STEALTHbits Logo SB Small Logo

StealthAUDIT® for Active Directory

Simplify Active Directory management and security

Watch Video

 

Request a Free Trial

Powered by ChronoForms - ChronoEngine.com

Hess Coporation Logo
Charles Schwab Logo
Florida's Natural Logo

Everything you need to know about Active Directory

With complete insight into every layer of AD, StealthAUDIT for Active Directory acts as a single solution to understand the conditions that expose your organization to unnecessary security, compliance, and operational risk.

Active Directory auditing of AD objects and their attributes, AD group memberships, AD group policy objects (GPOs), AD domains, AD security configurations, sites, and trusts.

Auditing

Collect information on anything residing in AD, from objects and their attributes to Group Policy Objects (GPOs), configurations, group memberships, domains, sites, trusts, and more.

Active Directory reporting and Active Directory analysis of Active Directory objects and conditions.

Reporting

Leverage dozens of preconfigured reports or create completely custom reports in seconds using StealthAUDIT’s powerful analysis and reporting engines.

Active Directory group governance that assigns Active Directory group owners and enables Active Directory group membership reviews as well as Active Directory self service group management.

Governance

Calculate and assign group ownership, perform automated membership reviews, and enable self-service group management and membership requests.

Active Directory permissions analyzer determines effective permissions applied to Active Directory objects so organizations know which Active Directory users and groups have privileged access to critical objects in AD.

Permissions Analysis

Collect, inventory, and analyze every permission to every object to understand exactly who has privileged access in Active Directory.

Active Directory security best practices automatically check Active Directory security configurations to find and fix your top Active Directory and Windows Operating System security risks.

Security Configuration

Preconfigured and customizable security best practices checks proactively identify critical security configurations that leave Active Directory vulnerable to attack.

Active Directory clean up of stale and duplicate objects to increase Active Directory security and to improve Active Directory management and operations.

Clean-up

Pinpoint stale, duplicate, and toxic objects and programmatically clean them up using integrated actions to increase security and reduce complexity.

Active Directory automated checks that find and fix your top Active Directory and Windows Operating System security risks.

Compliance

Preconfigured and customizable report tags aligning to various compliance standards such as HIPAA, PCI-DSS, GDPR, and SOX automate the production of compliance artifacts.

Active Directory agent-less based architecture offers agentless data collection, analyzes information fast, and maintains a lightweight footprint.

Agentless Architecture

With no agents to install, StealthAUDIT installs in minutes, collects at lightning-fast speed, and always maintains a lightweight footprint.

Why customers choose STEALTHbits

I’m convinced the STEALTHbits products are something that we can get a lot of benefit out of… I haven’t found a situation that StealthAUDIT for Active Directory can’t handle.”

- Major U.S. Public School System

Powered by the StealthAUDIT Platform.

StealthAUDIT Platform Categories

Download instant free trial. Deploy where you need it.

Free Trial to protect your unstructured data on-premises with StealthAUDIT.

On-Premises

Download and evaluate in your own environment
Free Trial for data governance using the virtual lab with StealthAUDIT.

Virtual Lab

Connect through STEALTHbits.com for a fully functional virtual lab
Free Trial to secure Active Directory and File Shares with StealthAUDIT.

Cloud

Evaluate against or from your Azure Cloud Infrastructure

StealthAUDIT® for Active Directory Reports

  • Active Directory summary report provides an overview of audited domains and the objects they contain with a statistical analysis of Active Directory users, Active Directory groups, and Active Directory computers.
  • Active Directory group policy object overview report audits group policy configurations on user settings configured and computer settings configures so organizations can see group policy changes like new or deleted GPOs and GPO link changes.
  • Active Directory probable group owners report identifies the probable manager or department of an Active Directory group based on effective AD member attributes.
  • Active Directory potential plaintext passwords report highlights domain controllers where plaintext passwords are set by Group Policy Objects and vulnerable to attackers who can target the GPOs to obtain and decrypt these passwords without elevated rights. If they target Group Policy Preferences controlling Local Administrator passwords across systems, attackers can gain far-reaching privileged access.
  • Active directory stale user accounts report identifies stale user accounts that have not logged into the domain for 60 days or are disabled or expired.
  • Active Directory reset password report shows where reset password permissions are applied to active directory user objects.
  • Active Directory sensitive security group report shows the effective membership of Domain, Enterprise, and Schema Administrator groups which are targeted by attackers or internal bad actors because they have the highest levels of privilege within Active Directory.

  • Active Directory Summary

    This report provides a summary of all audited domains and objects.

    Enlarge Screenshot

  • Group Policy Object Overview

    This report lists all Group Policies and their settings.

    Enlarge Screenshot

  • Probable Owners

    This report identifies the most probable manager or department, based on effective member attributes.

    Enlarge Screenshot

  • Potential Plaintext Passwords

    This report shows where plaintext passwords are stored in Group Policy Preferences.

    Enlarge Screenshot

  • Stale User Accounts

    This report identifies user accounts which have not logged into the domain for an extended period of time or are currently disabled. A user account is considered stale if the last logon is over 60 days ago, is currently disabled, or expired.

    Enlarge Screenshot

  • Reset Password

    This report highlights instances where "Reset Password" permissions are applied to Active Directory user objects. The information is summarized at the domain and enterprise levels.

    Enlarge Screenshot

  • Sensitive Security Group Membership

    This report displays effective membership for sensitive security groups.

    Enlarge Screenshot

Resources

Active Directory Optimization

Buyer's Guide

Learn More

StealthAUDIT for Active Directory

Data Sheet

Learn More

StealthAUDIT Action Module Framework

Solution Brief

Learn More

A Look into Active Directory Data across Organizations

White Paper

Learn More

View Resource Library
Free Risk Assessment

Free Risk Assessment

Free Trial Request

Request a Trial

STEALTHbits Demo Request

Request a Demo

Browse Resource Library

Browse the Resource Library