Security Explorer 9.5. About Security Explorer 9.5. New features. June 2014

(1)

Security Explorer 9.5

Release Notes

June 2014

These release notes provide information about Dell™ Security Explorer 9.5. • About Security Explorer 9.5

• New features

• Resolved issues

• Known issues

• System requirements

• Product licensing

• Getting started with Security Explorer

• Globalization

• About Dell

About Security Explorer 9.5

Security Explorer provides a single console for managing access controls, permissions, and security across Microsoft platforms that span multiple servers. The product provides a broad array of security enhancements including the ability to identify who has rights to resources across the entire organization. It also provides the ability to grant, revoke, clone, modify, and overwrite permissions quickly and from a central location.

Unlike native tools, Security Explorer provides the ability to back up and restore permissions only, ensuring the integrity of data. To help meet auditing requirements, Security Explorer provides convenient reports that can be generated at your convenience. Lastly, the product’s cleanup capabilities address common post-migration security issues.

Security Explorer 9.5 is a minor release, with enhanced features and functionality. See New features.

New features

New features in Short Product Name Version: • Additional supported platforms:

• NetApp®_{8.2 (7-Mode and Clustered Mode)}

• Dell™ FluidFS

(2)

• Change account login for services—The new Bulk Change Password task is available in the Service Security module. You can search Windows® _{services by the logon account and by either computer or}

domain. From the resultant list of services, you can change the password for the logon account. • Schedule password changes for services—The new Scheduled Tasks task in the Service Security module

provides you the option to schedule password changes for service logon accounts.

• Sort options for Exchange mailboxes— Using Tools | Options | Exchange tab, you can specify how to sort mailboxes in the Navigation tree. You can sort mailboxes by display name, first name, or last name. Once you make a change, refresh the tree to see the new sort order.

• Add shares to a Search Scope— In previous versions of Security Explorer, you could only add computers and domains to a Search Scope. In version 9.5, you now can add shares to a Search Scope.

• PowerShell cmdlets accept multiple permission level arguments— SXPSharePointGrant and Set-SXPSharePointRevoke commandlets can be used to grant and revoke multiple permission levels. In previous versions, you could grant and revoke permissions for one permission level only.

Resolved issues

The following is a list of issues addressed in this release.

Table 1. General resolved issues

Resolved issue Issue ID

The Active Directory tree node does not appear after enabling it on the View menu. 1850

Cannot create an Enterprise Scope with an empty name. 2259

PowerShell commandlets: Set-SXPExport to Access database does not work. 1955

PowerShell commandlets: Set-SXPSharePointRevoke does not work for SharePoint

Groups. 1988

Command line utilities: SXPExport to CSV file is tab-delimited. 2501

Table 2. NTFS Security resolved issues

Scheduled export to tab-delimited file works incorrectly. 2355

Set Ownership works incorrectly if domain account is selected from the Set

Ownership list. 2174

Attempting to modify a file deny permission results in an Invalid Pointer error. 2329

Table 3. Share Security resolved issues

(3)

Table 4. Task Management resolved issues

An error occurs when setting account information for remote scheduled tasks. 2288

Table 5. SQL Security resolved issues

Incorrect error message occurs after attempting to modify inherited permissions. 1855

Stop service works incorrectly. 2492

Table 6. Exchange Security resolved issues

Cannot set Read Items permissions for the Calendar Mailbox Folder in the Grant and

Modify dialog boxes if several Advanced Permissions are selected. 2065 Cannot select Free/Busy time, subject, and location permission in Advanced

Permission Selection. 2405 Cannot copy permissions under alternate credentials when the Clone group

memberships checkbox is selected. 2024

Cannot manage Exchange after changing the port. 2103

Cannot add a member (with complex Name) to a group in Exchange Administrators. 2163

Exchange 2013: The Search for Public Folder permissions option does not work. 2324

Backup file for an alphabetic group is not created after it is scheduled and run in

Task Manager. 2126

Table 7. SharePoint Security resolved issues

SharePoint Group Membership Report titles are a problem if multiple paths reported. 2478

Search for exact permission levels or better should work for all permission levels with

the same masks, independently on permission level names and languages. 2583 Remove Members task does not work. 2165

Problems with authentication: errors occur for Site Collection Administrators and

SharePoint groups 2540 Cannot grant multiple accounts in Grant Task. 1845

Copying permissions between site collections works incorrectly. 2199

Permissions are lost when a custom level is renamed. 1881

It is impossible to search in a new window under alternative credentials. 1980

Cannot grant permissions to Everyone and Authenticated Users with claims-based

authentication. 2178

(4)

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 8. NTFS Security known issues

Known issue Issue ID

The Progress window goes through all subfolders and files when permissions are

granted and the This folder only checkbox is selected. 360926

Table 9. SQL Security known issues

It is necessary to restart the Remote Registry service, if it was not used for more than several minutes, to see SQL instances installed on Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.

360943

Table 10. Exchange Security known issues

The Revoke Disabled and Revoke Unknown tasks do not work for Public Folders. 350968

Cannot create a mailbox for a new user if Exchange 2013 is in the mode: Active

Directory split permission security model to the Exchange organization. 350971

Table 11. SharePoint Security known issues

Cannot change Active Directory permissions under alternate credentials. 352844 Restoring permissions to a different path can work only if the source and target sites

are identical. If one site item is different, permissions cannot be restored to all site items.

360925

Table 12. Task Management known issues

Cannot set Active Directory group accounts to task user accounts. 351142

Cannot copy tasks configured to run with group accounts. 351143

Cannot change network connection for remote tasks. 351127

Table 13. Dell Fluid FS support known issues

Security Explorer cannot get the local groups list in all modules. 350974

Cannot see Group Contents for local groups. 350975

(5)

Group and User Management: Cannot delete local users. 350977

Group and User Management: Cannot see the local groups list in the Select account

dialog box. 350978

Group and User Management: Domain Group appears in Group Properties dialog box. 350979

Group and User Management: Error occurs in the Clear Local Admin task. 350980

Group and User Management: Memberships list is empty. 350981

NTFS Security: Cannot see Group Contents for local groups. 350983

NTFS Security: Cannot see Memberships for local users after selecting a container. 350984

NTFS Security: Cannot rename local accounts. 350985

NTFS Security: Cannot search for permissions on the root. 350986

NTFS Security: In the Search function, an error occurs after selecting a local user and

enabling the Include all group memberships checkbox. 350987

NTFS Security: An error occurs after attempting to create a share. 350988

NTFS Security and Share Security: It is impossible to add any user (domain or local)

into a local group. 350989 NTFS Security: Cannot back up security when the Include SACL checkbox is selected. 350991

NTFS Security and Share Security: Cannot search for disabled accounts. 350992

System requirements

Before installing Security Explorer 9.5, ensure that your system meets the following minimum hardware and software requirements.

• Hardware requirements

• Software requirements

• Supported platforms for Security Explorer

• User privilege requirements

• Required software for Microsoft Exchange 2013 for Security Explorer

• Setting up Microsoft Exchange for Security Explorer

• Upgrade and compatibility

Hardware requirements

Table 14. Hardware requirements

Requirement Details

Processor Pentium® 600MHz or faster

Memory 768 MB for Windows XP and Windows 2003 1 GB for Windows Vista® and later Hard Disk space 150 MB

(6)

Operating System • Windows XP • Windows Vista • Windows 7 • Windows 8 • Windows 8.1 • Windows Server® 2003 • Windows Server 2008 • Windows Server 2008 R2 • Windows Server 2012 • Windows Server 2012 R2

• NetApp® 8.2 (7-Mode and Clustered Mode) • Dell FluidFS

Software requirements

Table 15. Software requirements

.Net Framework v.4.0 or later Install either the Full or Standalone version. Do not install just the Client Profile.

Supported platforms for Security Explorer

Table 16. Supported platforms for Security Explorer

Security Explorer Module Supported Platform

NTFS Security Share Security Registry Security Printer Security Service Security Task Management

Group & User Management

Windows NT 4.0

Windows 2000 Professional or Server Windows XP Windows Vista Windows 7 Windows 8 Windows 8.1 Windows 2000 Server Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 NTFS Security Share Security

Group & User Management

NetApp® 8.2 (7-Mode and Clustered Mode)

NOTE: Security Explorer supports CIFS volumes. Mixed CIFS/UNIX volumes are supported if the volume root owner is a Windows account.

(7)

Security Explorer Module Supported Platform

NTFS Security

Share Security Dell FluidFS SQL Security SQL Server® 2014

SQL Server 2012 SQL Server 2008 R2 SQL Server 2008 SQL Server 2005 SharePoint Security SharePoint® 2013

SharePoint 2010 SharePoint Foundation SharePoint 2007 SharePoint Services 3.0 Exchange Security Exchange 2013

Exchange 2010 Exchange 2007 Exchange 2003

User privilege requirements

To start Security Explorer, a user must be a member of the local Administrators, otherwise error messages display. Each module in Security Explorer has additional requirements to enable permission management.

Table 17. Requirements to enable permission management

Module Requirement

NTFS Security To manage permissions on folders and files on remote computers, the File and printer sharing option must be enabled on the firewall on the computer with Security Explorer installed and on the remote computer. Share Security To manage permissions on shares on remote computers, the File and

printer sharing option must be enabled on the firewall on the computer with Security Explorer installed and on the remote computer.

Registry Security To manage permissions on registry keys on remote computers, the file and printer sharing option must be enabled on the firewall on the computer with Security Explorer installed and on the remote computer. Printer Security To manage permissions on printers on remote computers:

• The Printer Spooler service must be running on the target computer.

• The File and printer sharing option must be enabled on the firewall on the computer with Security Explorer installed. Service Security To manage permissions on services on remote computers, the File and

printer sharing option must be enabled on the firewall on the computer with Security Explorer installed and on the remote computer.

Task Management To manage tasks on remote computers, the File and printer sharing option must be enabled on the firewall on the computer with Security Explorer installed and on the remote computer.

(8)

Module Requirement

SharePoint Security To manage permissions on SharePoint servers, the SharePoint site must be on the same network as the computer on which Security Explorer is installed.

To manage SharePoint sites exposed over SSL (https://), add the SharePoint server’s certificate to the Trusted Root Certification Authorities store on the computer with Security Explorer installed. SQL Server Security To manage permissions on SQL Servers:

• Remote Registry service should be started on remote SQL servers.

• Computer Browser service should be started on the computer where Security Explorer installed.

• Current user must be a member of the Administrators local group on the SQL server.

• Windows Firewall on remote SQL servers must be configured to allow 'file and printer sharing' and network access with the SQL instance(s).

For more information please refer to: Configure the Windows Firewall to Allow SQL Server Access at

http://msdn.microsoft.com/en-us/library/cc646023.aspx

Exchange Security To manage permissions on the Exchange organization, the Exchange organization must be on the same Active Directory® forest as the computer on which Security Explorer is installed.

Required software for Microsoft Exchange

2013 for Security Explorer

NOTE:For previous versions of Microsoft Exchange and mixed mode configurations, refer to Security Explorer Installation Guide.

Table 18. Required software for Microsoft Exchange 2013

Client type Required software

Windows XP

Windows Server 2003 Windows Vista

NOTE: Cannot manage Exchange 2013.

Windows Server 2008 • NET Framework 3.5 Service Pack 1 • Power Shell 2.0

• NET Framework 4.5 Full

• Extended Protection for Authentication • PowerShell 3.0

Windows 7

Windows Server 2008 R2

• NET Framework 4.5 Full • Power Shell 3.0 Windows 8

Windows Server 2012

(9)

Setting up Microsoft Exchange for Security

Explorer

Client access server configuration

1 Check that all Exchange Windows services with Automatic startup are started.

2 Check that IIS Admin Service and World Wide Web Publishing Service IIS Services are started. 3 Check that the Exchange Web Application is configured correctly in IIS:

• Authentication: Windows Authentication is Enabled • SSL Settings: Require SSL is switched on

4 Exchange Server 2010 and 2013 only: Enable PowerShell Remoting on the Exchange Server by running the PowerShell command: Enable-PSRemoting –force.

Client Configuration

1 Open port 443 on the firewall.

2 Install an Exchange Server SSL certificate.

Upgrade and compatibility

Security Explorer 9 does not require that you uninstall version 5, version 6, version 7, or version 8. You can install Security Explorer 9.5 side-by-side with all of these previous versions.

Product licensing

You must have a new license file to use version 9. Your previous licenses will not be recognized by version 9. A utility is provided to upgrade your version 7 or 8 license to version 9. You can launch the license upgrade utility (LicenseUpgrade.exe) from the Auto Run feature or from the Security Explorer installation folder.

To upgrade your license

1 Launch the autorun.

2 Click Run to launch the License Update Utility.

3 Click Find Now to locate your current license.

4 Click Get License to generate a version 9 license.

To activate a trial or purchased commercial license

1 Start Security Explorer.

When you start Security Explorer, a license check is performed. If you are installing Security Explorer for the first time, you are asked to update the license.

2 Click Update License and locate the license file. The license file is approximately 1 KB in size and has

(10)

To update a license

1 Start Security Explorer.

2 Select Help | About Security Explorer.

• To view the applied licenses, click Licenses. • To update a selected license, click Update License.

Getting started with Security Explorer 9.5

• Installation instructions

• Additional resources

Installation instructions

IMPORTANT:If you are running Active Administrator on the same computer as Security Explorer, exit Active Administrator and stop all Active Administrator services before upgrading to Security Explorer. Use the autorun to install Security Explorer.

To install Security Explorer

1 Launch the autorun.

2 On the Welcome screen of the Install Wizard, click Next.

3 Click View License Agreement.

4 Scroll to the end of the license agreement. 5 Click I accept these terms, and click OK.

6 Click Next.

7 Enter customer information, and click Next.

8 To change the location of the program files, click Change, or click Next to accept the default

installation directory. 9 Click Install.

10 Click Finish.

Additional resources

Additional information is available from the following:

• Online product documentation ( https://support.software.dell.com/security-explorer/release-notes-guides)

(11)

Globalization

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan.

About Dell

Dell listens to customers and delivers worldwide innovative technology, business solutions and services they trust and value. For more information, visit www.software.dell.com.

Contacting Dell

Technical support:

Online support

Product questions and sales: (800) 306-9329

Email:

[email protected]

Technical support resources

Technical support is available to customers who have purchased Dell software with a valid maintenance contract and to customers who have trial versions. To access the Support Portal, go to

http://software.dell.com/support/.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. In addition, the portal provides direct access to product support engineers through an online Service Request system.

The site enables you to:

• Create, update, and manage Service Requests (cases) • View Knowledge Base articles

• Obtain product notifications

• Download software. For trial software, go to Trial Downloads. • View how-to videos

(12)

This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Dell Inc.

The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document.

If you have any questions regarding your potential use of this material, contact: Dell Inc.

Attn: LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656

Refer to our web site (software.dell.com) for regional and international office information.

Trademarks

Dell, and the Dell logo are trademarks of Dell Inc. Microsoft, Windows, Windows Server, Windows Vista, SharePoint, SQL Server, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Pentium is a trademark of Intel Corporation in the U.S. and/or other countries. NetApp and the NetApp logo are trademarks or registered trademarks of NetApp, Inc. in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others.

Legend

CAUTION:A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

WARNING:A WARNING icon indicates a potential for property damage, personal injury, or death.