Identify overpriviledged users based on Kerberos token size
Background/Value
The size of a Kerberos token is a good indicator for identifying users with excessive access rights. The more group memberships a user has, the bigger their Kerberos token. Even if a group membership does not automatically grant privileges, it is worthwhile analyzing the listed users.
In addition, there is a risk that users with too many group memberships will no longer be able to login.
Step-by-step process
- Select "Dashboard".
- Double-click on the user in the list "Top 5 Kerberos Tokens".
- ARM automatically focuses on the selected user in the AD graph view.
- All "parents", meaning groups in which the selected user is a direct or indirect member of, are shown on the left-hand side. We recommend using this flat list for users with an extremely large number of group memberships.