While delegating access in Active Directory is very easy, finding out who is delegated what access in Active Directory is very difficult, time-consuming and error-prone. This is because numerous factors come into play in determining who is delegated what access.
For example, nested groups, inherited versus explicit permissions, effective versus non-effective permissions, allow versus deny permissions etc. all make it very difficult to precisely find out who is delegated what access in Active Directory.
Fortunately, Gold Finger completely automates the entire process of determining resultant access in Active Directory so that IT administrators can instantly and precisely determine who is delegated what access in Active Directory.
In fact, Gold Finger’s automated access assessment capabilities are architected by former Microsoft Program Manager for Active Directory Security and endorsed by Microsoft. It is also the world’s only Active Directory Reporting Tool that can generate 100% accurate security and delegated access reports, and do so at the touch of a button.
For instance, it can instantly determine and reveal exactly who all is delegated the following identity and access management related administrative tasks in Active Directory –
- Who all can create domain user accounts, and in which OUs?
- Who all can delete which domain user accounts?
- Who all can reset the password of which domain user accounts?
- Who all can unlock which locked domain user accounts?
- Who all can enable which disabled domain user accounts?
- Who all can create domain security groups, and in which OUs?
- Who all can delete which domain security groups?
- Who all can modify the membership of which domain security groups?
- Who all can convert which distribution groups into security groups?
- Who all can convert which domain local security groups into global groups?
These reports are very difficult to generate and in fact it can take up to one hour per Active Directory object to manually generate these reports because one needs to take all the above-mentioned factors into account.
There are many tools that can show you where all a user has permissions, but that in fact, is just the starting point, because you still have to simulate the entire Active Directory access check process on your own to accurately determine who is delegated what access in your Active Directory.
With Gold Finger organizations can not only accurately find out who is delegated what access in their Active Directory but do so instantly. In fact it can automatically find out who is delegated what access on which objects in an entire Active Directory domain in a single assessment.
For more details, and to download the Gold Finger, please visit the Paramount Defenses website.
Thanks,
PD Staff















