The purpose of this screen
These settings influence the behaviour of the SekChek for Windows / Active Directory Scan software.
Scan all domain controllers for users’ last logon details. Applies to DCs only.
By default SekChek will only query the Domain Controller on which it is executed for users’ last logon times.
Because Windows does not replicate users’ last logon times across DCs this means that SekChek’s analysis of users’ last logon details may not be accurate or complete.
This option forces the Scan software to query all domain controllers for users’ last logon details.
Note: This option can significantly increase the execution time of the Scan process, especially if the domain controllers are geographically dispersed or connected by a slow link.
Scan Organizational Unit (OU) objects for DACLs. Applies to DCs only.
By default SekChek will analyse Discretionary Access Control Lists (DACLs) on Container, Domain and Site objects. If this option is enabled the Scan software will additionally analyse DACLs on OU objects.
Note: On domains with a large number of OU objects this can significantly increase execution time and the size of SekChek’s output files.
Write run-time information to plain-text header (EFH) of Scan file
Forces the Scan software to write basic information about the target Host to a clear text area in the Scan file.
This is useful if the Scan software will be run by another person and you want to confirm that it was executed on the correct system.
Prevent my password from being changed when the Scan software is executed
By default the person running the Scan software can change your password at execution time.
Turn on (enable) this option to prevent your password from being changed.