Active Directory ACL Management Security Permissions Reports
Gold Finger offers the following Active Directory based access control list (ACL) / security permissions management reports –
|
NOTE – If you have yet to generate access reports in your Active Directory environment, in all likelihood, there are far great risks that your Active Directory is exposed to today, than the simplistic risks you may be looking to identify and mitigate via these basic security reports.
In fact, your Active Directory may be substantially exposed to the risk of swift and complete compromise.
|
 Gold Finger automatically displays the Object-Type of and the total ACE count for the security principal on each object.
- All Active Directory objects on which a security principal has any permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has any permissions specified.
- All Active Directory objects on which a security principal has Allow permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has any type of Allow permissions.
- All Active Directory objects on which a security principal has Deny permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has any type of Deny permissions.
- All Active Directory objects on which a security principal has Explicit permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has any type of Explicit permissions.
- All Active Directory objects on which a security principal has Inherited permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has any type of Inherited permissions.
- All Active Directory objects on which a security principal has List Child permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has List Child permissions for a specific object class or any class of child objects.
- All Active Directory objects on which a security principal has List Object permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has List Object permissions for a specific object class or any class of child objects.
- All Active Directory objects on which a security principal has Read Property permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Read Property permissions for a specific property, for any property or for all properties.
- All Active Directory objects on which a security principal has Write Property permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Write Property permissions for a specific property, for any property or for all properties.
- All Active Directory objects on which a security principal has Create Child permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Create Child permissions for a specific object class, for any object class or for all object classes.
- All Active Directory objects on which a security principal has Standard Delete permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Standard Delete permissions.
- All Active Directory objects on which a security principal has Delete Child permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Delete Child permissions for a specific object class, for any object class or for all object classes.
- All Active Directory objects on which a security principal has Delete Tree permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Delete Tree permissions.
- All Active Directory objects on which a security principal has Read Permissions permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Read Permissions permissions, which would let the security principal read the object's access control list.
- All Active Directory objects on which a security principal has Modify Permissions permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Modify Permissions permissions, which would let the security principal changed the object's access control list.
- All Active Directory objects on which a security principal has Modify Owner permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Modify Owner permissions, which would let the security principal modify the object's ownership.
- All Active Directory objects on which a security principal has Extended Right permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Extended Rights permissions (such as Reset-Password) for a specific extended right, for any extended right or for all extended rights.
- All Active Directory objects on which a security principal has Validated Write permissions
This report lets you identify all objects in an Active Directory domain, container or organizational unit on which a security principal (i.e. any domain user/computer account, security group, or well-known SID) has Validated Write permissions (such as Validated-DNS-Host-Name) for a specific validated write, for any validated write or for all validated writes.
|
|
|
