Security Explorer


Security Explorer - Overview

Security Explorer - Overview

Use a single console to manage permissions for file systems, SharePoint, SQL Server and Exchange.

Security Explorer - Search

Security Explorer - Search

Searching for specific permissions across your enterprise is a simple task with Security Explorer.

Security Explorer - Manage

Security Explorer - Manage

Manage access (grant/revoke/modify) on Windows servers and desktops, as well as NAS/SAN devices.

Security Explorer - Recover

Security Explorer - Recover

Back up and restore access control lists separate from the associated data to maintain availability.

Security Explorer - Report

Security Explorer - Report

Create security reports or export a list for all locations that a user or group has access.

Security Explorer - Exchange

Security Explorer - Exchange

Find, manage and report on permissions for mailboxes, mailbox folders and more Exchange objects.

Security Explorer - SQL Server

Security Explorer - SQL Server

Determine who effectively has access to SQL Server resources, and restrict that access when needed.

Security Explorer - SharePoint

Security Explorer - SharePoint

Discover and manage SharePoint sites and permissions for users and AD or SharePoint groups.

Single platform for managing Microsoft server security in real time

  • Search Microsoft servers to see who has rights to resources enterprise-wide
  • Manage permissions across Microsoft servers from a central, unified console
  • Back up, baseline and restore security and permissions, retaining data integrity
  • Report on who has access to what to streamline security audits
  • Address post-migration security issues


Security Explorer provides a single console for managing access controls, permissions and security across Microsoft platforms that span multiple servers. The product provides a broad array of security enhancements including the ability to identify “who” has rights to resources across the entire organization. It also provides the ability to grant, revoke, clone, modify and overwrite permissions quickly and from a central location. Unlike native tools, Security Explorer provides the ability to back up and restore permissions only, ensuring the integrity of data. To help meet auditing requirements, Security Explorer provides convenient reports that can be pulled on the fly. Last, the product’s cleanup capabilities address common post-migration security issues.

Search Microsoft servers to see who has rights to resources enterprise-wide

Instantly see who has access to what in real time across Microsoft servers. Search for inherited or explicit permissions on file servers, Microsoft® Exchange server, Microsoft® SQL Server®, and Microsoft® SharePoint®. Even search for permissions to services, tasks, users and groups. Security Explorer’s single console eliminates the need to manually search each server for permissions.

Manage permissions across Microsoft servers from a central, unified console

Make targeted or bulk changes to servers with the ability to grant, revoke or modify permissions, even those applied with Windows Server 2012 Dynamic Access Control. View and manage group membership settings directly in the access control list for a resource. Overcome access-denied errors by forcing permissions onto protected objects. Security Explorer enables you to lock down permissions faster and easier.

Back up, baseline and restore security and permissions, retaining data integrity

The ability to back up and restore permissions, without having to restore data, means you can baseline access controls and revert to that baseline at any time. Easily recover from accidental or malicious changes, and ensure that compliance requirements are enforced.

Report on “who has access to what” to streamline security audits

Export a database or spreadsheet listing the permissions on items anywhere in the directory tree. Filter results to show only permissions that differ from the parent folder when exporting permissions. Perform targeted searches for all locations that a particular group or user has access across the network and export this data to create ad-hoc security reports.

Address post-migration security issues

Security Explorer provides the ability to migrate access controls, and to clean up access post migration. Because Security Explorer can back up and restore security settings to an alternate location, you can be sure that necessary access is in place on the new server(s). This shortens migrations and provides a smooth post-migration user experience.


Instant permission searching
Security Explorer tells you – in seconds – the users who have access to any given resource in your organization. Search for specific permission sets, including permissions applied with Dynamic Access Control, across all of your servers and client computers, and get results almost instantly. You can search by resource, claim type and more. When integrated with Enterprise Reporter, you get a user-centric view of file, folder and share permissions within the Security Explorer console.
Automated business-wide searching
You can execute searches that span multiple servers and resource types, including Exchange, file servers, SQL Server, SharePoint and more.
Deleted account seek & clean
Delete a user from Active Directory, and then Security Explorer can automatically remove the account from SharePoint and SharePoint groups, Exchange, workstations, SQL Server, file servers, and so on. Your entire environment stays clean, secure and compliant, with no need to manually search-and-delete accounts on your own.
One-stop permission management across platforms
Bring all of your organization’s access management into a single location: NTFS, Registry, printers, services, task management, SharePoint, SQL Server, and Exchange. Forget about opening a dozen consoles to set up permissions for new users – Security Explorer does it all in one place.
Permission cloning
Providing a user with the same permissions as another user is one of the most common security management tasks, and it’s no problem with Security Explorer’s clone feature. You can clone permissions and group membership settings from one account to another across Windows file servers, Exchange Servers, SharePoint Servers, SQL Servers and more.
Dynamic Access Control management
Enhance Windows Server 2012 Dynamic Access Control with Security Explorer’s ability to add, remove, modify, back up, restore, copy and paste permissions that include conditional expressions. When a workstation is part of the Windows Server 2012 domain, you can use Security Explorer to add, back up, restore, copy and paste permissions that include conditional expressions from a Windows 7 client.
Permission recovery independent from resources
Security Explorer enables you to back up and restore permissions, while retaining data integrity. Data remains available, content remains the same, servers remain online, and users remain productive.
Permission remediation
If somebody botches your carefully-constructed access rights, you can restore them with a few clicks. You can even compare live and backed-up permissions and review the differences.
Alternate location permission restoration
You can easily restore permissions to the same resources on another server or location, making migrations and troubleshooting fast, effective, and error free.
On-the-fly security reports
Create security reports that specify resources, groups, locations, users or any other criteria. Or, just export a list of permissions from a specific set of resources. Create targeted searches for user or group permissions, and export those search results as formatted reports. You can also generate reports directly from a resource that will show all permissions on that resource.
Pre-defined reports
Use Security Explorer’s powerful reports that include service and scheduled task information, as well as user and group membership settings for file servers, SharePoint, SQL Server and Exchange. Save time by instantly accessing common reports.
Flexible reporting formats
Export report data to spreadsheets or text files, filtering for the exact information you need – making auditing easier than ever. You can also start with pre-defined, formatted reports and export them as PDF, HTML, RTF and more. Even email reports directly to recipients, saving time and effort, as well as keeping everyone in the loop.
Service account password management
Change service logon account passwords enterprise-wide manually or automatically with scheduled tasks. Comply with complex password policies when automating password changes.
Migration cleanup
Security Explorer updates SID history, finds and removes orphaned SIDs and even pairs unrelated accounts, enabling you to organize your permissions before and after migration.


Server requirements

ProcessorPentium 600MHz or faster
Operating systems

Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows Server® 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Microsoft.NET Framework 4.0 or higher

Disk space50 MB
Memory (RAM)256 MB
Screen resolution1024 x 768

Microsoft supported products


Microsoft Office SharePoint Server 2007, Windows SharePoint Services 3.0, Microsoft SharePoint Server 2010, Microsoft SharePoint 2013, SharePoint Foundation 2010

SQL Server

SQL Server 2005, SQL Server Express 2005, SQL Server 2008, SQL Server 2008 R2,SQL Server 2012

Exchange Server

Microsoft Exchange 2003, Microsoft Exchange 2007, Microsoft Exchange 2010, Microsoft Exchange 2013, Mixture of Microsoft Exchange Servers

Detailed requirements

Download free trial to see the full list of system requirements.