Skip to main content

PingCastle

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This integration will run a server that will listen for PingCastle XML reports. This integration was integrated and tested with version 6.0.0 of PingCastle

Configure PingCastle on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for PingCastle.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    API KeyThe API Key PingCastle must use to send reportsTrue
    Long running instanceWhether this instance should listen for reportsFalse
    Listen port, e.g. 7000False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

pingcastle-get-report#


Get the Currently saved Ping Castle Report

Base Command#

pingcastle-get-report

Input#

Argument NameDescriptionRequired
delete_reportWhether to delete the report after getting it or save it to allow retrieving it again. Possible values are: Yes, No. Default is No.Optional

Context Output#

PathTypeDescription
PingCastle.Report.reportStringThe XML report sent by Ping Castle

Command Example#

!pingcastle-get-report delete_report=No

Context Example#

{
"PingCastle": {
"Report": {
"report": "<?xml version=\"1.0\" encoding=\"utf-8\"?><HealthcheckData xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><EngineVersion>2.9.2.0</EngineVersion><GenerationDate>2021-04-13T11:16:53.4987279-07:00</GenerationDate><Level>Normal</Level><MaturityLevel>2</MaturityLevel><DomainFQDN>pingcastledemo.local</DomainFQDN><NetBIOSName>PINGCASTLEDEMO</NetBIOSName><ForestFQDN>pingcastledemo.local</ForestFQDN><DomainCreation>2021-03-09T10:46:54</DomainCreation><DomainSid>S-1-5-21-2115980419-2321553098-4164854430</DomainSid><DomainFunctionalLevel>7</DomainFunctionalLevel><ForestFunctionalLevel>7</ForestFunctionalLevel><SchemaVersion>88</SchemaVersion><SchemaInternalVersion>0</SchemaInternalVersion><IsRecycleBinEnabled>false</IsRecycleBinEnabled><SchemaLastChanged>0001-01-01T00:00:00</SchemaLastChanged><NumberOfDC>1</NumberOfDC><GlobalScore>65</GlobalScore><StaleObjectsScore>16</StaleObjectsScore><PrivilegiedGroupScore>40</PrivilegiedGroupScore><TrustScore>0</TrustScore><AnomalyScore>65</AnomalyScore><Trusts /><DomainControllers><HealthcheckDomainController><DCName>WIN2019-AD-SX</DCName><CreationDate>2021-03-09T10:47:41</CreationDate><StartupTime>2021-03-09T03:48:59.4415839-08:00</StartupTime><LastComputerLogonDate>2021-04-09T04:49:10.2174788-07:00</LastComputerLogonDate><DistinguishedName>CN=WIN2019-AD-SX,OU=Domain Controllers,DC=pingcastledemo,DC=local</DistinguishedName><OperatingSystem>Windows 2019</OperatingSystem><OwnerSID>S-1-5-21-2115980419-2321553098-4164854430-512</OwnerSID><OwnerName>PINGCASTLEDEMO\\Domain Admins</OwnerName><HasNullSession>false</HasNullSession><SupportSMB1>false</SupportSMB1><SMB1SecurityMode>NotTested</SMB1SecurityMode><SupportSMB2OrSMB3>true</SupportSMB2OrSMB3><SMB2SecurityMode>SmbSigningEnabled SmbSigningRequired</SMB2SecurityMode><RemoteSpoolerDetected>true</RemoteSpoolerDetected><IP><string>fe80::717e:f51a:66a3:2fa2%15</string><string>10.158.106.123</string></IP><FSMO><string>PDC</string><string>RID pool manager</string><string>Infrastructure master</string><string>Schema master</string><string>Domain naming Master</string></FSMO><LDAPSProtocols /><PwdLastSet>2021-04-08T16:34:37.9205977-07:00</PwdLastSet><RODC>false</RODC><SYSVOLOverwrite>false</SYSVOLOverwrite></HealthcheckDomainController></DomainControllers><Sites><HealthcheckSite><SiteName>Default-First-Site-Name</SiteName><Networks /></HealthcheckSite></Sites><lDAPIPDenyList /><PreWindows2000AnonymousAccess>false</PreWindows2000AnonymousAccess><PreWindows2000NoDefault>false</PreWindows2000NoDefault><DsHeuristicsAnonymousAccess>false</DsHeuristicsAnonymousAccess><DsHeuristicsAdminSDExMaskModified>false</DsHeuristicsAdminSDExMaskModified><DsHeuristicsDoListObject>false</DsHeuristicsDoListObject><DsHeuristicsAllowAnonNSPI>false</DsHeuristicsAllowAnonNSPI><UsingNTFRSForSYSVOL>false</UsingNTFRSForSYSVOL><RiskRules><HealthcheckRiskRule><Points>20</Points><Category>PrivilegedAccounts</Category><Model>AccountTakeOver</Model><RiskId>P-Delegated</RiskId><Rationale>Presence of Admin accounts which have not the flag \"this account is sensitive and cannot be delegated\": 1</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>15</Points><Category>Anomalies</Category><Model>PassTheCredential</Model><RiskId>A-LAPS-Not-Installed</RiskId><Rationale>LAPS doesn't seem to be installed</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>15</Points><Category>Anomalies</Category><Model>Backup</Model><RiskId>A-BackupMetadata</RiskId><Rationale>Last AD backup has been performed 35 day(s) ago</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>PrivilegedAccounts</Category><Model>IrreversibleChange</Model><RiskId>P-SchemaAdmin</RiskId><Rationale>The group Schema Admins is not empty: 1 account(s)</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>Audit</Model><RiskId>A-AuditDC</RiskId><Rationale>The audit policy on domain controllers does not collect key events.</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>PrivilegedAccounts</Category><Model>IrreversibleChange</Model><RiskId>P-RecycleBin</RiskId><Rationale>The Recycle Bin is not enabled</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>StaleObjects</Category><Model>Provisioning</Model><RiskId>S-ADRegistration</RiskId><Rationale>Non-admin users can add up to 10 computer(s) to a domain</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>PassTheCredential</Model><RiskId>A-DC-Spooler</RiskId><Rationale>The spooler service is remotely accessible from 1 DC</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>WeakPassword</Model><RiskId>A-MinPwdLen</RiskId><Rationale>Policy where the password length is less than 8 characters: 1</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>5</Points><Category>StaleObjects</Category><Model>NetworkTopography</Model><RiskId>S-DC-SubnetMissing</RiskId><Rationale>The subnet declaration is incomplete [1 IP of DC not found in declared subnets]</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>5</Points><Category>Anomalies</Category><Model>Backup</Model><RiskId>A-NotEnoughDC</RiskId><Rationale>The number of DCs is too small to provide redundancy: 1 DC</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>1</Points><Category>StaleObjects</Category><Model>ObjectConfig</Model><RiskId>S-PwdNeverExpires</RiskId><Rationale>Number of accounts which has never-expiring passwords: 2</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>Audit</Model><RiskId>A-AuditPowershell</RiskId><Rationale>The powershell audit configuration is not fully enabled.</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>Reconnaissance</Model><RiskId>A-NoNetSessionHardening</RiskId><Rationale>No GPO has been found which implements NetCease</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>WeakPassword</Model><RiskId>A-NoServicePolicy</RiskId><Rationale>No password policy for service account found (MinimumPasswordLength&gt;=20)</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>NetworkSniffing</Model><RiskId>A-NoGPOLLMNR</RiskId><Rationale>No GPO has been found which disables LLMNR or at least one GPO does enable it explicitly</Rationale></HealthcheckRiskRule></RiskRules><UserAccountData><Number>3</Number><NumberEnabled>2</NumberEnabled><NumberDisabled>1</NumberDisabled><NumberActive>2</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>2</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>0</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></UserAccountData><ComputerAccountData><Number>1</Number><NumberEnabled>1</NumberEnabled><NumberDisabled>0</NumberDisabled><NumberActive>1</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>0</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><ListDomainSidHistory /><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>1</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></ComputerAccountData><OperatingSystem><HealthcheckOSData><OperatingSystem>Windows 2019</OperatingSystem><NumberOfOccurence>1</NumberOfOccurence><data><Number>1</Number><NumberEnabled>1</NumberEnabled><NumberDisabled>0</NumberDisabled><NumberActive>1</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>0</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>1</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></data></HealthcheckOSData></OperatingSystem><GPOInfo><GPOInfo><GPOName>Default Domain Policy</GPOName><GPOId>{31B2F340-016D-11D2-945F-00C04FB984F9}</GPOId><IsDisabled>false</IsDisabled><AppliedTo><string>DC=pingcastledemo,DC=local</string></AppliedTo><AppliedOrder><int>1</int></AppliedOrder></GPOInfo><GPOInfo><GPOName>Default Domain Controllers Policy</GPOName><GPOId>{6AC1786C-016F-11D2-945F-00C04fB984F9}</GPOId><IsDisabled>false</IsDisabled><AppliedTo><string>OU=Domain Controllers,DC=pingcastledemo,DC=local</string></AppliedTo><AppliedOrder><int>1</int></AppliedOrder></GPOInfo></GPOInfo><LoginScript><HealthcheckLoginScriptData><LoginScript>None</LoginScript><NumberOfOccurence>2</NumberOfOccurence><Delegation /></HealthcheckLoginScriptData></LoginScript><LastADBackup>2021-03-09T03:47:51-08:00</LastADBackup><LAPSInstalled>9999-12-31T23:59:59.9999999</LAPSInstalled><KrbtgtLastChangeDate>2021-03-09T02:47:41.9719605-08:00</KrbtgtLastChangeDate><KrbtgtLastVersion>2</KrbtgtLastVersion><ExchangePrivEscVulnerable>false</ExchangePrivEscVulnerable><AdminLastLoginDate>2021-04-03T08:23:12.3112318-07:00</AdminLastLoginDate><GPPPassword /><GPPFileDeployed /><GPOAuditSimple /><GPOAuditAdvanced /><GPPPasswordPolicy><GPPSecurityPolicy><Properties><GPPSecurityPolicyProperty><Property>MinimumPasswordAge</Property><Value>1</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>MaximumPasswordAge</Property><Value>42</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>MinimumPasswordLength</Property><Value>7</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>PasswordComplexity</Property><Value>1</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>PasswordHistorySize</Property><Value>24</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>LockoutBadCount</Property><Value>0</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>ClearTextPassword</Property><Value>0</Value></GPPSecurityPolicyProperty></Properties><GPOName>Default Domain Policy</GPOName><GPOId>{31B2F340-016D-11D2-945F-00C04FB984F9}</GPOId></GPPSecurityPolicy></GPPPasswordPolicy><GPOLsaPolicy /><GPOScreenSaverPolicy /><GPOEventForwarding /><GPODelegation /><TrustedCertificates /><PrivilegedGroups><HealthCheckGroupData><GroupName>Account Operators</GroupName><DistinguishedName>CN=Account Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Administrators</GroupName><DistinguishedName>CN=Administrators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Backup Operators</GroupName><DistinguishedName>CN=Backup Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Certificate Operators</GroupName><DistinguishedName>CN=Cryptographic Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Certificate Publishers</GroupName><DistinguishedName>CN=Cert Publishers,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Dns Admins</GroupName><DistinguishedName>CN=DnsAdmins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Domain Administrators</GroupName><DistinguishedName>CN=Domain Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Enterprise Administrators</GroupName><DistinguishedName>CN=Enterprise Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Enterprise Key Administrators</GroupName><DistinguishedName>CN=Enterprise Key Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Key Administrators</GroupName><DistinguishedName>CN=Key Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Print Operators</GroupName><DistinguishedName>CN=Print Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Replicator</GroupName><DistinguishedName>CN=Replicator,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Schema Administrators</GroupName><DistinguishedName>CN=Schema Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Server Operators</GroupName><DistinguishedName>CN=Server Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData></PrivilegedGroups><AdminSDHolderNotOKCount>0</AdminSDHolderNotOKCount><UnixPasswordUsersCount>0</UnixPasswordUsersCount><SmartCardNotOKCount>0</SmartCardNotOKCount><DomainControllerWithNullSessionCount>0</DomainControllerWithNullSessionCount><SIDHistoryAuditingGroupPresent>false</SIDHistoryAuditingGroupPresent><MachineAccountQuota>10</MachineAccountQuota><ListHoneyPot /><DnsZones><HealthcheckDnsZones><name>pingcastledemo.local</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones><HealthcheckDnsZones><name>RootDNSServers</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones><HealthcheckDnsZones><name>106.158.10.in-addr.arpa</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones></DnsZones><PasswordDistribution><Dist HigherBound=\"1\" Value=\"2\" /></PasswordDistribution><AzureADSSOLastPwdChange>0001-01-01T00:00:00</AzureADSSOLastPwdChange><AzureADSSOVersion>0</AzureADSSOVersion><PrivilegedDistributionLastLogon><Dist HigherBound=\"0\" Value=\"1\" /></PrivilegedDistributionLastLogon><PrivilegedDistributionPwdLastSet><Dist HigherBound=\"1\" Value=\"1\" /></PrivilegedDistributionPwdLastSet><ControlPaths><Data><data Name=\"S-1-5-32-548\" Description=\"Account Operators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"High\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-500\" Description=\"Administrator\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Critical\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-32-544\" Description=\"Administrators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Critical\"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-32-551\" Description=\"Backup Operators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"High\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"CN=Builtin,DC=pingcastledemo,DC=local\" Description=\"Builtin OU\" Typology=\"Infrastructure\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-32-569\" Description=\"Certificate Operators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-517\" Description=\"Certificate Publishers\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Other\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"CN=Computers,DC=pingcastledemo,DC=local\" Description=\"Computers container\" Typology=\"Infrastructure\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-1101\" Description=\"Dns Admins\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-512\" Description=\"Domain Administrators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Critical\"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-516\" Description=\"Domain Controllers\" Typology=\"Infrastructure\" ObjectRisk=\"Critical\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>1</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430\" Description=\"Domain Root\" Typology=\"Infrastructure\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-519\" Description=\"Enterprise Administrators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Critical\"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-527\" Description=\"Enterprise Key Administrators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-498\" Description=\"Enterprise Read Only Domain Controllers\" Typology=\"Infrastructure\" ObjectRisk=\"Other\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-520\" Description=\"Group Policy Creator Owners\" Typology=\"Infrastructure\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-526\" Description=\"Key Administrators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-502\" Description=\"Krbtgt account\" Typology=\"Infrastructure\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-32-550\" Description=\"Print Operators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-521\" Description=\"Read Only Domain Controllers\" Typology=\"Infrastructure\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-32-552\" Description=\"Replicator\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-21-2115980419-2321553098-4164854430-518\" Description=\"Schema Administrators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"Critical\"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"S-1-5-32-549\" Description=\"Server Operators\" Typology=\"PrivilegedAccount\" ObjectRisk=\"High\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name=\"CN=Users,DC=pingcastledemo,DC=local\" Description=\"Users container\" Typology=\"Infrastructure\" ObjectRisk=\"Medium\"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data></Data><Dependancies /><AnomalyAnalysis><CompromiseGraphAnomalyAnalysisData ObjectRisk=\"Critical\" NumberOfObjectsScreened=\"6\" NumberOfObjectsWithIndirect=\"0\" MaximumIndirectNumber=\"0\" MaximumDirectIndirectRatio=\"0\" /><CompromiseGraphAnomalyAnalysisData ObjectRisk=\"High\" NumberOfObjectsScreened=\"3\" NumberOfObjectsWithIndirect=\"0\" MaximumIndirectNumber=\"0\" MaximumDirectIndirectRatio=\"0\" /><CompromiseGraphAnomalyAnalysisData ObjectRisk=\"Medium\" NumberOfObjectsScreened=\"13\" NumberOfObjectsWithIndirect=\"0\" MaximumIndirectNumber=\"0\" MaximumDirectIndirectRatio=\"0\" /><CompromiseGraphAnomalyAnalysisData ObjectRisk=\"Other\" NumberOfObjectsScreened=\"2\" NumberOfObjectsWithIndirect=\"0\" MaximumIndirectNumber=\"0\" MaximumDirectIndirectRatio=\"0\" /></AnomalyAnalysis><GlobalScore>0</GlobalScore><StaleObjectsScore>0</StaleObjectsScore><PrivilegiedGroupScore>0</PrivilegiedGroupScore><TrustScore>0</TrustScore><AnomalyScore>0</AnomalyScore></ControlPaths></HealthcheckData>"
}
}
}

Human Readable Output#

Results#

report
<?xml version="1.0" encoding="utf-8"?><HealthcheckData xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><EngineVersion>2.9.2.0</EngineVersion><GenerationDate>2021-04-13T11:16:53.4987279-07:00</GenerationDate><Level>Normal</Level><MaturityLevel>2</MaturityLevel><DomainFQDN>pingcastledemo.local</DomainFQDN><NetBIOSName>PINGCASTLEDEMO</NetBIOSName><ForestFQDN>pingcastledemo.local</ForestFQDN><DomainCreation>2021-03-09T10:46:54</DomainCreation><DomainSid>S-1-5-21-2115980419-2321553098-4164854430</DomainSid><DomainFunctionalLevel>7</DomainFunctionalLevel><ForestFunctionalLevel>7</ForestFunctionalLevel><SchemaVersion>88</SchemaVersion><SchemaInternalVersion>0</SchemaInternalVersion><IsRecycleBinEnabled>false</IsRecycleBinEnabled><SchemaLastChanged>0001-01-01T00:00:00</SchemaLastChanged><NumberOfDC>1</NumberOfDC><GlobalScore>65</GlobalScore><StaleObjectsScore>16</StaleObjectsScore><PrivilegiedGroupScore>40</PrivilegiedGroupScore><TrustScore>0</TrustScore><AnomalyScore>65</AnomalyScore><Trusts /><DomainControllers><HealthcheckDomainController><DCName>WIN2019-AD-SX</DCName><CreationDate>2021-03-09T10:47:41</CreationDate><StartupTime>2021-03-09T03:48:59.4415839-08:00</StartupTime><LastComputerLogonDate>2021-04-09T04:49:10.2174788-07:00</LastComputerLogonDate><DistinguishedName>CN=WIN2019-AD-SX,OU=Domain Controllers,DC=pingcastledemo,DC=local</DistinguishedName><OperatingSystem>Windows 2019</OperatingSystem><OwnerSID>S-1-5-21-2115980419-2321553098-4164854430-512</OwnerSID><OwnerName>PINGCASTLEDEMO\Domain Admins</OwnerName><HasNullSession>false</HasNullSession><SupportSMB1>false</SupportSMB1><SMB1SecurityMode>NotTested</SMB1SecurityMode><SupportSMB2OrSMB3>true</SupportSMB2OrSMB3><SMB2SecurityMode>SmbSigningEnabled SmbSigningRequired</SMB2SecurityMode><RemoteSpoolerDetected>true</RemoteSpoolerDetected><IP><string>fe80::717e:f51a:66a3:2fa2%15</string><string>10.158.106.123</string></IP><FSMO><string>PDC</string><string>RID pool manager</string><string>Infrastructure master</string><string>Schema master</string><string>Domain naming Master</string></FSMO><LDAPSProtocols /><PwdLastSet>2021-04-08T16:34:37.9205977-07:00</PwdLastSet><RODC>false</RODC><SYSVOLOverwrite>false</SYSVOLOverwrite></HealthcheckDomainController></DomainControllers><Sites><HealthcheckSite><SiteName>Default-First-Site-Name</SiteName><Networks /></HealthcheckSite></Sites><lDAPIPDenyList /><PreWindows2000AnonymousAccess>false</PreWindows2000AnonymousAccess><PreWindows2000NoDefault>false</PreWindows2000NoDefault><DsHeuristicsAnonymousAccess>false</DsHeuristicsAnonymousAccess><DsHeuristicsAdminSDExMaskModified>false</DsHeuristicsAdminSDExMaskModified><DsHeuristicsDoListObject>false</DsHeuristicsDoListObject><DsHeuristicsAllowAnonNSPI>false</DsHeuristicsAllowAnonNSPI><UsingNTFRSForSYSVOL>false</UsingNTFRSForSYSVOL><RiskRules><HealthcheckRiskRule><Points>20</Points><Category>PrivilegedAccounts</Category><Model>AccountTakeOver</Model><RiskId>P-Delegated</RiskId><Rationale>Presence of Admin accounts which have not the flag "this account is sensitive and cannot be delegated": 1</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>15</Points><Category>Anomalies</Category><Model>PassTheCredential</Model><RiskId>A-LAPS-Not-Installed</RiskId><Rationale>LAPS doesn't seem to be installed</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>15</Points><Category>Anomalies</Category><Model>Backup</Model><RiskId>A-BackupMetadata</RiskId><Rationale>Last AD backup has been performed 35 day(s) ago</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>PrivilegedAccounts</Category><Model>IrreversibleChange</Model><RiskId>P-SchemaAdmin</RiskId><Rationale>The group Schema Admins is not empty: 1 account(s)</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>Audit</Model><RiskId>A-AuditDC</RiskId><Rationale>The audit policy on domain controllers does not collect key events.</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>PrivilegedAccounts</Category><Model>IrreversibleChange</Model><RiskId>P-RecycleBin</RiskId><Rationale>The Recycle Bin is not enabled</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>StaleObjects</Category><Model>Provisioning</Model><RiskId>S-ADRegistration</RiskId><Rationale>Non-admin users can add up to 10 computer(s) to a domain</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>PassTheCredential</Model><RiskId>A-DC-Spooler</RiskId><Rationale>The spooler service is remotely accessible from 1 DC</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>WeakPassword</Model><RiskId>A-MinPwdLen</RiskId><Rationale>Policy where the password length is less than 8 characters: 1</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>5</Points><Category>StaleObjects</Category><Model>NetworkTopography</Model><RiskId>S-DC-SubnetMissing</RiskId><Rationale>The subnet declaration is incomplete [1 IP of DC not found in declared subnets]</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>5</Points><Category>Anomalies</Category><Model>Backup</Model><RiskId>A-NotEnoughDC</RiskId><Rationale>The number of DCs is too small to provide redundancy: 1 DC</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>1</Points><Category>StaleObjects</Category><Model>ObjectConfig</Model><RiskId>S-PwdNeverExpires</RiskId><Rationale>Number of accounts which has never-expiring passwords: 2</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>Audit</Model><RiskId>A-AuditPowershell</RiskId><Rationale>The powershell audit configuration is not fully enabled.</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>Reconnaissance</Model><RiskId>A-NoNetSessionHardening</RiskId><Rationale>No GPO has been found which implements NetCease</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>WeakPassword</Model><RiskId>A-NoServicePolicy</RiskId><Rationale>No password policy for service account found (MinimumPasswordLength&gt;=20)</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>NetworkSniffing</Model><RiskId>A-NoGPOLLMNR</RiskId><Rationale>No GPO has been found which disables LLMNR or at least one GPO does enable it explicitly</Rationale></HealthcheckRiskRule></RiskRules><UserAccountData><Number>3</Number><NumberEnabled>2</NumberEnabled><NumberDisabled>1</NumberDisabled><NumberActive>2</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>2</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>0</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></UserAccountData><ComputerAccountData><Number>1</Number><NumberEnabled>1</NumberEnabled><NumberDisabled>0</NumberDisabled><NumberActive>1</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>0</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><ListDomainSidHistory /><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>1</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></ComputerAccountData><OperatingSystem><HealthcheckOSData><OperatingSystem>Windows 2019</OperatingSystem><NumberOfOccurence>1</NumberOfOccurence><data><Number>1</Number><NumberEnabled>1</NumberEnabled><NumberDisabled>0</NumberDisabled><NumberActive>1</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>0</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>1</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></data></HealthcheckOSData></OperatingSystem><GPOInfo><GPOInfo><GPOName>Default Domain Policy</GPOName><GPOId>{31B2F340-016D-11D2-945F-00C04FB984F9}</GPOId><IsDisabled>false</IsDisabled><AppliedTo><string>DC=pingcastledemo,DC=local</string></AppliedTo><AppliedOrder><int>1</int></AppliedOrder></GPOInfo><GPOInfo><GPOName>Default Domain Controllers Policy</GPOName><GPOId>{6AC1786C-016F-11D2-945F-00C04fB984F9}</GPOId><IsDisabled>false</IsDisabled><AppliedTo><string>OU=Domain Controllers,DC=pingcastledemo,DC=local</string></AppliedTo><AppliedOrder><int>1</int></AppliedOrder></GPOInfo></GPOInfo><LoginScript><HealthcheckLoginScriptData><LoginScript>None</LoginScript><NumberOfOccurence>2</NumberOfOccurence><Delegation /></HealthcheckLoginScriptData></LoginScript><LastADBackup>2021-03-09T03:47:51-08:00</LastADBackup><LAPSInstalled>9999-12-31T23:59:59.9999999</LAPSInstalled><KrbtgtLastChangeDate>2021-03-09T02:47:41.9719605-08:00</KrbtgtLastChangeDate><KrbtgtLastVersion>2</KrbtgtLastVersion><ExchangePrivEscVulnerable>false</ExchangePrivEscVulnerable><AdminLastLoginDate>2021-04-03T08:23:12.3112318-07:00</AdminLastLoginDate><GPPPassword /><GPPFileDeployed /><GPOAuditSimple /><GPOAuditAdvanced /><GPPPasswordPolicy><GPPSecurityPolicy><Properties><GPPSecurityPolicyProperty><Property>MinimumPasswordAge</Property><Value>1</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>MaximumPasswordAge</Property><Value>42</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>MinimumPasswordLength</Property><Value>7</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>PasswordComplexity</Property><Value>1</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>PasswordHistorySize</Property><Value>24</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>LockoutBadCount</Property><Value>0</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>ClearTextPassword</Property><Value>0</Value></GPPSecurityPolicyProperty></Properties><GPOName>Default Domain Policy</GPOName><GPOId>{31B2F340-016D-11D2-945F-00C04FB984F9}</GPOId></GPPSecurityPolicy></GPPPasswordPolicy><GPOLsaPolicy /><GPOScreenSaverPolicy /><GPOEventForwarding /><GPODelegation /><TrustedCertificates /><PrivilegedGroups><HealthCheckGroupData><GroupName>Account Operators</GroupName><DistinguishedName>CN=Account Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Administrators</GroupName><DistinguishedName>CN=Administrators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Backup Operators</GroupName><DistinguishedName>CN=Backup Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Certificate Operators</GroupName><DistinguishedName>CN=Cryptographic Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Certificate Publishers</GroupName><DistinguishedName>CN=Cert Publishers,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Dns Admins</GroupName><DistinguishedName>CN=DnsAdmins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Domain Administrators</GroupName><DistinguishedName>CN=Domain Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Enterprise Administrators</GroupName><DistinguishedName>CN=Enterprise Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Enterprise Key Administrators</GroupName><DistinguishedName>CN=Enterprise Key Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Key Administrators</GroupName><DistinguishedName>CN=Key Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Print Operators</GroupName><DistinguishedName>CN=Print Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Replicator</GroupName><DistinguishedName>CN=Replicator,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Schema Administrators</GroupName><DistinguishedName>CN=Schema Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Server Operators</GroupName><DistinguishedName>CN=Server Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData></PrivilegedGroups><AdminSDHolderNotOKCount>0</AdminSDHolderNotOKCount><UnixPasswordUsersCount>0</UnixPasswordUsersCount><SmartCardNotOKCount>0</SmartCardNotOKCount><DomainControllerWithNullSessionCount>0</DomainControllerWithNullSessionCount><SIDHistoryAuditingGroupPresent>false</SIDHistoryAuditingGroupPresent><MachineAccountQuota>10</MachineAccountQuota><ListHoneyPot /><DnsZones><HealthcheckDnsZones><name>pingcastledemo.local</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones><HealthcheckDnsZones><name>RootDNSServers</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones><HealthcheckDnsZones><name>106.158.10.in-addr.arpa</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones></DnsZones><PasswordDistribution><Dist HigherBound="1" Value="2" /></PasswordDistribution><AzureADSSOLastPwdChange>0001-01-01T00:00:00</AzureADSSOLastPwdChange><AzureADSSOVersion>0</AzureADSSOVersion><PrivilegedDistributionLastLogon><Dist HigherBound="0" Value="1" /></PrivilegedDistributionLastLogon><PrivilegedDistributionPwdLastSet><Dist HigherBound="1" Value="1" /></PrivilegedDistributionPwdLastSet><ControlPaths><Data><data Name="S-1-5-32-548" Description="Account Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-500" Description="Administrator" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-544" Description="Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-551" Description="Backup Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Builtin,DC=pingcastledemo,DC=local" Description="Builtin OU" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-569" Description="Certificate Operators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-517" Description="Certificate Publishers" Typology="PrivilegedAccount" ObjectRisk="Other"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Computers,DC=pingcastledemo,DC=local" Description="Computers container" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-1101" Description="Dns Admins" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-512" Description="Domain Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-516" Description="Domain Controllers" Typology="Infrastructure" ObjectRisk="Critical"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>1</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430" Description="Domain Root" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-519" Description="Enterprise Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-527" Description="Enterprise Key Administrators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-498" Description="Enterprise Read Only Domain Controllers" Typology="Infrastructure" ObjectRisk="Other"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-520" Description="Group Policy Creator Owners" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-526" Description="Key Administrators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-502" Description="Krbtgt account" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-550" Description="Print Operators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-521" Description="Read Only Domain Controllers" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-552" Description="Replicator" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-518" Description="Schema Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-549" Description="Server Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Users,DC=pingcastledemo,DC=local" Description="Users container" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data></Data><Dependancies /><AnomalyAnalysis><CompromiseGraphAnomalyAnalysisData ObjectRisk="Critical" NumberOfObjectsScreened="6" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="High" NumberOfObjectsScreened="3" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="Medium" NumberOfObjectsScreened="13" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="Other" NumberOfObjectsScreened="2" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /></AnomalyAnalysis><GlobalScore>0</GlobalScore><StaleObjectsScore>0</StaleObjectsScore><PrivilegiedGroupScore>0</PrivilegiedGroupScore><TrustScore>0</TrustScore><AnomalyScore>0</AnomalyScore></ControlPaths></HealthcheckData>