Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Security Explorer Installation Guide

®
Security Explorer 9.1
Installation Guide
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
ii
© 2013 by Quest Software
All rights reserved.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished
under a software license or nondisclosure agreement. This software may be used or copied only in accordance with
the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any
means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s
personal use without the written permission of Quest Software, Inc.
The information in this document is provided in connection with Quest products. No license, express or implied, by
estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of
Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE
LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND
DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY
DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING,
WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF
INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with
respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to
specifications and product descriptions at any time without notice. Quest does not make any commitment to update
the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
Quest Software World Headquarters
LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656
www.quest.com.
email: legal@quest.com
Refer to our Web site for regional and international office information.
Trademarks
Quest, Quest Software, the Quest Software logo, Simplicity at Work and Security Explorer are trademarks of Quest
Software, Inc. and its subsidiaries. For a complete list of Quest Software trademarks, see
www.quest.com/legal/trademarks.aspx. All other trademarks are property of their respective owners.
Security Explorer Installation Guide
October 2013
Version 9.1.1
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
iii
About Quest Software Corporation
Quest Software simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our
innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and
money across physical, virtual and cloud environments. For more information about Quest go to www.quest.com.
Contacting Quest Software
Phone
949.754.8000 (United States and Canada)
Email
info@quest.com
Mail
Quest Software, Inc.
World Headquarters
5 Polaris Way
Aliso Viejo, CA 92656
USA
Web site
www.quest.com
Please refer to our Web site for regional and international office information.
Contacting Quest Support
Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest
product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to SupportLink, our
self-service portal. Visit SupportLink at http://support.quest.com.
From SupportLink, you can do the following:
•
Review thousands of solutions from our online Knowledgebase
•
Download the latest releases and service packs
•
Create, update and review Support cases
View the Global Support Guide for a detailed explanation of support programs, online services, contact information,
and policy and procedures. The guide is available at: http://support.quest.com.
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
iv
Table of Contents
Minimum System Requirements................................................................................................................................. 1
Supported Platforms for Security Explorer Modules ................................................................................................... 1
Minimum Requirements for Microsoft Exchange ........................................................................................................ 2
Client Access Server Configuration ........................................................................................................................ 2
Client Configuration ................................................................................................................................................ 2
Supported Versions of Microsoft Exchange for Security Explorer .............................................................................. 3
Exchange 2003 ....................................................................................................................................................... 3
Exchange 2007 ....................................................................................................................................................... 4
Exchange 2010 ....................................................................................................................................................... 4
Exchange 2013 ....................................................................................................................................................... 5
Mixed Mode (Exchange 2003 – 2007) .................................................................................................................... 5
Mixed Mode (Exchange 2003 – 2010) .................................................................................................................... 7
Mixed Mode (Exchange 2007 – 2010) .................................................................................................................... 8
Mixed Mode Exchange 2007 - 2013 ....................................................................................................................... 9
Mixed Mode Exchange 2010 – 2013 .................................................................................................................... 10
User Privilege Requirements.................................................................................................................................... 10
Permission Requirements to Manage Microsoft Exchange in Security Explorer ...................................................... 11
Exchange 2003 ..................................................................................................................................................... 12
Exchange 2007 ..................................................................................................................................................... 12
Exchange 2010 ..................................................................................................................................................... 13
Exchange 2013 ..................................................................................................................................................... 13
Mixed Mode (Exchange 2003 – 2007) .................................................................................................................. 14
Mixed Mode (Exchange 2003 – 2010) ................................................................................................................... 14
Mixed Mode (Exchange 2007 – 2010) ................................................................................................................... 15
Mixed Mode (Exchange 2007 – 2013) .................................................................................................................. 15
Mixed Mode (Exchange 2010 – 2013) .................................................................................................................. 16
Requirements for Managing Permissions................................................................................................................. 17
Upgrading Security Explorer .................................................................................................................................... 18
Back Up Your Files................................................................................................................................................... 18
Licenses ................................................................................................................................................................... 18
Quest Access Manager ............................................................................................................................................ 18
Downloading Installation Files ................................................................................................................................. 18
Upgrading Your License............................................................................................................................................ 19
Installing Security Explorer....................................................................................................................................... 19
Starting Security Explorer ......................................................................................................................................... 19
Applying a License File ............................................................................................................................................ 19
Joining the Software Improvement Program........................................................................................................... 20
Troubleshooting......................................................................................................................................................... 21
Using Log Files ........................................................................................................................................................ 21
Installation Issues with Windows 64 bit Operating Systems ..................................................................................... 21
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
Minimum System Requirements
Important: The minimum system requirements listed are for the computer on which Security Explorer is
installed. Security Explorer can be used to manage permissions on other computers that have Windows
NT or Windows 2000 as an operating system.
•
Processor: Pentium 600MHz or faster
•
Disk Space: 50 MB
•
Memory: 256 MB
•
Screen resolution: 1024 x 768
•
Windows XP, Vista, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server
2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
•
Microsoft .NET Framework 4.0 or later
Note: Install either the Full or Standalone version. Do not install just the Client Profile. If you do not
have Microsoft .NET Framework 4 on the computer where you want to install Security Explorer, the
Security Explorer installation process provides an opportunity to download and install Microsoft .NET
Framework 4. You must restart the install process once Microsoft .NET Framework 4 is installed, so
to avoid this you might want to install it before you begin the installation of Security Explorer.
Supported Platforms for Security Explorer Modules
Security Explorer Module
Supported Platform
NTFS Security
Share Security
Registry Security
Printer Security
Service Security
Task Management
Group & User Management
Windows NT 4.0
Windows 2000 Workstation
Windows XP
Windows Vista
Windows 7
Windows 8
Windows 8.1
SQL Security
SQL Server 2012
SQL Server 2008 R2
SQL Server 2008
SQL Server 2005
SharePoint Security
SharePoint 2013
SharePoint 2010
SharePoint Foundation
SharePoint 2007
SharePoint Services 3.0
Exchange Security
Exchange 2013
Exchange 2010
Exchange 2007
Exchange 2003
Updated 24 October 2013
Windows 2000 Server
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
1
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
Minimum Requirements for Microsoft Exchange
Client Access Server Configuration
1. Check that all Exchange Windows services that have Automatic startup type are started.
2. Check that IIS Admin Service and World Wide Web Publishing Service IIS Services are started.
3. Check that the Exchange Web Application is configured correctly in IIS:
•
Authentication: Windows Authentication is Enabled
•
SSL Settings: Require SSL is switched on
4. Exchange Server 2010 and 2013 only: Enable PowerShell Remoting on the Exchange Server by
running the PowerShell command: Enable-PSRemoting –force.
Client Configuration
1. Open port 443 on the firewall.
2. Install an Exchange Server SSL certificate.
Updated 24 October 2013
2
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
3
Supported Versions of Microsoft Exchange for
Security Explorer
Exchange 2003
Client Type
Prerequisites
Windows XP 32-bit
Windows Server 2003 32-bit
• Windows Server 2003 Administration Tools Pack:
http://www.microsoft.com/en-us/download/details.aspx?id=6315
• IIS Services Manager from Windows Components
• System Manager from Exchange 2003 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=9664
• NET Framework 4.0 Full:
http://www.microsoft.com/en-us/download/details.aspx?id=17718
Windows XP 64-bit
Windows Server 2003 64-bit
Windows 8 32/64-bit
Windows Server 2012
Cannot manage Exchange 2003
Windows Vista 32/64-bit
Windows 7 32/64-bit
Windows Server 2008 32/64-bit
Windows Server 2008 R2
• IIS 6.0 Management Compatibility from Windows Features
• Exchange Server MAPI Client and Collaboration Data Objects 1.2.1:
http://www.microsoft.com/en-us/download/details.aspx?id=6248
• Exchange 2003 System Manager for Windows Vista:
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=17836
(on Windows 7 or Windows 2008 R2 extract ESMVista.msi and run it with
parameter /quiet)
• NET Framework 4.0 or 4.5 Full:
4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17718
4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
4
Exchange 2007
Client Type
Prerequisites
Windows XP 32/64-bit
Windows Server 2003 32/64-bit
• NET Framework 2.0:
http://www.microsoft.com/en-us/download/details.aspx?id=1639
• NET Framework 4.0 Full:
http://www.microsoft.com/en-us/download/details.aspx?id=17718
• PowerShell 1.0:
http://support.microsoft.com/kb/926139
• IIS Services Manager from Windows Components
• Windows Installer 4.5:
http://www.microsoft.com/en-us/download/details.aspx?id=8483
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Windows Vista 32/64-bit
Windows Server 2008 32/64-bit
Windows 7 32/64-bit
Windows Server 2008 R2
• IIS 6.0 Management Compatibility from Windows Features
• PowerShell 1.0 from Windows Features (for Windows Vista and Server 2008 only)
• NET Framework 4.0 or 4.5 Full:
4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17718
4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Windows 8 32/64-bit
Windows Server 2012
• IIS 6.0 Management Compatibility from Windows Features
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Exchange 2010
Client Type
Prerequisites
Windows XP 32/64-bit
Windows Server 2003 32/64-bit
• NET Framework 2.0:
http://www.microsoft.com/en-us/download/details.aspx?id=1639
• NET Framework 4.0 Full:
http://www.microsoft.com/en-us/download/details.aspx?id=17718
• PowerShell and WinRM 2.0:
http://support.microsoft.com/kb/968930
Windows Vista 32/64-bit
Windows Server 2008 32/64-bit
• PowerShell and WinRM 2.0:
http://support.microsoft.com/kb/968930
• NET Framework 4.0 or 4.5 Full:
4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17718
4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653
Windows 7 32/64-bit
Windows Server 2008 R2
• NET Framework 4.0 or 4.5 Full:
4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17718
4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653
Windows 8 32/64-bit
Windows Server 2012
• NET Framework 4.5 and PowerShell 3.0 already included
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
Exchange 2013
Client Type
Prerequisites
Windows XP 32/64-bit
Windows Server 2003 32/64-bit
Windows Vista 32/64-bit
Cannot manage Exchange 2013
Windows Server 2008 32/64 bit
• NET Framework 3.5 sp1
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=22
• Power Shell 2.0
http://support.microsoft.com/kb/968930
• NET Framework 4.5
http://www.microsoft.com/en-us/download/details.aspx?id=30653
• Extended Protection for Authentication
http://support.microsoft.com/kb/968389
• Power Shell 3.0
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Windows Server 2008 R2
Windows 7 32/64-bit
• NET Framework 4.5:
http://www.microsoft.com/en-us/download/details.aspx?id=30653
• Power Shell 3.0:
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Windows 8 32/64-bit
Windows Server 2012
NET Framework 4.5 and PowerShell 3.0 already included
Mixed Mode (Exchange 2003 – 2007)
Client Type
Prerequisites
Windows XP 32-bit
Windows Server 2003 32-bit
• IIS Services Manager from Windows Components
• NET Framework 2.0:
http://www.microsoft.com/en-us/download/details.aspx?id=1639
• NET Framework 4.0 Full:
http://www.microsoft.com/en-us/download/details.aspx?id=17718
• PowerShell 1.0:
http://support.microsoft.com/kb/926139
• Windows Server 2003 Administration Tools Pack:
http://www.microsoft.com/en-us/download/details.aspx?id=6315
• System Manager from Exchange 2003 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=9664
• Windows Installer 4.5:
http://www.microsoft.com/en-us/download/details.aspx?id=8483
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Updated 24 October 2013
5
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
Client Type
Prerequisites
Windows XP 64-bit
Windows Server 2003 64-bit
(Can manage Exchange 2007
only)
• IIS Services Manager from Windows Components
6
• NET Framework 2.0:
http://www.microsoft.com/en-us/download/details.aspx?id=1639
• NET Framework 4.0 Full:
http://www.microsoft.com/en-us/download/details.aspx?id=17718
• PowerShell 1.0:
http://support.microsoft.com/kb/926139
• Windows Installer 4.5:
http://www.microsoft.com/en-us/download/details.aspx?id=8483
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Windows Vista 32/64-bit
Windows Server 2008 32/64-bit
Windows 7 32/64-bit
Windows Server 2008 R2
• IIS 6.0 Management Compatibility from Windows Features
• Exchange Server MAPI Client and Collaboration Data Objects 1.2.1:
http://www.microsoft.com/en-us/download/details.aspx?id=6248
• Exchange 2003 System Manager for Windows Vista:
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=17836
(on Windows 7 and Windows Server 2008 R2 extract ESMVista.msi and run it with
parameter /quiet)
• NET Framework 4.0 or 4.5 Full:
4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17718
4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Windows 8 32/64-bit
Windows Server 2012
(Can manage Exchange 2007
only)
• IIS 6.0 Management Compatibility from Windows Features
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
7
Mixed Mode (Exchange 2003 – 2010)
Client Type
Prerequisites
Windows XP 32-bit
Windows Server 2003 32-bit
• IIS Services Manager from Windows Components
• NET Framework 2.0:
http://www.microsoft.com/en-us/download/details.aspx?id=1639
• NET Framework 4.0 Full:
http://www.microsoft.com/en-us/download/details.aspx?id=17718
• PowerShell and WinRM 2.0:
http://support.microsoft.com/kb/968930
• Windows Server 2003 Administration Tools Pack:
http://www.microsoft.com/en-us/download/details.aspx?id=6315
• System Manager from Exchange 2003 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=9664
Windows XP 64-bit
Windows Server 2003 64-bit
(Can manage Exchange 2010 only)
• NET Framework 2.0:
http://www.microsoft.com/en-us/download/details.aspx?id=1639
• NET Framework 4.0 Full:
http://www.microsoft.com/en-us/download/details.aspx?id=17718
• PowerShell and WinRM 2.0:
http://support.microsoft.com/kb/968930
Windows Vista 32/64-bit
Windows Server 2008 32/64-bit,
Windows 7 32/64-bit
Windows Server 2008 R2
• IIS 6.0 Management Compatibility from Windows Features
• Exchange Server MAPI Client and Collaboration Data Objects 1.2.1:
http://www.microsoft.com/en-us/download/details.aspx?id=6248
• Exchange 2003 System Manager for Windows Vista:
http://www.microsoft.com/enus/download/details.aspx?displaylang=en&id=17836
(on Windows 7 and Windows Server 2008 R2 extract ESMVista.msi and run it
with parameter /quiet)
• NET Framework 4.0 or 4.5 Full:
4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17718
4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653
• PowerShell and WinRM 2.0 (for Windows Vista and Windows Server 2008
only):
http://support.microsoft.com/kb/968930
Windows 8 32/64-bit
Windows Server 2012
(Can manage Exchange 2010 only)
• NET Framework 4.5 and PowerShell 3.0 already included
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
Mixed Mode (Exchange 2007 – 2010)
Client Type
Prerequisites
Windows XP 32/64-bit,
Windows Server 2003 32/64-bit
• NET Framework 2.0:
http://www.microsoft.com/en-us/download/details.aspx?id=1639
• NET Framework 4.0 Full:
http://www.microsoft.com/en-us/download/details.aspx?id=17718
• PowerShell and WinRM 2.0:
http://support.microsoft.com/kb/968930
• IIS Services Manager from Windows Components
• Windows Installer 4.5:
http://www.microsoft.com/en-us/download/details.aspx?id=8483
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Windows Vista 32/64-bit
Windows Server 2008 32/64-bit
• PowerShell and WinRM 2.0:
http://support.microsoft.com/kb/968930
• NET Framework 4.0 or 4.5 Full:
4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17718
4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653
• IIS 6.0 Management Compatibility from Windows Features
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Windows 7 32/64-bit
Windows Server 2008 R2
• NET Framework 4.0 or 4.5 Full:
4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17718
4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653
• IIS 6.0 Management Compatibility from Windows Features
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Windows 8 32/64-bit
Windows Server 2012
• IIS 6.0 Management Compatibility from Windows Features
• Management Tools from Exchange Server 2007 Installation Package:
http://www.microsoft.com/en-us/download/details.aspx?id=24111
Updated 24 October 2013
8
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
9
Mixed Mode Exchange 2007 - 2013
Client Type
Prerequisites
Windows XP 32/64-bit
Windows Server 2003 32/64-bit
Windows Vista 32/64-bit
Cannot manage Mixed Mode Exchange 2007 - 2013
Windows Server 2008 sp2 32/64-bit
• IIS 6.0 Metabase Compatibility and Management Console from Roles
• Web Server (IIS) Tools from Features
• NET Framework 3.5 sp1
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=22
• Power Shell 2.0
http://support.microsoft.com/kb/968930
• Management Tools from Exchange Server 2007 sp3 Installation Package
http://www.microsoft.com/en-us/download/details.aspx?id=24111
• Update Rollup 10 for Exchange Server 2007 Service Pack 3
http://www.microsoft.com/en-us/download/details.aspx?id=36708
• NET Framework 4.5
http://www.microsoft.com/en-us/download/details.aspx?id=30653
• Extended Protection for Authentication
http://support.microsoft.com/kb/968389
• Power Shell 3.0
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Windows Server 2008 R2 sp1
Windows 7 sp1 32/64-bit
• IIS 6.0 Metabase Compatibility and Management Console + Web Server (IIS)
Tools from Features /Roles
• Management Tools from Exchange Server 2007 sp3 Installation Package
http://www.microsoft.com/en-us/download/details.aspx?id=24111
• Update Rollup 10 for Exchange Server 2007 Service Pack 3
http://www.microsoft.com/en-us/download/details.aspx?id=36708
• NET Framework 4.5
http://www.microsoft.com/en-us/download/details.aspx?id=30653
• Power Shell 3.0
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Windows 8 32/64-bit
Windows Server 2012
• IIS 6.0 Metabase Compatibility and Management Console + Web Server (IIS)
Tools from Features /Roles
• Management Tools from Exchange Server 2007 sp3 Installation Package
http://www.microsoft.com/en-us/download/details.aspx?id=24111
• Update Rollup 10 for Exchange Server 2007 Service Pack 3
http://www.microsoft.com/en-us/download/details.aspx?id=36708
• NET Framework 4.5 and Power Shell 3.0 already included
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
10
Mixed Mode Exchange 2010 – 2013
Client Type
Prerequisites
Windows XP 32/64-bit
Windows Server 2003 32/64-bit
Windows Vista 32/64-bit
Cannot manage Mixed Mode Exchange 2010 - 2013
Windows Server 2008 32/64 bit
• NET Framework 3.5 sp1
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=22
• Power Shell 2.0
http://support.microsoft.com/kb/968930
• NET Framework 4.5
http://www.microsoft.com/en-us/download/details.aspx?id=30653
• Extended Protection for Authentication
http://support.microsoft.com/kb/968389
• Power Shell 3.0
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Windows Server 2008 R2
Windows 7 32/64-bit
• NET Framework 4.5:
http://www.microsoft.com/en-us/download/details.aspx?id=30653
• Power Shell 3.0:
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Windows 8 32/64-bit
Windows Server 2012
• NET Framework 4.5 and PowerShell 3.0 already included
User Privilege Requirements
•
To start Security Explorer, a user must be a member of the local Administrators, otherwise errors
messages display.
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
11
Permission Requirements to Manage Microsoft
Exchange in Security Explorer
•
To connect to an Exchange Server, a user must be a domain user, have mailbox on one of the
Exchange Servers, and be an Exchange Administrator.
•
To connect to an Exchange 2003 Organization, a user must be a domain user, have a mailbox on
one of the Exchange 2003 Servers, and have been delegated Exchange Full Administrator rights
on Exchange Organization level.
•
To connect to an Exchange 2007 Organization (Mixed Mode), a user must be a domain user,
have a mailbox on one of the Exchange Servers, be a member of the Exchange Organization
Management group, and have impersonation rights on Exchange 2007 client access server(s) and
mailbox database(s). For more details on configuring user impersonation please see
http://msdn.microsoft.com/en-us/library/bb204095%28EXCHG.80%29.aspx.
•
To connect to an Exchange 2003‐2007 Organization (Mixed Mode), a user must be a domain
user, have a mailbox on Exchange 2007 Server, have been delegated Exchange Full
Administrator rights on Exchange Organization level, be a member of the Exchange Organization
Management group, and have impersonation rights on Exchange 2007 client access server(s) and
mailbox database(s). For more details on configuring user impersonation please see
http://msdn.microsoft.com/en-us/library/bb204095%28EXCHG.80%29.aspx.
•
To connect to an Exchange 2010 Organization, a user must be a domain user, have a mailbox on
one of Exchange Servers, be a member of the Organization Management group, and have
impersonation rights. For more details on configuring user impersonation please see
http://msdn.microsoft.com/en-us/library/bb204095%28EXCHG.140%29.aspx.
•
To connect to an Exchange 2007‐2010 Organization (Mixed Mode), a user must be a domain
user, have a mailbox on Exchange 2010 Server, be a member of the Exchange Organization
Administrators group, and have impersonation rights on all versions of Exchange servers. For more
details on configuring user impersonation please see http://msdn.microsoft.com/enus/library/bb204095%28EXCHG.80%29.aspx and http://msdn.microsoft.com/enus/library/bb204095%28EXCHG.140%29.aspx.
•
To connect to an Exchange 2013 Organization, a user must be a domain user, have a mailbox on
one of Exchange Servers, be a member of the Organization Management domain group, and
have impersonation rights. The impersonation can be configured in Security Explorer:
1. In the Navigation pane, expand Role Based Access Control | Roles |
ApplicationImpersonation | Assignments.
2. Select Assignments, and click File | New.
3. Enter the name and user.
4. Select RecipientRelativeWriteScope and choose Organization from the list.
5. Click OK and restart Security Explorer.
•
To connect to an Exchange 2007-2013 Organization (Mixed Mode), a user must be a domain
user, have a mailbox on one of 2013 Exchange Servers, be a member of the Organization
Management domain group, and have impersonation rights on Exchange 2007 and 2013 client
access servers.
•
To connect to an Exchange 2010-2013 Organization (Mixed Mode), a user must be a domain
user, have a mailbox on one of 2013 Exchange Servers, be a member of the Organization
Management domain group, and have impersonation rights on Exchange 2010 and 2013 client
access servers.
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
12
Only a user who is a Domain Administrator and Exchange Administrator has no restrictions for mailbox
management in Security Explorer. There are possible restrictions in Security Explorer for mailbox
management.
If a user uses Run As to start Security Explorer and that user does not have enough privileges and enters
valid Alternative Credentials (Domain User, Exchange Administrator, Local Administrator, Has Mailbox,
Has Impersonation), there are some restrictions with mailbox management in Security Explorer.
Exchange 2003
Privileges for user entered
in Run as window
Privileges used to connect
to Exchange Server
Possible actions in Security Explorer
Domain Administrator
Full Exchange Administrator
Windows Authentication
No restrictions
Domain User
Full Exchange Administrator
Windows Authentication
Domain User
Windows Authentication
Cannot connect to Exchange.
Valid Alternative Credential
Cannot create and delete mailboxes
Cannot manage Active Directory permissions for
mailboxes (View only mode).
Valid Alternative Credential
Valid Alternative Credential
Cannot create and delete mailboxes.
Cannot manage Active Directory and mailbox
permissions for mailboxes (View only mode).
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Exchange 2007
Privileges for user entered
in Run as window
Privileges used to connect
to Exchange Server
Possible actions in Security Explorer
Domain Administrator
Exchange Organization
Administrator
Windows Authentication
No restrictions
Domain User
Exchange Organization
Administrator
Windows Authentication
Valid Alternative Credential
Cannot create, delete and manage distribution groups.
Cannot manage Active Directory permissions for
mailboxes and public folders (View only mode).
Domain User
Windows Authentication
Cannot connect to Exchange.
Valid Alternative Credential
Cannot create, delete and manage security and
distribution groups (except dynamic distribution groups).
Cannot manage Active Directory permissions for
mailboxes and public folders (View only mode).
Valid Alternative Credential
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
Exchange 2010
Privileges for user entered
in Run as window
Privileges used to connect
to Exchange Server
Possible actions in Security Explorer
Domain Administrator
Member of Organization
Management
Windows Authentication
No restrictions
Domain User
Member of Organization
Management
Windows Authentication
Valid Alternative Credential
Cannot create, delete and manage distribution groups.
Cannot manage Active Directory permissions for
mailboxes and public folders (View only mode).
Domain User
Windows Authentication
Cannot connect to Exchange.
Valid Alternative Credential
Cannot create, delete and manage security and
distribution groups (except dynamic distribution groups).
Cannot create mail-enabled public folders.
Cannot manage Active Directory permissions for
mailboxes and public folders (View only mode).
Valid Alternative Credential
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Exchange 2013
Privileges for user entered in
Run as window
Privileges used to connect to
Exchange Server
Possible actions in Security Explorer
Domain Administrator
Windows Authentication
No restrictions
Cannot manage Directory permissions for
all objects. Cannot delete mail contacts.
Valid Alternative Credential
Domain User is member of
Organization Management
domain group
Windows Authentication
Cannot manage Directory permissions for all
objects. Cannot delete mail contacts.
Valid Alternative Credential
Domain User
Windows Authentication
Cannot connect to Exchange.
Valid Alternative Credential
Cannot manage Directory permissions for all
objects. Cannot delete mail contacts.
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Updated 24 October 2013
13
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
14
Mixed Mode (Exchange 2003 – 2007)
Privileges for user entered in
Run as window
Privileges used to connect to
Exchange Server
Possible actions in Security Explorer
Domain Administrator
Exchange Organization
Administrator (2007)
Windows Authentication
No restrictions
Domain User
Exchange Organization
Administrator (2007)
Windows Authentication
Valid Alternative Credential
Cannot create, delete and manage
distribution groups.
Cannot manage Active Directory permissions
for mailboxes (View only mode).
Domain User
Windows Authentication
Cannot connect to Exchange.
Valid Alternative Credential
Cannot create, delete and manage security
and distribution groups (except dynamic
distribution groups).
Cannot manage Active Directory permissions
for mailboxes (View only mode).
Valid Alternative Credential
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Mixed Mode (Exchange 2003 – 2010)
Privileges for user entered in
Run as window
Privileges used to connect to
Exchange Server
Possible actions in Security Explorer
Domain Administrator
Full Exchange Administrator
(2003)
Organization Management (2010)
Windows Authentication
No restrictions
Domain User
Full Exchange Administrator
(2003)
Organization Management (2010)
Windows Authentication
Valid Alternative Credential
Cannot create mailboxes as new domain
users/delete mailboxes.
Cannot create, delete and manage universal
distribution groups, mail users and contacts.
Cannot manage Active Directory
permissions for all objects (View only mode).
Domain User
Windows Authentication
Cannot connect to Exchange.
Valid Alternative Credential
No restrictions
Valid Alternative Credential
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
Mixed Mode (Exchange 2007 – 2010)
Privileges for user entered in
Run as window
Privileges used to connect to
Exchange Server
Possible actions in Security Explorer
Domain Administrator
Exchange Organization
Administrator (2007)
Member of Organization
Management
Windows Authentication
No restrictions
Domain User
Exchange Organization
Administrator (2007)
Member of Organization
Management
Windows Authentication
Domain User
Windows Authentication
Cannot connect to Exchange.
Valid Alternative Credential
Cannot create, delete and manage security
and distribution groups (except dynamic
distribution groups).
Cannot manage Active Directory permissions
for mailboxes and public folders (View only
mode).
Valid Alternative Credential
Valid Alternative Credential
Cannot create, delete and manage
distribution groups.
Cannot manage Active Directory permissions
for mailboxes and public folders (View only
mode).
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Mixed Mode (Exchange 2007 – 2013)
Privileges for user entered in
Run as window
Privileges used to connect to
Exchange Server
Possible actions in Security Explorer
Domain Administrator
Windows Authentication
No restrictions
Valid Alternative Credential
Cannot manage Directory permissions for all
objects.
Cannot delete mail contacts.
Cannot create mailboxes on Exchange 2007.
Domain User is member of
Organization Management and
Exchange Organization
Administrators domain groups
Windows Authentication
Valid Alternative Credential
Cannot manage Directory permissions for all
objects.
Cannot delete mail contacts.
Cannot create mailboxes on Exchange 2007.
Domain User
Windows Authentication
Cannot connect to Exchange
Valid Alternative Credential
Cannot manage Directory permissions for all
objects.
Cannot delete mail contacts.
Cannot create mailboxes on Exchange 2007.
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Updated 24 October 2013
15
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
Mixed Mode (Exchange 2010 – 2013)
Privileges for user entered in
Run as window
Privileges used to connect to
Exchange Server
Possible actions in Security Explorer
Domain Administrator
Windows Authentication
No restrictions
Valid Alternative Credential
Cannot manage Directory permissions for all
objects.
Cannot delete mail contacts.
Domain User is member of
‘Organization Management’
domain group
Windows Authentication
Valid Alternative Credential
Cannot manage Directory permissions for all
objects.
Cannot delete mail contacts.
Domain User
Windows Authentication
Cannot connect to Exchange
Valid Alternative Credential
Cannot manage Directory permissions for all
objects.
Cannot delete mail contacts.
Note: Valid Alternative Credential: Domain User, Exchange Admin, Local Admin, Has Mailbox
Updated 24 October 2013
16
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
17
Requirements for Managing Permissions
Each module in Security Explorer has additional requirements to enable permission management.
Module
Description
NTFS Security
To manage permissions on folders and files on remote computers, the File and
printer sharing option must be enabled on the firewall on the computer with Security
Explorer installed.
Share Security
To manage permissions on shares on remote computers, the File and printer
sharing option must be enabled on the firewall on the computer with Security
Explorer installed.
Registry Security
To manage permissions on registry keys on remote computers, the File and print
sharing option must be enabled on the firewall on the computer with Security
Explorer installed.
Printer Security
To manage permissions on printers on remote computers:
• The Printer Spooler service must be running on the target computer.
• The File and printer sharing option must be enabled on the firewall on the
computer with Security Explorer installed.
Service Security
To manage permissions on services on remote computers, the File and printer
sharing option must be enabled on the firewall on the computer with Security
Explorer installed.
Task Management
To manage tasks on remote computers, the File and printer sharing option must be
enabled on the firewall on the computer with Security Explorer installed.
Group and User
Management
To manage groups and users on remote computers, the File and printer sharing
option must be enabled on the firewall on the computer with Security Explorer
installed.
SharePoint Security
To manage permissions on SharePoint servers, the SharePoint site must be on the
same network as the computer on which Security Explorer is installed.
To manage SharePoint sites exposed over SSL (e.g. https://), add the SharePoint
server’s certificate to the Trusted Root Certification Authorities store on the
computer with Security Explorer installed.
SQL Server Security
To manage permissions on SQL Servers:
• Remote Registry service should be started on remote SQL servers.
• Computer Browser service should be started on the computer where Security
Explorer installed.
• Windows Firewall on remote SQL servers must be configured to allow 'file and
printer sharing' and network access with the SQL instance(s).
• For more information please refer to: Configure the Windows Firewall to Allow
SQL Server Access at http://msdn.microsoft.com/en-us/library/cc646023.aspx
Exchange Security
To manage permissions on the Exchange organization, the Exchange organization
must be on the same Active Directory forest as the computer on which Security
Explorer is installed.
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
18
Upgrading Security Explorer
Security Explorer 9 does not require that you uninstall version 5, version 6, version 7 or version 8. You can
install Security Explorer 9.1 side-by-side with all of these previous versions.
Back Up Your Files
As with all software installations, it is recommended that you back up your files before installing the new
software. The simplest way to back up your files is to navigate to the directory on the server where Security
Explorer is installed. Press CTRL-A to select all files in this folder. Press CTRL-C to copy the files to the
clipboard. Create a new folder and press CTRL-V to paste these files into this new backup folder.
Licenses
You must have a new license file to use version 9. Your previous licenses will not be recognized by
version 9. A utility is provided to upgrade your version 7 or 8 license to version 9. You can launch the
license upgrade utility (LicenseUpgrade.exe) from the Auto Run feature or from the Security Explorer
installation folder. See Upgrading Your License.
Quest Access Manager
The User Centric Security Management features provided by Quest’s Access Manager appear as an
Access Manager node in the navigation tree on the Browse tab if the license is enabled for Access
Manager. The Access Manager menu options are present regardless of whether the license is enabled
for Access Manager.
Downloading Installation Files
Download the latest version of Security Explorer from the Quest web site:
http://www.quest.com/support
The install files are contained in Security_Explorer_Setup_9.1.zip. When you unzip the file, the
following structure is available. You can access the install files by opening the Setup folder. The
documentation is available in the Documentation folder. To access the new Installation feature, we
recommend that you launch autorun.exe.
 Launch autorun.exe, and then open the Setup tab.
You can access the documentation and system requirements as well.
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
19
Upgrading Your License
If you are upgrading from a previous version of Security Explorer, you must upgrade your license to
version 9. You will apply the version 9 license after the installation process is complete.
1. Launch the License Update Utility.
2. Click Find Now to locate your current license.
3. Click Get License to generate a version 9 license.
Installing Security Explorer
Important: If you are running Active Administrator on the same computer as Security Explorer, exit Active
Administrator and stop all Active Administrator services before upgrading to Security Explorer.
1. Launch the Quest Security Explorer install file.
2. Click Next.
3. Select I accept the terms in the license agreement, and then click Next.
4. If necessary, change the default values in the User Name and Organization boxes. Also choose
whether to permit access to all users or just yourself. Click Next. The Destination Folder box
displays the default installation path.
•
To change the installation path, click Change, and then select a new path.
5. Click Next.
Note: If Microsoft .NET Framework 4 is not installed, you see a message box. Click Download the
Microsoft .NET Framework 4. You will need to restart the Security Explorer installation process.
6. Click Install.
7. Click Finish.
Starting Security Explorer
•
Click Start, point to All Programs | Quest Software | Security Explorer 9, and then select Security
Explorer 9.
Each time you run the program you are greeted by the splash screen, which displays program version
and copyright information. To view more detail about the version of Security Explorer in use, choose
About Security Explorer from the Help menu.
Applying a License File
When you start Security Explorer, a license check is performed. If you are installing Security Explorer for
the first time, you are asked to update the license.
•
Click Update License and locate the license file. The license file is approximately 1KB in size and
has an .asc file extension.
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
20
Joining the Software Improvement
Program
The Quest Software Improvement Program provides our product teams with generalized metrics on how
customers use our products. These metrics, along with direct customer feedback through support and
communities help us ensure we are able to meet your current and future needs.
If you participate in the program, the software starts to transmit feedback. The data is collected and
stored on servers in the United States. Quest collects information about your hardware and software
configuration, such as operation system version, memory size, the number of processors, internal and
external IP addresses, and runtime environment, as well as information about how you use the product.
If you participate in the Software Improvement Program, the performance of the software is not affected.
The software generates very low additional Internet traffic, not more than 0.1KB/sec on average.
The first time you start Security Explorer you are notified of the Quest Software Improvement Program.
Select the country in which you are installing the product, and then click OK.
Participation in the program is voluntary and you can opt out at any time. Choose Help | Help Improve
Security Explorer. Clear the checkbox to opt out of the program.
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
21
Troubleshooting
Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest
product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to SupportLink, our
self-service portal. Visit SupportLink at http://support.quest.com.
From SupportLink, you can do the following:
•
Review thousands of solutions from our online Knowledgebase
•
Download the latest releases and service packs
•
Create, update and review Support cases
Using Log Files
By default, there is one log file written to the Security Explorer installation directory. To get more log
information run Security Explorer.exe with /d key to write two log files to the installation directory.
C:\Program Files\Quest Software\Security Explorer 9\SecurityExplorer.exe /d
For the Exchange Security module, the ExchangeAccess log files contain Exchange module log data.
Installation Issues with Windows 64 bit Operating
Systems
When Microsoft Remote Server Administration Tools (RSAT) is installed on 64-bit versions of Windows
Vista or Windows 7, the files adprop.dll.mui and dsadmin.dll.mui are not installed to the correct
location, so you may see the message — The resource loader cache does not have loaded MUI entry
— when attempting administrative operations on Active Directory objects from within Security Explorer.
1. Download the 32-bit version of the Microsoft Remote Server Administration Tools (RSAT) to a local
directory on the 64-bit Windows Vista or Windows 7 computer where Security Explorer is installed.
Windows Vista
http://www.microsoft.com/downloads/details.aspx?FamilyID=9ff6e897-23ce-4a36-b7fcd52065de9960&DisplayLang=en
Windows 7
http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A0054E344E43997D&displaylang=en
Note: The 32-bit version of the Windows 7 RSAT package is used in the following examples.
2. At a command prompt, use the Expand command to extract the .cab file from the Microsoft Update
Standalone Package (MSU) package.
For example, if the RSAT package was saved to C:\MSUFolder, then type:
expand -F:* x86fre_GRMRSAT_MSU.msu c:\MSUFolder
3. There will be two .cab files in the expansion directory, one with a KB article in the title and one named
WSUSSCAN.cab.
Updated 24 October 2013
®
Security Explorer 9.1 Installation Guide Explorer 8 Installation Guide
22
4. Use the Expand command to decompress the .cab file with the KB article in its title.
Continuing with the example above, if the RSAT package was extracted to C:\MSUFolder, then type:
expand Windows6.1-KB958830-x86.cab -F:adprop.dll.mui C:\MSUFolder
5. After executing the command, the subfolders that are created in the expansion directory correspond
to different language versions. Locate the subfolder for language version of the operating system on
which the Security Explorer is installed.
6. Repeat step #4 to extract dsadmin.dll.mui.
Following the example above, the command would be:
expand Windows6.1-KB958830-x86.cab -F:dsadmin.dll.mui C:\MSUFolder
7. Copy adprop.dll.mui and dsadmin.dll.mui to C:\Windows\SysWOW64\en-US.
If the language version of the operating system is different than what is referenced in the examples
above, the files should be copied into the appropriate language resource directory.
Updated 24 October 2013
Related documents
Error report DocFetcher
Error report DocFetcher
Ignite Webcast - Office 365 Service Management
Ignite Webcast - Office 365 Service Management
Surface Computing
Surface Computing
Student Technical Requirements for Online Courses
Student Technical Requirements for Online Courses
Session 0 Isolation - Windows 7
Session 0 Isolation - Windows 7
Download