Active Directory Security and Active Directory Delegation play a mission-critical role in global security and present an open challenge. A good Active Directory Audit Tool / Active Directory Reporting Tool / Active Directory Auditing Tool / Permissions Analyzer for Active Directory can help Audit Active Directory, generate Active Directory Reports and mitigate Active Directory Risks such as Active Directory Privilege Escalation, and find out who can reset your windows password. Today, even the US Department of Homeland Security runs on Active Directory.Today, tools like the Active Directory Effective Permissions Tab and Active Directory Permissions Analyzer can be used to perform Active Directory Permissions Analysis, prevent Token Bloat, Dump Active Directory ACLs, perform an Active Directory Audit and an Active Directory Access Audit.
Wednesday, May 12, 2010
While Active Directory has a simple securty model that uses basic simple permissions for controlling most administrative tasks, certain tasks require additional checking for security reasons.
For this reason, there exist special purpose rights in Active Directory, referred to as Extended Rights that allow IT administrators to easily control and delegate the ability to perform these special operations.
There are over 60 extended rights and their knowledge is useful and critical to maintaining security and delegating control in a secure manner. In this blog we will look at these extended rights and try to demystify them for you.