Chat now with support
Chat with Support

Security Explorer 9.8 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Access Explorer components

This section defines all of the components that comprise an Access Explorer deployment.

Managed domain

To ensure that the Access Explorer service can install agents successfully, the Security Explorer® server needs domain user credentials with sufficient access. Access Explorer uses the concept of a managed domain, which is an association of service accounts (user credentials) to Active Directory® domains. When a new service account is added in the configuration, it is automatically granted the required Log On as a Service local user right on the Security Explorer server. This managed domain service account is used to install the agents. Local agents run as Local System and remote agents run as the service account specified during their installation.

Once a domain is managed, the application creates a Service Connection Point (SCP) in the domain that provides server location information so that all agents and clients know where to connect.

For more information, see Adding managed domains.

Registered forest

To register a forest, add the forest to Access Explorer. See Adding forests. When you add a forest, you must provide a service account with sufficient permissions to perform all Access Explorer configuration tasks. If the application needs to resolve a SID or expand group membership from that forest, it will use the associated service account.

When you add a managed domain and the associated Active Directory® forest is not yet registered, the Security Explorer Server will automatically add the forest and use the domain service account credentials as the forest credentials.

For more information, see:

Managed computer

A managed computer is any network object that can host resources such as files, folders, and shares. Currently supported resources include Windows® computers, Windows® clusters, and certain network attached storage (NAS) devices. When the user adds a managed computer, Configuration Manager deploys an Access Explorer agent to scan that computer. The agent may be installed on the computer (local agent) or it may be installed on another computer (remote agent). Detailed access information is maintained on the agent computer, only sending general access information to the server.

For more information, see:

Related Documents