Chat now with support
Chat with Support

The Quest and One Identity Support Portals will be unavailable on Friday July 10, 2020 from 5:30 PM to 6:30 PM for website maintenance.

Security Explorer 9.8 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Cloning SQL Server permissions

TIP: The Clone task provides a quick way to clone permissions. For more options, add a path, and click Switch to Security Explorer Classic (Advanced). The path carries to the Clone SQL Permissions dialog box, but the permissions do not.
To clone SQL Server® permissions
1
Open the SQL Server Security module.
2
Open the Browse tab.
4
Select Security | Clone Group or User.
Click on the Tool Bar, click Clone on the Control Button Bar; or right-click the object, and choose Clone Group or User.
5
In the Source Group or User area, click User Selection to select the domain or object from which to pull the permissions.
6
In the Destination Group or User area, click User Selection to select the domain or object to receive the cloned permissions.
7
Click Add. The selected pair displays in the List of users and groups to clone list.
Table 2. Clone options

Clone Permissions

By default, permissions are cloned.

Clone group memberships

Select to add the destination account to the groups of which the source user is a member.

Modifying SQL Server permissions

To modify SQL Server® permissions
1
Open the SQL Server Security module.
2
Open the Browse tab.
4
Select Security | Modify Permissions.
Click on the Tool Bar, click Modify on the Control Button Bar; or right-click the permission, and choose Modify Permissions.
NOTE: If you want to change to another Principal name, click Change. The Select objects box lists the available objects. Select another name, and click OK.
6

Searching for SQL Server objects and permissions

To search for SQL Server® objects and permissions
1
Open the SQL Server Security module.
2
Open the Browse tab.
4
Select Search | Search in a New Window (Empty).
If you open the Search tab in the Navigation pane without selecting an object, you need to add a Search Scope before you set criteria. See Adding a search scope.
5
Click Start Search.

Setting SQL Server search criteria

Each module has a set of search criteria grouped into tabs. As you set criteria, you can update the results by clicking Start Search at any time.

Search for permissions

By default, a search returns permissions based on the specified search criteria.

Search for passwords which are blank or fail a strong password test

Select to search for SQL Server® logins with blank passwords or those where the password is the same as the user name.

Search for a user

Select to search for user logins and database/server role memberships. Type the user names in the box. Separate names with semicolons.

Search for all users

Select to include all accounts in Active Directory®.

Search for unknown accounts

Select to include accounts deleted from Active Directory.

Search for disabled accounts

Select to include accounts that are disabled.

By default, all Grant, Deny, Inherited, and Explicit permissions are included in the search results. To remove a permissions type from the search, clear the corresponding check box.

You can search for the names of the Grantee and/or Grantor, or Permission types.

By default, all permissions are included in the search. To remove a permission from the list, clear the corresponding check box. To remove all permissions, click None. To select all permissions, click All.

Related Documents