Discover the risky privileges lurking in your estate.

Many organizations are implementing the "Principle of Least Privilege (POLP)" as a way to ensure only the minimum level of privileged access is granted to the smallest number of people for the shortest period of time. One of the first steps in implementing a POLP strategy should be to remove any standing administrator rights from user's laptops and workstations. The PEM Risk Discovery Tool gets you started by revealing what local admin accounts you have in your IT estate.

The list of users and groups in a given computer’s Administrators group is not stored in Active Directory - it is only available on the computer itself. To get the whole list of users in local Administrators groups within a domain, each computer in the domain must be queried.

• The Local Admin Audit Tool starts by getting the list of computers in the domain using a simple LDAP query against the default Domain Controller (queried as rootDSE).
• It then queries each computer using Active Directory Service Interfaces with the WinNT provider to obtain the list of members in that computer’s Administrators group (despite the name, this is not querying the domain’s Active Directory, but a simplified directory service that runs on each computer.).
• The information returned contains user names and last logon times - which is all the information needed to build the audit.
• The tool can be run with any user and on any workstation in your domain which fulfils the specified requirements.

NOTE: The link to download the Discovery Tool will be sent via email, so please ensure your business email is entered correctly!