Buy

Home > Products > Gold Finger > Reports

Gold Finger - List of Reports

"We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution (in Gold Finger) that helps enhance security and compliance in Active Directory environments."

Charles Coates, Senior Product Manager      
Identity and Security Business Group

Microsoft Logo

Active Directory Security Expert

List of Reports

The following is a comprehensive list of over 200 Active Directory reports available in the Gold Finger Suite -

    Unique to Gold Finger –

  1. Active Directory Effective Permissions Reports (1)

  2. Active Directory Effective Access Reports (1)

  3. Active Directory Privilege Escalation Reports (3)

  4. Active Directory Privileged Access Reports (100)

    Additional Reports –

  1. Active Directory Permissions Analysis Reports (2)

  2. Active Directory ACL Analysis and Export Reports (4)

  3. Active Directory Group Membership Reports (3)

  4. Active Directory Security/Inventory Reports (100)

Note - Please click on a specific category above to view its list of reports.


The reports in categories 1 to 4 are unique to Gold Finger, in that only Gold Finger can accurately generate them. They are very difficult to accurately generate, and reports 2 to 4 are powered by our patented access assessment technology.

The reports in categories 5 to 8 are exponentially easier to generate, and thus also available in various other tools, and in these categories, Gold Finger offers these reports to provide a professional-grade, trustworthy alternative to other tools.



1. Reports available in Active Directory Effective Permissions Calculator

  1. Who has what effective permissions on an Active Directory object?

Back to Top




2. Reports available in Active Directory Effective Access Auditor

  1. Who has what effective access on an Active Directory object?

Back to Top




3. Reports available in Active Directory Privilege Escalation Path Identifier

  1. Identify all security principals that have a privilege escalation path to an Active Directory object

  2. Identify all privilege escalation paths leading to an Active Directory object

  3. Identify all privilege escalation paths leading to multiple objects in an Active Directory tree

Back to Top




4. Reports available in Active Directory Privileged Access Assessor


    Domain User Account Management Reports -

  1. Who can create user accounts?

  2. Who can delete user accounts?

  3. Who can reset user account passwords?

  4. Who can disable/enable user accounts?

  5. Who can unlock locked user accounts?

  6. Who can change the expiration date of user accounts?

  7. Who can disable/enable smartcard requirement for interactive logon by user accounts?

  8. Who can force users to change their user account passwords at next logon?

  9. Who can prevent users from changing their user account passwords?

  10. Who can change the logon name of user accounts?

  11. Who can change the Pre-Windows 2000 logon name of user accounts?

  12. Who can change the logon hours of user accounts?

  13. Who can change the logon workstations of user accounts?

  14. Who can change the profile path for user accounts?

  15. Who can change the logon script for user accounts?

  16. Who can change alternate security identities associated with user accounts?

  17. Who can change whether or not user accounts are sensitive and cannot be delegated?

  18. Who can change whether or not DES encryption types should be used for user accounts?

  19. Who can change whether or not Kerberos pre-authentication is required for user accounts?

  20. Who can change the first name of user accounts?

  21. Who can change the last name of user accounts?

  22. Who can change the display name of user accounts?

  23. Who can change the organizational title of user accounts?

  24. Who can change the security permissions protecting user accounts?

  25. Who can change the owner of user accounts?


    26. Domain Computer Account Management Reports -

  26. Who can create computer accounts?

  27. Who can delete computer accounts?

  28. Who can reset computer accounts?

  29. Who can disable/enable computer accounts?

  30. Who can change the expiration date of computer accounts?

  31. Who can change the computer name (Pre-Windows 2000) of computer accounts?

  32. Who can change the DNS name of computer accounts?

  33. Who can change the machine role of computer accounts?

  34. Who can change the description of computer accounts?

  35. Who can change the Service Principal Names (SPNs) of computer accounts?

  36. Who can change alternate security identities associated with computer accounts?

  37. Who can change the security permissions protecting computer accounts?

  38. Who can change the owner of computer accounts?


    39. Domain Security Group Management Reports -

  39. Who can create security groups?

  40. Who can delete security groups?

  41. Who can change security group memberships?

  42. Who can add/remove onself to/from the membership of security groups?

  43. Who can change security group scopes?

  44. Who can change security group types?

  45. Who can change the group name (Pre-Windows 2000) of security groups?

  46. Who can change the description of security groups?

  47. Who can change the email-address of security groups?

  48. Who can change the notes annotated for security groups?

  49. Who can change the designated manager of security groups?

  50. Who can change the security permissions protecting security groups?

  51. Who can change the owner of security groups?


    52. Active Directory Domain Password Policy and Account Lockout Policy Management Reports -

  52. Who can change the maximum password age for domain user accounts?

  53. Who can change the minimum password age for domain user accounts?

  54. Who can change the lockout duration for domain user accounts?

  55. Who can change the lockout threshold for domain user accounts?

  56. Who can change the lockout observation window for domain user accounts?


    57. Organizational Unit Management Reports -

  57. Who can create organizational units?

  58. Who can delete organizational units?

  59. Who can disable group policies linked to organizational units?

  60. Who can change the list of group policies linked to organizational units?

  61. Who can change the precedence of group policies linked to organizational units?

  62. Who can generate resultant set of policy (logging-mode) for users/computers?

  63. Who can generate resultant set of policy (planning-mode) for users/computers?

  64. Who can change the description of organizational units?

  65. Who can change the security permissions protecting organizational units?

  66. Who can change the owner of organizational units?


    67. Container Management Reports -

  67. Who can create containers?

  68. Who can delete containers?

  69. Who can change the description of containers?

  70. Who can change the security permissions protecting containers?

  71. Who can change the owner of containers?


    72. Service Connection Point Management Reports -

  72. Who can create service connection points?

  73. Who can delete service connection points?

  74. Who can change the keywords of service connection points?

  75. Who can change the description of service connection points?

  76. Who can change the binding information of service connection points?

  77. Who can change the service DNS name of service connection points?

  78. Who can change the service DNS type of service connection points?

  79. Who can change the vendor of service connection points?

  80. Who can change the version number of service connection points?

  81. Who can change the class name of service connection points?

  82. Who can change the security permissions protecting service connection points?

  83. Who can change the owner of service connection points?


    84. Group Policy Management Reports -

  84. Who can create group policy containers?

  85. Who can delete group policy containers?

  86. Who can change the security permissions protecting group policy containers?

  87. Who can change the owner of group policy containers?


    88. Contact Management Reports -

  88. Who can create contacts?

  89. Who can delete contacts?

  90. Who can change the security permissions protecting contacts?

  91. Who can change the owner of contacts?


    92. Published Printer Management Reports -

  92. Who can create (publish) printers?

  93. Who can delete published printers?

  94. Who can change the description of published printers?

  95. Who can change the share name of published printers?

  96. Who can change the security permissions protecting published printers?

  97. Who can change the owner of published printers?


    98. Domain Root and Domain Security Management Reports -

  98. Who can change the security permissions protecting the domain root?

  99. Who can change the owner of the domain root?

  100. Who can replicate secrets (i.e. password hashes) from the domain?

Back to Top


                                          ––––––––––




5. Reports available in Active Directory Permissions Analyzer

  1. Who has what permissions on an Active Directory object?

  2. Who has what permissions in an Active Directory tree?

Back to Top




6. Reports available in Active Directory ACL Analyzer and Exporter

  1. View the ACL of an Active Directory object

  2. View the SACL (System ACL) of an Active Directory object

  3. Export ACLs of all objects in an Active Directory tree

  4. Export SACLs (System ACLs) of all objects in an Active Directory tree

Back to Top




7. Reports available in Active Directory Membership Auditor

  1. View the direct membership of an Active Directory security group

  2. View the complete nested membership of an Active Directory security group

  3. View the complete list of all Active Directory security groups to which a user belongs

Back to Top




8. Reports available in Active Directory Security Auditor


    Domain User Account Management Reports -

  1. List of all domain user accounts

  2. List of all enabled domain user accounts

  3. List of all disabled domain user accounts

  4. List of all locked domain user accounts

  5. List of all unlocked domain user accounts

  6. List of all administrative domain user accounts

  7. List of all domain user accounts that have logged on in the last [ X ] days

  8. List of all domain user accounts that have not logged on in the last [ X ] days

  9. List of all domain user accounts that have never logged on

  10. List of all domain user accounts that have logged on at least once

  11. List of all domain user accounts that have failed a logon attempt in the last [ X ] days

  12. List of all domain user accounts created in the last [ X ] days

  13. List of all domain user accounts changed in the last [ X ] days

  14. List of all domain user accounts deleted in the last [ X ] days

  15. List of all domain user accounts that have an expiration date

  16. List of all domain user accounts that do not have an expiration date

  17. List of all domain user accounts that expired in the last [ X ] days

  18. List of all domain user accounts that will expire in the next [ X ] days

  19. List of all domain user accounts that require passwords to logon

  20. List of all domain user accounts that do not require passwords to logon

  21. List of all domain user accounts whose passwords never expire

  22. List of all domain user accounts whose passwords must be changed at next logon

  23. List of all domain user accounts whose passwords have changed in the last [ X ] days

  24. List of all domain user accounts whose passwords have not changed in the last [ X ] days

  25. List of all domain user accounts whose passwords are stored using reversible encryption

  26. List of all domain user accounts that require Smart cards for login

  27. List of all domain user accounts that are marked 'sensitive and cannot be delegated'

  28. List of all domain user accounts that are not marked 'sensitive and cannot be delegated'

  29. List of all domain user accounts that can logon to any workstation

  30. List of all domain user accounts that can only logon to specific workstations

  31. List of all domain user accounts for which specific logon hours have not been specified

  32. List of all domain user accounts for which specific logon hours have been specified

  33. List of all domain user accounts that can logon anytime

  34. List of all domain user accounts for which a logon script is specified

  35. List of all domain user accounts for which no logon script is specified

  36. List of all domain user accounts for which no description is specified


    37. Domain Security Group Management Reports -

  37. List of all security groups

  38. List of all builtin security groups

  39. List of all domain local security groups

  40. List of all global security groups

  41. List of all universal security groups

  42. List of all administrative security groups

  43. List of all security groups created in the last [ X ] days

  44. List of all security groups changed in the last [ X ] days

  45. List of all security groups deleted in the last [ X ] days

  46. List of all security groups that cannot be deleted

  47. List of all security groups that have members

  48. List of all security groups for which no manager is designated

  49. List of all security groups for which no description is specified


    50. Domain Computer Account Management Reports -

  50. List of all domain computer accounts

  51. List of all enabled domain computer accounts

  52. List of all disabled domain computer accounts

  53. List of all domain computer accounts that have authenticated on in the last [ X ] days

  54. List of all domain computer accounts that have not authenticated on in the last [ X ] days

  55. List of all domain computer accounts that have never authenticated

  56. List of all domain computer accounts that have authenticated at least once

  57. List of all domain computer accounts created in the last [ X ] days

  58. List of all domain computer accounts changed in the last [ X ] days

  59. List of all domain computer accounts deleted in the last [ X ] days

  60. List of all domain controllers

  61. List of all domain computer accounts that are trusted for delegation

  62. List of all domain computer accounts that are trusted for unconstrained delegation

  63. List of all domain computer accounts for which no description is specified

  64. List of all domain computer accounts for which no manager is designated


    65. Organizational Unit Management Reports -

  65. List of all organizational units

  66. List of all organizational units created in the last [ X ] days

  67. List of all organizational units changed in the last [ X ] days

  68. List of all organizational units deleted in the last [ X ] days

  69. List of all organizational units for which no manager is designated

  70. List of all organizational units for which no description is specified


    71. Container Management Reports -

  71. List of all containers

  72. List of all containers created in the last [ X ] days

  73. List of all containers changed in the last [ X ] days

  74. List of all containers deleted in the last [ X ] days

  75. List of all containers for which no description is specified


    76. Group Policy Management Reports -

  76. List of all group policy objects

  77. List of all enabled group policy objects

  78. List of all disabled group policy objects

  79. List of all group policy objects whose user settings are disabled

  80. List of all group policy objects whose computer settings are disabled

  81. List of all group policy objects whose user and computer settings are disabled

  82. List of all group policy objects created in the last [ X ] days

  83. List of all group policy objects changed in the last [ X ] days

  84. List of all group policy objects deleted in the last [ X ] days


    85. Published Printer Management Reports -

  85. List of all printers published in Active Directory

  86. List of all printers published in Active Directory in the last [ X ] days

  87. List of all printers published in Active Directory which changed in the last [ X ] days

  88. List of all printers published in Active Directory that were deleted in the last [ X ] days


    89. Contact Management Reports -

  89. List of all contacts

  90. List of all contacts created in the last [ X ] days

  91. List of all contacts changed in the last [ X ] days

  92. List of all contacts deleted in the last [ X ] days


    93. Service Connection Point Management Reports -

  93. List of all service connection points

  94. List of all service connection points created in the last [ X ] days

  95. List of all service connection points changed in the last [ X ] days

  96. List of all service connection points deleted in the last [ X ] days

  97. List of all service connection points for which no keywords are specified

  98. List of all service connection points for which no DNS service name is specified

  99. List of all service connection points for which no service bindings are specified


    100. Domain Management Reports -

  100. List of all objects

Back to Top

-- End of Reports --

Our Global Customers

  • Australian Government
  • United States Treasury
  • British Government
  • Government of Canada
  • British Petroleum
  • Ernst and Young
  • Saudi Arabian Monetary Agency
  • Juniper Networks
  • U.S. Department of Defense
  • Microsoft Corporation
  • United Nations
  • Quantium
  • Nestle
  • IBM Corporation
  • U.S. Federal Aviation Administration
  • Columbia University

Corporate Headquarters

620 Newport Center Drive, Suite 1100
Newport Beach, CA. 92660. USA.


Telephone: 001-949-468-5770

Your Privacy

We use cookies to provide you the best online experience. Please let us know if you accept these cookies.