Active Directory-Reports dot com

Helpful Active Directory Reports Coverage for Security Audit & Regulatory Compliance

Brought to you by former Microsoft Program Manager for Active Directory Security
Home
Account Reports
Group Reports
Computer Reports
Exchange Reports
Permission Reports
Schema Reports
Trust Reports
GPO Reports
SCP Reports
OU Reports
Reporting Options
Reporting Tools

Active Directory Group Policy (GPO) Reports

Group Policies play a very important role in the protection and management of all vital IT resources stored in Active Directory. The need to have insight into their state and security is thus also vital to organizational security, and Group Policy Reports provide organizations this important insight.

Active Directory Group Policy (GPO) Management Reports

ACTIVE DIRECTORY GROUP POLICY (GPO) REPORTS


The following is a list of the Top-10 Active Directory Group Policy Reports that are vital for security and often required for security auditing and to demonstrate regulatory compliance –


I. Security State Reports –

   The following GPO reports provide vital insight into the security state of group policies –

  1. All vital group policy objects
  2. All group policy objects linked to the domain root
  3. All group policy objects linked to important OUs
  4. All enabled group policy objects
  5. All recently commissioned group policy objects (i.e. created in the last few days)


II. Delegated Administrative Access Reports –

   The following GPO reports provide absolutely critical insight into who all can modify* the state of
   these user group policies, i.e. who all have sufficient privilege to modify the state of these GPOs –

* SECURITY NOTE – It is very important to understand that where all a user/group has specific permissions in Active Directory is NOT the same as who is delegated what administrative access in Active Directory. In order to correctly determine who is delegated what access, one needs to determine resultant access in Active Directory. Also, depending on the specific report, it may not be sufficient to determine resultant access on just one object.

  1. Who can create group policies, and where?
  2. Who can delete group policies, and which ones?
  3. Who can change the list of GPOs linked to organizational units, and of which ones?
  4. Who can disable GPOs linked to organizational units, and of which ones?
  5. Who can change the precedence of GPOs linked to organizational units, and of which ones?

   These delegated administrative access reports are absolutely mission-critical to security because
   they reveal exactly who has the ability to change the security state of these group policies.



How to Generate these Group Reports:

   Organizations generally have two predominant reporting options to fulfill their AD reporting needs,
   and most prefer to use reporting tools, especially to fulfill their delegated access reporting needs.

   The Microsoft-endorsed Gold Finger Active Directory reporting tool can also generate these reports.
Gold Finger - Microsoft-endorsed, Active Directory Resultant Access/Security Auditing/Reporting Tool
Copyright ActiveDir-Reports.Com 2010. All Rights Reserved
Active Directory Security Community Active Directory Reporting Tools Active Directory Security Reference Identity, Security & Access Blog