Chat now with support
Chat with Support

Security Explorer 9.8 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Getting managed computer information

Now that there is a managed computer you will want to know the status of the agent and the identification for the managed computer.

An important field to note in the output is the Status field as it provides information as to the status of the agent. For example, if you see the Status is still reporting DeployingAgent 15 minutes after you deployed the agent, then something is wrong as deployment should only take a few minutes.

In this example, because a managed computer is not specified, the cmdlet returns information on all managed computers.

In this example, a managed computer is specified, so the cmdlet returns information on only the AMERGENDC managed computer.

In this example, information about the managed computer specified by the ManagedComputerId (also known as the ManagedHostId) is returned.

Getting security information for a resource

All of the components needed for Access Explorer are now in place so now you can start to retrieve security information in the form of the ACL (access control list) about specific resources (shares, folders, and files) on your managed computers. The resource in question is to be in the format \\computer\share\folder\file.ext and wild characters are not permitted. Note that the cmdlet requires not only the computer name, but also the domain in which the computer resides, because the service account for the domain is needed to access the resource.

In this example, the cmdlet returns the ACL for the file specified in the ResourceUri parameter.

In this example, the cmdlet returns the ACL for the folder specified in the ResourceUri parameter.

In this example, the cmdlet returns the ACL for the share specified in the ResourceUri parameter.

Getting resource access information

In addition to the security information ACL for a resource, you also can get information on who currently has access to the resource. Since the information obtained by the Get-AEResourceAccess cmdlet cannot be read from the command line, you must use the Export-AEResourceAccessAsCSV cmdlet to export the information to a CSV file.

In this example as this cmdlet works in conjunction with the cmdlet used to get access information the first thing and not shown here, is to get some information on a resource stored into a variable, $resourceAccess. The variable is then piped into the Export-AEResourceAccessAsCSV, which outputs the CSV file. In this case the variable is used as an input parameter for the cmdlet and CSV file is optimized for Excel.

Now that you have seen how to get the information out to a file in any location you wish, let’s look at how to get the access information for a resource. With the cmdlet used to get the access information you can retrieve file, folder, share, and service identity rights.

In this example, the Get-AEResourceAccess cmdlet gets resource access (folder security) for the folder SmallClassDataset that resides on a locally managed computer with the id f13a510b-dc5d-43f6-815b-0020f3da275d. The results are saved to the $resourceAccess variable, which is then exported to a file using the Export-AEResourceAccessAsCSV cmdlet.

In this example, resource access (folder security) is obtained for two folders, \\AMERGENDC\C$\Test1 and \\AMERGENDC\C$\Test2, that are located on a remotely managed computer with the ID 973c7042-c413-45fb-9f52-057c64d4f800. The results are placed in the $resourceAccess variable and exported to a CSV file using the Export-AEResourceAccess cmdlet.

In this example, resource access (share security) is obtained for the share, Files, that is located on a managed computer with the ID f13a510b-dc5d-43f6-815b-0020f3da275d. The results are placed in the $resourceAccess variable and exported to a CSV file using the Export-AEResourceAccessAsCSV cmdlet.

In this example, resource access (security identities) is obtained for the services, TermService (Remote Desktop Services) and SessionEnv (Remote Desktop Configuration), that are located on a managed computer with the ID f13a510b-dc5d-43f6-815b-0020f3da275d. The results are placed in the $resourceAccess variable and exported to a CSV file using the Export-AEResourceAccessAsCSV cmdlet.

The following is an example of the information in an output CSV file from the Export-AEResourceAccessAsCSV cmdlet.

Using cmdlets to manage Access Explorer agents

You use Security Explorer to install the Access Explorer agents, but you can manage the installed agents using the Access Explorer cmdlets.

Topics:

Related Documents