ScriptLogic is now Quest Software

Purchase

Product Evaluation

Product Info
Product Overview
FAQs
Licensing
Extension Request
Instructor Led Training
Technical Support
System Requirements

Live Help
Home » Products » Security Explorer » FAQs


Security Explorer
Version: 8.0.2

Security Explorer® - Frequently Asked Questions

  • What does Security Explorer manage?
    • Security Explorer manages permissions on:
      • NTFS volumes (Files and Folders), Printers, Shares, Registry Keys, Users and Groups, Services and Scheduled Tasks on Windows servers and workstations as well as certain NAS and SAN devices.
      • Exchange mailboxes and mailbox folders, public folders, distribution groups, Exchange administrators, RBAC settings (roles, role groups, user roles and scopes), administrative groups, storage groups, mailbox and public folders stores, and Exchange Servers.
      • SQL Server instances, databases, tables, views, schemas, stored procedures, server and database roles, database users and server logins.
      • SharePoint sites and site collections, lists, documents, document libraries, permission levels and SharePoint groups.

  • Does Security Explorer create reports?
    • Security Explorer can create basic ad-hoc security reports by exporting a complete list of permissions for a resource. It also offers the ability to perform targeted searches for all locations that a particular account has access (including permissions granted through group membership) and exporting those results. The results can be exported to spreadsheet, database, PDF or text format.

  • How is Security Explorer licensed?
    • Security Explorer is licensed by the number of enabled users in the domain(s) managed. For more information on Security Explorer licensing, see the Licensing FAQs page.

  • How does this help with server, domain and NT4 migrations?
    • Security Explorer provides the ability to migrate access controls, and to clean up access post migration. Because Security Explorer can back and restore security settings to an alternate location, you can be sure that necessary access is in place on the new server(s) post migration.

      Security Explorer allows you to search for, report on, and revoke access assigned to orphaned SIDs from accounts not migrated or no longer in existence. Update SID history when cloning permissions by finding all permissions assigned to a user’s legacy SID and swapping it out with the SID from the new domain. Pair up accounts from one domain to another when cloning permissions. Match up accounts with the same name between two different domains and clone all permissions on one or more servers after the migration is complete.

      Security Explorer saves man-hours on every migration, and helps to ensure a smooth post-migration user experience. .

  • What is "Administrative Override?"
    • The Administrative Override feature means no more "Access Denied“ errors when managing permissions. Security Explorer can instantly modify the security settings of objects that administrators would normally have to take ownership of and then assign themselves permissions before modifying security.

  • Can't I perform these same tasks with native Windows tools?
    • Windows and AD provide a very granular and flexible way to define access rights to your network resources. But the complexity of the mechanisms and the limitations of the native tools make security management in a Windows environment very difficult.

      Sensitive resources can reside in numerous locations on the network: shared folders on file servers or storage devices, SharePoint sites, SQL databases, or Exchange mailboxes. Managing who has access to all of these resources is critical to ensuring security and compliance regulations are met. Relying on the native management interfaces and complex command line utilities to manage access across the various technologies is time consuming and error prone at best, and virtually impossible in many environments.

      Security Explorer replaces the built-in permission management interfaces for file servers and workstations, SharePoint, SQL Server, and Exchange. Performing all permission management tasks from an intuitive, security focused interface drastically improves administrator productivity and reduces potential errors that can lead to compliance issues or productivity loss. .

  • How does the permissions backup and restore function work?
    • Security Explorer only backups up the permissions for resources, and not the underlying data, which makes the backup operation very fast. Because only the permissions are backed up, administrators can easily recover from unplanned permission changes without having to restore from tape backup (which will also restore the underlying data – wiping out any changes that may have been made to the file).

      Backups can be scheduled or run on demand, ensuring there is always a recent copy from which to restore permissions if needed. Backup files can be imported to be visually compared against the live environment. Objects where permissions differ from the backup file to the live environment are highlighted.

      Administrators have the control to be able to restore the entire backup set and optionally recreate any folders that have been deleted, or they can drill down and selectively restore permissions to a single object or directory. Both permissions and ownership settings can be restored at the same time. Permissions can be restored to the same path from which they were backed up, to a different path, or even to a completely different server.

  • How does Security Explorer help me be more productive?
    • Security Explorer's rich, interactive interface allows for easy navigation of objects on file servers, SharePoint servers, SQL Servers, and Exchange and instantly shows both assigned and inherited permissions. Permissions for objects are prominently displayed with no need to open separate property windows.

      Security Explorer’s multi-threaded architecture gives administrators the ability to perform multiple functions simultaneously and continue working while those operations run in the background.

      Local caching of permissions matched with the ability to cancel the retrieval of permissions allow more time to manage and less time waiting on returning results. This feature is very useful when dealing with very large folder structures, web sites, SQL databases, or Exchange mailbox stores where there are potentially thousands or millions of objects. Security Explorer enumerates these items one time and then caches the results so that the next time you browse to the item, the results are returned immediately. The cache is also made persistent so that items remain cached even when the console is closed and reopened. The length of time to retain this cache is completely configurable and results can always be refreshed from within the console as well.

      The Outlook style look and feel and the Windows Explorer style tree view of permissions is very familiar for administrators, making the learning curve for the product minimal. Security Explorer also does not require the use of agents, nor does it require a database backend making the installation quick and easy.

  • Does Security Explorer help with Compliance?
    • Yes. Security Explorer gives administrators the ability to implement the security required by compliance standards such as Sarbanes-Oxley, HIPAA, GLBA and ITIL

ScriptLogic Product Maintenance


Security Explorer licensing

  • For more information on Security Explorer licensing, see the Licensing FAQs page.

ScritpLogic Awards