Tchater maintenant avec le support

Obtenir une aide instantanée
Terminer l’enregistrement

Se connecter

Demander les tarifs

Contacter le service des ventes

Enterprise Reporter 3.5 - Configuration Manager User Guide

Parcourir le contenu

Product Overview

Key Features of Enterprise Reporter Components of Enterprise Reporter

The Configuration Manager

An Overview of the Configuration Manager Clusters Shared Data Locations Nodes Discoveries Role of the Server

The Report Manager The Database Wizard and Database Content Wizard The Encryption Key Manager SQL Server Reporting Services (SSRS)

Summarizing the Workflow

Configuring the Configuration Manager

Starting the Configuration Manager Finding answers and getting help Overview of Enterprise Reporter Communications and Credentials Required

Node Credential and Alternate Credential Details for On-Premises Discoveries Detailed permissions for Enterprise Reporter discoveries Permissions for Enterprise Reporter discoveries on NAS devices Permissions for Enterprise Reporter tenant applications Logged-In User Credentials Server Service Credentials

Changing the credentials used by the Enterprise Reporter Server

Using the Credential Manager

Changing Passwords Using the Credential Manager Changing Account Names Using the Credential Manager

Setting Up Your First Collection Computers (Nodes)

Configuring Clusters and Nodes for Effective Data Collection Things to Consider Before Creating a Cluster Creating Your First Cluster and Node

Modifying Your Deployment

Managing Clusters

When Do You Add a Cluster? Modifying a Cluster Deleting a Cluster Disabling a Cluster What To Do if a Cluster is Disabled Enabling a Cluster

Modifying Node Credentials Modifying the Location of Node Temporary Files Changing a Node to a Different Cluster Removing a Node Why Disable a Node? Stopping a Node Enabling a Node Starting a Node

What does the status of a node or cluster indicate?

Configuring Global Settings

Configuring Change History Configure Logging Credential Manager Database Settings Configuring Email Notifications Managing the Collection of Additional Attributes Configuring IT Security Search Configuring a NAS Host Device Configuring Server Error Notification Managing Tenant Applications Managing the Logon Configuration

Customizing the Configuration Manager View

Understanding Discoveries

Defining the Data Collection (Discoveries) Multi-Factor Authentication Discovery Credential Limitations Best Practices for Creating Discoveries Improving the Performance of Your Discoveries

Adding a Node Improving the Performance of a Node

Discovery Permission Requirements

Detailed permissions for Enterprise Reporter discoveries Permissions for Enterprise Reporter discoveries on NAS devices Permissions for Enterprise Reporter tenant applications Minimum Permissions for Enterprise Reporter Discoveries CM Understanding Discoveries.04.13.html

Creating Discoveries

Step 1. Create the Discovery (Name)

Configuring Tenant Applications for Cloud Discoveries

Step 2. Choose what to include in your discovery (Scopes)

Scopes: An Overview How Scopes Affect Tombstoning Using the Browser to Include and Exclude Scopes Including Objects in Your Scope Importing Computers to Your Scopes Refining Your Scope with Exclusions Filtering in the Browser Using Queries to Define Your Scopes Using Subnets to Define Your Scopes Using Subnet Credentials

Step 2a. Choose scopes for your on-premises discoveries

Choosing your Active Directory Scopes

AD Discovery: Include scopes AD Discovery: Optionally refine your scope list with exclusions AD Discovery: Optionally select one or more domain controllers AD Discovery: Decide what to collect from any domain in the discovery

Choosing your Computer Scopes

Computer Discovery: Include scopes Computer Discovery: Optionally refine your scope list with exclusions Computer Discovery: Decide what to collect from any computer in the discovery

Choosing Your Exchange Scopes

Exchange Discovery: Include Scopes Exchange Discovery: Optionally refine your scope list with exclusions Exchange Discovery: Optionally select a domain controller Exchange Discovery: Decide what to collect from any server in the discovery

Choosing Your File Storage Analysis Scopes

File Storage Analysis Discovery: Include scopes File Storage Analysis Discovery: Optionally refine your scope list with exclusions File Storage Analysis Discovery: Decide what to collect from any server in the discovery File Storage Analysis Discovery: Configure NAS Host Devices

Choosing Your Microsoft SQL Scopes

MS SQL Discovery: Include scopes MS SQL Discovery: Optionally refine your scope list with exclusions (Scope Exclusions and Global Exclusions)

Choosing Your NTFS Scopes

NTFS Discovery: Best Practices NTFS Discovery: Include scopes NTFS Discovery: Optionally refine your scope list with exclusions NTFS Discovery: Select your global scopes NTFS Discovery: Decide what to collect from any computer in the discovery NTFS Discovery: Configure NAS Host Devices NTFS Discovery: Configure your file collection

Choosing Your Registry Scopes

Registry Discovery: Include scopes Registry Discovery: Optionally refine your scope list with exclusions Registry Discovery: Select your global scopes Registry Discovery: Decide what to collect from any computer

Step 2b: Choose scopes for your cloud discoveries

Choosing Your Azure Active Directory Scopes

Azure AD Discovery: Decide what to collect from the tenant in the discovery

Choosing Your Azure Resource Scopes

Azure Resource Discovery: Include Scopes Azure Resource Discovery: Optionally refine your scope list with exclusions Azure Resource Discovery: Decide what to collect from the subscriptions in the discovery

Choosing Your Exchange Online Scopes

Exchange Online Discovery: Decide what to collect from the tenant in the discovery

Choosing Your Microsoft Teams Scopes

Microsoft Teams Discovery: Include Scopes Microsoft Teams Discovery: Decide what to collect from the subscriptions in the discovery

Choosing Your OneDrive Scopes

OneDrive Discovery: Include Scopes OneDrive Discovery: Optionally refine your scope list with exclusions OneDrive Discovery: Decide what to collect from the drives in the discovery

Choosing Your SharePoint Online Scopes

SharePoint Online Discovery: Include Scopes SharePoint Online Discovery: Optionally refine your scope list with exclusions SharePoint Online Discovery: Decide what to collect from the tenant in the discovery

Step 3. Schedule your Discovery

Run your discovery once Run your discovery on a daily interval Run your discovery on specified days of the week Run your discovery on a specified day of the month Run Your Schedule Yearly Enabling and Disabling Discovery Schedules

Step 4: Review the summary

Managing Discoveries

How is a Discovery Processed?

Types of Tasks Manually Running a Discovery

Viewing your Discoveries

Navigating the Manage Discoveries Pane Viewing the History of a Discovery What Does the Discovery Status Indicate? Viewing the Tasks for a Finished Discovery Viewing the Tasks for a Processing Discovery What Does the Task Status Indicate? Why is My View Empty? Viewing Errors and Error Suppressions Suppressing Discovery Errors Viewing Statistics Viewing a Cluster's Queue

Working with Discoveries and Tasks

Duplicating a Discovery Modifying a Discovery Canceling a Task or Discovery Deleting a Discovery

Troubleshooting Issues with Enterprise Reporter

Problems Opening the Consoles Troubleshooting connectivity issues

Restoring a connection to the Enterprise Reporter Server Restoring a connection to the Enterprise Reporter database

Troubleshooting Connection Timeouts Troubleshooting credential change failures Auditing Enterprise Reporter Activity Resolving Configuration Manager Issues

Node Deployment Issues Dealing with Unassociated Nodes Dealing with Faulted Nodes Problems Deleting a Node Changing the Node Logging Level Changing the Size of the Node Log Files

Scope Enumeration Issues Data Collection Issues

Computer Discovery Errors

Troubleshooting Features in Enterprise Reporter

Exporting Logs from the Configuration Manager Viewing information about your Enterprise Reporter configuration Viewing Errors and Statistics for Tasks

Moving the Enterprise Reporter database Disaster Recovery

Backing up Enterprise Reporter Deploying Enterprise Reporter to another computer after a disaster Checking the Enterprise Reporter configuration after recovery

Appendix: PowerShell cmdlets

What is Microsoft Windows PowerShell? What are cmdlets? Registering Enterprise Reporter cmdlets Adding the snap-ins automatically to new sessions Enterprise Reporter cmdlets Enabling Enterprise Reporter cmdlets Loading the Enterprise Reporter cmdlets Using cmdlets to manage clusters and nodes

Creating a cluster Creating a node Disabling a node Enabling a node Finding a node by name Piping cmdlets Finding a cluster by name Disabling a cluster Enabling a cluster

Using cmdlets to manage discoveries

Getting job information Creating a job Running a job Scheduling a job Deleting a job

Using cmdlets to run reports

Connecting to the server Getting report information Exporting a report definition Importing a report definition to a category Generating a report with data

Appendix: Encryption Key Manager

Starting the Encryption Key Manager Generating a key file Importing a key file Exporting a key file Resetting credentials

Appendix: Log Viewer

Starting the Enterprise Reporter Log Viewer Finding and opening log files Viewing and searching log file entries Filtering log file entries

Detailed permissions for Enterprise Reporter discoveries

The following table outlines the permissions required for Enterprise Reporter discoveries.

Table 14. Detailed permissions required for Enterprise Reporter discoveries

Permissions Required for Discovery Credential

Active Directory

An account with Active Directory read permissions is required to collect domain information, trusts, sites, domain controllers, and Active Directory computers, users, groups, and organizational units.

The account being a member of the Built-in Domain Users group is sufficient to assign read permissions.

Azure Active Directory

An identity with read permission for the discovery target tenant. Read permissions are required for collection of tenant information, Azure Active Directory users, groups, group members, roles, and service principals.

If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as stated above.

Also refer to credentials required to create and consent to the Enterprise Reporter Azure application required for this discovery. See the Configuration Manager User Guide

An identity with read permissions for the discovery target tenant. Read permissions are required for collection of subscription, Resource groups, and resources.

If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as stated above.

Also refer to credentials required to create and consent to the Enterprise Reporter Azure Resource application required for this discovery.

An account with local administrator access on the scope computers to collect computer information, local groups and users, printers, services, policies, and event logs.

To collect from Exchange targets, the credential account must have a mailbox on the target organization with access to read the permissions on the targets through EWS.

To collect from Exchange 2013, 2016, or Mixed Modes, the credentials must be a member of the Organization Management Group.

To collect from Exchange 2016 or Exchange 2019, the credentials must have an administrator role with an assigned “ApplicationImpersonation” role.

Exchange Online

An account with access to the discovery target tenant.

Read permission is required for collection of all Exchange Online information including mailboxes, mailbox delegates, public folders, mail-enabled users, mail contacts, distribution groups, group members, and permissions.

If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as previously stated.

File Storage Analysis

An account with local administrator access on the scoped computer is required to collect file, folder, share, and home drive analysis data.

For permissions required when collecting NAS devices, see Permissions for Enterprise Reporter discoveries on NAS devices .

An account with local administrator access on the SQL Server is required.

Additionally, the account must have read access to the scoped database to collect database information.

At a minimum, if not using fixed roles, the following SQL permissions are required on the securable object being used for collection.

•

Grant View Any Definition

•

Grant View Server State

•

Grant View Connect Any Database

•

Grant View Select All Securables

Microsoft Teams

The user credentials used to collect Microsoft Teams information must have either the Teams Administrator or Global Administrator permissions.

The user must also be a member of each Microsoft Teams group to prevent access denied errors during disk discovery.

If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as stated above.

Also refer to credentials required to create and consent to the Enterprise Reporter Microsoft Teams application required for this discovery.

If collecting through the administrator share, an account with local administrator access to the scoped computer is required.

If collecting through a network share, an account with read permissions to the scoped shares is required.

For permissions required when collecting NAS devices, see Permissions for Enterprise Reporter discoveries on NAS devices .

An account with access to the discovery target tenant. Administrator permissions are required for collection of all drives including drive information, configuration settings, files, folders, and permissions. A SharePoint administrator role is recommended.

Additionally, the discovery credentials must have site collection administrator rights to each drive that is being collected.

If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as stated above.

Also refer to credentials required to create and consent to the Enterprise Reporter OneDrive application required for this discovery.

An account with local administrator access to the scoped computer is required to collect registry information.

SharePoint Online

An account with access to the discovery target tenant. Administrator permissions are required for collection of all SharePoint Online site collections, including tenant settings and policies, site information, and permissions. A SharePoint administrator role is recommended.

Additionally, the discovery credentials must have site collection administrator rights to each site collection that is being collected. If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as stated above.

Also refer to credentials required to create and consent to the Enterprise Reporter SharePoint Online application required for this discovery.

Permissions for Enterprise Reporter discoveries on NAS devices

The following table outlines the permissions required for Enterprise Reporter discoveries.

Table 15. Permissions required for Enterprise Reporter discoveries on NAS Devices
Discovery Type	Permissions Required for Discovery Credential
NetApp Cluster Mode	Multiple virtual machines belong to a single cluster. All of these virtual machines can be specified as discovery targets. These virtual machines must be part of a domain. The NAS configuration must point to the cluster (name or IP address) with credentials that have read access to the cluster. These would typically be administrator credentials.
NetApp 7 Mode	In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.
NetApp Storage Controller	In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.
NetApp Filer	The vFiler can be a discovery target. In this case, the NAS configuration must point to the storage controller from which the vFilers are derived and the credentials must have read access to the storage controller.
Dell Fluid FS	The discovery target can be any Fluid FS VM. The NAS configuration must be the machine name or IP where Dell Enterprise Manager is installed and credentials must have access to Dell Enterprise Manager.
EMC Isilon	The discovery target can be any Isilon virtual machine. The NAS configuration must be the machine or IP that hosts the OneFS administration site and the credentials must have read access to it. By default, the connection is established using https and, if the connection is not deemed to be secure, the discovery will fail.

Permissions for Enterprise Reporter tenant applications

Enterprise Reporter requires Azure applications for the collection of Azure and Office 365 objects and attributes. These applications must be registered in the Azure portal and consent must be granted for delegated permissions. To manage tenant applications used by Enterprise Reporter, you use the Configuration | Application Tenant Management option.

OneDrive Azure application permissions

For the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter OneDrive Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter OneDrive Discovery application, the following delegated permissions are required:

•

Microsoft Graph: Read user files

•

Office 365 SharePoint Online: Read user files

•

Windows Azure Active Directory: Access the directory as signed-in user

•

Windows Azure Active Directory: Read directory data

•

Microsoft Graph: Have full control of all site collections

Azure Active Directory application permissions

For the Azure Active Directory discovery, the Exchange Online discovery, and the collection of group members for the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Enterprise Reporter Azure discovery application, the following delegated permissions are required:

•

Microsoft Graph: Access directory as the signed in user

•

Microsoft Graph: Read all groups

•

Microsoft Graph: Read all users’ basic profiles

•

Microsoft Graph: Read all users’ full profiles

•

Microsoft Graph: Read directory data

•

Microsoft Graph: Read identity risky user information

•

Microsoft Graph: Read your organization’s security events

•

Microsoft Graph: Access the directory as signed-in user

•

Microsoft Graph: Read all groups

Azure Resource application permissions

For the Azure Resource discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Resource Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Enterprise Reporter Azure Resource discovery application, the following delegated permissions are required:

•

Windows Azure Service Management API: Access Azure Service Management as organization users

•

Windows Azure Active Directory: Access the directory as signed-in user

•

Windows Graph: Read all users’ basic profiles

Microsoft Teams application permissions

For the Microsoft Teams discovery, an application with a name that begins with “Quest Enterprise Reporter Microsoft Teams Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Microsoft Teams Discovery application, the following delegated permissions are required:

•

Microsoft Graph: Read all users’ basic profiles

•

Windows Azure Active Directory: Access the directory as signed-in user

•

Windows Azure Active Directory: Read all groups

SharePoint Online application permissions

For the SharePoint Online discovery, an application with a name that begins with “Quest Enterprise Reporter SharePoint Online Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter SharePoint Online Discovery application, the following delegated permissions are required:

•

Microsoft Graph: Have full control of all site collections

•

Microsoft Graph: Read directory data

Minimum Permissions for Enterprise Reporter Discoveries

The following table outlines the minimum permissions required for some of the cloud discoveries.

Table 16. Minimum Permissions for some of the cloud discoveries

Minimum Permissions Required for Discovery Credential

Azure Active Directory

An account with Global Reader or Global Admin role is required.

NOTE:

•

If you encounter errors, you may need to install PowerShell module for Azure Active Directory.

•

Accounts with Azure Active Directory Premium P2 license can collect all data.

An account with Reader (NOT Global Reader) or Global Admin role is required to collect all options selected in a discovery.

Exchange Online

An account with Global Reader (Azure), Security Reader, and Recipient Management roles collects all options in a discovery.

Global Reader collects all options except “Mailbox Delegates,” Global Reader and Security collect only “Mailbox Delegates,” and Global Admin collects all discovery options.

An account with an Office 365 license and access to folders being discovered is required to collect all options in a discovery.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation

© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité Cookie Preference Center