StealthAUDIT Active Directory Permissions Analyzer enables organizations to easily and automatically determine effective permissions applied to any and all Active Directory objects. AD, Security, and Network Administrators can easily browse and compare information from individual or multiple domains using comprehensive, preconfigured analyses and reports focused on permissions associated with AD domains, organizational units, groups, users, and computers. These capabilities enable them to obtain the most authoritative view of who has access to what in AD.
Browse our Active Directory Permissions reports and see how deep visibility into object-level permissions can illuminate vulnerabilities attackers exploit to compromise credentials.
Highlight instances where "Reset Password" permissions are applied to Active Directory user objects. This information is summarized at the domain and enterprise levels.
Pinpoint instances where permissions are applied to Active Directory user objects. This information helps organizations understand the level of permissions granted like read, write, and delete.
Understand which trustees can change the membership of Active Directory group objects, either by writing the member attribute or via the "Add/Remove self as member" permission.
Shed light on instances where permissions are applied to Active Directory group objects. This information is critical to understanding who can perform particular operations against AD groups.
Quickly analyze and report on where permissions are applied to Active Directory organizational units. This information is summarized at the domain and enterprise levels.
Uncover instances where permissions are applied to Active Directory computer objects. Information regarding computer permissions can help avoid growing breach scenarios.
Rapidly assess instances of open access on AD objects, and summarize open access by domain. Common instances of open access include the use of well-known security principals like Domain Users, Authenticated Users, and Everyone.
Gain immediate insight into instances of broken inheritance on Active Directory objects. This information can be segmented by domain and show where the inheritance has been broken, regardless of its location in the permissions tree.
Quickly determine what permissions exist on the AdminSDHolder container within Active Directory. If compromised, the AdminSDHolder container can be used by an attacker to achieve persistence in an environment. This information is summarized at the domain and enterprise levels.
Identify and track which accounts are capable of replicating Active Directory information. The ability to replicate the domain, for example, can be used as an attack path via techniques like DCShadow and DCSync to more easily compromise an Active Directory environment. This information is summarized at the domain and enterprise levels.
