Enterprise Reporter Suite
Bring complete visibility to permissions, groups and assets with the Enterprise Reporter Suite
Simplified Microsoft platform security compliance and reporting
Enterprise Reporter Suite helps you keep your Microsoft environment — both on premises and cloud-based — secure and compliant. Comprehensive access assessments and built-in reporting provide deep visibility into Active Directory (AD)/Azure AD, Exchange/Exchange Online, Office 365, Azure, OneDrive for Business, Windows Servers, SQL Servers and NAS/SAN storage, including Azure resources, users, groups, permissions and other configurations.
Plus, the Enterprise Reporter Suite includes Security Explorer®, so you can quickly take action from within the Enterprise Reporter user interface to remove any inappropriate permissions. Security Explorer provides an array of additional security features, such as the ability to quickly grant, revoke, clone, modify and overwrite permissions from a central location. This combination of reporting and remediation facilitates security and compliance, enabling you to stay ahead of security vulnerabilities to prevent breaches.
Features
Security and compliance visibility
Improve compliance with security best practices, internal policies and external regulations with visibility into the configuration of all critical IT assets in your Windows environment:
- Active Directory/Azure AD — AD users, groups, roles, organizational units and permissions; Azure AD users, groups, roles and application service principals
- Exchange/Exchange Online — Mailboxes, mail-enabled users, distribution groups, public folders, permissions and more
- Office 365 — The security and configuration of critical IT assets in Azure Active Directory, Exchange Online and OneDrive for Business
- Windows servers — On-premises shares, files, folders, printers, registry keys and services
- OneDrive for Business — File and folder permissions, including whether content can be shared internally or externally
- SQL Server — Database security configuration, including users, logins, roles and database permissions
- Azure resources — VMs, disks, network security groups, storage accounts and more
Access assessment
Know who has access to what resources across the enterprise network. Tighten security and pass IT audits by ensuring that access is provided strictly on a need-to-know basis.
Improved insights with IT Security Search
Correlate disparate IT data from numerous systems and devices into an interactive search engine for fast security incident response and forensic analysis. Include user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.
Pre- and post-migration analyses
Plan for a migration or consolidation project with increased visibility to user and group dependencies, object matches and potential conflicts, and unused or disabled accounts as well as where resources, computers, files and folders exist. Easily decide what needs to be migrated before you begin and ensure the correct data and permissions were migrated after the move.
Visibility into tenants, subscriptions and licensing
Easily optimize Office 365 license allocation and service plan decisions with visibility into your tenants, subscriptions and licensing service plans.
Hosted resource optimization
Optimize Azure resource usage by gaining visibility into virtual machines and disk deployment, including how many, how large, how they are configured and more, so you can save on unnecessary and underutilized resources.
Capacity planning
Report on and manage storage capacity planning and allocation on a variety of devices, including Windows file servers, network attached storage (NAS) and storage area networks (SANs).
Scalable data collection
Scale to environments of any size and geographic distribution. Schedule collections during off-peak hours to minimize the impact of data collection on network and server performance, and leverage the distributed collection architecture for load balancing.
Efficient storage
Reduce database storage requirements and save more change history data by comparing discoveries and storing only the changes.
Automated reporting workflows
Ensure stakeholders get the reports they need, when they need them, with automated report generation and flexible scheduling of report delivery.
Separation of duties (SoD)
Honor departmental and business function boundaries by enabling auditors, help desk staff, IT managers and other stakeholders to get exactly the reports they need and nothing more.
Customizable reports
Perform effective data analysis that meets the unique informational needs of your organization using predefined reports or creating new reports. Customize with advanced filtering and export multiple formats, including PDF, HTML, MHT, RTF, XLS, XLSX, CSV, text and images.
Common reporting portal
Export reports to our software knowledge portal for a unified reporting interface across the entire family of Quest security and compliance solutions.
Security Explorer Features
Centralized permissions management
Make targeted or bulk changes to servers with the ability to grant, revoke or modify permissions. View and manage group membership settings directly in the access control list for a resource. Overcome access-denied errors by forcing permissions onto protected objects.
Enterprise–wide rights review
Eliminate the need to manually search each server for permissions. Search for inherited or explicit permissions on AD, file servers, Exchange server, SQL Server and SharePoint. Even search for permissions to services, tasks, users and groups.
Advanced security and permissions
Quickly back up permissions to take a baseline of your access controls, and revert to that baseline at any time to easily recover from accidental or malicious changes without having to restore data. Improve security and ensure that compliance requirements are enforced.
Complete reporting
Export a database or spreadsheet listing the permissions on items anywhere in the directory tree. Filter the results to show only permissions that differ from the parent folder. Perform targeted searches for all locations that a particular group or user has access to across the network and export this data to create ad-hoc security reports.
Intuitive access controls
Security Explorer can back up and restore security settings to an alternate location, so you can be sure that appropriate access is in place on the new servers.
Tour
Complete platform reporting
Configuration Manager
Customize report layout
Field customization
Quick remediation
IT Security Search
Extend attributes
Specifications
- Memory
-
- Minimum: 16 GB RAM
- Recommended: 16 GB RAM
- Processor
-
- Intel or AMD 2 GHz multiprocessor (with at least 2 cores)
- 64-bit processor
- Hard disk space
-
Disk space requirements will vary with the Enterprise Reporter components you install:
- Server—10 GB
- Configuration Manager—2 GB
- Discovery Node—10 GB for installed files, plus extra space (10GB-100GB) for processing discoveries. Space required varies with the amount of data collected.
- Report Manager—10 GB
- Database size varies with the amount of data you collect
- The file share that you use for the Shared Data Location will require space for storage of collected data. Space required varies with the amount of data collected.
- Total disk size if all components are on the same system—100 GB
- Memory
-
- Minimum: 16 GB RAM
- Recommended: 16 GB RAM
- Processor
-
- Intel or AMD 2 GHz multiprocessor (with at least 4 cores)
- 64-bit processor
- Hard disk space
-
100 GB or more for larger environments
The Enterprise Reporter database is the storage location of all data collected for reporting. As such, the amount of hard disk space required is directly related to the amount of data being collected. The Database Size Estimator tool shipped with Enterprise Reporter can help determine how much space will be required.
SQL Server performance is needed to support inserting data into the database tables and to support querying that data for reporting purposes. To improve the performance of data collection or reporting, consider enhancing the SQL Server memory and processor.
Larger environments may have additional requirements for memory, processor, and hard disk space. There are many factors that can effect these requirements. For additional information please see release notes.
The following operating systems are supported for Enterprise Reporter components.
NOTE: It is not recommended that the server or console be installed on a domain controller.
- Computers
-
- Windows Server® 2016
- Windows Server® 2012 R2
- Windows Server® 2012
- Windows Server® Core 2012 R2
- Windows Server® Core 2012 R2 Cluster
- Windows Server® Core 2012
- Windows Server® Core 2012 Cluster
- Windows Server® 2008 R2 with Service Pack 1
- Windows Server® Core 2008 R2 with Service Pack 1
- Windows Server® Core 2008 R2 with Service Pack 1 (64 bit) Cluster
- Windows Server® 2008 with Service Pack 2 (64 bit)
- Computers
-
- Windows Server® 2016
- Windows Server® 2012 R2
- Windows Server® 2012
- Windows Server® 2008 R2 with Service Pack 1
- Windows Server® 2008 with Service Pack 2 (64 bit)
- Windows® 10
- Windows® 8.1
- Windows® 8 (64 bit)
- Windows® 7 with Service Pack 1 (64 bit)
- Windows Vista® with Service Pack 2 (64 bit)
- Computers
-
- Windows Server® 2016
- Windows Server® 2012 R2
- Windows Server® 2012
- Windows Server® Core 2012 R2
- Windows Server® Core 2012 R2 Cluster
- Windows Server® Core 2012
- Windows Server® Core 2012 Cluster
- Windows Server® 2008 R2 with Service Pack 1
- Windows Server® Core 2008 R2 with Service Pack 1
- Windows Server® Core 2008 R2 with Service Pack 1 (64 bit) Cluster
- Windows Server® 2008 with Service Pack 2 (64 bit)
- Domain Functional Levels
-
- Windows Server® 2016 Functional Level
- Windows Server® 2012 R2 Functional Level
- Windows Server® 2012 Functional Level
- Windows Server® 2008 R2 Functional Level
- Windows Server® 2008 Functional Level
- Windows Server® 2003 R2 Functional Level
- Computers
-
- Windows Server® 2016
- Windows Server® 2012 R2
- Windows Server® 2012
- Windows Server® Core 2012
- Windows Server® 2008 R2 with Service Pack 1
- Windows Server® Core 2008 R2 with Service Pack 1
- Windows Server® 2008 with Service Pack 2 (64 bit and 32 bit)
- Windows Server® 2003 R2 with Service Pack 2 (64 bit)
- Windows Server® 2003 R2 with Service Pack 2 (64 bit and 32bit)
- Windows® 10
- Windows® 8.1
- Windows® 8 (64 bit and 32bit)
- Windows® 7 with Service Pack 1 (64 bit and 32 bit)
- Windows Vista® with Service Pack 2 (64 bit and 32 bit)
- Windows® XP Professional with Service Pack 3 (64 bit and 32 bit)
- Network Attached Storage (NAS) Devices
-
- Dell FluidFS 6.0
- Dell FluidFS 5.0
- NetApp® Filer - Data ONTAP® 8..x – 9.x and above (Cluster mode is supported as of version 8.2)
- EMC Isilon OneFS (Collections require a secure connection to Isilon with a valid certificate)
- EMC VNX 7.1.47.5 X (Supported by collecting as a Windows Server)
- EMC VNX 7.0.35.3 X (Supported by collecting as a Windows Server)
- Computers
-
- Windows Server® 2016
- Windows Server® 2012 R2
- Windows Server® 2012
- Windows Server® Core 2012
- Windows Server® 2008 R2 with Service Pack 1
- Windows Server® Core 2008 R2 with Service Pack 1
- Windows Server® 2008 with Service Pack 2 (64 bit and 32 bit)
- Windows Server® 2003 R2 with Service Pack 2 (64 bit)
- Windows Server® 2003 R2 with Service Pack 2 (64 bit and 32bit)
- Windows® 10
- Windows® 8.1
- Windows® 8 (64 bit and 32bit)
- Windows® 7 with Service Pack 1 (64 bit and 32 bit)
- Windows Vista® with Service Pack 2 (64 bit and 32 bit)
- Windows® XP Professional with Service Pack 3 (64 bit and 32 bit)
- Network Attached Storage (NAS) Devices
-
- Dell FluidFS 6.0
- Dell FluidFS 5.0
- NetApp® Filer - Data ONTAP® 8..x – 9.x and above (Cluster mode is supported as of version 8.2)
- EMC Isilon OneFS (Collections require a secure connection to Isilon with a valid certificate)
- EMC VNX 7.1.47.5 X (Supported by collecting as a Windows Server)
- EMC VNX 7.0.35.3 X (Supported by collecting as a Windows Server)
- SQL Server Instances
-
- SQL Server® 2017
- SQL Server® Clusters
- SQL Server® 2016
- SQL Server® 2014
- SQL Server® 2012
- SQL Server® 2008 R2
- SQL Server® 2008 with Service Pack 2
- SQL Server® 2005 with Express Service Pack 3
- SQL Server® 2005 with Service Pack 3
- Exchange Servers
-
- Exchange Online™
- Exchange® 2016
- Exchange® 2013
- Exchange® 2010
- Exchange® 2007
- Exchange® Mixed Modes (2007-2010, 2010-2013, 2007-2013)
The follow versions of Active Roles are supported as targets of Active Directory discoveries. See the Active Roles web site for hardware and software requirements for your version of Active Roles:
- Active Roles 7.2.1
- Active Roles 7.1.2
- Active Roles 7.0.4
- Active Roles 7.0.2
- Active Roles 6.9.0
Enterprise Reporter can be configured to send discovery information to the following versions of IT Security Search. See the IT Security Search web site for the hardware and software requirements for your version of IT Security Search.
- IT Security Search 11.4
- IT Security Search 11.3
The following versions of SQL Server® are supported for the Enterprise Reporter database. See the Microsoft® web site for the hardware and software requirements for your version of SQL Server®:
- SQL Server® 2017
- SQL Server® 2016
- SQL Server® 2014
- SQL Server® 2012
- SQL Server® 2008 R2
- SQL Server® 2008 with Service Pack 2
- SQL clusters and database mirroring are supported for your deployment, including
- SQL Server® 2016 Always On
- SQL Server® 2014 Always On
- SQL Server® 2012 Always On
- Using SQL Server Certificates
-
SSL Encryption of SQL Server Connections using Certificates
Enterprise Reporter can be configured to work with a SQL Server® instance. To secure communications while working with Enterprise Reporter, data sent over connections to the SQL Server can be encrypted using an SSL certificate.
The steps required to configure this encryption are as follows.
- Using the Microsoft Management Console (MMC):
- install the Certificates snap-in for the SQL Server® host computer
- import the certificate to the SQL Server® host computer
- Using SQL Server Configuration manager:
- configure the SQL Server® to use the certificate
- configure the SQL Server® to force encryption
- Restart the SQL Server® host computer
- Import the certificate to all Enterprise Reporter computers that will need to communicate with the SQL Server®, such as:
- Enterprise Reporter server host computer
- Enterprise Reporter nodes
- Enterprise Reporter Configuration Manager host computer
- Enterprise Reporter Report Manager host computer
- Install Enterprise Reporter on a host computer
- Using the Microsoft Management Console (MMC):
The following required software is required for Enterprise Reporter.
- Microsoft®.NET Framework 4.6
- Microsoft®.NET Framework 4.0 (Full)
- Microsoft®.NET Framework 3.5 Service Pack 1
- Microsoft® Excel® (required to view reports exported as spreadsheets)
- Microsoft® Excel® 2010
- Microsoft® Excel® 2013
- PowerShell™ 3.0
- Active Roles Required Software
-
To collect Active Roles information, the following software is required on the computer where the Enterprise Reporter Configuration Manager is installed and on the computer where the Enterprise Reporter node is installed:
- ADSI Provider (the version must match the Active Roles version)
For more information and installation instructions, see the Active Roles Quick Start Guide. The following additional considerations are required:
- There must be a trust between the Enterprise Reporter domain and the Active Roles domain.
- The credentials used for the Active Roles discovery must have access to the Active Roles domain.
- Exchange Required Software
-
To collect Exchange® 2007 information, the following additional considerations are required:
- Exchange® 2007 Management Tools must be installed on the computer where the Enterprise Reporter node is installed and must be in the same forest as the 2007 Exchange Organization.
- It is highly recommended to put the computer where the Enterprise Reporter node is installed within the target Exchange® 2007 domain.
-
To collect Exchange mailbox folders, the following additional considerations are required:
- Impersonation needs to be configured on the Exchange organization. Refer to your Exchange Server document or use the following method to set up role assignments.
- Powershell can be used to add an assignment
New- ManagementRoleAssignment–
Name: impersonationAssignmentAdministrator-
Role: ApplicationImpersonation –User:Administrator
- Alternatively, you can create an administrator role with ApplicationImpersonation role assigned to it and add the required account as a member (or assign ApplicationImpersonation role to an existing administrator role)
- Powershell can be used to add an assignment
- Impersonation needs to be configured on the Exchange organization. Refer to your Exchange Server document or use the following method to set up role assignments.
- OneDrive Required Software
-
To collect OneDrive information, the following additional software is required:
- Microsoft SharePoint Online Management Shell
NOTE: PowerShell 3.0 and Microsoft SharePoint Online Management Shell are required on the node machines to collect OneDrive configuration settings.
NOTE: In addition, for OneDrive configuration settings to be collected successfully, an authorized connection must be established to the SharePoint Online service. To allow for credentials to be specified for your tenant, the “LegacyAuthProtocols” setting must be enabled on your tenant. To set this on your tenant, run the following commands using the Microsoft SharePoint Online Management Shell. This action must be performed on any node machine with Microsoft SharePoint Online Management Shell installed.
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Import-Module -Name Microsoft.Online.SharePoint.PowerShell
Connect-SPOService -Url "<full tenant name>"
Set-SPOTenant -LegacyAuthProtocolsEnable $True
Disconnect-SPOService
- Azure Required Software
-
To collect Azure information, the following additional software is required:
- Microsoft Azure Active Directory Module for Windows PowerShell
NOTE: Microsoft Azure Active Directory Module for Windows PowerShell is required on the node machines to collect multi-factor authentication attributes for Azure Users.
The following services are required on the Enterprise Reporter server and nodes.
- Net.TCP Port Sharing
The following services must be enabled on discovery targets for collections.
- Remote Registry
- Windows Management Instrumentation (WMI)
For more information see the release notes.
Resources
Enterprise Reporter Suite
Simplify Microsoft on-premises and cloud-based platform security and compliance reporting
Improve Your Security Posture with Enterprise Reporter for Active Directory
Enterprise Reporter can help you improve your security posture. This tech brief describes the top 10 AD security reports you should run on a regular basis to reduce your attack surface and thwart attackers.
Modernizing Active Directory for Azure and Office 365
A move to the cloud requires Azure AD and Azure AD requires a modernized, on-premises AD. Failing this modernization, the complexities of integrating into Azure AD grow and the benefits of Office 365 shrink.
2017 Spotlight Report: Cloud Security
In this new report from the Information Security Community on LinkedIn, you will learn how your peers are approaching cybersecurity in the era of cloud, including the latest trends and benchmarks to gauge how your own organization stacks up.
OneDrive for Business Security and Monitoring
Explore the native options for configuring, securing and auditing your OneDrive for Business environment, and their limitations.
Why Your Company Needs Third Party Solutions for Office 365
Nearly 1/3 of the companies implementing Office 365 plan to use a less expensive plan in conjunction with more robust tools for security and management.
How to Mitigate the Insider Threat
This eBook provides solutions to stop insider threats, manage privileged accounts, simplify GPO management and administration.
Enhancing Active Directory Security and Lateral Movement Security
Limit lateral movement by attackers inside your network with these best practices and Quest solutions.
- More Resources
- Communities
- Events & Demos
- Research Docs
- Videos
Take the next step
Related Products
Enterprise Reporter for Active Directory
Gain deep visibility into discovery, reporting and project planning on AD and Azure AD
Enterprise Reporter for File Storage Analysis
Easily perform capacity planning with efficient file storage analysis and reporting
Enterprise Reporter for SQL Server
Gain in-depth visibility into SQL Server database configuration, permissions and more
Enterprise Reporter for Windows Servers
Simplify discovery, reporting, and assessment on Windows Servers, NAS, and OneDrive for Business
Change Auditor for Windows File Servers
Track, audit and receive reports on all Windows File Server real-time system changes
Change Auditor for Active Directory
Ensure security, compliance and control of AD and Azure AD.
Security Explorer
Manage Microsoft server security in real time from a single platform.
Support & Services
Product Support
Self-service tools will help you to install, configure and troubleshoot your product.
Support Offerings
Find the right level of support to accommodate the unique needs of your organization.