Active Directory Privileged Users and Groups
Definition of Privileged Users and Groups
Updated Definition of Privileged Users and Groups
As of June 24, 2020, Liongard updated the definition of Active Directory Privileged Users and Groups according to Tier 0 privileges.
To learn more, visit Microsoft's Documentation.
Liongard's definition of "Privileged" uses Tier 0 privileges at the root and extends what Liongard marks as a Privileged User or Group by also looking at nested group membership within those Tier 0 privileges.
For example, using the group hierarchy chart below, Liongard detects all of the groups as privileged as they are all either directly inside or nested within the Domain Admins group. Groups 1-6, as well as all the users within these groups, will be flagged as Privileged in Liongard.
To view all of Privileged Users or Groups, navigate to the System Inspector's System Details page and on the Users and/or Groups tab(s), filter the Privileged column by Yes
You can also view this information in the Data Print, under the Users[] or Groups[] array.
Bulk Closing Alerts
Due to the change in Liongard's definition of Privileged Users and Groups, several Alerts and/or Change Detections may trigger.
To bulk close any Alerts that may not be valuable to you and your team, follow our documentation.
How to Audit for Privileged Users
To conduct an audit of Privileged Users, take the following actions:
- Enable the following Metric to display on the Admin > Metrics screen
- Active Directory: Privileged Users List
- Build an Audit Report
Navigate to an Environment's Active Directory Data View: Dashboard > Systems > Click into Active Directory > Select the System Inspector > Select the Metrics tab
- Filter the table for the above Metrics.
Remember you can export all of Liongard's data tables to further manipulate the data.
Updated 5 months ago