Monday, October 29, 2012

Permissions Analyzer for Active Directory

I administer a small Windows Server based network comprised of a few 100 user accounts here in Dubai. Recently we had a situation wherein we needed to find out where all one of our service accounts has permissions in Active Directory, so we went searching for a Permissions Analyzer for Active Directory.

I initially came across a tool called Permissions Analyzer for Active Directory from a company called SolarWinds, so I downloaded it but found that it does not actually analyze permissions in Active Directory, but only does some on files. It was unfortunate that the name seems to be a bit misleading.

So, we went out looking again and I came across a tool called Liza, which is a free Active Directory Security Analysis tool, so we downloaded it and tried it out, but it too could not help us find the exact set of permissions we were looking for.

Upon some more searching on YouTube, I came across a video of a tool called Gold Finger for Active Directory, which too has an Active Directory Permissions Analyzer, so we downloaded a trial and tested it out.

We were quite happy with Gold Finger's permissions analysis capabilities, because it allowed us to do what we wanted to i.e. find out who is delegated what access in Active Directory. We are in the midst of completing our evaluation and if all goes well, should end up getting a license.

I just wanted to share a link to the video I came across as I thought others might find it useful as well.

If you're looking for a comprehensive Active Directory Permissions Analyzer, I recommend checking out the Gold Finger. You can download it from - Permissions Analyzer for Active Directory Download.



  1. Hi Armen,

    I just wanted to add that while its helpful to be able to analyze permissions in Active Directory, you still have to do some work to try and find out who is actually delegated what access on an Active Directory object.

    I just shared a note on How to Find Out Who is Delegated What Access on an Active Directory Object? and the funny thing is my solution involves using Gold Finger as well.

    I don't know if you've tried its Effective Delegated Access Reports capability, but that's what I'm using to get the job done.


  2. Hi Abdul,

    Active Directory Security is critical to organizational security today and the need to know who has what access in Active Directory has become critical today.

    I fully agree that a good Permissions Analyzer for Active Directory can help identify, lockdown and audit security permissions in Active Directory quickly and efficiently.

    I recently came across a helpful post on How to View Active Directory (AD) Security Permissions and Perform ACL / Permissions Analysis so I thought I'd share it with you.