Monday, October 20, 2014

AD ACL Scanner

  • A tool completly written in PowerShell.
  • A tool with GUI used to create reports of access control lists in Active Directory .

  • https://adaclscan.codeplex.com/



    Features

    It has the following features:
    • View HTML reports of ACLs and save it to disk.
    • Export ACLs on Active Directory objects in a CSV format.
    • Connect and browse you default domain, schema , configuration or a naming context defined by distinguishedname.
    • Browse naming context by clicking you way around, either by OU�s or all types of objects.
    • Report only explicitly assigned ACLs.
    • Report on OUs , OUs and Container Objects or all object types.
    • Filter ACLs for a specific access type.. Where does �Deny� permission exists?
    • Filter ACLs for a specific identity. Where does "Domain\Client Admins" have explicit access? Or use wildcards like "jdoe".
    • Filter ACLs for permission on specific object. Where are permissions set on computer objects?
    • Skip default permissions (defaultSecurityDescriptor) in report. Makes it easier to find custom permissions.
    • Report owner of object.
    • Compare previous results with the current configuration and see the differences by color scheme (Green=matching permissions, Yellow= new permissions, Red= missing permissions).
    • Report when permissions were modified
    • Can use AD replication metadata when comparing.
    • Can convert a previously created CSV file to a HTML report.
    • Effective rights, select a security principal and match it agains the permissions in AD.
    • Color coded permissions based on criticality when using effective rights scan.
    • List you domains and select one from the list.
    • Get the size of the security descriptor (bytes).
    • Rerporting on disabled inheritance .
    • Get all inherited permissions in report.

    System requirements

    • Powershell 2.0 or above
    • PowerShell using a single-threaded apartment
    Last edited Oct 12 at 9:16 PM by robing, version 13

    No comments:

    Post a Comment