Active Directory Effective Permissions Calculator
Instantly and accurately calculate Active Directory effective permissions on any Active Directory object, in any partition, at the touch of a button.
Active Directory Effective Permissions Calculator
Overview
Organizations have a mission-critical cyber security need to be able to accurately audit effective permissions in Active Directory to audit, secure and defend Active Directory, to control and lockdown privileged access in Active Directory, to implement Privileged Access Management (PAM), to attain and maintain Least Privileged Access (LPA) and Zero Trust, to securely manage identities and access in AD, and to fulfill Governance Risk and Compliance (GRC) requirements.
Active Directory Effective Permissions Calculator is a unique tool designed by former Microsoft Program Manager for Active Directory Security to help IT groups and personnel easily, instantly and trustworthily fulfill this need.
It automates the accurate determination of effective permissions (aka effective access) on Active Directory objects, to help identify exactly who actually has what access on an Active Directory object, and how, all at the touch of a button.
Features
Accurate Effective Permissions Analysis
Accurately calculate effective permissions on Active Directory objects
Complete Effective Permissions Analysis
Determine complete set of effective permissions allowed on an AD object
Real-time Fully-Automated Analysis
Instantly determine effective permissions on any AD object in real-time
Source Identification
Identify the exact permission that entitles a user to an effective permission
Export to CSV
Export effective permissions data for analysis, comparison and archival
Technical Summary
Active Directory Effective Permissions Calculator accomplishes the rare technical feat of automating the accurate determination of effective permissions on individual Active Directory objects, to help identify exactly who actually has what access on any and every object in any Active Directory partition, as well as identifying how they have this access.
Benefits
Accurately Audit AD Effective Permissions
Accurately calculate effective permissions on AD objects
Audit Privileged Access on AD objects
Find out who actually has what privileged access on AD objects
Secure Your Foundational Active Directory
Assess and lockdown access on your entire AD attack surface
Complete Steps 1, 2 and 3 of your PAM Journey
Accurately discover privileged users in AD, secure them and control access
Demonstrate Regulatory Compliance
Correctly demonstrate compliance concerning privileged access in AD
Example Reports
The following real-world examples illustrate the Active Directory Effective Permissions Calculator's unique capabilities -
- Find out exactly who has what effective permissions on the Domain Admins privileged group in Active Directory.
- Determine exactly who has Write Property - Member effective permissions on the Domain Admins group.
- Find out exactly who has Change Schema Master extended right effective permissions on the Schema partition root.
- Find out exactly who has Get Replication Changes All extended right effective permissions on the domain root object.
- Identify exactly who has Delete or Delete Tree effective permissions on a top-level OU containing thousands of objects.
- Determine exactly who has Create Child - User effective permissions on a top-level organizational unit in Active Directory.
- Find out exactly who has Modify Permissions effective permissions on the domain root object or on the AdminSDHolder object.
- Find out exactly who has Write Property - userAccountControl effective permissions on a critical server's domain computer object.
- Determine exactly who has Apply Group Policy extended right effective permissions on the Domain Controllers organizational unit.
- Determine exactly who has Reset Password extended right effective permissions on the default Administrator domain user account.
Requirements and Licensing
Active Directory Effective Permissions Calculator can be instantly downloaded, installed and run on any Windows computer. Its use does not require any admin privileges, any changes to or any knowledge of Active Directory.
The tool is licensed on a subscription model, and can be licensed on an annual basis.
Our Global Customers