Use PingCastle to perform the Active Directory risk level analysis. Get a score without setup nor privileges.
Operations to perform
The report can be generated in the interactive mode by choosing “healthcheck” or just by pressing Enter. Indeed it is the default analysis mode.
It can be run using the command:
PingCastle --healthcheck --server mydomain.com
Active Directory risk level analysis
When the health check is run, an html file and an xml file are generated. The html file represent the report of the active directory. It is designed for humans. The xml contains some of the data used to generate the html file and can be used to consolidate date on multiple active directories. It is designed to be computer read (PingCastle). The xml file is required for all analysis, including global overview or cartography.
The report is divided in 3 parts:
The Score is computed by the maximum of the 4 sub scores:
- Privileged accounts
It is about administrators.
It is about the links between Active Directories (reminder: one AD can compromise one other via trusts).
- Stale objects
Stale objects represent everything about the AD objects and their life cycle: computer and user creation, delegation.
- Security anomalies
Everything that doesn’t fit into the previous categories. For example the krbtgt password change.
The details of the rules triggered is shown with some indication and the number of points calculated (the total cannot be above 100).
When the button “solve it” is clicked, a short explanation of the rule is shown with some indication on how to solve the situation.
2) General information
Contains the generated date, domain
The Detail zone shows general information about users, computers, trusts, group policies, …
Some information can be seen in detail by clicking on the associated link. It contains data to help identify the underlying objects.