StealthAUDIT Active Directory Permissions Analyzer

Know who has permissions to every ad object

As the primary authentication and authorization service for the majority of IT systems, the importance of understanding Active Directory (AD) permissions is critical to organizations. Discovering, managing, auditing, and reporting on Active Directory permissions leveraging native capabilities is difficult and often requires complex knowledge of scripting software like PowerShell.

Request a Free Trial

Powered by ChronoForms - ChronoEngine.com

The Power of the StealthAUDIT Active Directory Permissions Analyzer

StealthAUDIT Active Directory Permissions Analyzer enables organizations to easily and automatically determine effective permissions applied to any and all Active Directory objects. AD, Security, and Network Administrators can easily browse and compare information from individual or multiple domains using comprehensive, preconfigured analyses and reports focused on permissions associated with AD domains, organizational units, groups, users, and computers. These capabilities enable them to obtain the most authoritative view of who has access to what in AD.

Comprehensive Active Directory Permissions Reporting

Browse our Active Directory Permissions reports and see how deep visibility into object-level permissions can illuminate vulnerabilities attackers exploit to compromise credentials.

Reset Password

Highlight instances where "Reset Password" permissions are applied to Active Directory user objects. This information is summarized at the domain and enterprise levels.

Active Directory Cleanup - Reset Password

User Permissions

Pinpoint instances where permissions are applied to Active Directory user objects. This information helps organizations understand the level of permissions granted like read, write, and delete.

Active Directory Permissions Analyzer - User Permissions

Group Membership

Understand which trustees can change the membership of Active Directory group objects, either by writing the member attribute or via the "Add/Remove self as member" permission.

Active Directory Permissions Analyzer - Group Membership

Group Permissions

Shed light on instances where permissions are applied to Active Directory group objects. This information is critical to understanding who can perform particular operations against AD groups.

Active Directory Permissions Analyzer - Group Permissions

OU Permissions

Quickly analyze and report on where permissions are applied to Active Directory organizational units. This information is summarized at the domain and enterprise levels.

Active Directory Permissions Analyzer - OU Permissions

Computer Permissions

Uncover instances where permissions are applied to Active Directory computer objects. Information regarding computer permissions can help avoid growing breach scenarios.

Active Directory Permissions Analyzer - Computer Permissions

Open Access By Domain

Rapidly assess instances of open access on AD objects, and summarize open access by domain. Common instances of open access include the use of well-known security principals like Domain Users, Authenticated Users, and Everyone.

Active Directory Permissions Analyzer - Open Access By Domain

Broken Inheritance By Domain

Gain immediate insight into instances of broken inheritance on Active Directory objects. This information can be segmented by domain and show where the inheritance has been broken, regardless of its location in the permissions tree.

Active Directory Permissions Analyzer - Broken Inheritance By Domain

AdminSDHolder Permissions

Quickly determine what permissions exist on the AdminSDHolder container within Active Directory. If compromised, the AdminSDHolder container can be used by an attacker to achieve persistence in an environment. This information is summarized at the domain and enterprise levels.

Active Directory Permissions Analyzer - AdminSDHolder Permissions

Domain Replication Permissions

Identify and track which accounts are capable of replicating Active Directory information. The ability to replicate the domain, for example, can be used as an attack path via techniques like DCShadow and DCSync to more easily compromise an Active Directory environment. This information is summarized at the domain and enterprise levels.

Active Directory Permissions Analyzer - Domain Replication Permissions

Start Auditing Active Directory Permissions

Resources

StealthAUDIT Permissions Analyzer

Data Sheet

Learn More

Active Directory Optimization

Buyer's Guide

Learn More

A Look into Active Directory Data across Organizations

White Paper

Learn More

Free Risk Assessment
Free Trial Request
STEALTHbits Demo Request
Browse Resource Library