December 10, 2012

How to View Active Directory Permissions Easily and Instantly

Folks,

In today's post, I will show you just how easy it is to view, analyze and export Active Directory security permissions / access rights/ ACLs with the world's best Active Directory ACL Viewer and ACL Exporter. IT admins often have a need to be able to view Active Directory permissions / ACLs and analyze them to find out who has what rights on an Active Directory object, or to find out who is delegated what rights on an Active Directory object.

Active Directory Security Permissions


How to View Active Directory Permissions Easily

The ACL Viewer capability of the Gold Finger Active Directory Audit Tool lets you instantly view, analyze and export the permissions granted on any Active Directory object at the touch of a button.


How to View Active Directory Permissions Easily


Here's how easy it is to view the security permissions in the ACL of an Active Directory object -
  1. Launch Gold Finger
  2. Select the ACL Viewer Capability
  3. Select the report - View the ACL of an Active Directory object
  4. Specify the DN of the Active Directory object in the scope field
  5. Press the Gold Finger button.

That's it.

Gold Finger instantly retrieves and displays the complete ACL of the Active Directory object, including all the fields listed below.

Active Directory Permissions Fields Displayed -
  1. Type - Allow / Deny
  2. Security Principal
  3. Permissions  
  4. Attribute/Class
  5. Inheritance
  6. Applies To

Detailed Security Permissions Analysis View

Gold Finger is the also the world's only ACL Viewer that displays each of the thirteen unique Active Directory permissions in their own individual columns, thus letting you easily sort the entire ACL of the Active Directory object by permission-type and thus find all ACEs that grant a specific kind of permission, such as Create-Child, or Extended-Right etc.

Active Directory Permissions Displayed in Individual Columns


List of Active Directory Security Permissions Displayed in Individual Columns

In fact, here is the list of the 13 different types of Active Directory Security permissions, that Gold Finger displays in individual columns for instant, reliable and effortless analysis -
  1. List Child (LC) permissions
  2. List Object(LO) permissions
  3. Read Control(RC) permissions
  4. Read Property (RP) permissions
  5. Write Property (WP) permissions
  6. Create Child(CC) permissions
  7. Delete Child(DC) permissions
  8. Standard Delete (SD) permissions
  9. Delete Tree (DT) permissions
  10. Write DACL (WD) permissions
  11. Write Owner (WO) permissions
  12. Extended Rights (CR) permissions
  13. Validated Write (SW) permissions

Gold Finger can be used to view Active Directory permissions easily and in fact can be used to view the ACL of any object in any Active Directory domain partition, as well as objects in the Schema partition and the Configuration partitions.

For instance, Gold Finger can be used to view the ACL of the root of the Configuration partition, or any Class-Schema or Attribute-Schema object in the Schema partition or any object in any domain partition, such as the System container, the AdminSDHolder object, the Users container, or any OU, user account, computer account, security group, service connection point etc. of your choice.

This information can be used to assess delegated rights in Active Directory, verify provisioned access in Active Directory, as well as help when you are trying to audit delegated access in Active Directory.

In this manner, Gold Finger can help you perform detailed Active Directory Security Analysis, and as well as easily sort and export the ACL of any Active Directory object in your environment.

For more information, and to download a free 21-day trial, please visit - http://www.paramountdefenses.com/goldfinger_capabilities_acl_viewer_and_exporter_for_active_directory.html

No comments:

Post a Comment