Developing a long-term security plan
Ensuring compliance with your organization's Active Directory implementation of best practices is simplified with DSRAZOR for Windows. Consistent user account creation including mandatory initial random complex password assignment, proper assignments of required group membership, correct specification of department, manager and more put you in charge of your Active Directory access control.
DSRAZOR for Windows including the Zero Privilege module provides auditing of all completed actions so you know who performed each action with full details.
DSRAZOR helps you forge closer relationships between your IT team and other departments. If your IT team retains tight controls such as implementation of various workflow processes that rely on IT team members to be performed, DSRAZOR for Windows Zero Privilege functionality can relieve that burden by allowing the IT team to safely and securely delegate elevated permissions within Active Directory and Windows File Systems without granting native permissions.
For instance, utilizing DSRAZOR's Zero Privilege, the HR team (http://www.visualclick.com/content/dsrazor-hr-enabling-user-account-management.htm
) and/or unit managers can have timely and consistent control of user account creation for their respective teams.
DSRAZOR gives you the power to reduce IT staff workloads, potentially savings can result by reducing or better utilization of full time employees (FTE) while improving IT governance by automatically documenting changes to your Active Directory and File Systems. Additionally, when IT staff turnover occurs, your implementation of DSRAZOR remains the bedrock of consistency.
Additionally, with DSRAZOR for Windows you will receive the following reports:
- Privileged Identity Discovery Reports including all objects with create, delete, write, or any other Active Directory change permissions and objects they control + Ability to remove those permissions
- Privileged Identity Discovery Reports including all objects with create, delete, write, or any other change permissions and File System objects they exert that control over + must include local workstation file systems too and shares
- Local Group accounts members report
- AD accounts last logon report
- Local User accounts last logon report
- AD Password Strength report (i.e. password never expires, when password expires, etc.)
- AD Group Membership Report
- Accounts that are locked, disabled, expired, have never logged in, that never expire
- Accounts unused for X days
- Accounts where last logon failed
- Accounts with Dialin permission
- Active Directory Last Logon Report by DC
- Active Directory Objects with a NULL ACL (no access restrictions)
- Active Directory Objects with GPO(s) defined
- Active Directory objects with the "Send As" privilege
- Active Directory Trustees (users and groups)
- Active Directory Trustees with Admin privileges
- Active Directory Account Security Details Report
- Duplicate Active Directory Object names
- Group Membership
- Groups that are members of Groups
- Objects with Group Policy Objects defined and list any account policies
- Users created in the last 'n' number of days
- Users that are disabled
- Users that never expire
- Users whose last logon failed
- Users who have never logged in
- User accounts that are locked
- User accounts that are expired
- User accounts with password problems where you can define which password problems to report on
- ACL Documentation per File System Object or Share
- Directories/Files with no owner (orphaned SID)
- Directory/File System Objects with a NULL ACL (no access restrictions)
- Directory/File Ownership
- Document Share Permissions
- File System Objects where Permission Inheritance is Blocked
- Find Duplicate File System Object Names
- Find Files unused for past 365 days
- and much more.
When you utilize our Create My Solution service
you will receive further reports to your specifications that will increase your ability to customize and augment your Active Directory and File System best practices. Customization without custom code.
Once reporting is complete, DSRAZOR for Windows will remain an effective tool to further your efforts to maintain a secure Active Directory environment.
Details of additional DSRAZOR functionality: