立即与支持人员聊天
与支持团队交流

Security Explorer 9.9.2 - User Guide

Getting Started with Security Explorer Managing permissions Searching Managing security Managing objects
Managing folders and files Managing shares Managing registry keys Managing services Managing tasks Managing groups and users Managing Favorites Managing Enterprise Scopes Updating licenses Managing network drives
Working with Microsoft SQL Server Working with Microsoft Exchange
Checking minimum requirements Viewing Exchange permissions Granting Exchange permissions Revoking Exchange permissions Cloning Exchange permissions Searching for Exchange server objects and permissions Backing up and restoring Exchange server security Modifying Exchange permissions Managing Exchange group memberships Exporting Exchange security permissions Creating Exchange databases Creating public folder mailboxes Managing Exchange administrators Managing Exchange distribution groups Managing mail contacts Managing mail users Managing mailboxes Managing mailbox folders Managing public folders Using role based access control Setting options for Exchange security
Working with Microsoft SharePoint Working with Access Explorer Working with Microsoft Active Directory Customizing Security Explorer Using the command line Using PowerShell cmdlets Troubleshooting

Database

The Security Explorer server stores all data gathered in a SQL Server® database, including indexed data received from the agents. See Setting up the Access Explorer database.

Service accounts

A service account is a set of credentials provided by the user and is used to perform certain deployment and query operations.

When you place a domain under management, you must provide a service account for the domain. The service account ensures computers from that domain can be added as managed computers. Each managed domain can only have one associated service account at any time, but the same service account can be used for multiple managed domains.

When a new service account is added in the configuration, it is automatically granted the required Log On as a Service local user right on the Quest Security Explorer Server.

When you deploy a remote agent to a managed computer, the agent requires a set of credentials to read information from the remote target computer. The credentials provided are referred to as the managed computer service account and are used only to read information from the remotely targeted computer.

Various operations within Access Explorer use different credentials. The following table details when various accounts are being used.

Agent deployment and removal1

Yes

 

 

Restart agent

Yes

 

 

Take domain under management

Yes

 

 

Register a forest and enumerate

 

Yes

 

Read information from targets

 

 

Yes1

1 The managed domain service account is used to install, upgrade, or remove the agent on the target computer. In the case where the agent is deployed locally, the agent will run as Local System. In the case where an agent is deployed remotely, the managed computer service account is used to read information from the remote computer.

Service account credentials are maintained in the database in a secure encrypted form. In the event that someone gains access to the database, they would not be able to decrypt any of the credentials provided.

Access Explorer uses the FIPS 140-2 compliant encryption to protect the service account credentials.

For more information see:

Setting up Access Explorer

The initial configuration of Access Explorer involves a one-time setup of the Access Explorer database and the first managed domain.

Topics:

Setting up the Access Explorer database

The Access Explorer service scans and indexes security access information on files, folders, and shares on managed computers in managed domains. The data is stored in the Access Explorer database.

1
Select Tools | Access Explorer Configuration.
2
Click Configure Access Explorer.
3
On the Configuration tab, below set up database, click set up now.
NOTE: These credentials must have the right to create databases on the target SQL Server® instance. They are subsequently used to access the database to store permission information collected from managed computers.
7
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级