PKI Blog

Determining Access in a Microsoft Network

Posted by CSS Technical Team on Apr 28, 2011 10:26:09 AM

Determining a comprehensive view of access rights in a Microsoft network can be a difficult task – as anyone that has undergone a recent audit can attest. The collection and organization of security data into detailed reports can take significant time and effort. There are multiple reasons that the process of gathering the data is difficult and time consuming, but the common factor is that security information is dispersed throughout multiple security stores.

In a Windows environment, security store information is dispersed in the following methods:

  • Security principals (users and groups) are dispersed across Active Directory and member server security databases (SAM)
  • Groups can be deeply nested (e.g. group A is in group B is in group C is in ....)
  • Group membership can span security databases (e.g. domain\domain admins is in server\Administrators)
  • A Windows domain can trust other Windows domains and external Kerberos realms
  • Access Control Lists (ACLs) exist on an object being secured
Read More

Topics: Microsoft Active Directory AD, Microsoft Security Partner, Security Audit, Auditors, Audit tool, Group Membership, Windows security, Distributed Authorization Reporting Tool, Group Nesting, Regulatory Compliance, Audit, Blog, DART, ACE, ACL, Security Tool

Posts by Topic

see all

Want to Learn more about CSS?