Handling Security the Right Way
Make security administration a breeze with this trio of Small Wonders Software tools.
- By Barry Shilmover
- November 01, 2000
Anyone who’s done any work with Windows NT or Windows
2000 will quickly realize that while setting security
is easy, setting security correctly is not. Enter a trio
of utilities from Small Wonders Software: Security Explorer,
Secure Copy, and Enterprise Security Reporter. One of
the first things that came to mind when I used the first
two utilities was: Why didn’t Microsoft think to include
tools like these in NT and Win2K? The Small Wonders tools
are now part of my NT and Win2K network administration
tool kits. Let’s take individual looks at these three
Security Explorer is an Access Control List (ACL) editor.
It allows you to quickly and easily grant, revoke, clone,
search for, back up, restore, and export user and group
permissions on the network.
Security Explorer not only allows you to explore and
modify permissions on NTFS-formatted partitions, but also
on shares and the Registry. And, assuming you have the
correct permissions, you can perform all tasks on your
network’s remote systems as well.
|Security Explorer allows you
to quickly and easily analyze your existing ACL permissions.
(Click on image to view larger version.)
One of Security Explorer’s best features is its advanced
search capability. How many times have we had to find
out what permissions a particular user has on the network?
With Security Explorer, this is as simple as clicking
on the search button, selecting the directory, choosing
the user in question, and clicking on the Begin Search
button. Finally, Security Explorer extends Windows Explorer’s
functionality by adding a “Security Explorer” sub-menu
when a file or folder is right-clicked.
All in all, this is a great utility. One of the few complaints
I have about Security Explorer is that when I’m using
it, I feel like I’m in dialog box hell. It seems that
at every click a new dialog pops up and asks for information.
But maybe this is the only way Security Explorer can operate,
considering the incredible amount of information you can
set and request. If you ever need to easily control and
modify your ACL permissions—and this applies to all NT/Win2K
administrators—then this is the tool for you.
If you’ve taken any of the NT MCSE exams, you remember
having to learn what happens to ACL permissions when an
object is moved within the same partition, moved to a
different partition, copied within the same partition,
or copied to a different partition. You may even remember
that the only times ACL permissions are retained are when
you move the objects within the same partition. Honestly,
how many times did you want the permissions reset to the
destination folder’s permissions? Many administrators
spend hours configuring their systems with the right ACL
permissions—only to be put in a situation where the work
needs to be repeated when the files and folders are moved.
Secure Copy, though, solves this problem.
|Copying folders while maintaining
permissions is a snap with Secure Copy.
When using Secure Copy to copy folders, you have the
option to copy all files to the destination folder or
only the files that have changed between the source and
destination folders. A great feature of Secure Copy is
that it can be used to back up sensitive folders to another
location. Existing shares can be migrated from the destination
server to a remote one. If you use the method Microsoft
recommends for securing files and folders (users into
global groups, global groups into local groups, and local
groups are assigned the permissions), then you’ll like
Secure Copy’s option for migrating local groups and users
to the destination computer.
Because I come out of the DOS world, I like the fact
that Secure Copy has a command-line version. This feature
proves handy if files need to be copied using logon script
batch files while maintaining the security settings.
Secure Copy (along with Security Explorer) will make
your network administrative tasks that much easier. These
should be given out with your “Welcome Kit” when you become
an MCSE—every administrator should have them.
Enterprise Security Reporter
Enterprise Security Reporter differs from Security Explorer
and Secure Copy. It’s a security reporting program geared
toward larger enterprises as opposed to smaller installations,
though it worked fine on my 10-server network, and it
can gather all the necessary information to produce needed
Enterprise Security Reporter allows you to perform three
main tasks: analyze, query, and report on your network’s
security configuration. Built around Seagate’s Crystal
Reports tool, Enterprise Security Reporter collects network
data by using one of two discovery agents; all data is
available in real time. The centralized data-discovery
agent is used for smaller installations, while the distributed
data-discovery agent is used on the larger ones.
|Enterprise Security Reporter
offers complete network security reporting capabilities.
Because Enterprise Security Reporter stores its data
in a SQL database (SQL Server is not required, however),
you can query the database with your own custom requests.
If you’ve ever been asked to create reports detailing
your network and network security, you know this isn’t
a manual task on even the smallest networks. I like this
application because it delivers, as promised, reports
requiring little tinkering.
Barry Shilmover, MCSE+I, MCT, owns Shilmover Consulting Services, a Microsoft
Solution Provider specializing in Windows NT/2000 and Exchange 5.5/2000 solutions.
He has co-authored books that include Windows 2000 System Administrator’s
Black Book and Exchange 5.5 Exam Cram, both from Coriolis Press.