Gold Finger Mini

User's Guide

2. Getting Started

Getting started with Gold Finger Mini takes just a few minutes and involves three simple steps -

1. Download and install Gold Finger Mini

   Navigate to your custom license download URL, locate the Gold Finger Mini download link and click on it to download the Gold-Finger-Mini.zip package onto the computer on which you wish to install the application.

   Next, unzip the package, verify the digital signature on the unzipped Gold-Finger-Mini.msi installer file, then double-click it to launch the installer. The installer will ask a few questions and then proceed to install Gold Finger Mini.




2. Download and install your Gold Finger Mini License

   Navigate to your custom license download URL, locate the Gold Finger Mini License download link and click on it to download the Gold_Finger_License.zip package onto the computer on which you wish to install the application.

   Next, unzip the downloaded package, and locate the GFLic.dll file within the unzipped Gold_Finger_License folder. Verify the digital signature on the GFLic.dll file, and then copy it into the Gold Finger Mini installation directory.

   Note - In a default install, the Gold Finger Mini installation directory is C:\Program Files (x86)\Paramount Defenses\Gold Finger Mini.

   
   

3. Launch Gold Finger Mini

   Click the Start menu, locate the Paramount Defenses folder, then locate the Gold Finger Mini application link and click on it. Please give it a few moments as Gold Finger Mini performs a few basic security checks before it opens.

3. Exploring the User Interface

Gold Finger Mini's sheer simplicity is reflected in its minimalist user interface, comprised of the following elements -

4. Making Basic Level Determinations

To make basic-level privileged access determinations with Gold Finger Mini, begin by selecting Basic level (default) in the Level application menu, then simply enact the following two steps -

1. Select a report

   In the Reports pane, select one of the following basic privileged access reports -

   1. Who can reset my Active Directory account's password?

   2. Who can reset an executive's Active Directory account's password?

   3. Who can reset an Active Directory privileged account's password?

   4. Who can change the Domain Admins security group's membership?

   5. Who can change security permissions on the AdminSDHolder object?

   6. Who can create an Active Directory account in the Users container?

   7. Who can link a group policy (GPO) to the Domain Controllers OU?

   8. Who can enable a disabled Active Directory account?




2. Specify a target, then click the Gold Finger button

   Next, only for reports 2, 3 and 8, click the Search Utility button to access the search utility. In it, enter the value for the displayed field, and click the Find button. Then, locate the target in the displayed list, select it, and click OK.

   Click the Gold Finger (Run) button, and the tool will proceed to make the determination.

5. Making Advanced Level Determinations

To make advanced-level privileged access determinations with Gold Finger Mini, begin by selecting Advanced level in the Level application menu, then simply enact the following two steps -

1. Select a report

   In the Reports pane, select one of the following advanced privileged access reports -

   1. Who can replicate secrets (i.e. password hashes) from the domain?

   2. Who can reset an Active Directory domain user account's password?

   3. Who can disable use of Smartcards on an Active Directory account?

   4. Who can change an Active Directory security group's membership?

   5. Who can change security permissions on an Active Directory OU?

   6. Who can change an Active Directory computer account's SPNs?

   7. Who can link a group policy (GPO) to an Active Directory OU?

   8. Who can create an Active Directory user account in an OU?




2. Specify a target, then click the Gold Finger button

   Next, for reports 2 through 8, click the Search Utility button to access the search utility. In it, enter the value for the displayed field, and click the Find button. Then, locate the target in the displayed list, select it, and click OK.

   Click the Gold Finger (Run) button, and the tool will proceed to make the determination.

6. Viewing Results

Upon the successful completion of a report, Gold Finger Mini displays the results in the Results pane.

The results are comprised of the identities of all individuals (/accounts) that have been found to possess sufficient effective access so as to be able to enact the selected privileged/administrative task on the specified target.

7. Executing Tasks

As indicated above, upon the successful completion of a report, Gold Finger Mini displays results in the Results pane.

In addition to displaying results, if the account of the user generating the report is also found to have sufficient effective access so as to be able to enact the selected task on the specified target, an Execute Task button is also displayed for the following five administrative tasks listed below -

1. Reset the password of a specific Active Directory account

2. Create a user account in the Users container

3. Add one's account to the Domain Admins security group

4. Enable a disabled Active Directory domain user account

5. Disable the use of Smartcards on a Smartcard-enabled account

Clicking the Execute Task button will allow the user to enact the selected task on the specified target.