Paramount Defenses Company | Leadership | Products | Solutions | Partners | Privileged Access Insight | Support | News | Careers | Blog | Contact 100%
Gold Finger
for Active Directory  
Gold Finger
| Security
Audit Tool
| Membership
Reporting Tool
| Token-Size
| ACL Viewer
& Exporter
| Permissions
| Effective Permissions 
& Access Calculator
| Administrative Access 
& Delegation Audit Tool
| Gold Finger
| Golden

Active Directory ACL Viewer & Exporter

The world's most advanced Active Directory ACL Viewer and Exporter.

How  can Active Directory Admins and Auditors easily -

  1. Analyze Active Directory ACLs (Access Control Lists)
  2. Review security permissions in Active Directory ACLs
  3. Export (dump) the ACLs of all objects in a domain

    Answer:  Perform Active Directory ACL Analysis and Export

Note: If you're trying to audit who has what privileged access in Active Directory, the only correct way to do so is to audit effective permissions in Active Directory.

Active Directory Permissions Viewer

Our Active Directory ACL / Security Permissions Viewer and Exporter empowers organizations to easily
and trustworthily view, analyze and export Active Directory access control lists and security permissions.

Active Directory ACL/Permissions Viewer and Exporter

Gold Finger Active Directory ACL/Permissions Viewer and Exporter

Sample Output Sample Output

Active Directory ACL/Permissions Viewer

Gold Finger Active Directory ACL/Permissions Exporter

Sample Output Sample Output

"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."

– Charles Coats, Senior Product Manager,
Identity and Security Business Group


Organizations worldwide have a need to be able to view, analyze and export the access control lists (ACLs) that each individually serve to protect the entirety of all their Active Directory objects.

Active Directory ACL Security Permissions Viewer

Our Gold Finger Active Directory ACL/Permissions Viewer and Exporter was designed to empower organizations fulfill this exact need.

It can instantly, accurately and trustworthily audit Active Directory ACLs and –

  • Obtain a highly-detailed, fully-sortable view of the access control list (ACL) of any Active Directory object.
  • Analyze an Active Directory object's ACL by being able to sort it by any field (e.g. Type, Security Principal etc.)
  • Sort an Active Directory object's ACL by any of the 13 generic permission types (e.g. Create Child, Delete etc.)
  • Export/dump an Active Directory object's ACL for detailed offline-analysis, comparison, audit and archival.
  • Export/dump the ACLs of any, some or all Active Directory objects in any Active Directory partition.

In fact, only Gold Finger is designed by former Microsoft Program Manager for Active Directory Security, endorsed by Microsoft
and trusted by the world's top organizations. It is the world's most capable, valuable and trustworthy Active Directory Audit Tool.

Technical Features

Gold Finger embodies innovative features designed to help organizations effortlessly perform Active Directory ACL/Permission Audits –

  1. Complete View – Obtain a complete, fully sortable view of the ACL (both DACL and SACL) of any Active Directory object
  2. Detailed View – Obtain a detailed view wherein every ACL field is expanded into individually sortable columns for easy analysis.
  3. ACL Exports – Export the complete ACL of an Active Directory object for analysis, comparison, archival and audit.
  4. Tree-wide ACL Exports * – Export/dump the ACLs of all Active Directory objects in an Active Directory tree (e.g. OU or domain).
  5. Advanced ACL Export Options * – Export only those ACLs that are marked Protected or owned by a specific user or group.
  6. Scope and Depth Control * – Restrict the scope of tree-wide ACL exports up to a depth of 10 levels from the specified target.
  7. Custom LDAP Filters * – Use a custom LDAP filter to have only the ACLs of specific Active Directory objects be exported.
  8. LDAP Filter Library * – Define and use a custom LDAP filter library of up to 50 filters to make periodic exports easy.
  9. DC Specific Analysis and Alternate Credential Use – Target any Domain Controller and use alternate credentials.

    * This feature is only available when this tool is licensed as a part of the 005 edition of Gold Finger.

Real-World Examples

The following real-world examples illustrate the capabilities of our Gold Finger Active Directory Security Permissions/ACL Viewer & Exporter –

  1. Alphabetically sort the ACL on the AdminSDHolder object to enumerate all security principals for whom access is specified.
  2. Identify every permission in the ACL on the builtin Administrators group object that grants Write Property - Member permissions.
  3. Export/dump the entire ACL on the Enterprise Admins group object to furnish it as evidence for a regulatory compliance report.
  4. Identify every permission in the ACL on the Corporate OU object that grants a user or group Create Child permissions.
  5. Enumerate the list of all security permissions in the ACL of the Help Desk Operators object that are Explicit in nature.
  6. Instantly dump/export the security permissions/ACLs of all objects contained in any Active Directory domain/partition.
  7. Easily dump/export the security permissions/ACLs protecting all executive (e.g. CEO, CFO etc.) and privileged user accounts.
  8. Instantly dump/export Active Directory security permissions/ACLs protecting all Organizational Units in an Active Directory domain.
  9. Obtain a snapshot of all Active Directory security permissions/ACLs protecting the Configuration, Schema and domain partitions.
  10. Dump/export Active Directory security permissions/ACLs to a file to furnish evidence for a regulatory compliance or security audit.
Benefits and Solutions

Our Gold Finger Active Directory Security Audit Tool delivers the following valuable and measurable benefits –

  1. Easily analyze the security permissions specified in the ACL (access control list) of any Active Directory object.
  2. Save substantial time and effort by being able to sort Active Directory ACLs by any field, including individual permissions.
  3. Instantly export/dump all Active Directory security permissions for audit, analysis, archival and regulatory compliance reporting.
  4. Export the ACL of any Active Directory object for offline-analysis, data archival and regulatory compliance audit report submission.
  5. Easily obtain a point-in-time snapshot of all the ACLs protecting all Active Directory objects in any Active Directory domain or OU.
  6. Obtain 365-24-7, on-demand, real-time insight into the security permissions protecting all vital IT content stored in Active Directory.

In addition, Gold Finger also helps organizations implement 5 essential cyber security solutions for –

1. Active Directory Security 3. Attack Surface Reduction 5. Audit and Compliance
2. Privileged Access Audit 4. Insider Threat Protection

As such, only Gold Finger's unique capabilities empower organizations worldwide to fulfill all their Active Directory audit
(i.e. security, membership, permissions, effective permissions/access and effective privileged access audit) needs.

Gold Finger is the Gold Standard for Active Directory Audit Tools in capability, value and trustworthiness.


The following short video demonstrates Gold Finger's helpful Active Directory ACL and permissions audit, viewing and export capabilities in action –

For optimal viewing, you may want to use the Settings icon above to set the Quality to 720p HD. You can also click the Full Screen icon to view the video in full screen.

Requirements, Licensing and Pricing

The tool can be instantly downloaded, installed and run on any Windows computer in under 2 minutes. Its use does not require any admin privileges or any changes to Active Directory. See FAQ.

The tool can be licensed on a short-term (weekly, monthly, quarterly) as well as a long-term (annual) basis. Short-term licenses are ideal for independent consultants and small projects and long-term licenses are ideal for long-term organizational use. A 1-week, 1-user license for use in 1 domain starts at just US $199 and can be instantly purchased by clicking the Buy Now button below.

"We use the Gold Finger from Paramount Defenses to fulfill our Active Directory Audit needs. It saves us a lot of time and effort and we would recommend it to anyone who needs to perform Active Directory audits trustworthily and cost-effectively. Great product, great support."

– Sean Seeliger, Architect

Kerberos Token-Size Calculator Kerberos Token-Size Calculator
Active Directory Permissions Analyzer Active Directory Permissions Analyzer

Our Global Customers - Cyber Security Thought Leaders
Who We Are What We Do How We Protect You