Users

Clicking on a user node will populate the Node Info tab with information about that user:

-Node: This is the label for the node, and is in domain simple format.

-SAMAccountName: This is the SAMAccountName for the user. This information is not currently collected by the ingestor.

-Display Name: This is the Windows display name for the user. This information is not currently collected by the ingestor.

-Password Last Changed: This is the date for when the user's password last changed. This information is not currently collected by the ingestor.

-First Degree Group Memberships: These are the groups that the user is explicitly a member of. This is the information you would see when typing net user username /domain

-Unrolled Group Memberships: These are all of the user's effective group memberships. This is the equivalent of running Get-NetGroup -User username

-Foreign Group Memberships: These are all of the foreign groups that the user belongs to.

-First Degree Local Admin: These are the computers where the user itself is added explicitly as a local administrator on a system.

-Group Delegated Local Admin Rights: These are the computers that the user gains administrator privileges to based on delegated group rights.

-Derivative Local Admin Rights: These are the computers the user can gain administrator rights to by impersonating a user currently using a computer the user has administrator privileges to, regardless of how deep this chaining goes.

-Sessions: These are all the computers the ingestor identified the user as logged onto during collection.