Paramount Defenses Company | Leadership | Products | Solutions | Partners | Privileged Access Insight | Support | News | Careers | Blog | Contact 100%
Gold Finger
for Active Directory  
Gold Finger
| Security
Audit Tool
| Membership
Reporting Tool
| Token-Size
| ACL Viewer
& Exporter
| Permissions
| Effective Permissions 
& Access Calculator
| Administrative Access 
& Delegation Audit Tool
| Gold Finger
| Golden

Active Directory Permissions Analyzer

The world's most capable, granular and intuitive Active Directory Permissions Analyzer.

How  do you audit -

  1. Who has what permissions in Active Directory?
  2. Where does a user/group have permissions in Active Directory?
  3. What permissions does a user/group have in Active Directory?

    Answer:  Perform Active Directory Permissions Analysis

Note: If you're trying to audit who has what privileged access in Active Directory, you need to audit effective permissions in Active Directory. Auditing "who has what permissions in Active Directory" is not the same as auditing "who has what effective permissions in Active Directory."

There are several vendors who claim that their solutions can audit privileged access in Active Directory, when in fact the all their solutions can do is audit Active Directory security permissions. As stated in the note above, there is a substantial (orders of magnitude) difference between finding out "who has what permissions" and "who has what effective permissions" in Active Directory.

The only correct way to audit privileged access involved determining effective permissions / effective access in and across Active Directory. Organizations that rely on finding out "who has what permissions" in Active Directory to audit privileged access, could end up with substantially inaccurate data, reliance upon which could leave them vastly exposed and vulnerable to compromise.

Our advanced Active Directory Permissions Analyzer empowers organizations to easily and trustworthily
fulfill all their cyber security, audit and compliance driven Active Directory permissions analysis needs.

Active Directory Permissions Analyzer

Gold Finger Active Directory Permissions Analyzer

Sample Output Sample Output

"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."

– Charles Coats, Senior Product Manager,
Identity and Security Business Group


Organizations worldwide have a need to be able to audit and analyze the state of access provisioned in Active Directory to maintain foundational security and demonstrate regulatory compliance.

Active Directory Permissions Analysis

Our Gold Finger Active Directory Permissions Analyzer was designed to empower organizations fulfill this exact need.

It can instantly, accurately and trustworthily audit

  • Who has what security permissions in Active Directory, where and how.
  • What permissions does a specific user or group have in Active Directory, where and how.
  • Where in an Active Directory does a specific user or group have what permissions, and how.
  • How does a specific user or group have specific permissions in Active Directory, and where.
  • Which security permissions are granted or denied to whom in Active Directory, where and how.

In fact, only Gold Finger is designed by former Microsoft Program Manager for Active Directory Security, endorsed by Microsoft
and trusted by the world's top organizations. It is the world's most capable, valuable and trustworthy Active Directory Audit Tool.

Technical Features

Gold Finger embodies innovative features designed to help organizations effortlessly perform Active Directory Permissions Analysis –

  1. Instant, Rapid Analysis and Enterprise Scalability – Analyze entire Active Directory domains within a matter of minutes
  2. Rich Analysis Criteria – Find permissions based on grant type (allow/deny), inheritance (explicit/inherited), permission type
    (e.g. Write Property), security principal (any user, security group or well-known security principal) and scope.
  3. Group Membership Inclusion – Automatically include the impact of group memberships when analyzing permissions.
  4. Blanket Permission Inclusion – Effortlessly include the impact of blanket permissions (e.g. All Extended Rights, Full Control etc.)
  5. Real-time Schema Availability – Specify any class, attribute or extended right defined in the Schema.
  6. Depth Control – Restrict the scope of any tree based analysis up to a depth of 10 levels.
  7. Custom LDAP Filters – Customize the scope of analysis by using a custom LDAP filter (e.g. (objectClass=organizationalUnit).)
  8. LDAP Filter Library – Create and use a custom LDAP filter library to make periodic audits easy.
  9. Analysis Exports – Export analysis results for offline analysis, sharing, audit report submission and archival.
  10. DC Specific Analysis and Alternate Credential Use – Target any Domain Controller, and use alternate credentials .
Real-World Examples

The following are some real-world examples that illustrate the capabilities of our Gold Finger Active Directory Security Audit Tool –

  1. Identify all security principals that have any permissions granted anywhere in the Corp domain.
  2. Identify all security groups that have All Extended Rights granted anywhere in the Corp domain.
  3. Identify all users that have the Reset Password Extended right granted on any domain user accounts in the Executives OU.
  4. Identify all security principals that have Delete permissions granted on any organizational unit (OU) in the Corp domain.
  5. Find out if the Temporary Contractors group is granted any security permissions anywhere in the Corp domain.
  6. Find out which security permissions, if any, are granted to John Doe anywhere in the Production OU.
  7. Find out which users are explicitly granted the Create Child - User permission anywhere in the Headquarters OU.
  8. Find out who has Deny permission granted anywhere in the Corp domain, and whether they are Explicit or Inherited.
  9. Determine whether John Doe has Write Property - Member permissions on any administrative group in the Corp domain.
  10. Determine who has Send As permissions granted on the CEO's mail-enabled domain user account.
Benefits and Solutions

Our Gold Finger Active Directory Security Audit Tool delivers the following valuable and measurable benefits –

  1. Obtain instant, on-demand, real-time insight into the state of all security permissions provisioned in Active Directory.
  2. Quickly analyze Active Directory security permissions to find specific permissions based on any criteria of your choice.
  3. Analyze Active Directory permissions to audit all privileged user access rights and delegated permissions in Active Directory.
  4. Easily audit who has what security permissions where in Active Directory, including permissions granted to a specific user/group.
  5. Easily perform fully customizable Active Directory security permissions audits to fulfill security and regulatory compliance needs.
  6. Maintain security by having 365-24-7 on-demand insight into the complete state of security permissions provisioned in Active Directory.

In addition, Gold Finger also helps organizations implement 5 essential cyber security solutions for –

1. Active Directory Security 3. Attack Surface Reduction 5. Audit and Compliance
2. Privileged Access Audit 4. Insider Threat Protection

As such, only Gold Finger's unique capabilities empower organizations worldwide to fulfill all their Active Directory audit
(i.e. security, membership, permissions, effective permissions/access and effective privileged access audit) needs.

Gold Finger is the Gold Standard for Active Directory Audit Tools in capability, value and trustworthiness.


The following short video demonstrates Gold Finger's highly capable Active Directory permissions analysis and audit capabilities in action –

For optimal viewing, you may want to use the Settings icon above to set the Quality to 720p HD. You can also click the Full Screen icon to view the video in full screen.

Requirements, Licensing and Pricing

The tool can be instantly downloaded, installed and run on any Windows computer in under 2 minutes. Its use does not require any admin privileges or any changes to Active Directory. See FAQ.

The tool can be licensed on a short-term (weekly, monthly, quarterly) as well as a long-term (annual) basis. Short-term licenses are ideal for independent consultants and small projects and long-term licenses are ideal for long-term organizational use. A 1-week, 1-user license for use in 1 domain starts at just US $999 and can be instantly purchased by clicking the Buy Now button below.

"We use the Gold Finger from Paramount Defenses to fulfill our Active Directory Audit needs. It saves us a lot of time and effort and we would recommend it to anyone who needs to perform Active Directory audits trustworthily and cost-effectively. Great product, great support."

– Sean Seeliger, Architect

Active Directory ACL/Permissions Viewer Active Directory ACL/Permissions Viewer
Active Directory Effective Permissions Calculator Active Directory Effective Permissions Calculator

Our Global Customers - Cyber Security Thought Leaders
Who We Are What We Do How We Protect You