Getting Started with Security Explorer
Starting Security Explorer
Customizing the view
Managing permissions
Choosing an interface mode
Using the Tasks tab
Using the status bar
Using the loading progress bar
Managing module buttons
Completing a process
Viewing permissions
Granting permissions
Revoking permissions
Searching
Using the Browse tab to revoke permissions
Revoking permissions on unknown accounts
Revoking permissions on disabled accounts
Using the Revoke tasks
Cloning permissions
Using the Browse tab to clone permissions
Creating permission templates
Copying permissions
Copying permissions to subfolders and files
Setting ownership
Modifying permissions
Reducing permissions to read only
Managing group memberships
Renaming accounts
Deleting permissions
Printing permissions
Selecting users and groups manually
Selecting users and groups automatically
Updating permissions relating to a user's SID history
Importing users and groups
Using the Clone task
Using the Browse tab to search
Managing saved searches
Adding a search scope
Setting search criteria
Managing security
Group and user search criteria
Permission search criteria
Folder and file search criteria
Service and task search criteria
Group and user search criteria
Advanced search options
Registry key search criteria
Using the Search tasks
Replacing permissions
Backing up security
Scheduling a backup
Using the backup scheduler
Restoring security
Purging backup files
Scheduling a backup purge
Exporting security
Managing objects
Managing folders and files
Working with Microsoft SQL Server
Creating a new folder
Deleting a folder or file
Viewing folder and file properties
Showing open files
Opening files
Editing files
Opening a folder in Windows Explorer
Managing shares
Managing registry keys
Managing services
Starting, stopping, pausing, or restarting a service
Setting logon accounts
Changing the password for a logon account
Scheduling logon account password changes
Removing a service
Modifying service properties
Managing tasks
Running a task
Setting account information
Creating a new task
Copying a task
Exporting a task
Removing a task
Modifying task properties
Managing groups and users
Viewing accounts
Creating a new group
Creating a new user
Modifying group and user properties
Modifying group or user Active Directory properties
Modifying properties of multiple users
Modifying group memberships
Viewing group and user memberships
Changing user passwords
Modify memberships of multiple local groups
Clearing the local administrator group
Deleting groups and users
Managing Favorites
Managing Enterprise Scopes
Creating an Enterprise Scope while browsing
Creating an Enterprise Scope
Editing an Enterprise Scope
Removing an Enterprise Scope
Updating licenses
Managing network drives
Viewing SQL Server permissions
Granting SQL Server permissions
Revoking SQL Server permissions
Cloning SQL Server permissions
Modifying SQL Server permissions
Searching for SQL Server objects and permissions
Backing up and restoring SQL Server security
Exporting SQL Server database permissions
Managing SQL Server objects
Working with Microsoft Exchange
Copying SQL Server objects
Copying SQL Server permissions
Managing SQL Server databases
Managing Security SQL Reporting Services
Setting options for SQL Server
Modifying SQL Server security settings
Managing SQL Server network settings
Adding a new database role
Removing a database role
Modifying a database role
Adding a new database user
Removing a database user
Modifying a database user
Adding a new schema
Removing a schema
Modifying a schema
Managing logins
Managing server roles
Checking minimum requirements
Viewing Exchange permissions
Granting Exchange permissions
Revoking Exchange permissions
Cloning Exchange permissions
Searching for Exchange server objects and permissions
Backing up and restoring Exchange server security
Modifying Exchange permissions
Managing Exchange group memberships
Exporting Exchange security permissions
Creating Exchange databases
Creating public folder mailboxes
Managing Exchange administrators
Managing Exchange distribution groups
Managing mail contacts
Managing mail users
Managing mailboxes
Managing mailbox folders
Working with Microsoft SharePoint
Creating mailbox folders
Managing permissions on mailbox folders for multiple users
Deleting mailbox folders
Managing public folders
Using role based access control
Managing user roles
Managing role groups
Managing roles
Setting options for Exchange security
Creating assignments
Modifying assignments
Deleting assignments
Creating child roles
Modifying child roles
Deleting child roles
Adding entities
Modifying entities
Deleting entities
Managing custom scopes
Using the SharePoint menu
Adding SharePoint farms or sites
Managing SharePoint farms or sites
Previewing SharePoint objects
Deploying the SharePoint web service
Deploying the SharePoint web service manually
Managing SharePoint permissions
Working with Access Explorer
Viewing SharePoint permissions
Granting SharePoint permissions
Revoking SharePoint permissions
Cloning SharePoint permissions
Modifying SharePoint permissions
Modifying SharePoint permissions levels
Repairing limited access permissions
Removing permissions on deleted accounts
Removing permissions on disabled accounts
Managing SharePoint groups
Removing accounts from SharePoint groups
Searching for SharePoint objects
Modifying SharePoint properties
Backing up and restoring SharePoint security
Exporting SharePoint permissions
Setting SharePoint options
Removing the SharePoint web service
Removing the SharePoint web service manually
Access Explorer components
Working with Microsoft Active Directory
Managed domain
Registered forest
Managed computer
Access Explorer agent
Scopes
Database
Service accounts
Setting up Access Explorer
Setting up the Access Explorer database
Setting up the first managed domain (includes the service account)
Updating Access Explorer configuration
Adding managed domains
Adding forests
Editing managed domains or forests
Adding service accounts
Editing service accounts
Deleting service accounts
Collecting Access Explorer data
Setting up a managed computer
Installing the Access Explorer agent locally
Installing the Access Explorer agent remotely
Managing managed computers
Modifying managed computer properties
Managing Access Explorer agents
Viewing Access Explorer objects
Searching Access Explorer servers
Using the Access Explorer permission wizard
Changing all permissions
Cloning all permissions
Deleting all permissions
Exporting all permissions
Backing up permissions
Setting options for Access Explorer
Viewing Active Directory permissions
Granting Active Directory permissions
Revoking Active Directory permissions
Cloning Active Directory permissions
Searching for Active Directory objects
Modifying Active Directory permissions
Modifying group memberships
Modifying Active Directory properties
Deleting Active Directory permissions
Backing up and restoring Active Directory security
Exporting Active Directory permissions
Setting options for Active Directory Security
Customizing Security Explorer
Setting general options
Setting view options
Setting alternate credentials for workgroups
Setting alternate credentials for services and tasks
Setting alternate credentials NAS devices
Setting advanced options
Controlling access to Security Explorer
Using the command line
Opening a command prompt window
SxpBackup.exe
SxpClone.exe
SxpExport.exe
SxpGrant.exe
SxpHomeDir.Exe
SxpInheritance.exe
SxpOwner.exe
SxpRestore.exe
SxpRevoke.exe
SXPActiveDirectoryBackup
Using PowerShell cmdlets
What are cmdlets?
Using Security Explorer cmdlets
Troubleshooting
Creating or editing the PowerShell.exe.config file
Installing Security Explorer cmdlets
Installing Security Explorer cmdlets manually
Removing Security Explorer cmdlets
Using cmdlets to set up Access Explorer
Creating the Access Explorer database
Adding a service account
Adding a domain to manage
Adding managed computers
Using cmdlets to get information about Access Explorer objects
Getting service account information
Getting managed domain information
Getting managed computer information
Getting security information for a resource
Getting resource access information
Using cmdlets to manage Access Explorer agents
Identifying agents on a managed computer
Changing the agent configuration on a managed computer
Restarting the agent
Restarting a single agent
Updating an agent
Changing the service account password
Changing the SQL account password
Using cmdlets to remove Access Explorer objects
Setting alternate credentials for workgroups
Group and User Management module only. Use alternate credentials to specify additional accounts that have administrative privileges to various computers on your network. Each account in the list is tried in the order listed until an account is found with sufficient privileges. If no account is found with administrative privileges, Access Denied is displayed.
|
NOTE: To use alternate credentials for workgroups, you need to select the Show Workgroup collection check box on the View tab in Security Explorer Options. See Setting view options.
|
|
1 |
|
a |
Click Add. |
|
e |
Click OK. |
|
4 |
Click OK. |
Setting alternate credentials for services and tasks
|
1 |
|
a |
Click Add. |
|
e |
Click OK. |
|
4 |
Click OK. |
Setting alternate credentials NAS devices
|
1 |
|
a |
Click Add. |
|
e |
Click OK. |
|
4 |
Click OK. |
Setting advanced options
|
1 |
|
Select to load domains when you select items in the Navigation pane. | |
|
By default, computers, groups, and users are loaded when you select items in the Navigation pane. | |
|
To activate this check box, clear the Load computers, groups and users using Active Directory check box. Select to include unknown computers in the Navigation pane. | |
|
Select to automatically select the Show Cluster File Shares check box when browsing computers that are members of a cluster. If selected, a warning message displays when you click OK. Click Yes to verify the selection. See Viewing permissions. | |
|
By default, the age of the cache entry is examined prior to loading a path. By default, entries older than 3 hours are reloaded from the disk. You can set the value in the Display cache box up to 24 hours and in the Persistent cache box up to 999 hours.
| |||||
|
Click to clear the database caches for all modules. Active only if the Use cache when browsing or Use persistent cache check boxes are selected. |
By default, the configuration folders and files of a user are saved to C:\Users\<Current User>\AppData\
Local\Quest\Security Explorer\v9. You can choose to change the location where your configuration folders and files are stored.
Local\Quest\Security Explorer\v9. You can choose to change the location where your configuration folders and files are stored.
|
NOTE: The mapping between each user and their specified config load path is saved to the UserConfigSettings.xml file located at C:\ProgramData\Quest\Security Explorer\v9. When a user starts Security Explorer, this file is checked for a user-specific setting. If a specified config load path mapping is found, Security Explorer loads the configuration settings from the path specified in the UserConfigSettings.xml file. If a mapping is not found, Security Explorer uses the settings from the default path: C:\Users\<Current User>\AppData\Local\Quest\Security Explorer\v9. |
|
List of Access Explorer servers (NTFS Security module only) | |
|
Saved Permission Templates (NTFS Security module only) | |
|
Saved SharePoint farms and sites (SharePoint Security module only) | |
|
a |
Click Advanced. |
|
• |
To copy configuration information from the All Users account to your account, leave the Share information with all users check box blank, and click Copy Shared Data. |
|
• |
To copy your configuration information to the All Users account, select the Share information with all users check box, and click Copy User Specific Data. |
|
c |
By default, the configuration information of a user is saved to C:\Users\<Current User>\AppData\Local\Quest\Security Explorer\v9. To change the location, select the Change config load path check box, browse to select the new location, and click OK. |
|
d |
Click OK. |
|
e |
|
7 |
Click OK. |