White Papers

Following is a list of SekChek’s published white papers. These documents are intended to address common client queries and provide clarity on various security-related topics.

The white papers are provided free of charge. You are entitled to distribute the documents to anyone you wish as long as you provide them in their entirety and current form, including the copyright notice.


About Security Identifiers document (PDF format) About Security Identifiers (SIDs)

Most IT professionals can recognise a Security Identifier (SID), such as S-1-5-32-544, but where do SIDs come from, what do they represent, what are they used for, how are they stored, and how do you translate and interpret them?

This document sets out to answer these questions.

See also SekChek’s SID Resolver and Orphaned SID Locator tools.

GPO Settings document (PDF format) MS-Windows GPO Settings, How They Apply to a User

We receive many questions regarding Windows’ processing of Group Policy Objects (GPOs), such as: what logic does Windows use when it processes GPOs; and which policy will take precedence for a certain user or computer belonging to a domain where multiple GPOs are linked to an Organizational Unit (OU), site or domain.

In the case of a large domain containing a large number of complex GPOs it is very difficult to answer the latter question due to the many interrelated logic paths used by Windows when it processes its GPOs.

The purpose of this document is to outline the main conditions that influence Windows when it processes and applies GPO policies.


Accounts without passwords - PASSWD_NOTREQD document (PDF format) MS-Windows Accounts not Requiring a Password

Windows’ Password not Required control (useraccountcontrol / PASSWD_NOTREQD), which is analysed in SekChek for Windows / AD report section Accounts not Requiring a Password generates many questions from SekChek users. Also, the purpose of the control is often misunderstood.

The purpose of this document is to clarify the function of the control and provide a method for testing and confirming its behaviour.


Password Settings Objects document (PDF format) MS-Windows Password Settings Objects (PSOs)

The introduction of fine-grained password policies is new to Windows Server 2008 and represents a leap forward, allowing for the implementation of multiple Account Policies on a single domain.

This document introduces Password Settings Objects (PSOs), their requirements and benefits, and explains how to setup and apply PSOs on an Active Directory domain.


FSMO Roles document (PDF format) MS-Windows Flexible Single Master Operations (FSMO) Roles

Active Directory allows you to assign five FSMO roles to domain controllers in a domain and enterprise: Domain Naming Master; Infrastructure Master; PDC Emulator; RID Master; and Schema Master.

This document explains: the function of each FSMO role; how to determine which DC owns a particular role; and how to transfer a role to another DC.


About SekChek IPS
SekChek® IPS is a leading provider of computer security review, auditing and benchmarking tools and has served many of the world’s largest companies and public institutions in 140 countries since 1996. SekChek’s clients include security and audit professionals in IT departments, audit firms, internal audit functions, regulatory compliance and corporate governance departments. SekChek’s benchmarking features compare security policies and controls against a unique statistics database containing more than 30 million anonymous and real-life security measurements compiled from 80,000 computer systems across all major industry sectors.

SekChek for..

Popular Downloads..

Popular Links..