立即与支持人员聊天
与支持团队交流

Security Explorer 9.9.2 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Creating the Access Explorer database

The Access Explorer database stores all the data that Access Explorer needs to manage computers and servers.

In this example, the first step encrypts the password used by the service account before sending it across the network. Next, the database used by Access Explorer is created on the SQL Server identified in the DatabaseServer parameter and given the name dbReporter_AccessExplorer, which is the default name provided when creating a database in Access Explorer. The service account used to create the database needs to have permission to create and access the database. If the cmdlet creates the database successfully, Operation Complete is returned.

Adding a service account

A service account is used to access the database, install agents, and access domains. The service account needs the necessary credentials to create the SQL Server database.

This example involves a two-step process. The first step encrypts the password used by the service account before sending it across the network. The second step supplies the password, along with the domain and the account for that domain.

Adding a domain to manage

The next main step to setting up Access Explorer is to add a managed domain. You can manage any domain that your service account can access, including a remote domain. A trust needs to be established between domains and it is useful to have a service account in the trusted domain that you add to Access Explorer.

You need the ID of the service account to add a managed domain. For more information, see Adding a domain to manage.

In this example, a managed domain is added to Access Explorer. Use the Get-AEServiceAccounts cmdlet to obtain the value for the ServiceAccountId parameter. Make sure the service account belongs to the domain specified by the DomainName parameter.

In this example, a new trusted domain is added to Access Explorer. First, a password is created and stored in the $secpasswd variable. Next, a service account with the password stored in the $secpasswd variable is added for the AMER1 domain. Next, the Get-AEServiceAccounts cmdlet is used to return the ID for the service account. Finally, the AMER1 domain is added.

Adding managed computers

Once the service accounts, domain, and database are created, you can add managed computers so data can be retrieved. The data can be seen in the Report Manager on the Explorer tab, or you can use a cmdlet to retrieve data for a specific share, folder, or file.

The cmdlet for adding a managed computer has several parameters, but we will show the minimum you need to accomplish the task.

This example deploys an agent to the AMERGENDC server with a deployment type of ManagementServerInstall, which automatically deploys an agent. The other deployment type, External, marks the managed computer as requiring an external agent installation. In most cases you will want to deploy as ManagementServerInstall.

All of the other parameters are not necessary and the default setting for those options (parameters) are correct for a normal install of the agent on the managed computer. In this case with a local install, all of the files (data roots) on the managed computer will be scanned for file access permission, which is the normal setting if done using Configuration Manager | Access Explorer | Manage Computers.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级