# Computers The `Computers` page provides a list of enumerated computers in entire Active Directory. The list contains the `Operating System`, `Operating System Version`, `IP Address`, `Privilege`, `Admin`,`Shadow`, `Session Count`, `Risk Score` , `Exposure Point` and `Issue Counts` of each computer object.

Computers

## Computer Details Details page contains the `Risk Score` of the computer,`Exposure Point` ,`Information`, `Access Info` and `Issues` panes. {% hint style="info" %} You can analyze objects in the `Graph module` by clicking the `Visualize` button on the upper left side of the `Information Pane`. {% endhint %}

Computer Details

## Information `Information Pane` can contain different badges to highlight important attributes. | Badge | Description | | --------------- | ------------------------------------------------------------------------------------------------------------------ | | **DC** | Indicates that the computer object is Domain Controller. | | **Privileged** | Indicates that the object is Privileged. | | **Admin** | Indicates that the object is Admin. | | **Local Admin** | Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer. | | **Enabled** | Indicates that the object is enabled. | | **Disabled** | Indicates that the object is disabled. | `Information Pane` contains `Details`, `Groups`, `Sessions`, `Shares`, `Local Members`, `SPNs` and `Gpos` tabs respectively. ## Details Details tab contains attributes below about computer object. | Attribute | Description | | -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **SAM AccountName** | The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (**Ldap Display Name**: sAMAccountName) | | **Distinguished Name** | Active Directory distinguished name of the object. (**Ldap Display Name**: distinguishedName) | | **Object Category** | An object class name used to group objects of this or derived classes. (**Ldap Display Name**: objectCategory) | | **Object Sid** | Active Directory security identifier of object. (**Ldap Display Name**: objectSid) | | **Name** | Name of the specified object. (**Ldap Display Name**: name) | | **Created Time** | The date when this object was created. (**Ldap Display Name**: whenCreated) | | **Last Changed Time** | The date when this object was last changed. (**Ldap Display Name**: whenChanged) | | **Last Logon** | The last time the user logged on. This attribute is not replicated to other Domain Controllers. (**Ldap Display Name**: lastLogon) | | **Last Logon Timestamp** | The time that the user last logged into the domain. This attribute is replicated to other Domain Controllers but not updated until after 14 (msDS-LogonTimeSyncInterval) days. (**Ldap Display Name**: lastLogonTimestamp) | | **Logon Count** | The number of times the account has successfully logged on. This attribute is not replicated to other Domain Controllers. (**Ldap Display Name**: logonCount) | | **Parent OU** | The direct parent Organizational Unit of the object. | | **OS** | The name of the operating system that runs on the computer. (**Ldap Display Name**: operatingSystem) | | **OS Version** | The version of the operating system that runs on the computer. (**Ldap Display Name**: operatingSystemVersion) | | **IP Address** | The IP Address of the computer. | | **DNS Host Name** | Name of computer as registered in DNS. (**Ldap Display Name**: dNSHostName) | | **Display Name** | The display name for an object. (**Ldap Display Name**: displayName) | | **Bad Password Count** | The number of times the user tried to log on to the account using an incorrect password. (**Ldap Display Name**: badPwdCount) | | **Primary Group ID** | Contains the relative identifier (RID) for the primary group of the object. By default, this is the RID for the Domain Computers group for computers, Domain Controllers group for Domain Controller servers. | | **SMB Port Open** | Indicates whether the 445 port is reached or not. In order to be identified, the Network Scanning module must be active. | | **Constrained Delegation** | Indicates whether the Constrained Delegation is active or not. | | **Last Password Set** | The date and time that the password for this account was last changed. If this value is set to 0 and the User-Account-Control attribute does not contain the UF\_DONT\_EXPIRE\_PASSWD flag, then the user must set the password at the next logon. (**Ldap Display Name**: pwdLastSet) | ## Groups Groups tab contains a list of groups that the computer is a member of. This list also contains `Privileged` and `Admin` columns to identify the privilege levels of these groups.

Groups

## Sessions Sessions tab contains a list of users that have a session on this computer. This list also contains `Enabled`, `Privileged`, and `Admin` columns to identify the status and privilege levels of these users.

Sessions

## Shares Shares tab contains a list of active shares on this computer. This list also contains the `Everyone` column to identify whether the share is readable or not by anyone in the domain.

Shares

## Local Members Local Members tab contains a list of objects that are members of local groups on this computer. These objects can be `Local User`, `Local Group`, `User`, `Computer`, `Group`, `Managed Service Account` and `Group Managed Service` Account. This list contains below columns.

Local Members

**Local Group**: Names of local groups on this computer. **Member Type**: Types of objects that are members of local groups. **Member Name**: Name of objects that are members of local groups. **Exec DCOM**: Indicates whether the member can have enough privilege to execute commands with DCOM(Distributed Component Object Model) protocol on this computer. **Exec PWSH**: Indicates whether the member can have enough privilege to execute commands with Powershell on this computer. **RDP**: Indicates whether the member can have enough privilege to connect with RDP (Remote Desktop Protocol) to this computer. **Admin**: Indicates whether the member can have admin privilege on this computer. ## SPNs SPNs tab contains a list of `Service Principal Names` that are defined on the computer object.

SPNs

## GPOs GPOs tab contains a list of `Group Policy` objects which affects this computer. This list also contains the `Total Linked Entity` column to highlight the total object count that is affected by this group policy object.

GPOs

## Access Info Access Info pane contains `Status`, `Explicit Local Admin Count` and `Group Delegated Local Admin Count` attributes. ![Access Info](/files/ff7ykVV7lA58Oo1HRVxl) **Status**: Indicates whether port 445 of the computer is reachable through the network during the scan. **Explicit Local Admin Count**: Indicates the number of explicit local admins on the computer. **Group Delegated Local Admin Count**: Indicates the number of group delegated local admins on the computer. ## Issues Issues pane contains identified issues on the computer object. ![Issues](/files/vhkDzetCsJfLEzOBig6z) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/ad-identities/computers.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.