Chat now with support
Chat with Support

Enterprise Reporter 3.5 - What's New

Performance Enhancements

When multiple domain controllers are specified for and Active Directory discovery, the workload is now spread among those domain controllers to improve performance.

Collection times have been greatly improved by changes made to how information is received once it is gathered during Active Directory discoveries.

New Reports

The following new Active Directory reports are added to the Report Library.

Resultant Domain Kerberos Configuration

Shows the resultant Kerberos GPO configuration for selected domains. Includes a parameter to select the domains to be included in the report.

The following new Active Directory health check reports are added to the Report Library.

Health Check | Active Directory

Active Directory Permissions - Dangerous permissions delegated

Shows all Active Directory permissions for the selected domains and Active Directory objects. These permissions can be used to attack Active Directory. For information about attack types, see https://attack.mitre.org/mitigations/M1015/

Active Directory Permissions - Domain Controller Owners

Shows all Active Directory permissions for the selected domains and Active Directory objects. The Domain Administrators group or the Enterprise Administrators group are set as owners for domain controllers. For details, see Privileged Account Management at https://attack.mitre.org/mitigations/M1026/

Active Directory Permissions for Account (Everyone)

Shows the Active Directory permissions for an account, including permissions derived through group membership. (Excluding Deny Permissions and Change Password permissions).

AdminSDHolder Permissions

Shows all Active Directory permissions for the selected domains and Active Directory objects. For more information see Protected Accounts and Groups in Active Directory at https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-c--protected-accounts-and-groups-in-active-directory and Active Directory Configuration at https://attack.mitre.org/mitigations/M1015/

Domain Accounts (Users and Groups) with SID History Attribute not empty

Shows all the domain accounts for the selected domains which can leave accounts open to Access Token Manipulation: SID-History Injection attacks. Adversaries can use SID-History Injection to escalate privileges and bypass access controls. For details, see https://attack.mitre.org/techniques/T1134/005/

Domain Groups and Members (Pre-Windows 2000 Compatible Access)

Shows the group memberships for the selected domains and groups. If you include nested groups, the membership of the groups is displayed. For details, see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/7a76a403-ed8d-4c39-adb7-a3255cab82c5?redirectedfrom=MSDN and Exploitation of Remote Services https://attack.mitre.org/techniques/T1210/

Health Check | Computer

Computer Services on Domain Controllers (Print Spooler)

Shows information about the services for the selected computers. (Enterprise Reporter Windows Server License must be available). More details at https://adsecurity.org/?p=4056

Domain Computers Having Constrained Delegation

Shows domain computers for selected domains that have constrained delegation.

Domain Computers Having SID History

Shows domain computers for selected domains that have some value specified in SID History attribute.

Domain Computers Having Unconstrained Delegation

Shows domain computers for selected domains having unconstrained delegation.

Domain Computers whose sAMAccountName Does Not End In a Dollar Sigh

Shows domain computers for selected domains whose sAMAccountName does not end in a Dollar Sign.

Health Check | Group

Privileged Domain Groups and Members

Shows the group memberships for the selected domains and groups. These privileged groups should have as few members as possible. DNSAdmins should have no members. If you include nested groups, the membership of the groups is displayed. For details, see Privileged Account Management https://attack.mitre.org/mitigations/M1026/

SID History Auditing Group available in Domain (Migration in Progress)

Shows if a SID History auditing group has been created in the domain.

Health Check | User

Active Directory Permissions - Delegations for Accounts that cannot be resolved

Shows all active directory permissions for the selected domains and active directory objects. These permissions can be used for attacks. For details, see Active Directory Configuration https://attack.mitre.org/mitigations/M1015/

Built-in AD Administrator Account Usage

Shows native Administrator account in selected domains who have logged in selected timeframe.

Domain User Accounts that are Sensitive and Cannot be Delegated

Shows all domain user accounts for selected domains that cannot be delegated.

Domain Users who do not require a password

Shows all domain users for selected domains who do not require a password.

Domain Users who do not require Kerberos Pre-Authentication

Shows all domain users for selected domains where the account is configured with the "Do not require Kerberos pre-authentication" option. Kerberos pre-authentication is a security feature which offers protection against password-guessing attacks. When you do not enforce pre-authentication, a malicious attacker can directly send a dummy request for authentication.

Domain Users with weak DES encryption enabled

Shows all domain users for selected domains that have weak DES encryption enabled. DES is considered weak cryptography and is no longer enabled by default in Kerberos authentication.

Golden Ticket Mitigation - Last Password Change for krbtgt account

Shows user password information for the krbtgt account. Attackers who have the krbtgt account password hash can forge Kerberos ticket-granting tickets (TGT), also known as a golden ticket. Golden tickets enable adversaries to generate authentication material for any account in Active Directory.

Privileged Accounts that are Sensitive and Cannot be Delegated

Shows all privileged accounts for selected domains that are configured with the "Account is sensitive and cannot be delegated" option.

Privileged Accounts that have Not Logged In

Shows privileged accounts in selected domains having unchanged passwords and have not logged in.

Privileged Accounts Vulnerable to the Kerberoast Attack

Shows all privileged user accounts that are vulnerable to the Kerberoast attack. Kerberoasting is an attack technique that attempts to crack the password of a service account within the Active Directory.

Privileged Accounts with Unchanged Passwords that Logged In

Shows privileged accounts in selected domains having unchanged passwords and have logged in.

User Account(s) that have Constrained Delegation

Shows all the domain users for the selected domains that have TRUSTED_FOR_AUTH_DELEGATION enabled. For details, see https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties

User Account(s) that have Unconstrained Delegation

Shows all the domain users for the selected domains that have TRUSTED_FOR_DELEGATION enabled. For details, see https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties

The following new Azure Active Directory reports have been added to the Report Library.

Azure Active Directory Deleted Users

Shows deleted users for the selected tenants. Contains a parameter to select the tenants to be included in the report.

Azure Managers with Direct Reports

Shows all the direct reports for the selected managers. Contains parameters to select the tenants and Azure managers to be included in the report.

The following new Computer reports have been added to the Report Library.

Scheduled Tasks

Shows the scheduled tasks for the selected computers. Contains parameters to select the domains, computers, and locations to be included in the report.

Server Features

Shows all the Windows Server Features for the selected computers.

The following new Office 365 reports have been added to the Report Library.

Microsoft Dysfunctional Teams

Shows Microsoft Teams with No Owners or Less Than Two Members. Contains parameters to select the tenants and teams to be included in the report.

Microsoft Teams Application Permission Policies

Shows the Microsoft Teams Application Permission Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.

Microsoft Teams Calling Policies

Shows the Microsoft Teams Calling Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.

Microsoft Teams Meeting Policies

Shows the Microsoft Teams Meeting Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.

Microsoft Teams Messaging Policies

Shows the Microsoft Teams Messaging Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.

Microsoft Teams Organization Settings

Shows the Microsoft Teams Organization Settings for the selected tenants. Contains a parameter to select the tenant to be included in the report.

Microsoft Teams Tabs

Shows the Microsoft Teams tabs for the selected channels, teams, and tenants. Contains parameters to select tenants, teams, channels, and tabs to be included in the report.

Microsoft Teams Team and Channel Policies

Shows the Microsoft Teams Team and Channel Policies for the selected tenants. Contains parameters to select the tenants and policies to be included in the report.

Microsoft Teams User Policies

Shows some Microsoft Teams User Policies for the selected users. Contains parameters to select the tenants and users to be included in the report.

SharePoint Online Access Control Settings

Shows the access control settings for the selected tenants. Contains a parameter to select the tenants to be included in the report.

SharePoint Online Configuration Settings

Shows the configuration settings for the selected tenants. Contains a parameter to select the tenants to be included in the report.

SharePoint Online Office 365 Group Sites

Shows all Office 365 group sites for the selected SharePoint Online Tenants. Contains parameters to select the tenants and sites to be included in the report.

SharePoint Online Permissions for Identity

Shows the SharePoint Online permissions for the selected identity in the selected tenants and sites. Contains parameters to select the identity, tenants, sites, and roles to be included in the report.

SharePoint Online Sharing Policies

Shows the sharing policies for the selected tenants. Contains parameters to select the tenants to be included in the report.

SharePoint Online Site Administrators​​

Shows all site administrators for the selected SharePoint Online Tenants and sites.​​ Contains parameters to select the tenants, site collections, and sites to be included in the report.

SharePoint Online Site Group Information with Members

Shows all site groups and their members for the selected SharePoint Online Tenants and sites. Contains parameters to select the tenants, site collections, sites, and site groups to be included in the report.

SharePoint Online Site Sharing

Shows the sharing settings for the selected tenants and sites. Contains parameters to select the tenants, site collections, and sites to be included in the report.

SharePoint Online Site Permissions

Shows the site permissions for the selected tenants and sites. Contains parameters to select the tenants, site collections, sites, and roles to be included in the report.

SharePoint Online Sites without an Office 365 Group

Shows all sites without an Office 365 group for the selected tenants. The report will not include subsites for the sites. Contains parameters to select the tenants, site collections, and sites to be included in the report.

SharePoint Online Summary

Shows a summary of SharePoint Online for the selected Office 365 tenants. Contains a parameter to select the tenants to be included in the report.

The following new Security Explorer Remediation reports have been added to the Report Library.

Group Managed Service Accounts and Members with Actions

Shows all the managed service accounts and their members for the selected domains. Contains parameters to select the domains, organizational units, and managed service accounts to be included in the report.

Managed Service Accounts and Members with Actions

Shows all the managed service accounts and their members for the selected domains. If you choose to include nested groups, membership of the group members is displayed. Contains parameters to select the domains, organizational units, and group managed accounts to be included in the report.

The following new report types have been added to the Report Library.

Microsoft Teams

Teams Organization Settings

Provides information on Microsoft Teams organization-wide settings. Contains fields for Teams Client, External Access, Guest Calling, Guest Meeting, and Guest Messaging settings.

Microsoft Teams | Policies

Teams App Permission Policies

Provides information on Microsoft Teams App Permission Policies. Contains fields for Teams Tenant and Teams App Permission Policies.

Microsoft Teams | Policies

Teams Calling Policies

Provides information on Microsoft Teams Calling Policies. Contains fields for Teams Tenant and Teams Calling Policies.

Microsoft Teams | Policies

Teams Meeting Policies

Provides information on Microsoft Teams Meeting Policies. Contains fields for Teams Tenant and Teams Meeting Policies.

Microsoft Teams | Policies

Teams Messaging Policies

Provides information on Microsoft Teams Messaging Policies. Contains fields for Teams Tenant and Teams Messaging Policies.

Microsoft Teams | Policies

Teams Team and Channel Policies

Provides information on Microsoft Team s Team and Channel Policies. Contains fields for Teams Tenant and Teams Team and Channel Policies.

Microsoft Teams | Policies

Teams User Policies

Provides information on Microsoft Teams User Policies. Contains fields for Teams Tenant, Teams User Identity, Teams Team and Channel Policies.

Microsoft Teams

Teams Tab

Provides information on Microsoft Teams Tab. Contains fields for Teams Tenant, Teams Identity, Teams Channel, and Teams Tab.

SharePoint Online

SharePoint Online Configuration Settings

Provides information on SharePoint Online configuration settings. Contains fields for SharePoint Online Tenant and SharePoint Online Configuration Setting.

SharePoint Online

SharePoint Online Site Groups

Provides information on SharePoint Online site groups. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, SharePoint Online Site, and SharePoint Online Group.

SharePoint Online

SharePoint Online Policies

Provides information on SharePoint Online Policies. Contains fields for SharePoint Online Tenant and SharePoint Online Policy.

SharePoint Online

SharePoint Online Settings and Policies.

Provides information on SharePoint Online Settings and Policies. Contains fields for SharePoint Online Tenant, SharePoint Online Configuration Settings, and SharePoint Online Tenant Policy.

SharePoint Online

SharePoint Online Site Group Members​

Provides information on SharePoint Online site group members.​ Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, SharePoint Online Site, SharePoint Online Site Group, and SharePoint Online Site Group Member.

SharePoint Online

SharePoint Online Site Permissions

Provides information on SharePoint Online site permissions. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, SharePoint Online Site, SharePoint Online Role Assignment Set, SharePoint Online Role Assignment, SharePoint Online Permission, and Azure Identity.

SharePoint Online

SharePoint Online Site Users and Azure Group Members

Contains fields for the site and its related Azure Groups as well as the member accounts. Contains fields for the site user information at includes if the user is site administrator or if the user is primary admin. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, SharePoint Online Site, SharePoint Online Site User, Azure Identity, Azure Group, and Azure Group member.

SharePoint Online

SharePoint Online Sites

Provides information on SharePoint Online sites. Contains fields for SharePoint Online Tenant, SharePoint Online Site Collection, and SharePoint Online Site.

Updated Reports

The following Azure Resource reports have been updated in the Report Library.

Azure Virtual Network Resource

Azure Virtual Network Information

New field showing whether the virtual machine protection flag has changed or not.

The following Computer reports have been updated in the Report Library.

Computer

User Profile Information

New field showing the size of the profile folder.

Hotfixes

Hotfixes And Updates

The following new fields were added:

The following Office 365 reports have been updated in the Report Library.

Office 365

Office 365 Overview

Now includes SharePoint Online information.

New Reporting Options

New options have been added to improve the flexibility of the reporting features.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating