Paramount Defenses Company | Leadership | Products | Solutions | Partners | Privileged Access Insight | Support | News | Careers | Blog | Contact 100%
Gold Finger
for Active Directory  
Gold Finger
| Security
Audit Tool
| Membership
Reporting Tool
| Token-Size
| ACL Viewer
& Exporter
| Permissions
| Effective Permissions 
& Access Calculator
| Administrative Access 
& Delegation Audit Tool
| Gold Finger
| Golden

Gold Finger Mini

The world's only accurate password reset
analysis tool for Microsoft Active Directory.

Do you know exactly who can reset your work account's password and login as you today?

Our innovative Gold Finger Mini empowers you to find out exactly who
can reset your and/or anyone's password in Active Directory today.

Gold Finger Mini

Gold Finger Mini

Did You Know ?!

In any IT infrastructure, the security of every individual's user account, from the CEO to the Domain Admin, & from every employee to every contractor, is protected by that user account's password.


Windows Logon

Passwords are often complex and people can sometimes forget their passwords, so the system provides IT personnel the ability to reset a user's password, so that they can help users log back in.

Reset Password

The ability to reset a user's password is governed by a special permission, known as the Reset Password extended right, which can be granted to specific IT users/groups on a user's account.

Reset Password Extended Right

Active Directory provides the ability to precisely delegate administrative access for operations such as Password Resets, but it lacks the ability to help IT groups precisely assess delegated administrative access, & as a result, IT groups can precisely grant specific users the Reset Password extended right, but they cannot precisely assess who is granted this right on any user account.

Over time, as business needs change, so does the state of provisioned access and administrative delegations in Active Directory, and consequently the actual state of access changes dramatically.

Active Directory Delegated Administrators

As a result, today in most Active Directory environments, many more individuals than intended (i.e. than should be able to), can reset the passwords of most Active Directory user accounts.

Malicious perpetrators know that the easiest way to compromise any user's account, and instantly get access to everything that account has access to, is by resetting that user account's password.

Impact of a Password Reset

For instance, as illustrated above, if someone could reset the password of the CEO's account, he could instantly login as the CEO and obtain access to everything the CEO currently has access to.

Since it only takes seconds to reset a password, all that a perpetrator needs to do to compromise an account is to find out who can reset that account's password and target that person's account.

Reset Password User Interface

In fact, it is this simple premise that when iterated, forms the basis of Active Directory Privilege Escalation, the world's #1 cyber security risk that endangers over 85% of all organizations today.

Now, the process of finding out who can reset the password of which domain user account is very difficult and time-consuming today, because it requires deep security expertise. Technically speaking, it requires the ability to be able to accurately determine effective permissions/access on Active Directory domain user accounts, which is very difficult to accomplish with 100% accuracy.

Active Directory Effective Permissions

Active Directory's inbuilt Effective Permissions/Access calculator is self-admittedly inaccurate, & at best it can show an approximation of what effective permissions a specified user has on an Active Directory object. Thus, if an organization had 1,000 user accounts, one would have to manually enter 1,000 user account names to approximately determine who can reset 1 account's password.

If it were possible to easily find out exactly who can reset whose password in Active Directory, organizational IT teams and employees could easily find out exactly who can reset whose passwords, including who can reset the passwords of their own domain user accounts, and use this valuable security intelligence to help enhance the security of all their Active Directory domain user accounts.

Password Reset Analysis Tool

Gold Finger Mini makes it possible for anyone to instantly find out exactly who can reset any domain user account's password in any Active Directory domain, within seconds, at a button's touch.

Powerful Insight

Gold Finger Mini embodies our unique, patented effective access assessment technology and empowers organizational IT teams and all organizational employees to instantly find out exactly

Powerful Cyber Security Insight

    1. Who can reset the password of their own domain user accounts?
    2. Who can reset the password of the domain user account of any other user, including those of contractors, administrators and executives?

In addition, to help IT personnel and employees prove their findings, it also includes a built-in password reset capability which can be used to reset the password of any* domain user account.

Unmatched Ease of Use

If you can touch a button, you can instantly find out exactly who can reset whose password...

Touch Of A Button's really as simple as that.           


Gold Finger Mini is available in one free edition and three paid editions. For more information on the various licensing options for its paid editions, or to buy a license, please click here.

Free Edition Download

You can now instantly deploy and use Gold Finger Mini in any
Active Directory deployment in the world, within 2 minutes ...'re just moments away from finding out           
how many people can reset your password.         

Security Audit Tool Security Audit Tool

Our Global Customers - Cyber Security Thought Leaders
Who We Are What We Do How We Protect You