• 成为门户专家
• 下载
• 打印
• 我的下载 ()

• 支持
• 技术说明文件
• Security Explorer 9.9.2
• Security Explorer 9.9.2 - User Guide

Security Explorer 9.9.2 - User Guide

内容导航  

Getting Started with Security Explorer

Starting Security Explorer

Using the Navigation pane Using the Objects pane Using the Permissions pane

Customizing the view

Choosing an interface mode Using the Tasks tab Using the status bar Using the loading progress bar Managing module buttons

Completing a process

Managing permissions

Viewing permissions Granting permissions

Using the Browse tab to grant permissions Using the Grant task

Revoking permissions

Using the Browse tab to revoke permissions Revoking permissions on unknown accounts Revoking permissions on disabled accounts Using the Revoke tasks

Cloning permissions

Using the Browse tab to clone permissions

Selecting users and groups manually Selecting users and groups automatically Updating permissions relating to a user's SID history Importing users and groups

Using the Clone task

Creating permission templates Copying permissions Copying permissions to subfolders and files Setting ownership

Using the Browse tab to set ownership Using the Set Ownership task

Modifying permissions Reducing permissions to read only Managing group memberships Renaming accounts Deleting permissions

Deleting permissions by searching

Printing permissions

Running a report using the Browse tab Running a report using the Reports or Tasks tab

Searching

Using the Browse tab to search Managing saved searches Adding a search scope Setting search criteria

Group and user search criteria Permission search criteria Folder and file search criteria Service and task search criteria Group and user search criteria Advanced search options Registry key search criteria

Using the Search tasks Replacing permissions Scheduling a search Managing search tasks

Managing security

Backing up security

Using the Browse tab to back up security Using the Backup task

Scheduling a backup Using the backup scheduler Restoring security

Setting advanced options for the restore process

Comparing security Purging backup files Scheduling a backup purge Exporting security

Using the Browse tab to export security Using the Export task Scheduling an export Managing export tasks

Comparing backup files

Using the Browse tab to compare backup files

Managing objects

Managing folders and files

Creating a new folder Deleting a folder or file Viewing folder and file properties Showing open files Opening files Editing files Opening a folder in Windows Explorer

Managing shares

Creating a new share Removing a share Finding a share path

Managing registry keys

Creating a new registry key Deleting a registry key Modifying registry values

Managing services

Starting, stopping, pausing, or restarting a service Setting logon accounts Changing the password for a logon account Scheduling logon account password changes Removing a service Modifying service properties

Managing tasks

Running a task Setting account information Creating a new task Copying a task Exporting a task Removing a task Modifying task properties

Managing groups and users

Viewing accounts Creating a new group Creating a new user Modifying group and user properties Modifying group or user Active Directory properties Modifying properties of multiple users Modifying group memberships Viewing group and user memberships Changing user passwords Modify memberships of multiple local groups Clearing the local administrator group Deleting groups and users Creating a new Managed Service Account Modifying Managed Service Account properties Modifying Managed Service Account Active Directory properties Viewing Managed Service Account memberships Deleting Managed Service Account

Managing Favorites

Adding Favorites Exporting Favorites Importing Favorites Removing Favorites

Managing Enterprise Scopes

Creating an Enterprise Scope while browsing Creating an Enterprise Scope Editing an Enterprise Scope Removing an Enterprise Scope

Updating licenses Managing network drives

Mapping a network drive Disconnecting a network drive

Working with Microsoft SQL Server

Viewing SQL Server permissions Granting SQL Server permissions Revoking SQL Server permissions Cloning SQL Server permissions Modifying SQL Server permissions Searching for SQL Server objects and permissions

Setting SQL Server search criteria

Backing up and restoring SQL Server security Exporting SQL Server database permissions Managing SQL Server objects

Copying SQL Server objects Copying SQL Server permissions Managing SQL Server databases

Adding a new database role Removing a database role Modifying a database role Adding a new database user Removing a database user Modifying a database user Adding a new schema Removing a schema Modifying a schema

Managing logins

Adding a new login Removing a login Modifying a login

Managing server roles

Adding a server role Removing a server role Modifying server roles

Managing Security SQL Reporting Services

Managing system roles

Creating a new system role Deleting system roles Modifying a system role

Managing catalog roles

Creating a new catalog role Deleting catalog roles Modifying a catalog role

Managing catalog items

Granting SSRS permissions Revoking SSRS permissions Cloning SSRS permissions Searching for SSRS permissions Modifying SSRS permissions Copying SSRS permissions Deleting SSRS permissions Exporting SSRS permissions Backing up and restoring SSRS permissions

Setting options for SQL Server Modifying SQL Server security settings Managing SQL Server network settings

Working with Microsoft Exchange

Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions

Setting Exchange security search criteria

Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators

Adding Exchange administrators Modifying Exchange administrators Deleting Exchange administrators

Managing Exchange distribution groups Managing mail contacts

Creating mail contacts Modifying mail contacts Deleting mail contacts

Managing mail users

Creating mail users Modifying mail users Deleting mail users

Managing mailboxes

Creating mailboxes Modifying mailbox settings Deleting mailboxes

Managing mailbox folders

Creating mailbox folders Managing permissions on mailbox folders for multiple users Deleting mailbox folders

Managing public folders

Creating public folders Modifying public folder settings Deleting public folders

Using role based access control

Managing user roles

Adding a user role Modifying user roles Deleting user roles

Managing role groups

Adding role groups Modifying role groups Deleting role groups

Managing roles

Creating assignments Modifying assignments Deleting assignments Creating child roles Modifying child roles Deleting child roles Adding entities Modifying entities Deleting entities

Managing custom scopes

Creating a custom scope Editing a custom scope Deleting custom scopes

Setting options for Exchange security

Working with Microsoft SharePoint

Using the SharePoint menu Adding SharePoint farms or sites Managing SharePoint farms or sites Previewing SharePoint objects Deploying the SharePoint web service Deploying the SharePoint web service manually Managing SharePoint permissions

Viewing SharePoint permissions Granting SharePoint permissions Revoking SharePoint permissions Cloning SharePoint permissions Modifying SharePoint permissions Modifying SharePoint permissions levels Repairing limited access permissions Removing permissions on deleted accounts Removing permissions on disabled accounts

Managing SharePoint groups Removing accounts from SharePoint groups Searching for SharePoint objects

Setting SharePoint security search criteria

Group and user search criteria Permission search criteria SharePoint Search Criteria

Modifying SharePoint properties Backing up and restoring SharePoint security Exporting SharePoint permissions

Deleting export tasks

Setting SharePoint options Removing the SharePoint web service Removing the SharePoint web service manually

Working with Access Explorer

Access Explorer components

Managed domain Registered forest Managed computer Access Explorer agent Scopes Database Service accounts

Setting up Access Explorer

Setting up the Access Explorer database Setting up the first managed domain (includes the service account)

Updating Access Explorer configuration

Adding managed domains Adding forests Editing managed domains or forests Adding service accounts Editing service accounts Deleting service accounts

Collecting Access Explorer data

Setting up a managed computer Installing the Access Explorer agent locally Installing the Access Explorer agent remotely

Windows Servers NAS Servers Clusters

Managing managed computers Modifying managed computer properties

Adding a keyword Changing the scan schedule Modifying the scope of a scan

Managing Access Explorer agents

Viewing agent details Changing the service account Adding an agent to a locally-managed computer Adding an agent to a remotely-managed computer Removing a managed computer Restarting an agent Understanding the status of your agent

Viewing Access Explorer objects

Viewing groups and users Viewing computers Viewing resource groups Viewing permissions

Searching Access Explorer servers Using the Access Explorer permission wizard

Changing all permissions Cloning all permissions Deleting all permissions Exporting all permissions Backing up permissions

Setting options for Access Explorer

Working with Microsoft Active Directory

Viewing Active Directory permissions Granting Active Directory permissions Revoking Active Directory permissions Cloning Active Directory permissions Searching for Active Directory objects Modifying Active Directory permissions Modifying group memberships Modifying Active Directory properties Deleting Active Directory permissions Backing up and restoring Active Directory security Exporting Active Directory permissions

Using the Active Directory Export task

Setting options for Active Directory Security

Customizing Security Explorer

Setting general options Setting view options Setting alternate credentials for workgroups Setting alternate credentials for services and tasks Setting alternate credentials NAS devices Setting advanced options Controlling access to Security Explorer

Using the command line

Opening a command prompt window SxpBackup.exe SxpClone.exe SxpExport.exe SxpGrant.exe SxpHomeDir.exe SxpInheritance.exe SxpOwner.exe SxpRestore.exe SxpRevoke.exe SXPActiveDirectoryBackup SxpSearch.exe

Using PowerShell cmdlets

What are cmdlets? Using Security Explorer cmdlets

Creating or editing the PowerShell.exe.config file Installing Security Explorer cmdlets Installing Security Explorer cmdlets manually Removing Security Explorer cmdlets

Using cmdlets to set up Access Explorer

Creating the Access Explorer database Adding a service account Adding a domain to manage Adding managed computers

Using cmdlets to get information about Access Explorer objects

Getting service account information Getting managed domain information Getting managed computer information Getting security information for a resource Getting resource access information

Using cmdlets to manage Access Explorer agents

Identifying agents on a managed computer Changing the agent configuration on a managed computer Restarting the agent Restarting a single agent Updating an agent Changing the service account password Changing the SQL account password

Using cmdlets to remove Access Explorer objects

Removing a managed computer Removing a managed domain Removing a service account

Troubleshooting

Repairing inheritance Creating test folders and files Using log files SharePoint web service removal fails Uninstalling Security Explorer

• Viewing Topics 345 - 348 of 412

×

Revoking Active Directory permissions

You can revoke access for domain users and groups.

 

TIP: The Revoke basic task provides a quick way to revoke permissions. See Using the Revoke tasks. For more options, add a path, and click Switch to Security Explorer Classic (Advanced).

To revoke permissions

1	Open the Active Directory Security module.

2	Locate the object with the permission to revoke. See Viewing Active Directory permissions.

3	Right-click selected permission(s), and choose Revoke Permissions.

The Revoke Permissions dialog box displays the path, and the associated groups and users for the current object. The navigation tree is hidden by default. To view the navigation tree, click 4.

4	Select the domain groups and users to revoke the permission. There are a few methods for selecting groups and users.

•	Choose from the list of domain groups and users in the navigation tree.

•	To filter the list in the left pane, type a server name or base path in the box, and click Set.

•	To return the full list to view, click Reset. The list returns to full view the next time you open Revoke Permissions.

•	Select from the list of domain groups and users associated with the current object.

•	To change to another domain, select the domain from the List Names From list.

•	To display domain users in the list, click Show Users. To return the list to show only groups, click Refresh.

•	Browse for a domain group or user or click Advanced User Selection.

5	From the Permission list, select the permissions to revoke, and whether or not to Allow or Deny. If the choice is not available in the list, click Advanced Permission Selection to create a custom choice.

6	Choose options.

 

Table 1. Revoke options

Option	Description
Revoke all permissions (Allow and Deny) for the selected user	Select to revoke all permissions (Allow and Deny) for the selected user.
Propagate client permissions down to subtree	Select to revoke the specified permissions from the child objects of the client.

7	To add the domain group/user to the List of users and groups to revoke list, click Add.

 

TIP: To add additional domain groups or users to the List of users and groups to revoke list with the selected permission settings, you can hold down CTRL or SHIFT, and click a domain group or user from the list or double-click a group or user in the navigation tree.

8	Click OK. The Revoking Permissions box displays the progress. See Completing a process.

Cloning Active Directory permissions

Use the Clone feature to copy the permissions of one user/group to another user/group..

TIP: The Clone task provides a quick way to clone permissions. See Using the Clone task. For more options, add a path, and click Switch to Security Explorer Classic (Advanced).

To clone permissions

1	Open the Active Directory Security module.

2	Locate the object with the permission to clone. See Viewing Active Directory permissions.

3	Select Security | Clone Group or User.

-OR-

Right-click the objects, and choose Clone Group or User.

 

NOTE: If the selected object has subnodes, you can select multiple objects in the Objects pane to clone.

The Clone Active Directory Permissions box opens to the Manual User/Group Selection tab and displays the path to the selected object and the associated groups and users.

4	Select the groups or users to clone. See Selecting users and groups manually.

5	Select options.

 

Table 2. Clone options

Option	Description
Clone permissions	By default, permissions are cloned.
Clone group memberships	Select to add the destination account to the groups of which the source user is a member. If you choose this check box, a warning message displays. The destination is cloned into the same parent groups as the source. The contents of the groups selected as the source are not cloned.
Propagate permissions down to subtree	Write over the permissions of the child objects.

6	Click OK. See Completing a process.

Searching for Active Directory objects

 

TIP: The Search basic task provides a quick way to search for permissions. See Using the Search tasks.

To search for Active Directory® objects

1	Open the Active Directory Security module.

2	Locate the object to search. See Viewing Active Directory permissions.

 

NOTE: If you open the Search tab in the Navigation pane without selecting an object, you need to add a Search Scope before you set criteria. See Adding a search scope.

3	Select Search | Search in a New Window (Empty).

-OR-

Click on the Tool Bar; or right-click an object, and choose Search in a New Window.

4	The object you select is added as a Search Scope so you can just set the criteria for the search.

 

NOTE: All selected scopes must be from the same forest.

 

Table 3. Permission search criteria

Option	Description
Name	Enter or browse for the name of the principal that you want to find. Use * to match any number of characters. Use ? to match any single character. The comparison is not case sensitive.
Include all group memberships	Select to include all group memberships. The groups to which the account belongs appear in the drop-down list.
Permission	You can search for a name or a permission type. If you want to search for permissions, type the permissions in the box separated by commas. Alternatively, browse to select permissions from a list.
Allow Permissions	By default, allow permissions are included in the search results. To exclude allow permissions, clear the check box.
Inherited Permissions	By default, inherited permissions are included in the search results. Inherited permissions are indicated by (I) in the Type column. To exclude inherited permissions, clear the check box.
Deny Permissions	By default, deny permissions are included in the search results. To exclude deny permissions, clear the check box.
Explicit Permissions	By default, explicit permissions are included in the search results. To exclude explicit permissions, clear the check box.
Search for unknown accounts	Select to search for accounts deleted from Active Directory.
Search for disabled accounts	Select to search for disabled accounts.
Search for inheritance-disabled objects	Select to search for inheritance-disabled objects.

5	Click Start Search.

6	Use the buttons to manage the results. You can save the search, save the search results, or generate a report.

 

Table 4. Search tab buttons

Button	Description
Start Search	Start the search based on the current Search Scope and selected criteria.
Stop Search	Stop the search process.
Clear Results	Clear the results area.
Defaults	Return to the default selections on all search criteria tabs.
Save Results	Save the results as a .txt file.
Report	Display the results in a report format that you can save, print, or export.
Schedule	Schedule a search.

Modifying Active Directory permissions

Modify the permissions of groups or users on the selected Active Directory® object. Use this feature for quick changes to accounts displayed in the permissions list. Use the Grant feature to give permissions to accounts that are not displayed in the permissions list. See Granting Active Directory permissions.

 

IMPORTANT: You cannot modify inherited permissions directly. Inherited permissions are indicated by Allow (I) in the Type column. To modify these permissions, you must modify the parent object.

To modify permissions

1	Open the Active Directory Security module.

2	Locate the object with the permissions to modify. See Viewing Active Directory permissions.

3	Select the object in the Objects pane or the permissions in the Permissions pane.

 

NOTE: If you choose multiple permissions, the selected permissions must be under the same path or object. If the paths are not the same, you receive a warning message.

4	Select Security | Modify Permission.

-OR-

Right-click the permissions, and choose Modify Permission.

5	Select the principal name, if necessary.

6	Select the permission role, if necessary.

7	Select how to apply the permission, if necessary.

8	Modify the current permissions.

9	Select whether to modify permissions on child objects.

 

Table 5. Modify options

Option

Description

Propagate modifications down to subtree

The selected modifications are propagated to child objects. • If the child object does not have the selected modified permission, it is granted to the child object. • If the child object has the selected modified permission and the modification is less than the parent object, the permission is revoked. • If the child object has the selected modified permission and the permission is greater than the parent object, the permission is not changed.

10

Click OK.

You are asked to verify that the selected permissions will be revoked and the new permissions you selected will be granted.

11	Click Yes.

•  上一页
• Viewing Topics 345 - 348 of 412
• 下一页 

搜索该文档 在所有文档中搜索该产品版本 在所有文档中搜索该产品 搜索所有文档

×

 欢迎访问支持

您可以在附属支持站点上查找适用于戴尔*产品*的在线支持帮助。单击“继续”，转至适用于*产品*的正确支持内容和帮助。

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback 使用条款 隐私 Cookie Preference Center