Chat now with support
Chat with Support

The Quest and One Identity Support Portals will be unavailable on Friday July 10, 2020 from 5:30 PM to 6:30 PM for website maintenance.

Security Explorer 9.8 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Setting search criteria

Each module has a set of search criteria grouped into tabs. As you set criteria, you can update the results by clicking Start Search at any time.

Topics:

Group and user search criteria

Group/User

Type groups or users separated by semi-colons in the Group/User box, or click Browse or Advanced User Selection to browse for groups or users.

SID

Type a full or partial SID to search. You can use the * wildcard to match any number of characters. Use the ? wildcard to match a single character. The comparison is not case sensitive.

You might pair the SID search with other search options, such as Include group results, Include user results, Search for unknown accounts, Search for permissions (DACL), and Search for owner.

Include all group memberships

Disabled if there is more than one group or user in the Group/User box. Select to include all groups of which the selected group or user is a member.

NOTE: To search for Access Explorer Memberships, select an Access Explorer server, and select Include all group memberships and Include nested group memberships.

Include nested group memberships

Active only when the Include all group memberships check box is selected. Select to include any accounts that may be nested under the parent account.

Include “BUILTIN\Users” memberships

Active only when the Include all group memberships check box is selected. Select to include the permissions for BUILTIN\Users if the account entered in the Group/User box is a member of the BUILTIN\Users group.

Include “Domain Users” memberships

Active only when the Include all group memberships check box is selected. Select to include the permissions for Domain Users if the account entered in the Group/User box is a member of the Domain Users group.

Include “Everyone” Group

Select to include the Everyone group in the search.

Include “Authenticated Users” Group

Select to include the Authenticated Users group in the search.

Include “Network” Group

Select to include the Network group in the search.

Include “Interactive” User

Select to include the Interactive user in the search.

Include group results

Applies only to NTFS Security module.Select to include groups in the search.

Include user results

Applies only to NTFS Security module. Select to include users in the search.

Search for unknown accounts

Select to include unknown accounts in the search.

Search for disabled accounts

Select to include disabled accounts in the search.

Include SID history

Select to include a SID history search. If any additional SIDs are found in the history, these additional SIDs are included in the search with the primary SID.

Show Only SID history permissions

Applies only to NTFS Security module. Active only when the Include SID history check box is selected. Select to display only the SID history permissions.

Permission search criteria

Search for permissions (DACL)

Applies only to NTFS Security module. By default, the Discretionary Access Control List (DACL) is searched for any allow or deny permissions. Inherited and explicit permissions are included.

Search for owner

Applies only to NTFS Security module. Select to include the owner of the selected file or folder in the search.

Folder

File

In the boxes, select the permissions to search. Browse to define special permissions in the NTFS Security module. To define special permissions in the Share Security, Registry Security, and Printer Security modules, click Advanced Permission Selection.

Search for exact permissions (as set above)

Perform the search using the exact permissions settings. For example, if you search for Write (W), only that permission is included in the results.

Search for exact permissions or better

Include the exact permissions settings, along with any other permissions that include the permissions specified. For example, if you search for Write (W), Full Control (All) is also included in the results, along with any Special permissions that include Write (W).

Invert results set (applies to DACL only)

Select to search for permissions other than those specified. For example, if you are searching for Write (W), the search results return all permissions except Write (W).

NOTE: Selecting some permissions, such as Write (W), select other permissions automatically (Rp, Ad, Wd, Wa, Wx). If you select the Invert permissions result set check box, those permissions are not included in the results. If you want to include those permissions in the results, click Advanced Permission Selection to manually deselect those permissions. This rule does not apply to Full Control (All), so even though you searched for permissions other than Write (W), Full Control (All) is included in the results.

Search cluster file shares

Applies only to Share Security module. Select to search cluster file shares. Cluster file shares display in bold.

Inherited Permissions

Applies only to NTFS Security module. Includes inherited permissions in the search results. Inherited permissions are indicated by (I) in the Type column.

Explicit Permissions

Applies only to NTFS Security module. Includes explicit permissions in the search results.

Show duplicate permissions (advanced search option) (i.e., explicit ACE’s where there is an exact matching inherited ACE)

Applies only to NTFS Security module. Select to show duplicate permissions, that is explicit ACEs where there is an exact matching inherited ACE.

Protected Folders/Files Only (i.e., folders/files which do not inherit permissions from their parent

Applies only to NTFS Security module. Select to search only protected folders/files, which are those folders/files that do not inherit permissions from their parent.

Folder and file search criteria

Applies to NTFS Security module only. By default, a search includes folder and file permissions and all subfolders.

Search for folder permissions

Select to include folder permissions in the search results.

Search for file permissions

Select to include file permissions in the search results.

Recurse all subfolders

Select to include all subfolders in the search results.

Recurse to Depth

Select to include subfolders to the depth specified in the box. The default depth is 1, which is one level below the folder displayed in the path box.

Wildcard

Use * to match any number of characters. Use ? to match any single character. The search is not case sensitive.

Invert results set

Select to search for permissions other than those specified. For example, if you are searching for Write (W), the search results return all permissions except Write (W).

Related Documents