What is Enterprise Security Reporter and why do I need it?
Enterprise Security Reporter is a powerful tool designed to get answers to the questions you have about your network. By combing through the vast amount of data on your network and storing it in an open database, you now have the ability to analyze, query, and report on the security and configuration of your network. Enterprise Security Reporters one of a kind functionality - Delta Permissions Reporting - takes the manual labor out of viewing security. Using the tools that come with Microsoft Windows NT, you quickly realize that it is nearly impossible to gather the necessary information to produce the reports you need. Enterprise Security Reporter provides you an easy and efficient way to get the data and produce reports that give you the answers you need.
What is Delta Permissions Reporting?
A new technology has been developed which is termed Delta Permissions Reporting. It is an innovative way of viewing NTFS permissions on your network so that you can more easily administer the security. It compares parent and child objects and determines if security has changed from one object to the other. This allows reports that only contain places where permissions have changed to be generated, greatly reducing the time it takes to gather and report on security while creating smaller and more intelligibly reports.
In my permissions reports, I see + s and ? s, what do they mean?
Enterprise Security Reporter uses symbols in its report to show changes in permissions as you travel down a directory tree. If a permission is added on a folder, it is denoted with a "+". If a permission is removed from an object down the tree, the removed account is denoted with a "-". If a permission is changed on an object down the tree, the account name is denoted with a "*". This is the basis of the Delta Permissions Reporting technology, which sets Enterprise Security Reporter apart from the competition. Our reports make it very easy to see exactly where permissions start, change, and end while traversing a highly complicated directory structure. This technology can quickly turn a 400 page "All permissions" report into a 4-page "Summarized Permissions" report.
Is Enterprise Security Reporter scalable?
Yes, Enterprise Security Reporter has been designed to handle the largest of organizations. Enterprise Security Reporter requires that you use Microsoft SQL Server 2000, or MSDE 2000 as your database back-end. Both of these solutions are scalable. For very large organizations it is recommended to use the full SQL Server 2000 product. This applies to organizations that will be reporting on thousands of server.
Will Enterprise Security Reporter slow down my network?
No. Enterprise Security Reporter was designed to minimize network traffic. Previous versions of Enterprise Security Reporter had the ability to deploy agents to speed up the process, but optimizations to the discovery process have made this unnecessary.
Can I develop my own reports and queries?
Yes, a fully documented MS SQL Server 2000 database allows you to develop your own queries and reports with any tool you choose. If you have any suggestions for new reports, please email them to email@example.com as we are always open to good suggestions. In the installation directory for Enterprise Security Reporter there is a file called ESR2DatabaseGuide.pdf that describes the database tables and relationships.
I see the option to Browse data in Real-time. What does that mean?
Network and security data can be viewed in real-time or pulled from the database. Real-time is just that, you can browse that data now, rather than pulling data from the database.
Is Enterprise Security Reporter Windows 2000/XP compliant?
Yes. Enterprise Security Reporter understands and supports the inheritance model supported by Windows 2000/XP.
How does Enterprise Security Reporter handle data in Active Directory?
Enterprise Security Reporter 2 was designed to be able to accurately retrieve information for users and groups in Active Directory. This includes information on Nested Groups and the fully distinguished names of groups and users.
What is the first thing that I need to do when I run Enterprise Security Reporter?
The first step in using this product is to create a database for use by Enterprise Security Reporter. Then set up a list of servers that will be used in the reports and queries. This list tells Enterprise Security Reporter from which servers to get information and what information to get. The process of getting information from a server is referred to as the "discovery" process. A quick "walkthrough" document is included with the packaged product.
How do I add servers to the discovery process?
To add a new server to the server discovery list, click the "Add Servers" button on the bottom of the screen. The next screen that appears is the "Select Server for Discovery" screen.
After I add servers to the discovery list, what do I do next?
The ?Select Server for Discovery" screen shows you all the domains and servers on your network. Place a checkmark next to the servers you wish to add to the discovery list, and then click the "OK" button. If you place a checkmark next to a domain name and then all the servers in that domain will be added to the list. Likewise, clearing the checkmark next to a domain name will clear all the checkmarks next to the servers in that domain.
How do I tell Enterprise Security Reporter what I want it to discover?
This is done by Selecting Discovery Items. Once you have added the servers to be discovered, the next step is to select which items you would like to be discovered about each server.
What does each of the choices discover?
- Groups: For a Primary Domain Controller (PDC) or a Backup Domain Controller (BDC), this will cause both global groups for the domain and local groups on the PDC to be discovered. For a standalone server or workstation, this will cause all the local groups defined on that machine to be discovered.
- Groups Members: : This option retrieves members for groups. This is helpful when generating Group Membership sub reports or using the Group Membership Report Builder.
- Users: For a Primary Domain Controller (PDC) or a Backup Domain Controller (BDC), this will cause global users for the domain to be discovered. For a standalone server or workstation, this will cause all the local users defined on that machine to be discovered.
- Extended User Information: : This option gathers additional information about users such as logon dates, logon times and account status information.
- Account Rights: : This option discovers what rights are assigned to which accounts.
- Computer Policies: : This option gathers which account and password policies are set on each server.
- Printers: : This option catalogs all the printers that are defined on a computer. If the printer is shared, the share name will also be discovered and recorded.
- Services: : This option catalogs all the services and devices that are defined on a computer. Note that this includes devices, which show up under the "Devices" applet in the control panel.
- Shares: : A share is any folder on a local machine that is shared for access by others. Selecting this option will discover all shares on the machine, both file shares and administrative shares. See the "Printers" option for information on discovering print shares.
- Registry Keys: : This option catalogs all the registry information that is defined on a computer.
- Volumes: : Volumes are defined as the local logical drives on a particular machine. By discovering these items, you will be able to gain access to the folders and files defined on that machine.
- Folders: : The behavior of this option is dependent on the "Summary Mode" option and the "Paths >>>" button (both described later). In general, this option will cause the discovery process to catalog the folders that are defined on a machine. See the options mentioned earlier for a description of their effect on this option.
- Files: : Like the "Folders" option, this option is also dependent on the "Summary Mode" option and the "Paths >>>" button. In general, this option will cause the discovery process to catalog the files that are defined on a machine. See the options mentioned earlier for a description of their effect on this option. Warning: only select this option if you specifically need information about the files and their associated permissions. Discovering files dramatically slows down the discovery process and dramatically increases the amount of space required to store the data.
- Permissions: Several of the options shown above include a "Permissions" option next to them. These options cause ENTERPRISE SECURITY REPORTER to discover all available permissions about objects as they are being discovered.
What if I only want to select certain paths, and not the entire server? Will Enterprise Security Reporter let me do this?
Yes. This can be accomplished by adding a list of paths that you want included or excluded from the discovery process. When you click the "Paths >>>" button, a screen appears that allows you to make the necessary selections.
Can I exclude certain paths from the discovery process with Enterprise Security Reporter?
Yes. To exclude a path from being discovered, first add the path to the list and then double-click the text in the "Include" column to set the text to "No". If you have added one or more paths that you don't want included in the list, highlight the paths and click the "Remove Path" button.
My servers are always changing, and new information is being added and taken away. Will Enterprise Security Reporter allow me to schedule the discovery process so that I may have the most current information available? If so, how do I do this?
Yes. In order for Enterprise Security Reporter to provide the most benefit, the data must be pulled from the servers on a regular basis. The best way to accomplish this is to schedule the discovery of the servers. Each server can be scheduled and discovered independently of the other servers. Note: The Discovery Service MUST be running in order for scheduled jobs to execute.
Does Enterprise Security Reporter overwrite the information in the database each time?
No. Enterprise Security Reporter has the ability to store discoveries in individual datasets to allow you to view previously discovered data and report on it.
What are my options for scheduling a job? Can I schedule more than one job at a time?
You have several options for scheduling a job. You can schedule it to run one time, every hour, every day, every week, or every month. By using a combination of these options, you can attain virtually any schedule you may need. Notice that this screen supports multiple schedules, each of which can be active at the same time.
NOTE: Be sure that the "Enabled" checkbox in the upper right corner is selected, or the job will not run.
If I dont want to schedule the discovery process, and I want to run it now, what do I do?
If you opt to perform the discovery immediately, you can click the "Begin Discovery" button. The Discovery Monitor will pop up and show you the progress of the job. You can launch the discovery of more than one server at a time by selecting multiple servers from the list before clicking the "Begin Discovery" button.
What is the difference between a query and a report?
Sometimes a query is more useful than a report because the data can be manipulated more easily. A report often answers a very specific question, whereas a query gets you a set of information that may answer several questions.
What languages do you use to support your queries?
The language supported by Enterprise Security Reported is the Structured Query Language (SQL). More specifically, the "flavor" of the language is Microsoft's Transact-SQL supported by Microsoft SQL Server 2000 and later. Because the query is processed via Microsoft's ActiveX Data Objects (ADO), you may encounter certain parts of the Transact-SQL syntax that are not 100% supported. Please consult Microsoft's web site http://www.microsoft.com/data for information on ADO. Typically any query that can be executed in Microsoft's ISQL/w utility that ships with SQL Server 2000 and later can be executed through the Enterprise Security Reporter interface.
I have downloaded and am trying a copy of Enterprise Security Reporter. I have it installed but I dont have the option to "add servers" (grayed out).
The most common cause is the failure to create the database. To do this go to your program files and Enterprise Security Reporter 2, then choose ESR2 Database Maintenance Utility(or click "Tools" (from within ESR), then choose ?Database Maintenance Utility"), click the "Action" dropdown box and then chose "Create Database", Click Go!
I received an error message "ActiveX Component cannot create object" (429) error message while attempting to create the database. How do I fix it?
First, make sure that either MSDE 2000 or Microsoft SQL Server 2000 is installed on your machine. If it is installed and working properly, then the problem is probably that one of the DLL's used by MSDE/MSSQL is not registered correctly. To solve this problem, open a command prompt window and change to the directory in which MSDE/MSSQL is installed. This directory contains a subdirectory named "BINN". Change to this directory and type in the following command: regsvr32 sqldmo.dll
This will register the DLL on your machine so that it can be used by the Database Maintenance Utility. After performing this step, run the "Enterprise Security Reporter Database Maintenance" utility from the "Start->Enterprise Security Reporter" menu and try to create the database again.
Where do I get the database for the application?
We provide a redistributable version of MSDE 2000 with Enterprise Security Reporter free of charge. You may also choose to use Microsoft SQL Server 2000 if you have this in your environment.