Active Directory Permissions Auditing and Reporting

STEALTHbits’ AD Permissions Auditing and Reporting provides complete visibility into Active Directory permissions at every level, enabling you to report on users, computers, groups, and organizational units.

 
Audit and report on Active Directory object permissions.

Active Directory Permissions

Collect, analyze and report on permissions data to identify security risks involving OUs, groups, users, and computers.

Audit and report on Active Directory group membership.

AD Group Membership

Audit AD to determine group memberships and access they can grant to sensitive areas of your directory.

Audit Active Directory to govern who can make changes to administrative accounts.

Effective Access to Change Objects

Identify who has effective access to make changes to administrative groups in Active Directory.

Audit Active Directory broken inheritance on AD objects.

Inheritance on AD Objects

Uncover broken inheritance on AD objects to reduce complexity and aid in the remediation of toxic conditions.

For the AD optimization strategy, we prioritized the big-ticket items: trust and configurations between domains, accounts with elevated permissions, and computer objects and group configurations...

Active Directory Organizational Unit Permissions Report

Identify the objects in Active Directory that have access to organizational units (OU). Drill-down into permission types to uncover security risks like the Everyone group having the ability to create and delete users and groups within a domain.

Active Directory organizational unit permissions report provides an overview of users and groups that have access to OUs in Active Directory.

Active Directory Group Permissions Report

Using this report, you can see each group’s permissions types and how those permissions were granted. You can also determine which groups have direct permissions versus those with effective access through nested groups.

Active Directory group permissions report highlights the access groups have been granted in Active Directory by permission type and domain.

Active Directory User Permissions Report

With the user permissions Active Directory report, you can find conditions like the Everyone group having delete and delete subtree permissions in the domain. You can also see user permission types as well as user permissions across domains.

The AD Password Reset Permissions Report highlights instances where Reset Password permissions are applied to Active Directory user objects.