Home > Support > User's Guides > Active Directory Security Auditor User's Guide
Active Directory Security Auditor
User's Guide
Introduction
This User's Guide shows you how to use the Active Directory Security Auditor to generate basic audit security and inventory reports in Active Directory.
It contains nine sections -
1. Pre-requisites
Prior to getting started with the Gold Finger application, please ensure that the following pre-requisites are met -
The computer on which the application will be installed must be running a Windows operating system that is currently supported by Microsoft Corporation. AND it must have network access to the Active Directory forest you wish to analyze.
The computer on which the application will be used must be joined to the Active Directory forest it is to be used in.
The user in whose security context the application will be used, must be logged on to the Windows machine on which the application is installed, using a domain user account belonging to the same Active Directory forest.
Note 1 - For pre-requisites 2 and 3, alternatively, the user using the application can specify and use alternate credentials of a domain account belonging to the same Active Directory forest, specifiable via Basic Options.
Note 2 - The account used to install the application on a computer must have local admin rights on that computer. This is only required to be able to install/update required Microsoft Windows platform redistributable dependency files.
2. Getting Started
Getting started with Gold Finger takes just a few minutes and involves three simple steps -
-
Download and install Gold Finger
Navigate to your custom license download URL, locate the Gold Finger download link and click on it to download the Gold-Finger.zip package onto the computer on which you wish to install the application.
Next, unzip the package, verify the digital signature on the unzipped Gold-Finger.msi installer file and then double-click it to launch the installer. The installer will ask a few basic questions and then proceed to install Gold Finger.
-
Download and install your Gold Finger License
Navigate to your custom license download URL, locate the Gold Finger License download link and click on it to download the Gold_Finger_License.zip package onto the computer on which you wish to install the application.
Next, unzip the downloaded package, and locate the GFLic.dll file within the unzipped Gold_Finger_License folder. Verify the digital signature on the GFLic.dll file, and then copy it into the Gold Finger installation directory.
Note - In a default installation, the Gold Finger installation directory is C:\Program Files (x86)\Paramount Defenses\Gold Finger.
-
Launch Gold Finger
Click the Start menu, locate the Paramount Defenses folder, then locate the Gold Finger application link and click on it. Please give it a few moments whilst Gold Finger performs a few basic security checks before it opens.
Note - Should you wish to use alternate credentials or target a specific domain controller, you can do so via Basic Options.
3. Exploring the User Interface
Gold Finger's sheer simplicity is reflected in its minimalist user interface, comprised of the following elements -
Tool Selector - The tool selector is used to select a specific tool.
Reports Pane - The reports pane lists all the reports available in the selected tool.
Category Selector - The category selector is used to view all reports of a specific category.
Scope Field - The scope field is used to specify the report's scope/target.
Search Utility - The inbuilt search utility is used to locate and specify targets.
Scope Options - The scope options button is used to access and configure scope options.
Run button - The run button, also known as the Gold Finger button, is used to generate a report.
Results Pane - The results of a generated report are displayed in the results pane.
Status Indicator - The status indicator provides an indication of the report's status.
Export and PDF Buttons - The Export and PDF buttons are used to export a report's results and generate PDFs.
4. Generating Audit Reports
To generate basic Active Directory security/inventory audit reports, select the Security Auditor from the Tool Selector, then enact the following three steps -
-
Select a report
In the Reports pane, locate the security audit report you wish to generate, then select it by clicking on it.
Note - You can filter the list of security audit reports by category by using the Category drop-down embedded in the Reports pane.
Also, for all time-interval based reports, a Number of Days dropdown will automatically appear below the Reports pane when such a report is selected, and it can be used to specify a value for the number of days. It will automatically disappear for all other reports. -
Specify a scope
In the Scope field, enter the distinguished name (DN) of the AD domain, OU, container or object you wish to target.
Note - You can use Gold Finger's inbuilt search utility to instantly and easily locate and determine the DN of any Active Directory object.
Note 2 - You can optionally also configure scope options to customize the report's scope and depth, and/or specify a custom LDAP filter.
-
Click a button
Click the Gold Finger (Run) button, and the tool will proceed to generate the selected report(s).
5. Analyzing Results
Upon the successful completion of a report, Gold Finger displays the results of the security audit in the Results pane.
The results are fully-sortable and can also be easily exported as a CSV file or a PDF file as described in the next section.
6. Exporting Results
Gold Finger makes exporting Active Directory security audit reports as easy as touching a button, as described below -
-
Exporting Results
To export the results of a report, simply click the Export button once. When you do so, Gold Finger will generate a CSV file containing the entire data set, and prompt you to specify a location at which to save the file.
-
Generating PDFs
Gold Finger can also generate professional-grade, fully-customizable PDF files with a custom title, header, footer description, organizational logo, page-numbers, password-protection and custom attributes, at a button's touch.
To generate a PDF report, simply click the PDF button once. When you do so, Gold Finger will generate a PDF file based on options specified in PDF Report Options, and prompt you to specify a location at which to save the file.
The PDF reports can contain either a summary of results or the complete set of results, and this can be customized by configuring various options available in PDF Report Options, which can be accessed from the Options menu.
Note - The ability to export results to a CSV file or to generate PDF reports is not available in the free version of Gold Finger.
7. Using Basic Options
Gold Finger offers two options that can be used to target specific domain controllers and/or use alternate credentials, (and a third basic option that impacts the aesthetics of the Run button, traditionally known as the Gold Finger button,) accessible via the Options > Basic Options application menu -
-
Target a specific Domain Controller
Gold Finger can be configured to target a specific domain controller (DC). If this option is checked, Gold Finger will only target the DC specified in the DC Name field. The specified name of a DC must be its NetBIOS name.
Note - The only requirement is that the specified DC must belong to the target domain and it must also be a Global Catalog.
-
Use specific Alternate Credentials
Gold Finger can also be configured to use alternate credentials. If this option is checked, Gold Finger will use the specified alternate credentials. The specified username must be in the form a UPN e.g. administrator@corp.local.
Note - By default, Gold Finger uses the security context of the (logged-on) user account that is currently using Gold Finger.
-
Use contemporary 'Run' Button
This option controls the aesthetics of the Run button. If this option is checked (default), the Run button sports a contemporary look. If it is unchecked, the Run button retains its traditional look i.e. the iconic Gold Finger button.
8. Using Advanced Options
Gold Finger offers three advanced options for the Security Auditor tool, accessible via the Options > Advanced Options application menu -
Use 'Display Names' for user accounts - This option controls whether Gold Finger should retrieve and display the Display Name of domain user accounts in the Name field. If checked, it will display the Display Name instead.
Use Last-Logon-Timestamp attribute in lieu of Last Logon - If checked, in lieu of generating true Last-logon reports which involve retrieving the value of the Last-Logon (non-replicated) attribute from all domain controllers (DCs) in a domain, Gold Finger will only retrieve the value of the Last-Logon-Timestamp (replicated) from a single DC.
The retrieval of the Last-Logon-Timestamp value from a single DC results in substantially faster report generation, althought results may not always be accurate. This option is a good choice when the Number of Days value is large enough (e.g. 30 days) that reliance on the replicated Last-Logon-Timestamp value would be adequately sufficient.
Display time values in absolute time format (yyyy-mm-dd hh:mm) - This option lets you control the format in which time values are displayed. By default, Gold Finger displays all time values in descriptive format (e.g. January 01, 2026, 12:00 pm). If this option is checked, it will display time values in absolute format (yyyy-mm-dd hh:mm), the benefit of which is that you can then also sort the entire results set by any time field.
9. Getting Technical Support
Should you require technical support or assistance, please feel free to contact us.
-- End of User's Guide --
Our Global Customers
Corporate Headquarters
620 Newport Center Drive, Suite 1100
Newport Beach, CA. 92660. USA.
Telephone: 001-949-468-5770
