Since the previous AD administrator left without providing any sort of documentation or details on how the AD was organized, you’re on your own to find out some answers.
From all the users in AD, you wonder how many user accounts:
- Are disabled
- Whose password never expires
- Do not require passwords to logon
- Can logon to just about any workstations
One key task given by your immediate supervisor is for you to find out all the user accounts which do not require passwords to login. This task is considered important to accomplish because there have been cases whereby these user accounts were being misused to gain access to company information.
Your supervisor instructed that as a general rule of thumb, all future user accounts must be created with a password that expires every 2 months.
But now, you need a way to easily list all those whose user accounts do not require passwords to login.
GoldFinger can be deployed within 2 minutes to gain immediate access to real-time AD analysis via its accurate reporting capabilities. Various IT personnel such as AD admins, IT auditors, IT managers, and Compliance auditors can benefit much from this tool.
What I’m really impressed with is GoldFinger’s ability to generate up to 225 security reports. These are some of the common ones:
Account Management Reports
- List of all enabled domain user accounts
- List of all domain user accounts created in the last few days
- List of all domain user accounts that do not require passwords to logon
Exchange Management Reports
- List of all mail-enabled accounts
- List of all mailbox-enabled accounts created in the last few days
- List of all mailbox-enabled accounts for which proxy addresses are specified
Security Group Management Reports
- List of all security groups
- List of all security groups that have members
- List of all security groups for which a manager is specified
Contact Management Reports
- List of all contacts changed in the last few days
- List of all contacts for which an office is specified
- List of all contacts for which direct reports have not been specified
Computer Management Reports
- List of all domain controllers in a domain
- List of all domain computer accounts that are trusted for delegation
- List of all domain computer accounts for which Kerberos name mappings are specified
Group Policy (GPO) Management Reports
- List of all group policy objects
- List of all disabled group policy objects
- List of all group policy objects changed in the last few days
Container Management Reports
- List of all containers
- List of all containers changed in the last few days
- List of all containers for which a description is not specified
Service Connection Point Management Reports
- List of all service connection points
- List of all service connection points changed in the last few days
- List of all service connection points for which DNS service names are specified
Organizational Unit Management Reports
- List of all organizational units
- List of all organizational units changed in the last few days
- List of all organizational units to which GPOs are not explicitly linked
Active Directory ACL Management Reports
- List of all AD objects on which a security principal has permissions
- List of all AD objects on which a security principal has list child permissions
- List of all AD objects on which a security principal has read permissions permissions
The above are just a few reports out of the over 200 security reports which can be generated by GoldFinger.
To find out more about how GoldFinger Free Edition can assist you in your AD management and auditing purposes, check out GoldFinger today.