Go Back to Folder Permissions Reporting (For NTFS) - SecReport Enterprise main page
Click here for earlier version's manual
Click here to read Web service pre-requisites
Table of Contents:
Features and Capabilities
Contents
Requirements
Licensing and Installation
Installation
Installing SecReport Enterprise Console
Installing SecReport Enterprise Web Service
Web Service Installation Prerequisites
Web Service Installation Procedure
Licensing
How to work with SecReport Enterprise?
Appearance
Create a Report
Report setting's toolbar
Report Display
What else?
Report Display toolbar
Export Report
Automatic Report Distribution
1. Web Service Configuration
How to Change Web Report Logo
2. Automatic Generation Settings
3. Use Impersonation
View Automatic Report
Report History
Report History tool bar
Report History options
Compare to…
Features and Capabilities
Here are some of the SecReport Enterprise features:
· Provides periodic security reports that comply with SOX standards.
· Get a clue who and what data can actually be accessed on your public folders.
· Automatically send NTFS security reports to managers with in the organization.
· Compare reports to see permissions differences.
· Generate NTFS permission reports from the context menu.
· Exports the report in a variety of formats (PDF, CSV, RTF, HTML, Etc.)
Contents
The installation kit contains 2 msi files.
I – SecReport Enterprise Console
This is a mandatory component. The SecReport Enterprise console allows you to configure the system, generate reports, compare reports and view previously generated reports.
This component should be installed on the System Administrator's workstation.
II – SecReport Enterprise Web Service
This is an optional component. The SecReport Enterprise Web Service component allows you to automatically generate reports and send them to managers within the organization.
This component should be installed on a Windows 2003/2008 32-bit server with IIS.
Requirements
The machine on which you install the component must be a member of an Active Directory domain.
SecReport Enterprise Console:
- Windows 2000 / XP / 2003 / 2008 32-bit.
- Dot NET 3.5 SP1 or higher.
SecReport Enterprise Web Service:
SecReport Enterprise Web Service can be installed on Windows 2003 or Windows 2008 32-bit Servers.
Pre requisites for Windows 2003 32-bit Server:
- Windows 2003 Server 32-bit with Service Pack 2 or higher
- IIS 6 with ASP.NET
- .Net Framework 3.5 SP1 or higher installed and registered with IIS
- Click HERE for a complete installation checklist
Prerequisites for Windows 2008 32 bit server:
- Windows 2008 Server 32-bit with SP1
o Important Note:
It is very important to perform a full update prior to the installation of SecReport and after all roles and features are installed.
- Server Features:
o .Net Framework 3.0
§ Once the server is updated, you should see "Microsoft .NET Framework 3.5 SP1" in the Programs and Features Control Panel. If you do not see this entry do not continue with the installation and make sure you download and install .Net Framework 3.5 SP1 (or higher)
- Server Roles:
o Web Server (IIS) with the following role features:
§ Application Development :
· ASP.NET
· .NET Extensibility
· ISAPI Extensions
· ISAPI Filters
§ Security :
· Basic Authentication
· Windows Authentication
§ Management Tools:
§ IIS 6 Management Compatibility
Licensing and Installation
Evaluation Version Limitations
The product you have downloaded to your PC is an evaluation version.
The SecReport Enterprise evaluation version has limited functionality and time (detailed in the EULA). The evaluation version is limited to 30 days.
Installation
If you only want to use SecReport Enterprise Console, simply install it on your workstation by launching the SecReport_Enterprise_Console msi file and start working.
If you want to use the Automatic Report Generation feature, you should install the SecReport Web Service component as well.
Installing SecReport Enterprise Console
To install SecReport Enterprise console from a downloaded file:
1. Double click the console installation file.
2. Read the program license conditions carefully.
3. Follow the Setup program instructions displayed on the screen until you reach the 'SecReport Installation Mode'.
.gif)
· If you previously installed the Web Service then choose 'Connected to Web Service'.
· If you did not install the Web Service, choose 'Standalone'.
4. Complete the installation and click on 'Close'.
5. A SecReport Enterprise Console desktop icon will be placed on the desktop and in the start menu. In addition, a new command called 'Scan with SmartX SecReport Enterprise' will be added to the shell context menu.
Installing SecReport Enterprise Web Service
Web Service Installation Prerequisites
Click here to read about the web service pre-requisites check list
Important Note:
1. During the Web Service installation process you will be asked to provide the following information:
· A directory which will store the security reports (Reports Directory).
i) This directory can be either a local directory or a network directory.
ii) The reports are stored as compressed files. Estimated file size for a large report (with 50,000 entries) is approximately 3MB.
· Credentials of the user account that will be used to run the Web Service.
i) The user should be a member of the following local group on the Web Server:
(a) On Windows 2003 server – IIS_WPG
(b) On Windows 2008 server – IIS_USRS
ii) The user should have Read / Write permissions for the Reports Directory (as described above in this section)
· If you have IIS 6 please verify that all prerequisites listed here are met.
· If you have IIS 7 please verify that all prerequisites listed here are met.
2. Web Service installation can be complicated. If you experience any difficulties or problems after or during installation, please follow the troubleshooting steps listed here.
Web Service Installation Procedure:
1. Double click the Web Service installation file.
2. Read the program license conditions carefully.
3. Follow the Setup Program instructions displayed on the screen until you reach the 'Select Installation Address' window:
.gif)
· Choose the required Web Site.
· Click on 'Next' to confirm the installation.
4. The Installation Wizard will verify that all prerequisites are met (click here to see prerequisites). At the end of this process click on 'Next'.
If the Wizard identifies a problem, a new button will appear which allows you to try to repair it.
.gif)
Click the 'Try to Fix issues and Retry' button. If this does not help, click on the 'Click here' link to go to the Prerequisites List.
In the 'Security Configuration' window:
.gif)
Please review paragraph 1 of chapter 'Web Service Installation Prerequisites' for more information.
· 'Reports Directory' stage: browse to choose the folder to which reports will automatically be saved.
.gif)
· Please review paragraph 1 of the chapter 'Web Service Installation Prerequisites' for more information.
2. 'Web Service URL' stage:
· Check to see if the displayed URL matches your organization specifications and change the beginning if necessary.
5. Post Setup Verifications:
Upon completion of the installation the Wizard verifies that the SecReport Web Service is up and running. If one of the tests fails, an appropriate message will appear.
.gif)
At this stage you have the following options:
· You may click the link that will lead you to a full Prerequisites List.
· If an error appears you may:
i) Check for solution online – clicking on this link will open a web page with a description of the error and
solution options.
ii) Click on the 'Try to Fix Issues and Retry' button to let SecReport Enterprise try to repair the problem.
· If all tests are tagged as 'Success', click on 'Next'.
.gif)
6. At the 'Check for Product Updates' stage, click on 'Next' to run an online check.
The online check will see if a new release of the product is available and if so, will allow you to download it to your PC.
.gif)
Click on 'Next' to complete the installation and then on 'Close'.
Licensing
SecReport Enterprise evaluation version is limited for 30 days.
To remove this restriction, purchase the full SecReport Enterprise version.
SecReport Enterprise is licensed per site therefore a single license should be purchased in order to run the program.
When you double click on the application, you will see a license window from which you can open either the program or
the set license file.
.gif)
1 If you choose the 'Set License' option, browse to choose the license file, and complete the process.
2 Pressing on 'Continue' will run the application.
3 If you press on 'Buy Now' you will reach the SecReport Enterpriseweb page on the Smart - X website, where you
may purchase the tool.
How to work with SecReport Enterprise?
SecReport Console allows you to continually manage your permissions Reports.
The Console is divided into two sections:
· Reports Configurations – on the left side of the console.
The list displays the different configurations you created and allows you to manage them – rename, copy, etc.
· Management Tabs – on the right side of the console allows you to do the following:
o Report Settings – set report's configurations.
o Report Display – view reports' results
o Reports History – view old reports and compare reports.
o Automate Reports – set automatic generation and distribution of reports (this tab will appear only after installation of
the webservice.msi file which in charge of the automation of the reports)
Appearance
You can manage toolbar appearance and decide weather to display or hide the text below the icons.
1. Click on 'Global settings' 
.
2. In the 'Tool bar caption' field click on 'show' to display the text or 'hide' to hide the text.
.jpg)
3. Click on 'OK'.
Create a Report
To create a new report, follow these instructions:
1. Click on 'New Report Configuration' .gif)
.
2. Type the report name in the following window: .gif)
.
3. Click on the 'Report Settings' tab.
4. Fill out the following fields as needed:
|
Field Name |
Functionality |
Remarks |
|
Path |
Browse or type the path to the folder for which you want to produce a report |
|
|
Include Subfolders |
Define whether the report will run recursively on subfolders under the root directory or solely on the root folder |
|
|
Include Files |
Define whether the report will display security information for existing files in the selected directory |
Note that generating a report using this feature will take much longer and will significantly increase report size |
|
Resolve Full User Name |
Define whether the report will query Active Directory and display the full user name or only the SAM Account Name |
Note that this setting will increase report generation time |
|
Expand Groups |
SecReport will display all group members for each group-assigned security entry |
Note that this setting will increase report generation time and report size |
|
Expand Primary Groups |
Define whether the report will display detailed security information for expanded Active Directory primary group (usually 'Domain Users' group) |
Note that this setting will significantly increase report size |
|
Show directories even if permissions are identical to parent |
By default, SecReport will bypass subfolders whose parent folder has identical permissions. When this checkbox is checked, SecReport will show all subfolder permissions even if tehy are identical to parent folder. |
Note that this option will significantly increase report size and make it less legible |
|
Enable support for migrated accounts |
When this option is selected, SecReport will try to resolve SIDs of accounts which were previously migrated from other domains.
Use this feature if you have account which were migrated from other domains with SID History. |
|
|
Filter Users/ Groups |
Choose the users / groups that will be included / excluded from the report |
To include the users/ groups, choose .gif)
To exclude the users / groups, choose .gif)
Click on .gif) to choose users / groups.
|
5. Click on .gif)
'Generate Report'.
The generated report will appear on the 'Report Results' Tab.
6. Click on 
'Save Configurations' to save settings for future use.
7. Click on .gif)
'Save Resultsto add report to archive and enable comparison with future reports.
Report setting's toolbar
The following icons are available for use when the 'Report Settings' tab is selected.
|
Icon |
Name |
Functionality |
|
|
Add Report Configuration |
Adds a new report configurations set. |
|
|
Rename report configuration |
Allows you to rename the chosen report's configurations set. |
|
|
Copy report's configuration |
When clicked it duplicates the report's configuration to a new set. |
|
|
Delete |
Delete's the chosen report's configurations set (Pay attention – this will also deletes the archived reports of this configurations set.) |
|
|
Revert report configuration |
Displays the report's configurations last saved. |
|
|
Save report configuration |
Saves the report's configuration set for future use. |
|
|
Generate report |
Generates the report and displays it in the 'Report Display' tab. |
|
|
Global Settings |
Opens SMTP configuration window |
|
.gif)
|
Help |
Opens a sub-menu with the following commands:
|
|
|
Exit |
Closes the console. |
Report Display
The 'Report Display' tab presents report results. Here you may do the following:
· Define result options:
|
Field Name |
Functionality |
Remarks |
|
Consolidate Group Members |
Groups group members together. |
|
Auto Scroll |
When this checkbox is selected, the permission report will automatically be scrolled with every new entry. If you want to review the report as it is generated, it is best to leave this checkbox clear. |
· Sort information in various ways:
o Drag and Drop: to group the displayed information according to one of the columns, drag the column to the 'Security Report Data' area.
o Filter: click on a column to open a sub-menu which gives you various filter options.
What else?
When you right click the results the following submenu will open:
· Explore folder –opens the actual folder for you to explore.
· Add to filter – adds the user/group to the filter in the 'Report Settings' tab.
· Choose columns – opens a list of the columns for you to choose from. the configuration will be automatically
saved for future reports.
Report Display Tool Bar
|
Icon |
Name |
Functionality |
|
.gif) /
|
Stop generation / Generate report |
Allows to stop the report generation and start it over again. |
|
|
Save Report results |
Saves the report results to archive for future analysis. |
|
|
Export results |
Opens a sub menu with the option to export the results to excel  or as a CSV file  |
|
|
Show report in viewer |
Allows you to open the report results in the SecReport viewer in order to view the results separated to parts and export the results separately. |
|
|
Compare to… |
Opens the list of dates which is the report was generated. allows you to choose a date for comparison to see added and removed permissions. |
|
|
Global Settings |
Opens SMTP configuration window |
|
|
Help |
Opens a sub-menu with the following commands:
|
|
|
Exit |
Closes the console. |
Export Report
1. Click on 'Export Report' and choose one of the two options:
2. - export to excel will export the report as a whole file to excel grouped and sorted according to the saved
report.
3. - Export to CSV will export the report as a whole file as a CSV flat file. this allows you to open the report
with excel, notpad and other applications.
You may also export parts of the report using the SecReport viewer (see next chapter).
Show in viewer
The SecReport enterprise allows also allows you to open the report results in a viewer.
The viewer separates big reports into parts in order to avoid confusion caused from large reports.
Each part can be saved separately in various formats: pdf, htm, excel etc.
In order to display a report in the viewer:
1. Click on 'Show report in Viewer' .
.gif)
2. The custom designed report will be displayed in a separate window (SecReport Viewer).
· When viewing large reports (more than 600 entries), the viewer splits the display into 'Sections' in order to maintain reasonable performance. Use the left pane to select the required section.
3. Click on the ‘Save’ button to open the list of export options and select the desired option.
Automatic Report Distribution
Follow these steps to automatically send reports to specified user/s:
1. Web Service Configuration
1. First make sure that you have installed the Web Service msi file or that you have an active Web Service installed (to see explanation go to 'Installing SecReport ENT Web Service' chapter).
2. Choose the report from the list (left side of the console).
3. Click on 'Global Settings'.
4. In the 'SecReport Enterprise SMTP Configuration' window:
· Click on 'Connect to Web Service' in the 'Mode' section.
NOTE: if you selected 'connect to web service' during installation of the console msi file this option will be set automatically.
.gif)
· Fill in the relevant parameters:
SMTP Server Name – Type the path to your SMTP Server
Sender Email - Type E-mail address for report sender
User - Type sender's Exchange account
user name (or leave blank if
authentication is not required)
Password – - Type sender's exchange account
password (or leave blank if
authentication is not required)
Priority – - Set mail priority (high or low)
· Click on .gif)
'Test SMTP Server Connection'.
i) In the 'Auto Generate Report Options' define report logo, header and footer.
To change the default logo provided by Smart-X, see the chapter below.
· Click on 'Save Configurations'.
· Click on 'Exit' to return to the Console.
How to Change Web Report Logo
1. Create a new Logo file and save it in JPG format as
"Custom_Logo.JPG" file.
2. (recommended size 360 x 100 px)
3. Go to "..\SecReport.WebSite\images" folder on your
IIS Server
4. Replace "..\SecReport.WebSite\images\Custom_Logo.JPG"
with your new logo file.
2. Automatic Generation Settings
The 'Automate Reports' tab will allow you to set the schedule for automatic generation of report as well as mail parameters.
Please follow the steps below.
1. In the 'Automatic Generation' tab:
.gif)
· Click on 'Generate this Report Automatically' to enable the fields.
· Set the Schedule: .gif)
i) Choose schedule type: Once/ Daily/ Weekly/ Monthly (The fields in the box below will adjust according to your settings)
ii) Set schedule parameters:
· Set mail parameters:
. Click on 'Set this report by email' to enable the fields
. Fill in the relevant content according to your needs (to, subject, body etc.)
2. Click on 'Save Report Configurations' .
3. Use Impersonation
SecReport Enterprise enables you to use alternative credentials in order to generate the report.
When this option is not selected, the user running the Web Service will be used to scan the directory and generate the
report.
When this option is selected, the specified user will be impersonated and used for the report generation.
In order to use this option:
1. Open 'Automatic Generation' tab.
2. Click on 'Enable Impersonation'.
3. Type authorized user's credentials.
4. Click on 'Save Report Configuration'.
View Automatic Report
The automatic report will be sent with a link to a web display of the report.
Clicking on the link will open an internet browser with the following content:
Full Permission Report
1. Click on 'Full Permission Report' to display the report that was sent to you and click on 'Show Report'.
· The web viewer allows you to export the report to various formats or print it.
2. Click on 'Permissions changed since' to view a comparison between the sent report and an earlier report.
i) Choose the report you want to compare from the inbox.
· Click on 'Show Report'
· The web viewer will display a comparison similar to the 'Compare to..' function with a 'Permissions Removed' and a 'Permission Added' tab
3. Print or export the report using the fields in the tool bar.
Note: When viewing a report, each visit is registered and displayed in the 'Report History' tab of the SecReport Console.
Report History
This tab enables you to view which users have accessed and viewed the reports and also compare differences between recent and previously generated reports.
The 'Report History' tab displays a list of issued reports including various details regarding each report.
The 'Report History' display has filter and sort options, such as the 'Report Display' (See Chapter).
Report History Tool Bar
|
Icon |
Name |
Functionality |
|
 |
Show report in Grid |
loads the selected report to the 'Report Display' tab. |
|
|
Show report in Viewer |
loads the selected report to the SecReport viewer. |
|
.gif)
|
Refresh history |
refreshes the history display. |
|
|
Clear selected report history |
Deletes the history of the current report's configuration. Pay attention: all history of the current configuration will be deleted. |
|
|
Clear all |
Deletes all history of all report configurations. |
|
|
Global Settings |
Opens SMTP configuration window |
|
|
Help |
Opens a sub-menu with the following commands: |
|
|
|
|
|
|
Exit |
Closes the console. |
|
|
|
|
Report HIstory Options
Mark a report line and right click to receive the following options:
|
Icon |
Name |
Functionality |
|
|
Show |
Displays the selected report |
|
|
Show in grid |
Will load the report to the 'Report Display' tab |
|
|
Show in viewer |
Will load the report to the SecReport viewer. |
|
|
Delete |
Deletes the selected report |
|
|
Compare to… |
Opens a sub-menu with a list of previous reports from which you may select a report for comparison |
Compare to…
1. Select a report.
2. Right click --> 'Compare to…'
Note: you can only compare reports that were generated using the same configuration.
3. The following window will appear:
4. The Report Comparison window is divided into two tabs.
· ‘Permissions Removed’ shows the list of permissions that were removed from the reported folder
· ‘Permissions Added’ is highlighted with a red frame and shows the list of permissions that were added
to the reported folder.
.jpg "SecReport benefits")
