SOX Compliance Reports
Must have reports from ADManager Plus
ADManager Plus features over 100+ effective active directory reports. While conventional menthods like native AD tools, PowerShell, etc. mandate that you build these reports from scratch, this software provides all these reports out-of-the-box. The reports are extremely useful as they provide up-to-date information to the user, who can actually digest the details from a single glance. The reports have in further gained momentum with their relevance to SOX compliant Audits. This section introduces various ADManager Plus Reports that play a significant role in meeting the SOX requirements.
We have categorized these reports as:
Users Reports relevant to SOX
Users never logged on
The report provides the list of users who have not logged on to the domain even once. All the configured domain controllers are scanned to get the details. The information obtained from this report is quite crucial in analysing the risk associated with the unused accounts. If left unchecked, these accounts can be a real source of threat as they are prone to malacious usage by users belonging to a group with lesser permissions. This report helps take appropriate actions to either disable or delete such unused accounts with a view to promote better security within the organizational setup. You can try out all the reports using the free download of this reporting tool's trial version.
Locked Out Users
The details of user accounts that were locked out, due to an exceeded number of incorrect login attempts are listed in this report. The account will be automatically unlocked after a specified time period or can be set such that the administrator has to manually unlock it. This report throws light on the user accounts that possess the maximum number of bad logins, which in turn helps to figure out any suspicious activity happening on the account. Scheduling of this report generation every morning will help to identify if the lockouts were due to sleepy users or someone else who is trying to access the network. This is an essential report for Audits.
Groups for a User
Groups constitute for a major role in administering Security. Security Group is an important concept of Windows Active Directory where each User comes under a specific group with relevant rights and permissions. "Groups for a User" report provides the details of users in nested groups, i.e., groups that hold other groups as its members within a domain. This will list the group that the specified user is a member of and all the other groups where the user's group is a member. The report helps to have a close watch on the users and the groups they belong to such that the security permissions between the parent and the child groups do not contradict, which is an important requirement of Audits.
Groups without Members
The details of groups that have no members are listed in this report. It is highly essential to discard the groups containing no members. ADManager Plus with its "Groups without Members" report helps in the smart elimination of void groups which may otherwise cater to a series of security issues.
Recently Logged on Users
It is important for an administrator to keep track of the users who have logged on in the past 'n' days. This may be useful to find out if some intruder is using the account of a user who is on leave,etc,.The recently logged on users list can be obtained based on their last logon time. All the configured domain controllers are scanned for the last logon time to ensure accuracy."Recently Logged On Users" report of ADManager Plus proves to be essential in figuring out any tresspassing of user accounts.
Similar to the "Recently logged on user" report, Inactive Users list is essential for an administrator to keep an eye on the enterprise's security. Users who have not logged on for the past 'n' days fall under the inactive users list based on their last logon time. With the "Inactive User" report from ADManager Plus, administrators can easily decide on whether to disable or delete users who are flagged inactive, inorder to avoid any mishandling of critical financial information and hence provide better data protection.
Security Groups is a key concept of Windows Active Directory. There can be various security groups in an organization depending upon the type of permissions held by each one of them. The Security Group report from ADManager Plus enables security officers to check the clubbing of users with specific permissions under a common group heading and also restrict unnecessary tampering of data by non-group members.
NTFS Reports relevant to SOX
Active Directory NTFS reports
It is mandatory for any oraganization to secure critical corporate information. The allocation of permission to users helps to limit their access to specific data. NTFS Reports provide detailed information about the permissions on Folders/ Sub folders and Files/ Sub Files. ADManager Plus has categorized NTFS reports into 3 types:
Non-Inheritable Folders/Files: Provides the list of all folders and files that are restricted to inherit the permissions from their parent objects. Folders/Files over full control: Provides the list of folders and files over which the specified user has full permission.
Folders/Files over any control: Provides the list of folders and files over which the specified list of users have any given permission.
The above reports can be of absolute help for a security officer who wants to have a quick glance at the extent of permissions granted to users.
Computer Reports relevant to SOX
OS Based Report
OS based reports provide details of computers based on the Operating System versions installed in them. This report is useful to detect any illicit OS upgradation carried out by users, by-passing the security officer/administrator. The report therefore keeps a check by verifying the OS version as per installed in each computer based on the company policies. This limitation of software/OS installations getting invoked from the security officers end is a mandatory requirement of any audit process.
Other Reports relevant to SOX
Full control permission users
The Full Control permission includes all rights to a file. Since the report allows full access to the object and its sub objects, with the ability to take ownership of objects and change permissions of objects and sub objects, the system becomes highly vulnerable to malpractices. The "Full Control permission Users" report aids the sysytem administrators to watch out the users with this permission on a regular basis.
User permission over objects
This is an example of the Access Control List(ACL) report, which shows who has access and what kind of access to which objects in the Active Directory domain. The report helps to identify the objects where a specific user has been granted access.
Non inheritable objects
There are certain objects in the Active Directory which are designated as non-inheritable. The Non inheritable objects report identifies the objects whose permissions are blocked from being inherited by its child objects. This report can be useful to locate the occurrence of any abnormal inheritance despite the restriction.
These reports from ADManager Plus serve to be a comprehensive material source that simply ease out and help you meet most of your SOX Compliance Audit needs.
|Reset password and set password propertied from a single web-based console, without compromising on the security of your AD! Delegate your password-reset powers to the helpdesk technicians too!
||Exhaustive reporting on Active Directory Users and user-attributes. Generate reports in user-activity in your Active Directory. Perform user-management actions right from the report interface!
|Granular reporting on your AD Computer objects to the minutest detail. Monitor...and modify computer attributes right within the report. Reports on Inactive Computers and operating systems.
||A mini Active Directory ticket-management and compliance toolkit right within ADManager Plus! Define a rigid yet flexible constitution for every task in your AD. Tighten the reins of your AD Security.
|Get rid of the inactive, obsolete and unwanted objects in your Active Directory to make it more secure and efficient...assisted by ADManager Plus's AD Cleanup capabilities.
||A complete automation of AD critical tasks such as user provisioning, inactive-user clean up etc. Also lets you sequence and execute follow-up tasks and blends with workflow to offer a brilliant controlled-automation.
"We evaluated ADManager Plus along with several other Active Directory Management and Reporting software. After using it really made life easy for administrators. It is very understandable and fast to learn, I didn't even read the manual."
Bogdan Campeanu, Network Engineer