Active Directory Security Reports
DSRAZOR for Windows
The Windows Active Directory Security Reports provided by DSRAZOR for Windows gives you the ability to comprehensively audit and document your vital Active Directory Security settings. When you Audit your Active Directory with DSRAZOR for Windows, you can filter on almost any Active Directory attribute or combination of attributes. For instance, you might need to find all accounts that are expired, never logged in or any user attribute.
DSRAZOR for Windows provides many ready-to-run reports to help you Audit and Document your Active Directory user account information.
AD Document Account Security Details
DSRAZOR for Windows searches for Active Directory user accounts within a specific Active Directory container branch or DNS Domain Root that) and reports the following security information:
- Enabled/disabled status (true/false)
- Dial-in permission (true/false)
- Password age
- Date/time of last login
- Member of Domain Administrators group (true/false)
- Password Never Expires setting (true/false)
- Account lockout status (true/false)
- Whether the account has Direct Reports (true/false)
- Login time restrictions (true/false)
- Account expiration date
Active Directory Trustees with Admin privileges (users and groups)
DSRAZOR for Windows searches for Active Directory accounts within a specific Active Directory container branch or DNS Domain Root for all accounts that have Administrative privileges over other accounts.
Administrative privileges include Create, Delete, Change and Write permissions.
For each object found with an Administrative privilege you can view the objects controlled.
Optionally you can remove the selected object as an Administrative Trustee.
Active Directory Object Permission Inheritance
DSRAZOR for Windows searches from the selected container or Organizational Unit for all Active Directory objects and documents whether permission inheritance has been specifically removed or not . The report lists the following details for each object found:
- Object's Distinguished Name
- Whether or not inheritance is blocked
- Total number of Access Control Entries (ACEs), along with a count of explicit and inherited permissions
- Owner Name
- Number of allow and deny ACEs
- Object class (user, group, computer, etc.)
AD Trustees with 'Allowed to Authenticate' privilege
DSRAZOR for Windows searches for Active Directory accounts within a specific Active Directory container branch or DNS Domain Root that have the Allowed to Authenticate privilege over other objects.
For each object found with the Allowed to Authenticate privilege you can view the objects
controlled. Optionally you can remove the selected object as a Trustee.
AD Trustees with 'Send As' privilege
DSRAZOR for Windows searches for Active Directory accounts within a specific Active Directory container branch or DNS Domain Root that have the Send As privilege over other objects. For each object found with the Send As privilege you can view the objects controlled.
Optionally you can remove the selected object as a Trustee.
Request a demonstration of DSRAZOR for Windows and Active Directory Security Reports and much more!
