Suppose a user complains about being unable to log in through VPN. Use IT Security Search to investigate and resolve the situation.
For best results, enable the following connectors:
You should start by searching for the David Shore user account, which is having problems. To get results quickly, use the Whom:"David Shore" query. This will take you directly to the events that affected the account.
Suppose the search results include group membership change events from InTrust and Change Auditor indicating that the user was removed from one or more groups. Examine these events and find the one about the group used for providing VPN access. Note that the timestamp of the event is later than the last Active Directory backup. Also note the other event details such as who did this.
In the breadcrumbs line, click the user name to open the user details, and go to the History tab. In the change history view on the Backups tab, locate the state before the VPN-related group membership change, and click the corresponding Restore from backup link.
VPN access for David Shore is restored now, and you know who interfered with his group membership.
Suppose a new user is not getting the expected permissions to open a network share. You want to use IT Security Search to look into this.
To make the investigation as efficient as possible, make sure that data from the following sources is available:
You are about to examine share access, so it makes sense to start by looking at share permissions.
Search for the share path. Click the share you need in the list of results and open its details. In the permissions table, you find the Marketing group, which is used for controlling access to the share. Apparently the user is supposed to be a member of this group, but is not.
Do a search for the Marketing group; click the group in the results and go to the details view for the it. It turns out to be an Active Roles dynamic group. Click the Membership Rules tab in the details table to see how the group is populated. In the Rule Details column, you find the following rule: "[User] department Is (exactly) Marketing".
The user's department information is probably wrong, making the user unfit for membership in the Marketing dynamic group. See if this guess is correct: search for the user name, locate the user in the results and open the user's details.
You find that the value of the Department attribute has a typo: "Markering" instead of "Marketing", and you notify security administrator about this issue.
When you get a response from the administrator saying that the problem has been resolved, you do another search for the Marketing group to confirm that the user is now a member.
IT Security Search comes with additional PowerShell scripts that help automate configuration. These scripts are available in the Scripts subfolder of your IT Security Search installation folder. At this time, the following scripts are shipped:
Scripts |
Details |
---|---|
New-SslCertificate.ps1 New-CertificateBinding.ps1 Delete-CertificateBinding.ps1 |
These scripts help configure the SSL certificate used by IT Security Search. |
Set-ItssConnectorSettings.ps1 |
Updates the settings of an IT Security Search connector. For details, see the script's help output. |
ITSS-ExportFields.psm1 |
Customizes the layout of search results exported to a file: rearranges and resizes the columns for the object types that you specify. The script applies the layout configuration you provide directly; it doesn't use the column set configured in the IT Security Search UI. For details, see the script's help output. |
If you need to contact Support, you should provide various technical details for a speedy response. IT Security Search includes a utility that automatically gathers all the information that support engineers may need and stores it in a single ZIP file.
To create such a file, open the About box in the IT Security Search UI, select the Contact tab and click Save Information for Support. The file is not transferred to Support automatically. To submit it, open a service request at https://support.quest.com/contact-support.
Quest needs your consent for gathering the data, because some information in the resulting file may be considered sensitive. Quest ensures that storage and processing of this information are duly protected to safeguard your privacy.
The following information is gathered:
IT Security Search uses PowerShell to collect the data.
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center