Chat now with support
Chat with Support

The Quest and One Identity Support Portals will be unavailable on Friday July 10, 2020 from 5:30 PM to 6:30 PM for website maintenance.

Security Explorer 9.8 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Viewing Active Directory permissions

NOTE: The View Permissions task opens the Browse tab.
1
Open the Active Directory Security module.
2
In the Navigation pane, expand the Active Directory® node to browse all Active Directory objects in the default naming contexts of the specified domains. See Using the Navigation pane.
If loading is taking too long, you can click Stop in the loading progress bar. To reload the current node, click Reload or press F5. See Using the loading progress bar.

Granting Active Directory permissions

You can grant permissions to domain users and groups without affecting the permissions of any other user. First, choose the permissions to grant, and select a domain user or group. You can grant different permissions for several domain users and groups with one operation.

TIP: The Grant task provides a quick way to grant permissions. See Using the Grant task. For more options, add a path, and click Switch to Security Explorer Classic (Advanced).
1
Open the Active Directory Security module.
The Grant Active Directory Permissions dialog box displays the path, and the associated groups and users for the current object. The navigation tree is hidden by default. To view the navigation tree, click 4.
To return the full list to view, click Reset. The list returns to full view the next time you open Grant Permissions.
To display users in the list, click Show Users. To return the list to show only groups, click Refresh.
5
From the Permission list, select the permissions to grant, and whether or not to Allow or Deny. If the choice is not available in the list, click Advanced Permission Selection to create a custom choice.
6
From the Applies To list, select how to apply the permissions.
8
To add the domain group/user to the List of users and groups to grant list, click Add.
TIP: To add additional domain groups or users to the List of users and groups to grant list with the selected permission settings, you can hold down CTRL or SHIFT, and click a domain group or user from the list, or double-click a group or user in the navigation tree.
9
Click OK. The Granting Permissions box displays the progress. See Completing a process.

Revoking Active Directory permissions

You can revoke access for domain users and groups.

TIP: The Revoke basic task provides a quick way to revoke permissions. See Using the Revoke tasks. For more options, add a path, and click Switch to Security Explorer Classic (Advanced).
1
Open the Active Directory Security module.
The Revoke Permissions dialog box displays the path, and the associated groups and users for the current object. The navigation tree is hidden by default. To view the navigation tree, click 4.
To return the full list to view, click Reset. The list returns to full view the next time you open Revoke Permissions.
To display domain users in the list, click Show Users. To return the list to show only groups, click Refresh.
5
From the Permission list, select the permissions to revoke, and whether or not to Allow or Deny. If the choice is not available in the list, click Advanced Permission Selection to create a custom choice.

Revoke all permissions (Allow and Deny) for the selected user

Select to revoke all permissions (Allow and Deny) for the selected user.

Propagate client permissions down to subtree

Select to revoke the specified permissions from the child objects of the client.

7
To add the domain group/user to the List of users and groups to revoke list, click Add.
TIP: To add additional domain groups or users to the List of users and groups to revoke list with the selected permission settings, you can hold down CTRL or SHIFT, and click a domain group or user from the list or double-click a group or user in the navigation tree.
8
Click OK. The Revoking Permissions box displays the progress. See Completing a process.

Cloning Active Directory permissions

Use the Clone feature to copy the permissions of one user/group to another user/group..

TIP: The Clone task provides a quick way to clone permissions. See Using the Clone task. For more options, add a path, and click Switch to Security Explorer Classic (Advanced).
1
Open the Active Directory Security module.
3
Select Security | Clone Group or User.
The Clone Active Directory Permissions box opens to the Manual User/Group Selection tab and displays the path to the selected object and the associated groups and users.
Table 2. Clone options

Clone permissions

By default, permissions are cloned.

Clone group memberships

Select to add the destination account to the groups of which the source user is a member.

If you choose this check box, a warning message displays. The destination is cloned into the same parent groups as the source. The contents of the groups selected as the source are not cloned.

Propagate permissions down to subtree

Write over the permissions of the child objects.

Related Documents