Fill 4


Audit & Reporting for Microsoft Active Directory

Article about Directory Ranger

Active Directory

Active Directories are part of almost every large enterprise environment and it is a complex technology that is typically affected by every major security incident. There is no easy assessment approach available so far.

Active Directory Vulnerability Detection & Mitigation

Successful detection of “vulnerabilities” requires root cause analysis of incidents and “lessons learned” from that to reuse that knowledge and experience. Mitigating controls also require experience in large environments and a good understanding what is feasible and what is not. Talking about Active Directory security is not just talking about GPO settings.

Our approach

Automate identification of root causes for AD breaches and put our experience and knowledge into a tool. Make tool usable for daily business and ensure that everyone knows what he can expect from the tool.

Introducing DirectoryRanger

Our brand new tool to automate Active Directory audits and to create transparency.

Architecture of the Tool

The DirectoryRanger includes a web based interface for management and working with the tool. There are additional interfaces like import of data that was collected in an external environment and update of the plugins and application itself. Authentication is also implemented as an interface to an existing AD environment to integrate smoothly in your environment without adding yet another user database. All confidential data is stored encrypted to limit the impact in case of compromise.

Architecture of the Tool


As ERNW recommends the implementation of Administrative Tiers and Privileged Access Workstations as mandatory security controls the DirectoryRanger was designed with this and other security controls in mind. Resulting features include:

  • Updating without access to other networks
  • Web interface to avoid caching of sensitive credentials by Windows default behavior
  • Principle of least privilege
  • Custom hardening based on the requirements of the tool


Licenses are based on the size of your Active Directory environment. Contact us to get a quote.



  • Collects security settings from Active Directory
  • Also considers your operational procedures
  • Maps results to industry best practices or a custom baseline
  • Provides mitigation advice
  • Creates transparency about your Active Directory

Presentation Logic

  • Easy-to-use GUI
  • Comprehensive reporting capabilities
  • Rating based on ERNW AD expertise

Built-in security

  • Only needs standard user privileges
  • no software agents on server
  • Includes concepts to be operated in isolated environments

Product updates

Be the first to hear about Directory Ranger progress and release dates. We'll keep you in the loop about the project's progress. Sign up now for our Newsletter:

More on More ERNW SecTools related articles on our company blog