Active Directory Security dot com

Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory

Brought to you by former Microsoft Program Manager for Active Directory Security
REFERENCE GUIDANCE REPORTING
Reference | Top-20 D | Risks | FAQ Delegate | Verify | Assess | Audit | Report | Comply Reports Tools
| Delegating Account Mgmt | Delegating Group Mgmt | Delegating OU Mgmt | Delegating SCP Mgmt |




Delegating Account Management in Active Directory

ADMINISTRATIVE TASK
.
HOW TO DELEGATE THE TASK
.
SECURITY IMPLICATIONS OF TASK
(when performed with malicious intent)
1. Create a user accountGrant Create Child permissions on the parent object to create User objectsEngage in malicious activity that cannot be traced back to real user.
2. Delete a user accountGrant Standard Delete permissions on the user object or Delete Child on the parent objectDisrupt user's access and require IT to completely reprovision access for user.
3. Reset a user account's
    password
Grant Reset Password extended right on the user objectLogon as user and access every IT asset to which user has access.
4. Disable a user accountGrant Write Property permissions on the user object to modify the User-Account-Control attributePrevent a user from logging on and engaging in computing activities.
5. Unlock a user accountGrant Write Property permissions on the user object to modify the Lockout-Time attributeThwart account lockout when trying to guess or brute-force user's password.
Gold Finger - Microsoft-endorsed, Active Directory Resultant Access/Security Auditing/Reporting Tool
About Copyright ActiveDirSec.Com 2008 – 2011. All Rights Reserved Disclaimer
Active Directory Security Active Directory Reports Active Directory Reporting Tools Cyber Security and Global Security
Active Directory Audit Tool Active Directory Reporting Tool Active Directory Reporting Tools Active Directory Effective Permissions