Buy

Home > Products > Gold Finger > Active Directory ACL Analyzer and Exporter

❮ ❯

Active Directory ACL Analyzer and Exporter

The world's simplest cyber security solution that can effortlessly analyze and export ACLs in Active Directory.

"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."

Charles Coates, Senior Product Manager
Identity and Security Business Group

Overview

Organizations often need to be able to easily view, sort, analyze and export Active Directory access control lists (ACLs).

Active Directory ACL Analyzer and Exporter is a specialized audit tool designed by former Microsoft Program Manager for Active Directory Security to help IT groups and personnel easily, instantly and trustworthily fulfill this need.

It automates the retrieval and display of a complete, detailed, fully-sortable view of the ACL of any Active Directory object, with individually sortable columns for all permission, type and inheritance fields, as well as the export (dump) of all Active Directory ACLs in any Active Directory organziational unit (OU) or domain, at the touch of a button.

Instant Active Directory
ACL Analysis and Export

Every object in Active Directory are protected by the security permissions specified in the access control list (ACL) protecting the object, and organizations often need to analyze these ACLs to manage or audit provisioned access.

Our Active Directory ACL Analyzer and Exporter can easily analyze and export Active Directory access control lists, helping organizations effortlessly analyze the security permissions specified in these ACLs, as well as export these ACLs, as required to fulfill various cyber security and audit driven Active Directory ACL analysis and export needs.

Active Directory
ACL Analysis and Export

Active Directory ACL Analyzer and Exporter can effortlessly export the ACLs of all objects in any Active Directory domain or OU, as well as help perform advanced Active Directory ACL analysis, such as -

List (and/or export) the entire [ ACL | SACL ] of an Active Directory object
List all security [ permissions | principals ] specified in the ACL of an Active Directory object
Export the [ ACLs | SACLs ] of all objects (or a custom set of objects) in an Active Directory tree
Identify all protected ACLs in Active Directory i.e. ACLs of objects in Active Directory who ACL is marked 'Protected'

An advanced Analyze option provides greater clarity in analyzing permissions, and results can be exported to a CSV file.

Active Directory ACL Analyzer and Exporter - Detailed View

Active Directory
Detailed ACL Analysis

Active Directory ACL Analyzer and Exporter features a unique Analyze view that provides a complete, detailed, fully-sortable view of the ACL of any Active Directory object, with individually sortable columns for all permission, type and inheritance fields, making it easy for IT professionals to be able to precisely analyze Active Directory ACLs.

Saliently, the Permissions field of every access control entry (ACE) that exists in an Active Directory access control list (ACL) is segemented into individual columns, one for each unique Active Directory security permission and denoted in SDDL (Security Descriptor Definition Language), making it easy to be able to sort and analyze an Active Directory ACL by a specific Active Directory permission type -

Read Control (RC), List Child (LC), List Object (LO), Write Owner (WO), Write DACL (WD), Standard Delete (SD), Delete Tree (DT), Create Child (CC), Delete Child (DC), Extended Rights (CR), Validated Writes (SW), Read Property (RP) and Write Property (WP)

Similarly, inheritance settings are also segmented into individually sortable columns for easy sorting and analysis.

Features

Complete, Detailed ACL Analysis

Fully sortable and easily analyzable Active Directory ACL views

Fully Sortable by Individual Permissions

Fully-sortable view, with individual permissions in unique columns

Ownership and Permission Count

Easily identify the object's owner, and the number of ACEs in the ACL

One Button Tree-wide Active Directory ACL Export

Instantly export the ACLs of single, multiple or all objects domain-wide

Customizable Active Directory ACL Export

Use LDAP filters to customize scope of ACL exports

Technical Summary

Active Directory ACL Analyzer and Exporter fully automates the on-demand retrieval and export of Active Directory access control lists, both ACLs and SACLs, presenting both a simple and an advanced fully-sortable view, on a per-object basis, OU-wide or domain-wide, as well as based on customizable scopes configurable via LDAP filters.

Benefits

Instantly Analyze Active Directory ACLs

Instantly obtain a complete detailed view of any Active Directory ACL

Instantly Export Active Directory ACLs

Export thousands of Active Directory ACLs at the touch of a button

Real-time Active Directory ACL Analysis

Analyze Active Directory object ACLs before and after a change

Zero Requirements

Analyze/export ACLs without requiring admin rights, agents or services

Peace of Mind

Have peace of mind knowing you're using a trustworthy tool made in USA

Example Reports

The following real-world examples illustrate the Active Directory ACL Analyzer's capabilities -

View the ACL protecting the domain root object in complete detail to identify who has the Get Replication Changes All extended right.
Easily view and analyze the ACL protecting the AdminSDHolder object to enumerate all security principals for whom access specified.
Identify every permission in the ACL on the top-level Corporate OU object that grants a user or a group Create Child permissions.
Enumerate the list of all security permissions in the ACL of the Help Desk Operators object that are Explicit in nature.
Identify all security permissions in the ACL protecting the CEO's domain user account object that Deny access.
Instantly export the security permissions/ACLs of all objects in the root.local Active Directory domain.
Dump/export the Active Directory security permissions/ACLs on all objects whose ACLs are protected.
Instantly export Active Directory security permissions/ACLs protecting all Organizational Units in an Active Directory domain.
Easily export the security permissions/ACLs protecting all Active Directory objects that are owned by the Administrators group.
Obtain a snapshot of all Active Directory security permissions/ACLs protecting the Configuration, Schema and domain partitions.

Requirements and Licensing

Active Directory ACL Analyzer and Exporter can be instantly downloaded, installed and run on any Windows computer. Its use does not require any administrative privileges, any changes to or any knowledge of Active Directory.

The tool is licensed on a subscription model, and can be licensed on a quarterly or annual basis.

"We use the Gold Finger from Paramount Defenses to fulfill our Active Directory Audit needs. It saves us a lot of time and effort and we would recommend it to anyone who needs to perform Active Directory audits trustworthily and cost-effectively. Great product, great support."

Sean Seeliger, Architect