지금 지원 담당자와 채팅
지원 담당자와 채팅

Security Explorer 9.9.2 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Revoking Active Directory permissions

You can revoke access for domain users and groups.

TIP: The Revoke basic task provides a quick way to revoke permissions. See Using the Revoke tasks. For more options, add a path, and click Switch to Security Explorer Classic (Advanced).
1
Open the Active Directory Security module.
The Revoke Permissions dialog box displays the path, and the associated groups and users for the current object. The navigation tree is hidden by default. To view the navigation tree, click 4.
To return the full list to view, click Reset. The list returns to full view the next time you open Revoke Permissions.
To display domain users in the list, click Show Users. To return the list to show only groups, click Refresh.
5
From the Permission list, select the permissions to revoke, and whether or not to Allow or Deny. If the choice is not available in the list, click Advanced Permission Selection to create a custom choice.

Revoke all permissions (Allow and Deny) for the selected user

Select to revoke all permissions (Allow and Deny) for the selected user.

Propagate client permissions down to subtree

Select to revoke the specified permissions from the child objects of the client.

7
To add the domain group/user to the List of users and groups to revoke list, click Add.
TIP: To add additional domain groups or users to the List of users and groups to revoke list with the selected permission settings, you can hold down CTRL or SHIFT, and click a domain group or user from the list or double-click a group or user in the navigation tree.
8
Click OK. The Revoking Permissions box displays the progress. See Completing a process.

Cloning Active Directory permissions

Use the Clone feature to copy the permissions of one user/group to another user/group..

TIP: The Clone task provides a quick way to clone permissions. See Using the Clone task. For more options, add a path, and click Switch to Security Explorer Classic (Advanced).
1
Open the Active Directory Security module.
3
Select Security | Clone Group or User.
The Clone Active Directory Permissions box opens to the Manual User/Group Selection tab and displays the path to the selected object and the associated groups and users.
Table 2. Clone options

Clone permissions

By default, permissions are cloned.

Clone group memberships

Select to add the destination account to the groups of which the source user is a member.

If you choose this check box, a warning message displays. The destination is cloned into the same parent groups as the source. The contents of the groups selected as the source are not cloned.

Propagate permissions down to subtree

Write over the permissions of the child objects.

Searching for Active Directory objects

1
Open the Active Directory Security module.
NOTE: If you open the Search tab in the Navigation pane without selecting an object, you need to add a Search Scope before you set criteria. See Adding a search scope.
3
Select Search | Search in a New Window (Empty).

Name

Enter or browse for the name of the principal that you want to find. Use * to match any number of characters. Use ? to match any single character. The comparison is not case sensitive.

Include all group memberships

Select to include all group memberships. The groups to which the account belongs appear in the drop-down list.

Permission

You can search for a name or a permission type. If you want to search for permissions, type the permissions in the box separated by commas. Alternatively, browse to select permissions from a list.

Allow Permissions

By default, allow permissions are included in the search results. To exclude allow permissions, clear the check box.

Inherited Permissions

By default, inherited permissions are included in the search results. Inherited permissions are indicated by (I) in the Type column. To exclude inherited permissions, clear the check box.

Deny Permissions

By default, deny permissions are included in the search results. To exclude deny permissions, clear the check box.

Explicit Permissions

By default, explicit permissions are included in the search results. To exclude explicit permissions, clear the check box.

Search for unknown accounts

Select to search for accounts deleted from Active Directory.

Search for disabled accounts

Select to search for disabled accounts.

Search for inheritance-disabled objects

Select to search for inheritance-disabled objects.

5
Click Start Search.

Start Search

Start the search based on the current Search Scope and selected criteria.

Stop Search

Stop the search process.

Clear Results

Clear the results area.

Defaults

Return to the default selections on all search criteria tabs.

Save Results

Save the results as a .txt file.

Report

Display the results in a report format that you can save, print, or export.

Schedule

Schedule a search.

Modifying Active Directory permissions

Modify the permissions of groups or users on the selected Active Directory® object. Use this feature for quick changes to accounts displayed in the permissions list. Use the Grant feature to give permissions to accounts that are not displayed in the permissions list. See Granting Active Directory permissions.

IMPORTANT: You cannot modify inherited permissions directly. Inherited permissions are indicated by Allow (I) in the Type column. To modify these permissions, you must modify the parent object.
1
Open the Active Directory Security module.
4
Select Security | Modify Permission.

Propagate modifications down to subtree

The selected modifications are propagated to child objects.

10
11
Click Yes.
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택