Hello everyone, and thank you for joining us in today's presentation of Security Explorer. My name is Doug Maul, I'm one of the senior systems engineers, and I'll be conducting today's presentation. Security Explorer is a complete permission management solution. It will allow you to manage positions across your organization from a single console. The areas we can manage permissions are NTFS Security, Share Security, Registry Security, Printer and Service Security, Task Management, Group and User management, SharePoint, SQL, and Exchange. I'm going to go through each of these areas one by one, give a very general overview to give you an idea of how we can make life easier for you.
Security Explorer gets installed on any workstation or server. We do not require any kind of database back-end and we do not run agents on any of your servers. Everything that we're looking at functions in real time. So starting with NTFS Security, I'm simply going to browse my organization, I pull a server I want to manage. Now we see some red X's here, no problem. Those servers simply aren't being contacted because I have them powered off. What we're looking at is my server name, PENGUINDC.
And under PENGUINDC, I'm looking at a directory called DataShares. DataShares shares, that child directory is going to populate on the right. Whatever item I highlight, we will see permissions populate for that item on the bottom. So for my DataShares directory, we see permissions populated here. For example, Wile E. Coyote has list folder contents. Everyone, full control. Ronald Reagan, full control.
Now, these are areas I want to manage. What we're going to do is we're really eliminating the need for you to have to UNC path to a server to manage information. We're eliminating the need for you to have to RDP or remote connect into multiple servers to manage permissions. We're going to give you everything you need for the entire organization from this one console. So starting with DataShares, before I even start changing permissions, what Security Explorer will allow you to do is go ahead and backup security.
Now we could backup security at the parent folder, we could back up at the child folder. It just depends on where we're going to make our changes. So I'm going to make some changes on the parent DataShares. I've already backed up security. So really what I want to do here is I'm just remove Ronald Reagan. I'll go ahead and delete Wile E. Coyote's permissions. What I can do here is simply revoke those permissions.
Now if I want to go ahead and add permissions, I could do that also. Instead of using revoke, I simply hit add. Let me go ahead and revoke permissions here. I'm going to revoke Wile E. Coyote. And I need to just select the user and I'm going to revoke Ronald Reagan's and I'm going to remove those permissions. So we can see now this time, they did disappear. I'm left with only four permissions instead of the six. If I want to add permissions to this directory, it's the same thing. I simply right click, grant permissions, browse for the user that I want to add permissions, and I'm simply pulling information directly out of AD, and I can go ahead and add permissions.
Maybe I've made some massive changes, I need to roll this back, people are complaining. No problem. What I could do is I could simply go and restore security on this object by loading the backup I've taken already. The backup is a flat file. You can have it stored anywhere you want as long as accessible by Security Explorer at the time of restore. So I'm going to browse my backup, and we can see here all the child directories. Now, if I want to restore security on these child directories independently, I can, but I want to restore security on the parent level, which would be a DataShare directory.
The nice thing here is we're giving you current permissions versus backup permissions. So if I only want to restore deleted items, I could. I also have some options on the bottom left. I could restore the owner, I could even restore these permissions to a different path. What that's going to allow me do is take these permissions and restore them to a completely separate server or separate resource on a completely different part of the organization.
So I'm going to go ahead and I'm going to restore my permissions. Green check is good. And we can see here, Wile E. Coyote and Ronald Reagan have their permissions back on the DataShare. If I need to modify or change permissions on a child share, I can. Maybe I want to take Elmer Fudd's directory and make some changes here. I could do that also. We're not limited to only a parent or only a child directory.
If I'm not sure where someone has permissions, I can go ahead and perform a search. My search is scope-related. When I say scope-related, we can go ahead and narrow our search down. So if we have 18 terabytes of data, we don't necessarily want to search all 18 terabytes. If I only want to look at a certain directory or directories on certain servers, I can to run my search.
So I've added a search here where I have my local DataShare directory and then a remote server called TigerShark and directory DataShares there. I'm going to search for group or user permissions simply by browsing active directory. I've chosen to browse for Wile E. Coyote's permissions. I can include group memberships, that's what we're seeing here, search for permissions for groups. I have some other group options here as well.
I'm going to keep this search fairly simple, and I'm going to search for Wile E. Coyote. So really, any permissions, any effective permissions this user has that are assigned to the user, I can see here. I can see the resource. Now, I can go ahead directly out of the search and manage permissions. I don't need to go back and forth between servers, I don't need to run multiple searches. This is all self-contained.
I can specify permission search criteria, meaning I can search for specific folder permissions, file permissions-- we will get down to the file level-- or only a permission level or higher. For example, show me everywhere this user has full control. Everything that we're going to do on the Share Security, Registry Security, and Printer Security are going to be very similar to what you saw me do in NTFS Security. The one thing I want to mention is that when I backed up my permissions., I can go ahead and schedule this backup. So you don't need to manually come in here and back up your permissions. You can schedule that and have a kickoff daily, hourly, weekly, whatever you want.
Another area I want to touch on is Service Security. So what we're going to be able to do is manage our service security across every single server. If you need to stop, start services on 20 different service in one shot, we can do that. Some of the other benefits we're going to give you is the ability to browse services and browse for accounts that stop and start services. So if you want to browse your network and say, within my DNM domain, I want to search for services now. I have this PENGUINDC, we'll list all services, we'll show you if the services are stopped or started, and look at the properties of the service. You can manage the service independently.
It's nice to have, but one of the really nice features is the ability to search. So what I'm doing here is I'm saying search when a log-on account is equivalent to two or equal to a particular account name. An example here is you have a user that leaves the organization. Maybe that user set services to start under their AD account, but what happens when you disable that AD account is all these services stop. Now, that could be bad. Maybe you have land-managed services, maybe you have DNS services, maybe you have crucial services running under this account. It's going to be a big problem.
So before we disable that account in AD, we want to go ahead and search for everywhere this account is running services. So you could see here, I have the administrator account running quite a few services across multiple servers. The nice thing here is, I only have two servers, so it makes my job easier. With Security Explorer, it doesn't matter if it's two or if it's 2,000. What we're going to be able to do is simply shift click all these services. Now I can go ahead and look at the properties and I can change the log-on account to these services.
We're even telling you in red that we have clicked multiple services. Whatever change we make will be made across all of these services on all of these servers. I can also then automatically restart the service after making these changes in all these servers. Some of the other things I can do instead of looking to log-on account, maybe I want to search for a service name, where a service name is equal to, and I could type in the actual service name here. Maybe I want to say, show me everywhere land-managed server to server service or something like that. I could show all my servers. I'll keep it simple and just say, show me everywhere my DNS server is. So I have a single DNS server.
Our group and user management, everything that you're doing in ADUC to manage a user, we're pretty much going to give you here through Security Explorer. So if I take a user like Abe Lincoln and look at the active directory properties of this user, I can go ahead and make all the changes that we would make through native ADUC. I could change the member of, I could change the security groups, password replication. I can even click on the object, and you probably caught it, but I can go ahead and change the password directly out of Security Explorer as well. I can do the same thing for all of my active directory groups.
SharePoint and SQL Security will allow us to manage security across particular SharePoint site libraries as well SQL Server instances. My Exchange Security is going to allow me to manage security across all my exchange mailboxes across the entire exchange org. Now, we can get down to the actual named folder instance. What that means is you no longer have to go ahead and assign permissions across the entire mailbox. So I'm looking at Wile E. Coyote, and instead of looking at the entire Wile E. Coyote mailbox, if I want to say, show me everyone that has permissions on this user's calendar, I can do that. If I want to grant or revoke permissions on Wile E. Coyote's calender, I can do that simply by browsing mailboxes, I want to assign permissions to this user's calendar.
So if I want to say, for example, browse-- I was watching Die Hard last night-- Bruce Willis's permissions from Wile E. Coyote's folder, the calendar, I could do that. Now, you can see, the permissions are only going to be assigned to the calendar. The calendar is what's highlighted, Bruce Willis, and not other areas such as the inbox, such as the entire folder. That would be a security breach. We don't want Bruce Willis reading Wile E. Coyote's email, just any calendar appointments. I can go ahead and modify his security to the exchange security future, just like I did with NTFS.
Now, if you want to search for mailbox permissions, we can do this just like we did for NTFS. I simply create my scope-- in other words, I choose the mailboxes, I choose the account. We fully support the wild card entry, as you can see, and I simply hit start search. So show me everywhere on these mailboxes, these four mailboxes that Wile E. Coyote has permissions. We can see here, Wile E. Coyote has permissions on the calendar and the inbox of Bruce Willis, and not on Carrie Fisher, Daniel Day Lewis, or Halle Berry. If I want to exclude directory permissions and public folders and show me only the straight mailbox permissions, I could do that too. This should not change anything, and it hasn't.
So that is Security Explorer. Complete permission management solution to really make life easier and help you function more efficiently in permission and security management within your active directory infrastructure. Once again, my name is Doug Maul. Thank you for joining us today.