icon-itdr.svg
ITDR

Viewing the Top Vulnerable Active Directory Users and Computers

You can view a list of the top 10 Active Directory (AD) users and computers that have the highest risks in the AD domain on the Identity Posture dashboard. Having visibility of these 10 riskiest identities in your AD domain helps you to prioritize what to focus on first. You can view issue details, such as risk type, severity level, critical group membership, etc. You can drill down to a specific user or computer to further investigate and swiftly remediate the issue.

To view the top vulnerable AD users and computers:

  1. Go to ITDR > Dashboard > Identity Posture.
  2. On the Identity Posture dashboard:
    1. Select an AD domain from the Result for drop-down menu.

    2. Select a timestamp from the scanned on drop-down menu.


      The scan result for the AD domain appears.

  3. Click Top 10 Users & Computers.

    The Users and Computers page appears. The issues are listed under the tabs (All, Users, and Computers)

  4. Select a tab to view the following information:

    • Identity: The AD object identity (user or computer). Click an AD user or computer to view the details.
    • Type: AD object type (User or Computer).
    • Type of Risk: The type of vulnerability risk (e.g., Vulnerable to AS-REP roasting, Privileged account delegation, Stale passwords, etc.). Click the number to view all the risk types.
    • Critical Group Membership: The group membership of the critical AD group. ADs are primarily categorized into security and distribution groups. These groups have four different scopes, including universal, global, domain local, and local. Scope helps determine the areas in the AD domain where a group's permissions can be enforced successfully. To learn more, refer to the Microsoft documentation.
    • Identity Classification: The AD user account type, such as privileged or service. A privileged AD user account has powerful permissions that allow the user to perform nearly any action in the AD. A service AD user account is created to run a particular service or application on the Microsoft Windows operating system and has the minimum permissions that are required to run the services. To learn more, refer to the Microsoft documentation for Privileged and Service accounts.
    • Severity: The severity level of the vulnerability issue (e.g., Critical, High, Medium, or Low).

    Click Download Computer to download all AD computer issue details in the Excel format. Click Copy Table to copy specific columns on the table.

You can double-click an AD user or computer to view additional details, such as posture risk score, failed posture checks, associated Okta user account details, Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) access snapshots, assigned roles, etc.

Related Articles
About the Identity Posture DashboardViewing the Active Directory Posture Scan ReportDownloading the Active Directory Posture Scan ReportDownloading the Zscaler ITDR Active Directory Executive Summary ReportDownloading the Active Directory Delta ReportViewing the Active Directory Detailed Findings and Recommendations DetailsViewing the Top Vulnerable Active Directory Users and ComputersViewing Affected Active Directory User Account DetailsViewing Affected Active Directory Computer DetailsViewing the Active Directory Issue Details Grouped By SeverityViewing the Active Directory Issue Details Grouped By Risk TypeViewing the Active Directory Risk Reduction RoadmapViewing the Active Directory Issue Details Grouped by MITRE ATT&CK Downloading and Running a Remediation ScriptIncluding Active Directory Decoy Users and Computers in the Scan ResultsDeleting an Active Directory Scan Report