Inactive accounts are active accounts that have not been used for an extended period (dormant) or have never been used, while privileged groups contain accounts with high privileges. Examples of privileged groups are Domain Admins, Enterprise Admins, Schema Admins, Built-in Administrators, and others. Both categories of accounts are high value targets for hackers who access them to infiltrate your Active Directory infrastructure. Additionally, both account types are leading vectors for ransomware attacks.

Why Does Assessing Inactive Accounts & Privileged Groups Matter for Cyber Hygiene?

Because inactive accounts are frequently forgotten or ignored, they are prime takeover targets for cyber criminals. Hackers often monitor business’ social media platforms and websites looking for past employees’ names to search for potential inactive accounts.

It is vital to ensure that all accounts within privileged groups are authorized and valid in order to protect the organization and reduce ransomware risk. These accounts have total access to the environment, so any unauthorized account is a key target for a ransomware attack. The number of these important accounts should be kept as small as number possible. In fact, ransomware risk is much higher for organizations with large numbers of accounts in privileged groups.

Using LT Auditor+ to Assess Inactive Accounts and Privileged Groups

 1. Assess dormant accounts

Active accounts that have not logged onto the network for a relatively long period are known as dormant accounts. These identified user accounts in Active Directory are a significant security risk because attackers or former employees can access them. These accounts also consume database space, clutter up Active Directory and cause inefficiency. Additionally, they degrade Active Directory health and performance. In a clear and concise manner, LT Auditor+ quickly identifies dormant accounts that should be disabled or deleted.

 

2. Assess Accounts that have Never Been Used

IT administrators sometimes create user accounts that are never used within the organization. Just like dormant accounts, these “never used” accounts are easy targets for attackers or former employees. By disabling or deleting such accounts, an organization will significantly improve security.  LT Auditor+ provides a list of all active accounts never used, so IT administrators can quickly fix this security vulnerability.

 

3. Assess Privileged Group Membership

All memberships to the powerful Active Directory groups must be authorized and validated because these privileges come with the “Keys to the Kingdom.” Users of privileged groups often have the right to manage specific OU in Active Directory which greatly impacts the entire organization.  LT Auditor+ includes a built-in, drill-down panel listing all privileged group memberships for immediate detection, verification, and validation.

 

Conclusion

As ransomware attacks hit more businesses than ever, implementing common cyber best practices is an absolute MUST. Ultimately, it is more important than ever for IT admins to reduce the risk of ransomware so operational performance remains safeguarded. LT Auditor+ is the premier software of excellence to detect inactive accounts and to validate privileged groups so your organization stays secure.