Active Directory Security dot com Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory Brought to you by former Microsoft Program Manager for Active Directory Security

	REFERENCE GUIDANCE REPORTING Reference | Top-20 D | Risks | FAQ Delegate | Verify | Assess | Audit | Report | Comply Reports |  Free Tools

| Delegating Account Mgmt | Delegating Group Mgmt | Delegating OU Mgmt | Delegating SCP Mgmt |

Delegating Account Management in Active Directory ADMINISTRATIVE TASK . HOW TO DELEGATE THE TASK . SECURITY IMPLICATIONS OF TASK (when performed with malicious intent) 1. Create a user account Grant Create Child permissions on the parent object to create User objects Engage in malicious activity that cannot be traced back to real user. 2. Delete a user account Grant Standard Delete permissions on the user object or Delete Child on the parent object Disrupt user's access and require IT to completely reprovision access for user. 3. Reset a user account's     password Grant Reset Password extended right on the user object Logon as user and access every IT asset to which user has access. 4. Disable a user account Grant Write Property permissions on the user object to modify the User-Account-Control attribute Prevent a user from logging on and engaging in computing activities. 5. Unlock a user account Grant Write Property permissions on the user object to modify the Lockout-Time attribute Thwart account lockout when trying to guess or brute-force user's password.

	What if you could find out who is delegated what account management tasks in Active Directory? You can, with the Gold Finger Active Directory Reporting Tool           Download your Free copy

<	About	Copyright ActiveDirSec.Com 2008 – 2010. All Rights Reserved	Disclaimer	>