Chat now with support
Chat mit Support

Active Administrator 8.6.2 - Installation Guide

Installation Considerations for Active Administrator Installing and configuring Active Administrator Appendix: Active Administrator Server Manager

Installing audit agents

To collect data on a computer, you must install and activate the audit agent. A wizard guides you through installing the audit agent.

1
Select Auditing & Alerting | Agents.
2
Click Install.
3
Click Next.
5
If necessary, click Find Domain Controllers.
7
Click Next.

Install on target Domain Controller(s)

By default, the audit agent is installed on the domain controllers you selected on the previous page.

Audit from an agent on the following computer

Select to install the audit agent on a computer in the domain. Type a computer's fully qualified domain name in the box, or browse to locate a computer.

Start collecting events immediately after installation of the agent

By default, the audit agent is activated and collection begins immediately upon completion of the installation process. Clear the check box if you want to activate the audit agents manually.

Enable agent monitoring and recovery

By default, Active Administrator monitors the status of the audit agent.

9
Click Next.
10
In the Run as box, type an account with domain administrator rights, or browse to locate an account, and enter the password.
11
To verify the account, click Test Audit Agent Account.
12
Click Next.
14
Click Next.
15
Click Finish.
The Audit Agent page lists the domain controllers you selected, the time and date of the last event collected, the status of the audit agent and the advanced audit agent, the name of the server on which Active Administrator is installed, and the version number of the audit agent installed on the domain controller.

You can view details about the install in the AuditAgentInstall*.log file, which is located here: Program Files\Quest\Active Administrator\Server\Logging.

Creating alerts

A wizard guides you through creating a new Active Administrator® alert. Alerts provide you the opportunity to combine different conditions into one alert that is sent to specified email recipients. You also can add a filter to the alert to further isolate audit events for the recipient.

1
Select Auditing & Alerting | Alerts.
2
Click New.
3
On the Welcome page, click Next.
6
Click Next.
To add a new email address, click Add and type the email address.
8
Click Next.
To filter the list, type text in the Filter box. The list changes as you type characters. The definitions displayed contain the characters you type. For example, if you type com, the definitions displayed may contain the words Completed or Computer.
To show only selected definitions, open the Show box, and choose Selected.
To show only unselected definitions, open the Show box, and choose Unselected.
10
Click Next.
a
Click Add to add a new alert filter.
Click Edit to edit a selected alert filter.
b
Select if the email Contains or Does not contain the condition text.
d
By default the filter conditions are combined using the OR operator. If you want to connect with the AND operator, select AND all conditions.
12
Click Next.
a
Click Add to add a new quiet time.
Click Edit to edit a selected quiet time.
b
Select Enabled. To disable a quiet time, clear the check box.
c
Select All Days or specify a specific day.
14
Click Next.
a
Click Add to add a new threshold.
Click Edit to edit a selected threshold.
b
Select Enabled. To disable a threshold, clear the check box.
19
Click Next.
a
Select Enabled. To disable an action, clear the check box.
e
16
Click Next.
18
Click Finish.

Setting up workstation logon auditing

With workstation logon auditing, you can audit user logon and logoff events including lock and unlock. Enabling the default port adds these workstation events to the event definitions:

See also:

Deploying the workstation logon audit agent

To audit user logon events, you must enable workstation logon auditing and deploy the workstation logon audit agent to workstations and member servers. Once enabled, the workstation logon auditing service will send messages to the Active Administrator® server.

1
Select Configuration | User Logon Agent Settings.
3
Click Save.
Copy ActiveAdministrator.admx to C:\Windows\PolicyDefinitions on the domain controller.
Copy ActiveAdministrator.adml to C:\Windows\PolicyDefinitions\en-US on the domain controller.
Copy Active Administrator 8.6.2 Workstation Audit Agent.msi to a share where everyone has access.
3
Start Active Administrator 8.6.2 Workstation Audit Agent.msi.
6
Click Install.
7
Click Finish.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen