Table D-4 Permission Scan Capabilities for Active Directory Environments
Windows Component |
Supported |
Notes |
---|---|---|
Share Permissions |
|
|
Security Descriptors |
Includes the ACLs and ACEs, owner, and all ACE and security descriptor flags. However, only security descriptors for folders are currently collected. Additionally, deny ACEs are not factored into calculations for Permission by Identity or Permission by Path reports. |
|
Universal Security Groups |
|
|
Global Security Groups |
|
|
Local Security Groups |
The local security groups themselves are collected, but group memberships for local security groups are not currently processed. |
|
Nested Group Memberships |
Nested group membership is collected as a flat list of all intermediate and leaf groups, users, and other security principals. The hierarchy of group nesting is not currently preserved. |
|
Primary Groups |
|
|
Local Security Authority (LSA) Privileges |
LSA privileges are not currently collected. |