Chat now with support
Chat with Support

Security Explorer 9.9.2 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Getting security information for a resource

All of the components needed for Access Explorer are now in place so now you can start to retrieve security information in the form of the ACL (access control list) about specific resources (shares, folders, and files) on your managed computers. The resource in question is to be in the format \\computer\share\folder\file.ext and wild characters are not permitted. Note that the cmdlet requires not only the computer name, but also the domain in which the computer resides, because the service account for the domain is needed to access the resource.

In this example, the cmdlet returns the ACL for the file specified in the ResourceUri parameter.

In this example, the cmdlet returns the ACL for the folder specified in the ResourceUri parameter.

In this example, the cmdlet returns the ACL for the share specified in the ResourceUri parameter.

Getting resource access information

In addition to the security information ACL for a resource, you also can get information on who currently has access to the resource. Since the information obtained by the Get-AEResourceAccess cmdlet cannot be read from the command line, you must use the Export-AEResourceAccessAsCSV cmdlet to export the information to a CSV file.

In this example as this cmdlet works in conjunction with the cmdlet used to get access information the first thing and not shown here, is to get some information on a resource stored into a variable, $resourceAccess. The variable is then piped into the Export-AEResourceAccessAsCSV, which outputs the CSV file. In this case the variable is used as an input parameter for the cmdlet and CSV file is optimized for Excel.

Now that you have seen how to get the information out to a file in any location you wish, let’s look at how to get the access information for a resource. With the cmdlet used to get the access information you can retrieve file, folder, share, and service identity rights.

In this example, the Get-AEResourceAccess cmdlet gets resource access (folder security) for the folder SmallClassDataset that resides on a locally managed computer with the id f13a510b-dc5d-43f6-815b-0020f3da275d. The results are saved to the $resourceAccess variable, which is then exported to a file using the Export-AEResourceAccessAsCSV cmdlet.

In this example, resource access (folder security) is obtained for two folders, \\AMERGENDC\C$\Test1 and \\AMERGENDC\C$\Test2, that are located on a remotely managed computer with the ID 973c7042-c413-45fb-9f52-057c64d4f800. The results are placed in the $resourceAccess variable and exported to a CSV file using the Export-AEResourceAccess cmdlet.

In this example, resource access (share security) is obtained for the share, Files, that is located on a managed computer with the ID f13a510b-dc5d-43f6-815b-0020f3da275d. The results are placed in the $resourceAccess variable and exported to a CSV file using the Export-AEResourceAccessAsCSV cmdlet.

In this example, resource access (security identities) is obtained for the services, TermService (Remote Desktop Services) and SessionEnv (Remote Desktop Configuration), that are located on a managed computer with the ID f13a510b-dc5d-43f6-815b-0020f3da275d. The results are placed in the $resourceAccess variable and exported to a CSV file using the Export-AEResourceAccessAsCSV cmdlet.

The following is an example of the information in an output CSV file from the Export-AEResourceAccessAsCSV cmdlet.

Using cmdlets to manage Access Explorer agents

You use Security Explorer to install the Access Explorer agents, but you can manage the installed agents using the Access Explorer cmdlets.

Topics:

Identifying agents on a managed computer

A managed computer may have more than one agent installed on it. Not only could there be a local agent, there could be an agent for a remote computer, or an agent for a Net-App server or a cluster. The Get-AEAgentInstances cmdlet finds all agent instances registered with Security Explorer Access Explorer. A filter can be specified to retrieve agent instance information for only a single hosting system. Only managed computers with at least one agent instance (either local or remote) are returned. Note that the computers returned by this cmdlet are not the same as managed hosts; they are the computers that physically host the agent service.

In this example, the cmdlet returns the agents installed on the managed computer identified in the HostingSystem parameter.

In this example, the cmdlet returns all managed computers with their installed agents.

In this example, we look at how to expand the information returned by the Get-AEAgentInstances cmdlet as it is used in other cmdlets, such as the Restart-AEAgent cmdlet. To use the Restart-AEAgent cmdlet to restart an agent on a computer, you need to specify the Agent ID.

The first line stores information on the agent in the $a variable. The second line displays the information stored in the $a.agents property, which is where you find the agent Id, BW_aaabd11494ed4f19921a91b92ee0979d, that you need for the Restart-AEAgent cmdlet.

The $a | Get-Member (in the example output) displays the member types available for the data returned by Get-AEAgentInstances cmdlet.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating