Privileged Access Audit
Our Microsoft-endorsed Active Directory Privileged Access Audit solutions uniquely empower organizations to accurately audit privileged access in AD.
"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."
Charles Coates, Senior Product Manager
Identity and Security Business Group
Active Directory - The Heart of Privileged Access
From Domain Admins to Delegated Admins, the vast majority of all powerful privileged access resides in Active Directory.
In fact, the entirety of all organizational domain user accounts, computer accounts, passwords, security groups and policies reside within Active Directory, all protected by an ocean of delegated privileged access in Active Directory.
Consequently, in every IT infrastructure powered by Microsoft Windows Server, not only the most powerful privileged access, but in fact the vast majority of all privileged access lies within Active Directory.
Thus, Active Directory is the very heart of privileged access, and not a single organization can be adequately secured without performing a privileged access audit in Active Directory.
Domain Admins -
The Tip of the Iceberg
For most organizations the extent of a "privileged access audit" in Active Directory involves enumerating the members of various default Active Directory privileged groups like Domain Admins.
Now, consider this – What about someone who could change the membership of the Domain Admins group, or reset a Domain Admin's password. Isn't such an individual equally privileged?
Or, consider this – What about someone who could easily obtain privileged access over all domain-joined machines, or reset everyone's passwords, or change the membership of domain security groups that collectively protect all organizational IT assets? Isn't such an individual equally privileged?
In Active Directory deployments worldwide, today there exists an ocean of such privileged access that has been delegated, so Domain Admins are just the tip of the iceberg.
The Iceberg -
in AD
From all Domain Admins to all domain user accounts, and from domain controllers to all domain computer accounts, the entirety of an organization's IT assets are stored in Active Directory.
For their management and security, a vast amount of privileged access is delegated on thousands of objects in Active Directory, and it constitutes the proverbial iceberg of privileged access.
A "Privileged Access Audit" that does not take into account the vast amount of administrative access that is delegated in an organization's Active Directory, cannot be considered complete.
Further, accuracy is paramount and the only correct way to accurately audit privileged access in Active Directory involves accurately determining effective permissions in Active Directory.
Effective Permissions - The Keys to Privileged Access
From AdminSDHolder to Domain Admins, and from the default Administrators account to the CEO's domain user account, literally everything in Active Directory is an AD object.
Every AD object is protected by an access control list (ACL) that specifies who has what security permissions on the object, and it is the net cumulative resulting set of "effective permissions" that determines who actually has what access on the object.
Thus, what provides accurate insight into privileged access is not an audit of Who has what permissions in Active Directory but an audit of Who has what effective permissions in Active Directory.
As a result, to correctly find out who has what privileged access in Active Directory, organizations need to audit effective permissions in Active Directory.
Our Unique Solution
Our unique Microsoft-endorsed Gold Finger Active Directory Privileged Access Audit solution fully automates the accurate determination of effective permissions, both on a per-object basis, and domain-wide.
It uniquely empowers organizations to be able to correctly and completely identify privileged access in Active Directory.
It is the world's only privileged access audit solution that can accurately identify privileged access in Active Directory, covering both, default privileged groups and delegated privileged access.
Here's a quick overview of how our unique Active Directory Audit Tools help organizations audit privileged access in Active Directory –
Active Directory Effective Permissions Calculator
Instantly assess effective permissions on any Active Directory object
Active Directory Effective Access Auditor
Audit privileged access on individual Active Directory objects
Active Directory Privileged Access Assessor
Accurately audit privileged access domain-wide in Active Directory
Gold Finger Mini (Basic)
Gold Finger Mini (Advanced)
Our Global Customers
Your Privacy
We use cookies to provide you the best online experience. Please let us know if you accept these cookies.
