Buy

Free Active Directory Privileged Access Assessment


We offer a free Active Directory Privileged Access Assessment service to help organizations find out how many users have privileged access in Active Directory.

Active Directory is the foundation of IT and cyber security, and the heart of privileged access at most organizations worldwide,
thus the need to know exactly how many users have privileged access in an organization's Active Directory is paramount.

Active Directory

A Unique Free Service

Our unique Active Directory Privileged Access Assessment service is completely free* and designed to help organizations easily and instantly identify how many users have privileged access in their Active Directory today.


Specifically, it enables organizations to instantly identify exactly how many users can -

  1. Create, manage and delete identities (user accounts) in Active Directory

  2. Create, manage and delete security groups in Active Directory

  3. Create, manage and delete OUs in Active Directory

  4. Replicate secrets from Active Directory

  5. Change access in Active Directory


For a complete list of insights, please see Paramount Active Directory Privileged Access Insights below.


* There is absolutely no charge for the service, and no obligation. For details, see FAQ below.

Paramount Active Directory Privileged Access Insights

This service helps organizations identify exactly -

  • How many users can replicate secrets (password hashes) from Active Directory?
  • How many users can modify the ACL protecting the domain-root and AdminSDHolder objects?
  • How many users can create, manage and delete accounts, security groups and OUs in Active Directory?
  • How many users can modify the ACLs protecting accounts, security groups and OUs in Active Directory?
  • How many users can change the membership of any/all domain security groups in Active Directory?
  • How many users can link a malicious GPO to any/all OUs in Active Directory to unleash ransomware?
  • How many users can reset the passwords of any/all regular and privileged user accounts in Active Directory?
  • How many users can disable the use of Smartcards for interactive logon on user accounts in Active Directory?
  • How many users can change unrestricted/delegated privileged access currently provisioned in Active Directory?
  • How many users can compromise AD integrated apps/services (e.g. Azure Connect) by modifying AD contents?

Powered by Gold Finger

This unique free service is powered by our unique, unrivaled, Microsoft-endorsed Gold Finger tooling
and is remotely performed via online conferencing in collaboration with your organization's IT personnel.

Active Directory Privileged Access Assessor

"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."

Charles Coates, Senior Product Manager      
Identity and Security Business Group

Microsoft Logo

Valuable Benefits


Perform an Active Directory Access Review

Perform an Active Directory Access Review

Assess Privileged Access in Active Directory

Assess Privileged Access in Active Directory

Assess Administrative Delegations in Active Directory

Assess Administrative Delegations in Active Directory

Identify Number of Privileged Users in Active Directory

Identify Number of Privileged Users in Active Directory

Assess Attack Surface in Active Directory

Assess Attack Surface in Active Directory

A Limited Opportunity

A Limited Opportunity

At Paramount Defenses, we care deeply about the foundational cyber security of all organizations worldwide, and are happy to be able to offer this unique and valuable service free of cost to help organizations across the world.

Today, thousands of organizations in over a hundred and seventy countries worldwide operate on Active Directory (AD), and that makes it difficult for us to be able to offer this service to every single organization that may wish to avail of it.

We are thus happy to offer this service to the first one thousand (1000) organizations that request it, from each country, at our discretion, and capacity permitting, we will strive to accommodate all additional requests on a best-efforts basis.

Request Contact

Request a Free Assessment

To request a complimentary Active Directory Privileged Assess Assessment, please use the form below -










Complete domain DNS name is needed to build your custom license.



Frequently Asked Questions


Q 1. Why is the service offered for free?

This service is offered for free to help organizations assess their current exposure to risks arising from the presence of excessive/unauthorized access in Active Directory e.g. Active Directory Privilege Escalation, and to help organizations learn how to correctly assess access in Active Directory.


Q 2. How is the service performed, and how long does it require?

This service is performed remotely via a scheduled online conference service (e.g. WebEx). The service usually requires no more than one hour of scheduled time.


Q 3. How is Paramount Defenses able to make such paramount (privileged access) determinations in such a short span of time?

Paramount Defenses personnel use our unique Microsoft-endorsed Gold Finger software to make these paramount determinations in your Active Directory domain.Gold Finger's fully-automated Active Directory access assessment capabilities can automatically accurately assess access on thousands of objects in minutes.


Q 4. What are the technical requirements for this service?

The only technical requirement is that Gold Finger and a custom license will need to be installed on a computer that has access to your Active Directory domain.To build and deliver your custom Gold Finger license, the domain DNS name of the Active Directory domain you wish to avail of this service in, will be required.


Q 5. Is any administrative/privileged access required for this service?

No administrative/privileged access in Active Directory is required to avail of this service. Anyone with a domain user account should be able to avail of this service. Local (machine-level) administrator access may be required to install Gold Finger and its license on the computer that will be used during the online conference.


Q 6. Will Paramount Defenses personnel have access to our Active Directory?

Paramount Defenses personnel will have no access to your Active Directory, except for visual read access during the performance of the service as the service is performed using remote control assistance in WebEx/Zoom, in collaboration with and under the supervision of your organization.


Q 7. How many times can an organization request this free service?

Most organizations worldwide can request and avail of this complimentary service one time. Paramount Defenses reserves the right to perform this service including the right to refuse to perform the service for security, operational or other reasons. The service is subject to the terms of the Gold Finger EULA.


Q 8. Can we get an idea of how this service works before requesting it?

Yes. You can do so by downloading and using the free version of our Gold Finger Mini tooling. Whilst Gold Finger Mini can assess access on individual objects, this service utilizes Gold Finger's fully-automated domain-wide access assessment capabilities, which can assess access on thousands of objects.


Q 9. Can we have multiple organizational personnel on the online conference call?

Yes. You can invite up to twenty organizational personnel to the online conference call via which the service is delivered, such as your Domain Admins, Enterprise Admins, IT Directors, IT Auditors, Security Compliance Personnel, Cyber Security Managers and/or your Chief Information Security Officer (CISO).


Q 10. I have more questions. Can I speak to someone regarding this service?

Yes. You can call us at (001)-949-468-5770 during normal business hours (U.S. Pacific Time), or have us contact you.

Our Global Customers

  • Australian Government
  • United States Treasury
  • British Government
  • Government of Canada
  • British Petroleum
  • Ernst and Young
  • Saudi Arabian Monetary Agency
  • Juniper Networks
  • U.S. Department of Defense
  • Microsoft Corporation
  • United Nations
  • Quantium
  • Nestle
  • IBM Corporation
  • U.S. Federal Aviation Administration
  • Columbia University

Your Privacy

We use cookies to provide you the best online experience. Please let us know if you accept these cookies.