Chat now with support
Chat with Support

Security Explorer 9.8 - Release Notes

Quest® Security Explorer® 9.8

Quest® Security Explorer® 9.8
These release notes provide information about the Quest® Security Explorer® release.
Topics:
About this release
Supported platforms
New features
Enhancements
Resolved issues
Known issues
System requirements
Product licensing
Upgrade and installation instructions
More resources
Globalization
About us

About this release

Security Explorer® provides a single console for managing access controls, permissions, and security across Microsoft platforms that span multiple servers. The product provides a broad array of security enhancements including the ability to identify who has rights to resources across the entire organization. It also provides the ability to grant, revoke, clone, modify, and overwrite permissions quickly and from a central location.

Unlike native tools, Security Explorer provides the ability to back up and restore permissions only, ensuring the integrity of data. To help meet auditing requirements, Security Explorer provides convenient reports that can be generated at your convenience. Lastly, the product's cleanup capabilities address common post-migration security issues.

Security Explorer 9.8 is a minor release, with enhanced features and functionality. See New features and Enhancements.

Supported platforms

 
Table 1. Supported platforms for Security Explorer®
Security Explorer Module
Supported Platform

NTFS Security

Share Security

Registry Security

Printer Security

Service Security

Task Management

Group & User Management

Windows XP

Windows Vista®

Windows 7

Windows 8

Windows 8.1

Windows 10

Windows Server® 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

NTFS Security

Share Security

Group & User Management

Dell™ Fluid File System (FluidFS)

EMC® Isilon®

EMC Celerra®

EMC VNX®

NetApp® 8.2 (7-Mode and Clustered Mode)

NetApp 8.3, 9.0, 9.1 Clusters

NOTE: If Security Explorer is installed on a device with Windows 8 or Windows Server 2012 or higher, EMC Celerra is not supported. The workaround is to disable Server Message Block version 2 (SMBv2) and enable Server Message Block version 1 (SMBv1).
To disable SMBv2 and enable SMBv1
1
Use the following commands:
sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc config mrxsmb20 start= disabled
2
Restart the computer.
For more information, see https://support.microsoft.com/kb/2696547?wa=wsignin1.0
NOTE: vsadmin must be entered in NAS credentials dlg for full management of NetApp Clusters 8.2, 8.3, 9.0, 9.1.
NOTE: NetApp 8.2.7-Mode is not supported on Windows 10.
NOTE: For NetApp Clustered Mode, to see changes after a permission action, such as Grant, Revoke, or Modify, on folders and shares, you must refresh the tree in the Navigation pane.
NOTE: Security Explorer supports only default NetApp vFiler units. Additional vFiler units are not supported.
NOTE: Security Explorer supports CIFS volumes. Mixed CIFS/UNIX volumes are supported if the volume root owner is a Windows account.
NOTE: If Security Explorer is running as a user who is not Domain Administrator, that user must be added to local Administrators group on NAS devices.

SQL Security

SQL Server® 2017

SQL Server 2017 Reporting Services

SQL Server 2016

SQL Server 2014

SQL Server 2012

SQL Server 2008 R2

SQL Server 2008

SQL Server 2005

SharePoint Security

SharePoint® 2016

SharePoint 2013

SharePoint 2010

SharePoint Foundation

SharePoint 2007

SharePoint Services 3.0

Exchange Security

Exchange 2016

Exchange 2013

Exchange 2010

Exchange 2007

Active Directory Security

Windows Server® 2016 Functional Level

Windows Server 2012 R2 Functional Level

Windows Server 2012 Functional Level

Windows Server 2008 R2 Functional Level

Windows Server 2008 Functional Level

Windows Server 2003 Functional Level

New features

New features in Security Explorer 9.8:
New Active Directory Security module: The new Active Directory Security module gives you the ability to manage Active Directory® permissions. You can grant, revoke, clone, modify, delete, export, backup and restore permissions on Active Directory objects. You also can search for permissions, back up and restore permissions, and generate reports. If you are also using Quest® Enterprise Reporter®, you can launch Security Explorer® from within Enterprise Reporter and use the new Active Directory Security module.
View Active Directory permissions: When you open the Active Directory Security module, Active Directory loads the Active Directory objects for the specified domain. You can easily drill-down to view permissions on a specific object.
In the Navigation pane, expand the Active Directory node to browse all Active Directory objects in the default naming contexts of the specified domains.
In the Navigation pane, select an object. The Objects pane displays the LDAP path, the children of the selected object, the object name, and class.
In the Objects pane, select a child object. The Permissions pane displays permissions for the selected object. The Owner box displays the user or group that owns the selected object.
Search Active Directory: Search Active Directory for the name of a principal, and choose from the following options to include in the results:
all group memberships
permission name
allow permissions
inherited permissions
deny permissions
explicit permissions
deleted accounts
disabled accounts
Once you finish the search, you can right-click and choose to manage the permissions. You can save the search scope, save the search results, or generate a report.
Manage permissions on Active Directory objects: You can grant, revoke, clone, modify, and delete permissions on Active Directory objects.
You can grant permissions to domain users and groups without affecting the permissions of any other user. First, choose the permissions to grant, and select a domain user or group. You can grant different permissions for several domain users and groups with one operation.
You can revoke access for domain users and groups.
Use the Clone feature to copy one user/group's permissions to another user/group.
Modify the permissions of groups or users on the selected Active Directory object. Use this feature for quick changes to accounts displayed in the permissions list. Use the Grant feature to give permissions to accounts that are not displayed in the permissions list.
Easily delete permissions from selected objects.
Back up and restore permissions on Active Directory objects: As with all other Security Explorer modules, you can back up and restore permissions on Active Directory objects. The Security Explorer Active Directory Backup File has the .adb extension. You also can use the back up scheduler to schedule the backup.
Export permissions on Active Directory objects: By default, permissions are exported to a report, which you can save, print, or export. You can generate a report or export permissions to a delimited file for use with Microsoft® Excel®. This report is useful when you are asked to see which users have access to a specific Active Directory path.
NTFS Security module enhancements:
Added the ability to modify selected multiple permissions. Selected multiple permissions must be under the same path or object.
Added the ability to purge backup files (Security | Purge Backup Files) and a Purge Backup Scheduler to manage scheduled purges of backup files (Security | Purge Backup Scheduler).
Added the ability to exclude selected files and folders from an export.
Added the ability to restore security to multiple paths that have identical file structures.
Added the ability to use wild cards when restoring security to a different path.
Added the ability to back up a root folder (01) and its subfolders, and restore it to all other root folders (02, 03, 04, and so on).
Added the ability to back up permissions on one folder, and then import a list of up to 1000 or more target folders to which the permissions may be restored.
Added the ability to manage permissions at the drive root level.
User and Groups module enhancements:
Added the ability to set alternate credentials for workgroup computers. Select to show workgroups in the navigation pane in Tools | Options | View, and then use the Workgroup tab to set alternate credentials (Tools | Options | Workgroup).
Added the ability to select multiple accounts from the list in the Select Accounts dialog.
Added the ability to select multiple accounts from the list in the Group Contents dialog.
Added the ability to edit the Managed By attribute for a domain group.
Bulk removal of permissions: NTFS Security module only. You can now use the Search module to easily delete both explicit and inherited permissions on a specific user on specified folders.
For example, Peter has explicit access permission on the Customer folder, and all subfolders have inherited permissions. You want to remove Peter’s permission on all folders with Internal in the folder name.
C:\Customer\ Internal1\
C:\Customer\ Internal1\Internal2
C:\Customer\ Mixed\Internal3
C:\Customer\ External1\
Using the Search tab, set the search scope to C:\Customer, browse to find Peter’s account, select to search for both Inherited Permissions and Explicit Permissions, add *Internal* as a folder search criteria, and click Search. All permissions that belong to Peter on all folders with Internal in the name display. From the search results, delete selected permissions.
Additional supported platforms:
SQL Server® 2017
SQL Server 2017 Reporting Services
Retry options for resetting password: To help you manage password resets, several features were added to the Group and User Management module.
To help you quickly change the passwords on local administrator accounts, a new check box was added to the Group/User Search Criteria tab. Select Search for local administrator accounts, and run the search. From the search results, right-click the results, and choose Change Password.
If any password resets failed, you can select to save failed computers to a search scope to repeat the search with only the failed computers. Select Save Failed Computers to Scope, and repeat the search. Right-click the results, and choose Change Password.
A new column was added to the Object and Search Result panes that shows the date the password was last set so you can easily see which passwords were reset versus those that may have failed.
When changing passwords, you can select to create a new log file (ChangedPasswordResult.log) that lists the accounts with their changed passwords.
Modify registry values: In the Registry Security module, you can now add, modify, and delete values in a selected registry key. You also can save the list of values to a .TXT file. Open the Registry Security module, open the Browse tab, select a registry key, and select Tools | Display Registry Values. Use the buttons to modify the values in the registry key.
To quickly find a registry key, use the new Registry Key Search Criteria tab in the Search module. Just type in a string using the * or ? wildcards to locate a registry key. From the results list, right-click a registry key, and choose Display Registry Values to modify values or Delete Registry Key to delete the key.
Enhancements to SXPExport.exe: Several options were added to the command line program.
/columns allows you to indicate which columns to include in the exported spreadsheet or report.
/exclusion allows you to indicate paths to folders and files to exclude from the export.
/showgroupmembers allows you to exclude or include nested groups and Domain Users group members from the exported spreadsheet or report.
General product enhancements:
Added a license dashboard to show licensed users, enabled users, and license information.
Added the ability to log exceptions when running scheduled tasks. If a task runs normally. it is not logged. The log file name format is {call_exe_name}_{datetime}.log. Logs are located at C:\Program Files\Quest\Security Explorer\v9\Logs.
Added the ability to use alternate credentials for shares.
Added support for the Access Explorer PowerShell® snap-in.
Added the ability to use an OU in the search scope.
Allowed SXPGrant.exe to incorporate variables such as %USERNAME% to allow multiple folders to be sequenced for use in assigning permissions and ownership.
Added recursion depth to SXPBackup.exe.
Sped up the process when browsing NetApp® 7-mode shares.
Added the ability to export the search scope and settings to an XML file for later import into another module. Saved searches appear under Saved Searched | User Searches.
You can only import an XML file that was exported from the same module with the exception of the NTFS Security and Share security modules. In these modules, you can import an XML file that was exported by the other module.
Added a setting that allows each user to change where their settings are stored, such as a home folder or drive.
See also:
Enhancements
Resolved issues
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating