PEM Free Risk Discovery Tool

Discover the risky privileges lurking in your estate

Local admin rights are incredibly attractive to attackers, but do you know what admin accounts you have in your estate? You should.

Using this free tool, find out which endpoints have local admin rights. Understand how exposed you are, and start to plan your route to safety.

What the tool does

The list of users and groups in a given computer’s Administrators group is not stored in Active Directory - it is only available on the computer itself. To get the whole list of users in local Administrators groups within a domain, each computer in the domain must be queried.

  • The Local Admin Audit Tool starts by getting the list of computers in the domain using a simple LDAP query against the default Domain Controller (queried as rootDSE).
  • It then queries each computer using Active Directory Service Interfaces with the WinNT provider to obtain the list of members in that computer’s Administrators group (despite the name, this is not querying the domain’s Active Directory, but a simplified directory service that runs on each computer.).
  • The information returned contains user names and last logon times - which is all the information needed to build the audit.
  • The tool can be run with any user and on any workstation in your domain which fulfills the specified requirements.

What the tool does not

The tool does not save or report any information to any third party including Osirium.

Requirements

To make sure you don't have any problems running the assessment tool, check the following:

  • Your user/workstation running the tool must be able to authenticate in the domain, it must be able to make DNS queries in the domain, and it must be able to make LDAP queries in the domain.
  • The user running the tool must be in the local Administrator group of the computers that are being queried - this is a requirement when querying Administrators group members through Active Directory Service Interfaces.
  • The tool requires .NET Core 3. If it isn't installed, you will be prompted to download and install .NET Core
  • Finally, the workstation running the tool must be able to connect to the other workstations it is querying using SMB protocol on port 445.

No items found.

No items found.

Discover your risk today

Please complete the form to download your free local administrator account discovery tool.

An overview of Privileged Access Management

Read this short whitepaper to see how PAM can protect your shared devices and services, manage privileged users and accounts and simplify remote access.

Read the Overview
Talk to an expert

An overview of Privileged Process Automation

Read this short whitepaper to see how PPA can transform your IT Operations.

Read the Overview
Talk to an expert

An overview of Privileged Endpoint Management

Read this short whitepaper to see how PEM can improve endpoint security and IT help desk load.

Read the Overview
Talk to an expert

An overview of Privileged Access Security

Read this short whitepaper to see how PPA can transform your IT Operations.

Read the Overview
Talk to an expert
Click to chat