How do I configure Access Explorer for the first time?

In her previous post, What is Access Explorer, Angela shared an overview of Access Explorer, which is an Enterprise Reporter 2.0 service that scans and indexes security access information on files, folders, and shares on managed computers in managed domains. The data is stored in the Access Explorer database and can be used to see interactive, user-centric information at any given time. Using the Report Manager, you can run permission reports on this data.

To have a fully functional Access Explorer, there are a few configuration steps that you perform when you install Quest Enterprise Reporter Server for the first time.

Set up security groups

First, during the install process for Quest Enterprise Reporter Server, select either the Domain Local or Global security group types from the Database Wizard. If you choose the Local Group on SQL server option, Access Explorer will not be available.

Create an Access Explorer database

After Quest Enterprise Reporter is installed, you need to set up the Access Explorer database in the Configuration Manager.The Access Explorer database will store the data from the scans on the managed computers.

To set up the Access Explorer database

  1. Navigate to Access Explorer Management | Configuration | set up database.
  2. Click set up now.
  3. Enter the target SQL Server instance.
  4. Enter a name for your database. (The default database name is Reporter_AccessExplorer).
  5. Enter database access credentials.
  6. Click OK.

Add a managed domain

Next, set up the first managed domain. A managed domain contains the computers that you want to manage with Access Explorer. You do not need to add all the domains in your organization. You only need to add the domains that contain the computers you want to scan for security information.

During the initial setup, you need to add one managedomain. Once setup is complete, you can add more managed domains.

To set up the first managed domain

  1. Navigate to Access Explorer Management | Configuration | set up managed domain.
  2. Click set up now.
  3. Enter a managed domain DNS name.
  4. Enter the service account credentials.
    The service account must have administrative access to the specified domain.
  5. Click OK.

Once the Access Explorer managed domain setup is complete, the domain icon is displayed with a green check mark to show that it is configured. An option to Click for more configuration options is displayed. Selecting this option closes the one-time setup screen permanently and opens Access Explorer Management | Configuration.

Add a managed computer

A managed computer is one that is scanned by the Access Explorer agent for security data. When you add a managed computer, you have the option of installing a local agent on the same computer or configuring a remote agent installed on another computer. If you install a locally-managed computer, you can automatically install the agent with the computer, or install the agent manually later.

To install the Access Explorer agent locally

  1. Navigate to Access Explorer Management | Manage Computers.
  2. Click New Managed Computer, and choose Windows Server.
  3. Choose Locally Managed, and click Next.
  4. Choose Automatic installation by Enterprise Reporter, and click Next.

5. Choose the domain that contains the computers you want to manage.

6.  Select the computers you want to manage, and click Add

7. Click Finish.

The agent will now be installed on the selected computer. As the agent is installed, the status changes to reflect the progress of the installation. When the Status column is OK, the agent is installed. When the initial scan is complete, the Data State column displays Data Available.

Change the default scope of the scan

By default, the Access Explorer agent scans the entire root drive of the newly added managed computer. Once you add the managed computer, you can edit the settings to change the scope if you do not need to scan the entire root drive.

To change the default scope of the scan

  1. Select the managed computer, and click Edit.
  2. Open the Scopes tab.
  3. Clear the All folders check box.
  4. Select the folders you want to scan.
  5. Click OK.

What’s next?

In our next post about Access Explorer, Clarence will explore the ins and outs of when to use remotely managed computers and how to configure them.