
2007	2008	2009


	Start Here

	Overview

	Uniqueness

	Vital Need

	Audience

	Features

	Benefits

	Solutions

	Reports

	Editions

	Resources

	Demo

	Trial

	Sales

Only Gold Finger can generate accurate Active Directory resultant-access reports, and basic security reports.


	Mission-Critical Access Reports	Top 100 Reports	Simple Basic Security Reports

User Account Management Resultant Access Reports

Active Directory domain user account management resultant access reports are absolutely essential for identity, security and access management as well as for demonstrating regulatory compliance.

Active Directory User Account Management Resultant Access Reports

Gold Finger offers the following Active Directory based domain user account management resultant (i.e. effective/delegated) access reports –

Who can create domain user accounts?

This Active Directory resultant access report reveals exactly who can create user accounts in Active Directory, where they can create them (i.e. in which OUs / containers), and how (i.e. based on which security permissions.)

Who can delete domain user accounts?

This Active Directory resultant access report reveals exactly who can delete user accounts in Active Directory, which accounts they can delete, and how (i.e. based on which security permissions.)

Who can reset user account passwords?

This Active Directory resultant access report reveals exactly who can reset user account passwords in Active Directory, whose passwords they can reset, and how (i.e. based on which security permissions.)

Who can disable/enable user accounts?

This Active Directory resultant access report reveals exactly who can disable/enable user accounts in Active Directory, which accounts they can disable/enable, and how (i.e. based on which security permissions.)

Who can unlock locked user accounts?

This Active Directory resultant access report reveals exactly who can unlock locked user accounts in Active Directory, which accounts they can unlock, and how (i.e. based on which security permissions.)

Who can change the expiration date of user accounts?

This Active Directory resultant access report reveals exactly who can change the expiration date of user accounts in Active Directory, which accounts' expiration dates they can change, and how (i.e. based on which security permissions.)

Who can disable/enable the requirement of a smart card for interactive logon by user accounts?

This Active Directory resultant access report reveals exactly who can change the Smart card is required for interactive logon account option on user accounts in Active Directory, which accounts' they can change this option on, and how (i.e. based on which security permissions.)

Who can force users to change their user account passwords at next logon?

This Active Directory resultant access report reveals exactly who can force users of Active Directory accounts to change their passwords, which user accounts they can force a password change on, and how (i.e. based on which security permissions.)

Who can prevent users from changing their user account passwords?

This Active Directory resultant access report reveals exactly who can prevent users of Active Directory accounts from changing their passwords, which user accounts they can prevent a password change on, and how (i.e. based on which security permissions.)

Who can change the logon name of user accounts?

This Active Directory resultant access report reveals exactly who can change the user logon name of user accounts in Active Directory, which accounts' user logon names they can change, and how (i.e. based on which security permissions.)

Who can change the Pre-Windows 2000 user logon name of user accounts?

This Active Directory resultant access report reveals exactly who can change the Pre-Windows 2000 user logon name of user accounts in Active Directory, on which accounts, and how (i.e. based on which security permissions.)

Who can change the logon hours of user accounts?

This Active Directory resultant access report reveals exactly who can change the logon hours of user accounts in Active Directory, which accounts' logon hours they can change, and how (i.e. based on which security permissions.)

Who can change the logon workstations of user accounts?

This Active Directory resultant access report reveals exactly who can change the logon workstations of user accounts in Active Directory, which accounts' logon workstations they can change, and how (i.e. based on which security permissions.)

Who can change the profile path for user accounts?

This Active Directory resultant access report reveals exactly who can change the profile path of user accounts in Active Directory, which accounts' profile paths they can change, and how (i.e. based on which security permissions.)

Who can change the logon script for user accounts?

This Active Directory resultant access report reveals exactly who can change the logon script of user accounts in Active Directory, which accounts' logon scripts they can change, and how (i.e. based on which security permissions.)

Who can change alternate security identities (name mappings) associated with user accounts?

This Active Directory resultant access report reveals exactly who can change the name mappings associated with user accounts in Active Directory, which accounts' name mappings they can change, and how (i.e. based on which security permissions.)

Who can change whether or not user accounts are sensitive and cannot be delegated?

This Active Directory resultant access report reveals exactly who can change the Account is sensitive and cannot be delegated account option on user accounts in Active Directory, which accounts they can change this option on, and how (i.e. based on which security permissions.)

Who can change whether or not DES encryption types should be used for user accounts?

This Active Directory resultant access report reveals exactly who can change the Use DES encryption types for this account account option on user accounts in Active Directory, which accounts they can change this option on, and how (i.e. based on which security permissions.)

Who can change whether or not Kerberos pre-authentication is required for user accounts?

This Active Directory resultant access report reveals exactly who can change the Do not require Kerberos preauthentication security setting on user accounts in Active Directory, which accounts they can change this option on, and how (i.e. based on which security permissions.)

Who can change the first name of user accounts?

This Active Directory resultant access report reveals exactly who can change the first name of user accounts in Active Directory, which accounts' first names they can change, and how (i.e. based on which security permissions.)

Who can change the last name of user accounts?

This Active Directory resultant access report reveals exactly who can change the last name of user accounts in Active Directory, which accounts' last names they can change, and how (i.e. based on which security permissions.)

Who can change the display name of user accounts?

This Active Directory resultant access report reveals exactly who can change the display name of user accounts in Active Directory, which accounts' display names they can change, and how (i.e. based on which security permissions.)

Who can change the description of user accounts?

This Active Directory resultant access report reveals exactly who can change the description of user accounts in Active Directory, which accounts' descriptions they can change, and how (i.e. based on which security permissions.)

Who can change the office location of user accounts?

This Active Directory resultant access report reveals exactly who can change the office location of user accounts in Active Directory, which accounts' office locations they can change, and how (i.e. based on which security permissions.)

Who can change the organizational title of user accounts?

This Active Directory resultant access report reveals exactly who can change the organizational title of user accounts in Active Directory, which accounts' organizational titles they can change, and how (i.e. based on which security permissions.)

Who can change the organizational department of user accounts?

This Active Directory resultant access report reveals exactly who can change the organizational department of user accounts in Active Directory, which accounts' organizational departments they can change, and how (i.e. based on which security permissions.)

Who can change the organizational manager for user accounts?

This Active Directory resultant access report reveals exactly who can change the organizational manager of user accounts in Active Directory, which accounts' organizational managers they can change, and how (i.e. based on which security permissions.)

Who can change the picture associated with user accounts?

This Active Directory resultant access report reveals exactly who can change the picture associated with user accounts in Active Directory, which accounts' pictures they can change, and how (i.e. based on which security permissions.)

Who can change the security permissions protecting user accounts?

This Active Directory resultant access report reveals exactly who can change the security permissions (ACL) protecting user accounts in Active Directory, which accounts' security permissions they can change, and how (i.e. based on which security permissions.)


	Account Management

	Computer Management

	Group Management

	OU Management

	Container Management

	SCP Management

	GPO Management

	Contact Management

	Printer Management

	Domain Security Policy Management


	Top-100 Reports (Downloadable pdf)

Who We Are

What We Do

How We Protect You