Active Directory Security and Active Directory Delegation play a mission-critical role in global security and present an open challenge. A good Active Directory Audit Tool / Active Directory Reporting Tool / Active Directory Auditing Tool / Permissions Analyzer for Active Directory can help Audit Active Directory, generate Active Directory Reports and mitigate Active Directory Risks such as Active Directory Privilege Escalation, and find out who can reset your windows password.
Friday, June 11, 2010
How to determine the Resultant Set of Permissions in Active Directory
Delegating administration and provisioning access in Active Directory both basically involve setting up the right permissions for the right users and groups in the access control lists of Active Directory objects. In other words, Active Directory's security model is involved in delegating administration and provisioning access.
It so turns out that unlike the file system security model, the Active Directory security model is rather complicated because it involves many more permissions, (and I think) too many special permissions, potentially deep and arcane group nestings, inheritance of permissions and a whole range of factors which make it very difficult to really figure out what access someone may have in the Active Directory.
In this blog, I will make an attempt to try and unpeel some of these layers so we can all figure out exactly what all we needs to be takes into account to actually determine the resultant set of permissions in Active Directory.