Software that gathers, stores, and analyzes your network’s security information

Small Wonders Software designed Enterprise Security Reporter 1.75 to provide a central location at which network administrators can find the information they need to report on the security of their Windows 2000 and Windows NT networks. This tool uses a Distributed COM (DCOM)-enabled discovery object to gather security information from across the network, then stores all the collected data in a Microsoft SQL Server 7.0 or Microsoft Data Engine (MSDE) database for reporting and analysis.

I ran into a few snags installing Enterprise Security Reporter. I installed the software on a 350MHz dual Pentium II processor Win2K Server Service Pack 1 (SP1) system with 128MB of RAM. Initially, I selected the Custom installation option. Then I discovered that, by default, the installation process installs the core Enterprise Security Reporter components as well as Microsoft Data Access Components (MDAC), SQL Distributed Management Objects (SQL-DMO), and Crystal Reports. My system already had updated versions of these components, so I tried to install only Enterprise Security Reporter. The installation program continued running; however, when it finished, Enterprise Security Reporter wasn’t in my Start menu or the folder that the installation program had created. The only program available was the Database Maintenance program, which I ran. This program created a database, so I was left with a database without software to gather information to fill it. I went through the installation process again, this time selecting Typical instead of Custom. The installation program ran, and after I rebooted the machine, the program was installed and ready to gather information. I reported my custom installation problems to Small Wonders, and the vendor confirmed that there is a problem with the software.

As Figure 1 shows, this tool uses a DCOM-enabled discovery object to gather security information from across the network, then stores all the collected data in a Microsoft SQL Server 7.0 or MSDE database for reporting and analysis, consisting of three tabs: Report/Queries, Enterprise Scope, and Server List. I added one server at a time to the Services List tab and narrowed the criteria for data I wanted the software to gather. My network contains a mixed domain that has a Win2K domain controller (DC) that uses Active Directory (AD) and an NT 4.0 BDC. On the Server List tab, I added my BDC to the list and selected as the types of input criteria Groups, Users, Services, Shares, Registry, Folders, and permissions for Services, Shares, Registry, and Folders. I then clicked Begin Discovery on the Server List tab, which launched the Discovery Monitor. This tool let me watch the operation in realtime as the software attempted to connect to my BDC and pull the data back to my machine. I noticed Access is Denied messages as the software processed each criteria selection. The user’s guide instructs administrators to configure the software’s DCOM components with appropriate access permissions through dcomcnfg.exe. I had followed the user guide’s instructions exactly for configuring the Discovery Server component. I contacted Small Wonder’s technical support staff, who promptly advised me to also configure the Discovery Agent, another DCOM component that handled data collection. They pointed out where this information is in the manual, and I had overlooked this procedure. I configured the Discovery Agent to have Administrator privileges, then restarted the discovery process. This time the process ran smoothly, so I continued to add servers to the Server List tab, including my Win2K AD DC.

For large networks that contain many servers, Enterprise Security Reporter provides a Remote Agent, which moves the load of gathering data from the Discover Server to a remote server. This setup speeds the data-gathering process. My network has fewer than 10 servers, so I used only a local agent.

One feature that Enterprise Security Reporter’s lead developer described as the product’s "best-liked" feature is Delta Permissions Reporting, a tool that follows the permission trail from the parent folder to all subfolders and files. The reports that the tool generates from this information are fairly short because they include only files or folders that have explicitly different permissions than their parent folders. Delta Permissions Reporting uses symbols such as the addition sign (+) and subtraction sign (–) to show the specific addition or removal of permissions based on the parent folder. To test this feature, I created a folder called MyESRFolder that contained two folders, Docs and Scripts. I then set explicit permissions for Docs and Scripts that differed from MyESRFolder and each other. Next, I added a file to each folder, but didn’t give the files different permissions than Docs and Scripts. I added the MyESRFolder as a path in the software’s file discovery process. After the discovery ran and added the folders to my database, I opened the All Permissions On Computer report, which Figure 2 shows, from the Reports/Queries tab. This report displayed Docs and Scripts and their parent folder but not the files that Docs and Scripts contained because the files’ permissions didn’t differ from the folder in which they resided.

At this point, I had added 6 servers to my database. I consolidated three of them into an Enterprise Scope, Small Wonders’ parlance for categorizing servers for reports and queries. I was eager to test the software’s ability to create reports and queries. Small Wonders’ designed the software to use a runtime version of Seagate Software’s Crystal Reports, which the software includes. However, to produce custom reports from the Enterprise Security Reporter’s data, you must purchase the full version of Crystal Reports. You can refine reports using query parameters that the software creates. I chose to create a simple query that selected a few specific fields, such as username, comment, and LastLogon, from a table that stored user information. I added this query to the main menu and named it Rodney Info. The software displays query results in a format that you can print or export. The user’s guide includes a data dictionary and the online Help provides a diagram that explains the relationship of all the tables in a report.

If you need to create a custom query, you must have a working knowledge of SQL. The tool doesn’t include a graphical query designer tool that would simplify creating custom queries. In lieu of spending time creating custom queries, you can take advantage of the software’s Browse Data feature, which shows in realtime or historically the data that the software would include in a report. The downside to this feature is that you view only one element at a time. I was disappointed that the software didn’t provide instructions about designing a custom Crystal Reports report that works with Enterprise Security Reporter. The user guide alluded to an import function, but I couldn’t find this feature. After discussing this shortcoming with Small Wonders, I learned that most of the software’s users request custom reports directly from Small Wonders. From experimentation, I discovered that you can user the software’s supplied field definition files (.ttx) to generate custom reports and add them to Enterprise Security Reporter as queries.

The reports that Enterprise Security Reporter includes are useful. For example, a helpful feature in Crystal Reports that Enterprise Security Reporter takes advantage of is grouping similar data and providing links directly to that data from a navigation pane. This setup makes large reports easy to read and navigate through. However, I encountered a few problems trying to run some of the larger reports such as the Effective Permissions in Scope for Multiple Accounts, which timed out while querying the database. Through the Tools menu, Options selection, you can access a configurable Query Time Out property; I changed the default value of this property from 60 seconds to 300 seconds. On the second try, the same report timed out again. Only after I narrowed the query not to include Global Groups and Everyone did the software finally complete the 135-page report. Small Wonders agreed that the query times for these larger reports are extensive and the company’s representatives mentioned that the software includes a utility that lets you schedule the reports to run at nonpeak hours or overnight. The software doesn’t provide a report that let me see permissions for only folders or files. However, the reports such as Files Created in the Last N Days were informative.

Enterprise Security Reporter competently collects and stores Win2K and NT security data using proven enterprise-ready tools, such as DCOM and SQL Server, and the reports that the software delivers are sufficient for most administrator’s needs. The amount of data that the software gathers and analyzes requires you to have a top-end, server-class database server that can process hundreds of thousands of records in seconds. If your company’s security concerns are critical, and your control over that security is being undermined by the sheer size of your network, you’ll benefit from this software. The ability to design custom queries and reports, although this skill requires a marginal learning curve, earns my recommendation for this software.

Enterprise Security Reporter 1.75
Contact: Small Wonders Software * 407-248-2558
Price: Ranges from $299 per license for 41 to 50 licenses to $629 per license for 2 to 4 licenses
Decision Summary
Pros: Uses enterprise-ready technologies in DCOM and SQL Server; includes database dictionary and useful online Help; provides centralized installation of Remote Agents; has an intuitive GUI; the company lets customer feedback play a major role in software enhancements
Cons: Doesn’t include a graphical tool for designing or testing custom queries; requires a powerful database server to process large volume of gathered data; doesn’t clearly document how to design a Crystal Reports report that works with a custom Enterprise Security Reporter query