Documente Academic
Documente Profesional
Documente Cultură
This document may not be reproduced by any means nor modified, decompiled, disassembled, published
or distributed, in whole or in part, or translated to any electronic medium or other means without the prior
written consent of SolarWinds. All right, title, and interest in and to the software, services, and
documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its
respective licensors.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of
SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and
may be registered or pending registration in other countries. All other SolarWinds trademarks, service
marks, and logos may be common law marks or are registered or pending registration. All other
trademarks mentioned herein are used for identification purposes only and are trademarks of (and may
be registered trademarks) of their respective companies.
page 2
Table of Contents
Get started with Access Rights Manager 4
Start the Access Rights Manager application and log in to the ARM Server 10
page 3
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
Basic configuration - Start and log in to the ARM Configuration application to perform some
preliminary configuration steps.
Activate your Access Rights Manager license - After completing the basic configuration,
activate ARM with a trial or full version license.
Start and log in to Access Rights Manager - After ARM has been activated, you can log in to the
ARM front-end GUI.
Add an Active Directory scan - Use the configuration GUI to set up your first Active Directory
scan.
Add a file system scan - Use the configuration GUI to set up your first file system scan.
page 4
Use the Configuration application for basic
configuration
Before you can run and use ARM for the first time, you need to run the configuration application by
navigating to Start > SolarWinds ARM > ARM - Config
After the Configuration application loads, you will see the Configuration log in screen.
The first time you log in, you can only log in as the user that installed ARM. Later, you can create more
users.
page 5
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
By default, the Configuration application will log into the local ARM Server you set up during installation.
You can use the advanced options to log in to a different ARM Server, change the server port, or change
the language.
Only one user can be logged into the ARM Configuration application at any given time.
l Define the credentials with which the ARM Server will use to run Active Directory requests.
l Define the SQL Server database that ARM will use, along with the required credentials.
l Active Directory service components must be installed and configured on the ARM Server.
l You must have access to a configured SQL server with valid user credentials or use the
embedded MS SQL Server Express installation.
After filling out the Active Directory and SQL Server configuration fields, the wizard will test that your
configuration is correct.
Click the diskette icon to save and submit your settings. The ARM service will restart.
After you have finished the basic configuration, you're ready to activate ARM using a trial or full version
license.
page 6
Activate your Access Rights Manager license
Before you can start using the fully functional version of Access Rights Manager, you need to activate it.
The ARM Configuration application will let you know if the activation was successful.
After completing the activation, you can log in and start using ARM.
page 7
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
page 8
Add a file system scan in Access Rights Manager
1. Start and log in to the Configuration application.
2. Click the Scans icon.
3. Select File server.
4. Select the file server that you want to scan. If needed, use the filter to narrow down a large list of file
servers.
5. Choose the ARM Server as the collector.
6. Click Apply. The file server scan will appear in the status window below.
7. Click the play button in the scan dialog to start the file server scan.
File server scans may take a long time depending on your file server performance and load, network
load, and the number of file server directories that need to be scanned.
page 9
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
After the ARM application loads, you will see the log in screen.
You must finish basic configuration before you can log in.
page 10
The first time you log in, you can only log in as the user that installed ARM. Later, you can create more
users.
By default, the ARM application will log into the local ARM Server you set up during installation. You can
use the advanced options to log in to a different ARM Server, change the server port, or change the
language.
page 11
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
In the next chapters we will guide you through some common and highly beneficial use cases.
Step-by-step process
page 12
2. You can find your search result in the directory section.
page 13
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
1. Select an access category filter. You can expand the tree to analyze how permissions
are build.
In this example the "Modify" filter has been chosen.
2. ARM lists all accounts with "Change" access rights to the Marketing directory in a
flat list - regardless of whether they are assigned directly, through groups, or nested
groups.
3. You can add additional filters for users, groups, contacts and computers to narrow
down the results further.
The report allows responsible managers to make information based decisions in order to answer two
central questions:
page 14
page 15
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
page 16
1. Name the report and add a comment.
2. The selected resource is automatically included in the list of objects to be analyzed.
You can add further resources.
page 17
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
We recommend that you set the options in the details area for a first run as shown above.
page 18
1. Open "Group Settings".
2. In order to reduce complexity we recommend selecting the "Usersview".
3. Set the output options. For example, you can schedule the report and set it to be
sent regularly by email.
4. Start the report.
page 19
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
Data owners now can verify whether the listed users should have access.
You should also check to see if the access rights of some users can not be reduced
for example from "full access" to "read" or "modify". This ensures a higher level of
data integrity.
page 20
Where do users and groups have access?
Background / Value
The report "Where has the user/group access?" lists all access rights of users and groups across all
selected resources (user in focus).
Step-by-step process
page 21
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
page 22
l Last login
l Object GUID
l Object SID
l SAM Account Name
l SAM Account type
l Group memberships
l Parents + children
l Purpose Group names
Step-by-step process
page 23
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
page 24
Step-by-step process
page 25
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
1. ARM activates the scenario "Where does a user/group have access"
2. ARM shows all resources that "Emily Employee" can access.
page 26
1. ARM shows all directories that "Emily Employee" can access on the file server.
2. In this example we have focused on the "Marketing" directory.
3. ARM shows the access rights for the "Marketing" directory.
4. The green arrow indicates the user "Emily Employee". This helps you identify which
resources "Emily Employee" can access, based upon the individual permission
paths.
5. The green circle with the exclamation mark indicates that the access rights on this
directory differ from the "parent" directory.
In practice, it often happens that you remove only one access path and then wonder why the user still has
access. With ARM you can see all existing access paths with just a few clicks. This is the basis for
completely removing all access paths.
page 27
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
Step-by-step process
In the resource view you will find many icons and symbols. Hover your mouse over
them to get more information and meaning, e.g. inheritance, propagation, group
types and so on.
page 28
If you find complicated group structures, we recommend the analysis in the account view.
Right-click on the user to open the context menu. Select "Show in accounts view...".
page 29
GETTING STARTED GUIDE: ACCESS RIGHTS MANAGER
Step-by-step process
1. Find the AD group by entering its name into the search field. For example:
"Marketing". Select the desired result from the Active Directory Resources section of
the drop-down.
2. If you can't find your resource click on "See more results".
page 30
1. The "Marketing" group is the focus of the following analysis.
2. Above the group you see other groups in the AD graph that the "Marketing Group is
a member in, the so-called "parents". All "parent" groups, both direct and indirect,
are listed on the left-hand side. Indirect "parents" are indicated by a blue arrow.
3. On the right hand side you can see the name of the group listed at the top.
Underneath it you can see a list of all "children", both direct and indirect, of the
group.
4. You can open and close the individual branches on the AD graph by clicking on the
icon. The number listed indicates the number of direct "parents" or "children".
page 31