FSProtect
  • Introduction
    • FSProtect - Active Directory Security Assessment
    • Glossary
    • Architecture
    • Requirements
    • Installation
    • Update
  • Scans
    • New Scan
    • Scans
    • Policies
  • Dashboard
  • Trend Insights
  • Issues
  • Impacts
  • Attack Surface
    • Forests
    • Domains
    • Computers
    • Users
    • Groups
    • GPOs
    • OUs
    • MSAs
    • GMSAs
    • Local Users
    • Local Groups
    • Certificate Authorities
    • Certificate Templates
    • CA Certificates
  • GPO Audit
    • GPO Comparison
    • RSoP Comparison
    • Custom Baselines
  • Integrations
    • CyberArk
    • Mail
    • Jira
  • Search & Reports
    • Domain
    • Computer
    • User
    • Group
    • GPO
    • OU
    • ManagedServiceAccount
    • GroupManagedServiceAccount
    • LocalUser
    • LocalGroup
    • CertificateAuthority
    • CertificateTemplate
    • CACertificate
    • SPN
    • SmbShare
  • Health Check
  • Visualize
  • Settings
    • User Settings
    • LDAP Authentication Settings
    • Roles and Permissions
    • Token Expiration Settings
  • Share Audit
    • Summary
    • Secrets
    • Settings
Powered by GitBook
On this page
  • Group Details
  • Information
  • Details
  • Parent Groups
  • Child Groups
  • Child Users
  • Child Computers
  • Child MSAs
  • Child GMSAs
  • Local Memberships
  • Issues

Was this helpful?

  1. Attack Surface

Groups

PreviousUsersNextGPOs

Last updated 6 months ago

Was this helpful?

The Groups page provides a list of enumerated groups in entire Acitve Directory. The list contains the Privileged, Admin, Local Admin, Member Count, Risk Score,Exposure Point and Issue Counts.

Group Details

Details page contains the Risk Score of the group,Exposure Point, Information, and Issues panes.

You can analyze objects in the Graph module by clicking the Visualize button on the upper left side of the Information Pane.

Information

Information Pane can contain different badges to highlight important attributes.

Badge
Description

Privileged

Indicates that the object is Privileged.

Admin

Indicates that the object is Admin.

Local Admin

Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer.

Information Pane contains Details, Parent Groups, Child Groups, Child Users, Child Computers,Child MSAs , Child GMSAs and Local Memberships tabs respectively.

Details

Details tab contains attributes below about group object.

Attribute
Description

SAM AccountName

The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName)

Distinguished Name

Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName)

Object Category

An object class name used to group objects of this or derived classes. (Ldap Display Name: objectCategory)

Object Sid

Active Directory security identifier of object. (Ldap Display Name: objectSid)

Parent OU

The direct parent Organizational Unit of the object.

Name

Name of the specified object. (Ldap Display Name: name)

Created Time

The date when this object was created. (Ldap Display Name: whenCreated)

Last Changed Time

The date when this object was last changed. (Ldap Display Name: whenChanged)

Description

Description text to display for an object. (Ldap Display Name: description)

Parent Groups

Parent Groups tab contains a list of groups that the group is a member of. This list also contains Privileged and Admin columns to identify the privilege levels of these groups.

Child Groups

Child Groups tab contains a list of groups that are children of the group. This list also contains Privileged and Admin columns to identify the privilege levels of these groups.

Child Users

The Child Users tab displays a list of user accounts associated with the group.

Name: The name of the user account.

Privileged: Indicates whether the user has elevated privileges.

Admin: Indicates whether the user has administrative rights.

Enabled: Indicates whether the user account is active.

Child Computers

The Child Computers tab displays a list of computer objects associated with the group.

Name: The name of the computer object.

IP Address: The IP address assigned to the computer.

Privileged: Indicates whether the computer object has elevated privileges.

Admin: Indicates whether the computer object has administrative rights.

Enabled: Indicates whether the computer object is enabled.

Child MSAs

The Child MSAs tab displays a list of Managed Service Accounts (MSAs) associated with the group.

Name: The name of the Managed Service Account.

Privileged: Indicates whether the MSA has elevated privileges.

Admin: Indicates whether the MSA has administrative rights.

Enabled: Indicates whether the MSA is active.

Child GMSAs

The Child GMSAs tab displays a list of Group Managed Service Accounts (GMSAs) associated with the group.

Name: The name of the Group Managed Service Account.

Privileged: Indicates whether the GMSA has elevated privileges.

Admin: Indicates whether the GMSA has administrative rights.

Enabled: Indicates whether the GMSA is active.

Local Memberships

Local Memberships tab contains a list of local groups that the group is a member of.

Local Group Name: Name of the local group that the group is a member of.

Computer: Name of the computer object that contains the local group.

Exec DCOM: Indicates whether the local group can have enough privilege to execute commands with DCOM(Distributed Component Object Model) protocol on the computer.

Exec PWSH: Indicates whether the local group can have enough privilege to execute commands with Powershell on the computer.

Admin: Indicates whether the local group can have admin privilege on the computer.

Issues

Issues pane contains identified issues on the group object.

Groups
Group Details
Parent Groups
Child Groups
Child Users
Child Computers
Child MSAs
Child GMSAs
Local Memberships
Issues