Paramount Defenses Active Directory Permissions Analyzer is a specialized audit tool for analyzing security permissions in Active Directory (AD) environments. It was designed by a former Microsoft Program Manager for Active Directory Security. The tool automates the analysis of security permissions across Active Directory domains, enabling IT and security teams to identify who has what permissions, where those permissions exist, and which specific permissions are granted. Key capabilities include: - Identifying all security principals with any kind of permissions in Active Directory ACLs - Identifying all security principals with specific types of permissions (e.g., Allow/Deny, Explicit/Inherited) - Finding permissions granted to a specific user, computer, or group - Analyzing permissions based on schema classes, attributes, or extended rights - Applying custom LDAP filters to narrow analysis scope - Controlling scope depth for targeted or domain-wide analysis - Exporting analysis results to CSV The tool operates without requiring administrative privileges, agents, or services, and can be installed and run on any Windows computer. It is part of Paramount Defenses' Gold Finger product suite. Licensing is subscription-based, available on quarterly or annual terms. A free version is available for download. The tool is used by organizations including government agencies, financial institutions, and large enterprises.