. It was unfortunate that the name seems to be a bit misleading.
So, we went out looking again and I came across a tool called Liza, which is a free Active Directory Security Analysis tool, so we downloaded it and tried it out, but it too could not help us find the exact set of permissions we were looking for.
Upon some more searching on YouTube, I came across a video of a tool called Gold Finger for Active Directory, which too has an Active Directory Permissions Analyzer, so we downloaded a trial and tested it out.
We were quite happy with Gold Finger's permissions analysis capabilities, because it allowed us to do what we wanted to i.e. find out who is delegated what access in Active Directory. We are in the midst of completing our evaluation and if all goes well, should end up getting a license.
I just wanted to share a link to the video I came across as I thought others might find it useful as well.
If you're looking for a comprehensive Active Directory Permissions Analyzer, I recommend checking out the Gold Finger. You can download it from - Permissions Analyzer for Active Directory Download.