WIXLIB

ScriptLogic Security Explorer 6Getting Started Guide

SECURITY EXPLORER II 2007 by ScriptLogic CorporationAll rights reserved.This publication is protected by copyright and all rights are reserved by ScriptLogicCorporation. It may not, in whole or part, be copied, photocopied, reproduced,translated, or reduced to any electronic medium or machine‐readable form without priorconsent, in writing, from ScriptLogic Corporation. This publication supports SecurityExplorer 6.x. It is possible that it may contain technical or typographical errors.ScriptLogic Corporation provides this publication “as is,” without warranty of any kind,either expressed or implied.ScriptLogic Corporation6000 Broken Sound Parkway NWBoca Raton, Florida mark Acknowledgements:Security Explorer is a registered trademark of ScriptLogic Corporation in the UnitedStates and/or other countries. The names of other companies and products mentionedherein may be the trademarks of their respective owners.Printed in the United States of America (11/2007)UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER IIIDOCUMENTATION CONVENTIONSTypeface ConventionsBoldIndicates a button, menu selection, tab, dialog box title, text to type, selectionsfrom drop-down lists, or prompts on a dialog box.CONTACTING SCRIPTLOGICScriptLogic may be contacted about any questions, problems or concerns you mighthave at:ScriptLogic Corporation6000 Broken Sound Parkway NWBoca Raton, Florida 33487-2742561.886.2400 Sales and General Inquiries561.886.2450 Technical Support561.886.2499 Faxwww.scriptlogic.comSCRIPTLOGIC ON THE WEBScriptLogic can be found on the web at www.scriptlogic.com. Our web site offerscustomers a variety of information: Download product updates, patches and/or evaluation products. Search Frequently Asked Questions, for the answers to the most common non‐technical issues. Participate in Discussion Forums to discuss problems or ideas with other usersand ScriptLogic representatives.Locate product information and technical details.Find out about Product Pricing.Search the Knowledge Base for Technical Notes containing an extensivecollection of technical articles, troubleshooting tips and white papers.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER IVContentsINTRODUCTION . 5WHAT'S NEW IN SECURITY EXPLORER 6? . 9INSTALLING SECURITY EXPLORER . 10MINIMUM SYSTEM REQUIREMENTS . 10BEFORE YOU BEGIN . 10User Privilege Requirements. 11Install Microsoft .NET Framework 2. 11RUNNING THE SETUP WIZARD. 12STARTING SECURITY EXPLORER FOR THE FIRST TIME . 15Choosing Among Modes. 16Evaluation/Licensed Mode . 18Applying a License File. 18Evaluating the Product. 18VIEWING LICENSES . 19Removing a Server. 19MANAGING NETWORK DRIVES . 20Mapping a Network Drive . 20Disconnecting a Network Drive. 20QUICK START . 21EXAMINING THE MAIN WINDOW. 21Selecting Explorer Modules. 22Selecting Actions . 23MANAGING PERMISSIONS. 24Creating Test Folders and Files . 24Granting Permissions. 29Copying Permissions . 32Modifying Permissions . 34Propagating Permissions . 36Searching for Permissions. 37Revoking Permissions. 41BACKING UP SECURITY . 44MANAGING SERVICES . 45MANAGING TASKS . 47SUMMARY . 48TROUBLESHOOTING . 49INDEX . 50UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 5IntroductionSecurity Explorer is a powerful and intuitive solution that searches for and modifiesWindows NT/2000/XP/2003/Vista security on NTFS drives, file shares, the registry,printers, services, tasks, groups and users, SharePoint servers, and SQL servers. SecurityExplorer’s graphical interface increases administrator productivity and providescentralized control, simplifying and standardizing the management of the security ofWindows server resources.Security Explorer overcomes the difficulties encountered when using Explorer orcommand line tools to manage file security, services, and tasks. Comprehensive backup,restore, search, grant, revoke, clone and export functions take management ofpermissions to new levels. Tasks that were previously either impossible or extremelydifficult are now as simple as Point, Click, Done!Manage Permissions Instant Access to Security and PermissionsNo more navigating through files, folders and registry keys selecting Properties andtrying to find the Advanced button to see a complete security list! Security Explorerʹsinterface allows for easy navigation of files, folders, registry keys, shares, printers,services, tasks, and SharePoint servers, and instantly shows both assigned andinherited permissions.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 6 Comprehensive Security ManagementSecurity Explorer lists the current security settings, and allows full granting,revoking and modifying of permissions on NTFS volumes, the registry, file sharesand printers, as well as cloning permissions between accounts for domain and NT4migrations. Automated Clean‐up and Repair of PermissionsTighten security and eliminate orphaned permissions with automatic removal forunknown or deleted accounts. Update file and folder permissions with new SIDs andre‐assign orphaned permissions following migrations between domains, servers orfrom NT4 to Active Directory.Search Find security weaknesses and over‐privileged users as Security Explorer letsadministrators search NTFS volumes for specific assignments to all types of user andgroup, including permissions received through group memberships and inheritance,or where a user or group does not have a specific permission. Locate services and tasks on computers across your network.Manage Security Backup and Restore PermissionsRecovery from accidental changes to security settings has never been easier! SecurityExplorer can backup complete sets of permissions for files and folders, withouthaving to backup the data they contain. Security Explorer can also capturepermissions for registry keys, shares and printers. Administrators can then select anycombination of files, folders, registry keys, printers and shares to recover thosepermissions, without affecting the underlying data or resources.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 7Export Security Settings in Multiple FormatsSecurity Explorer can export a database or spreadsheet listing the permissions onfiles or folders anywhere in the directory tree.Manage Objects Administrative OverrideNo more ʺAccess Deniedʺ when setting permissions! Security Explorer can instantlymodify the security settings of file and folders that administrators would normallyhave to change to go through multiple steps to access. Assign OwnershipAdministrators can use Security Explorer to assign ownership to files and folderswithout the need for the Take Ownership right. Command Line ManagementSecurity Explorer has a full command line interface so you can script and schedulepermission management. Integrated with Windows ExplorerMany Security Explorer functions are integrated into the right‐click menu inWindows Explorer. Additionally, more Windows Explorer functions are nowavailable within Security Explorer, which means much less switching betweenwindows! Manage Services and TasksWith the Service Security and Task Management modules, you can manage servicesand tasks across your network.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 8 Manage Groups and UsersWith the Groups and Users Management module, you can create, modify, anddelete groups and users. You also can change user passwords. Manage SharePoint ServersWith the SharePoint Server Security module, you can manage your SharePointservers. Manage SQL ServersWith the SQL Server Security module, you can manage permissions on SQLdatabases, modify logins, and add logins to Server Roles.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 9WHAT'S NEW IN SECURITY EXPLORER 6?To see what is new in Security Explorer, please see article Q14887 ‐ INFO: SecurityExplorer 6.x Version History in the ScriptLogic Knowledge Base, which you can access at:http://www.scriptlogic.com/support/kb/UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 10Installing Security ExplorerSecurity Explorer is provided in a Windows Installer package format, which allows forrobust, self‐repairing of application files, and ease of installation and softwaredistribution. The Windows Installer service is included with Windows 2000 and later.MINIMUM SYSTEM REQUIREMENTSImportant: The minimum system requirements listed are for the computer on whichSecurity Explorer is installed. Security Explorer can be used to manage permissions onother computers that have Windows NT as an operating system. Processor: Pentium 600MHz or fasterOperating System: Windows 2000 or laterMicrosoft .NET Framework 2Disk Space: 50 MBMemory: 256 MBScreen resolution: 800x600Supported Versions of SharePoint for Security Explorer SharePoint 2007Supported Versions of SQL Server for Security Explorer SQL Server 2000SQL Server 2005SQL Server Express 2005Microsoft SQL Server Desktop Engine (MSDE)BEFORE YOU BEGINDownload the latest version of Security Explorer from the ScriptLogic Web site:http://www.scriptlogic.com/supportUPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 11User Privilege RequirementsIn order to start Security Explorer, a user must be a member of the local Administratorsor Power Users group, otherwise errors messages display.Install Microsoft .NET Framework 2If you do not have Microsoft .NET Framework 2 on the computer where you want toinstall Security Explorer, the Security Explorer installation process will provide anopportunity to download and install Microsoft .NET Framework 2.You will need to restart the install process once Microsoft .NET Framework 2 is installed,so to avoid this you might want to install it before you begin the installation of SecurityExplorer.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 12RUNNING THE SETUP WIZARDImportant: If you are running Active Administrator on the same computer as SecurityExplorer, exit Active Administrator and stop all Active Administrator services beforeupgrading to Security Explorer.1.After downloading Security Explorer, double‐click the .msi file. The Welcome boxappears.2.Click Next. The License Agreement box appears.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 133.Select I accept the terms in the license agreement, and then click Next. TheCustomer Information box appears.4.If necessary, change the default values in the User Name and Organization boxes.Also choose whether to permit access to all users or just yourself. Click Next. TheDestination Folder box displays the default installation path. To change the installation path, click Change, and then select a new path.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 145.Click Next. The Ready to Install box appears.6.Click Install. A progress bar displays the installation process.Note: If Microsoft .NET Framework 2 is not installed, you see a message box. ClickDownload the Microsoft .NET Framework 2. You will need to restart the SecurityExplorer installation process.When the installation is complete, the final box appears.7.Click Finish.UPDATED 19 NOVEMBER 2007

SECURITY EXPLORER 15STARTING SECURITY EXPLORER FOR THE FIRST TIMEDepending on your system, choose one of these ways to start Security Explorer:X Click Start, point to All Programs ScriptLogic Corporation Security Explorer 6, andthen select Security Explorer.X Click Start, and then clickEach time you run the program you are greeted by the splash screen, which displaysprogram version and copyright information. To view more detail about the version ofSecurity Explorer in use, choose About from the Help menu.The first time you start Security Explorer after installation, you see the Welcome box,which allows you to choose whether to run Security Explorer in free mode with limitedfunctionality, apply a license file for full functionality, or evaluate the full product.Note: If you are currently running Security Explorer 5 and Service Explorer 2, yourlicenses are converted into Security Explorer 6 server licenses. You do not see theWelcome screen. Security Explorer 6 opens to the main window.UPDATED 19 NOVEMBER 2007