- Related Products
- AD360
- Log360
- ADAudit Plus
- ADSelfService Plus
- EventLog Analyzer
- Exchange Reporter Plus
Privileged Entities
Privileged Entities are high-value Active Directory groups and accounts that, if compromised, can lead to full domain control. These entities possess elevated permissions or administrative capabilities that can significantly impact the security of the AD environment. They typically include objects that:
- Have direct or inherited privileged rights over sensitive AD objects.
- Can perform high-impact tasks such as user account management, delegation, or Group Policy Objects modifications.
- Possess administrative access to domain controllers, critical OUs, or organizational resources.
Privileged entities added by default in ADManager Plus
The following built-in groups are added as privileged entities by default:
- Account Operators
- Administrators
- Backup Operators
- Cert Publishers
- Domain Admins
- Domain Controllers
- Enterprise Admins
- Enterprise Key Admins
- Key Admins
- Print Operators
- Read-only Domain Controllers
- Replicator
- Schema Admins
- Server Operators
Steps to add custom privileged entities in ADManager Plus
Privileged entities can be managed and added from the Identity Risk Assessment and Risk Exposure Management tabs.
- Click Privileged Entities at the top-right corner of the page.
- Click Add Privileged Entities.
- Select the groups you want to add as a privileged entity.
- Click Add.
- Once added, users will be able to view the attack paths and privilege exposure associated with these groups.
- Use the Manage drop-down to enable , disable, or delete entities as needed.
Note
- Currently, ADManager Plus supports only AD environments and only groups can be added as privileged entities.
- For newly added entities, or after enabling, disabling, or deleting entities, risk-related information will be updated after the next data refresh.