Chat now with support
Chat mit Support

Change Auditor 7.1.1 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Change Auditor Overview

Change Auditor provides total auditing and security coverage for your enterprise network. Change Auditor audits the activities taking place in your infrastructure and, with real-time alerts, delivers detailed information about vital changes and activities as they occur. Instantly know who made the change including the IP address of the originating workstation, where and when it occurred along with before and after values. Then automatically turn that information into intelligent, in-depth forensics for auditors and management — and reduce the risks associated with day-to-day modifications.
Audit critical changes across your enterprise including Active Directory, Azure Active Directory, Office 365 Exchange Online\SharePoint Online\OneDrive for Business, Exchange, Windows File Servers, NetApp, EMC, SQL Server, VMware vCenter, SharePoint, Microsoft Skype for Business, and Fluid File Systems.
Collect user login and log out activity for regulatory compliance and user activity tracking.
Automate ongoing compliance with tracking and reporting for compliance initiatives such as SOX, PCI-DSS, HIPAA, FISMA, GLBA, and more.
Speed troubleshooting through real-time insight into changes with a comprehensive audit library including built-in audit alerts, reports, and powerful searches.
Proactively protect (lock down) critical Active Directory objects, Exchange mailboxes, and Windows files and folders from harmful changes that could open security holes or cause resources to become unavailable.
Modular approach allows separate product deployment and management for key environments including Active Directory, Exchange, Windows File Servers, NetApp, EMC, SQL Server, Active Directory Queries, SharePoint, Logon Activity, and Skype for Business.
Track, audit, report, and alert on critical changes made using Quest Authentication Services and Quest Defender.

Available Change Auditor auditing modules

Continually being in-the-know helps you to prove compliance, drive security, and improve uptime while proactively auditing changes to configurations and permissions. You can automatically generate intelligent, in-depth reports, protecting you against policy violations and avoiding the risks and errors associated with day-to-day modifications.

Quest provides the following products to help you track, audit, report, and receive alerts on vital changes and activity:

 

Table 1.  
Available auditing
Benefits

Quest Change Auditor for Active Directory

Drives the security and control of Active Directory by tracking vital configuration changes to users, groups, nested groups, GPOs, computers, services, registry, local users and groups and DNS — without the overhead costs of system provided auditing. You can also lock down critical Active Directory, ADAM (AD LDS), and Group Policy objects, to protect them from unauthorized or accidental modifications or deletions.

Change Auditor for Active Directory also audits activity in Microsoft Azure Active Directory.

Correlating activity across the on-premises and cloud directories, provides a single pane-of-glass view of your hybrid environment and makes it easy to search all events regardless of where they occurred.

Quest Change Auditor for Exchange

Simplifies auditing the activities taking place in your entire Exchange environment. You can audit over 300 Exchange events covering owner and nonowner mailbox changes, server configurations and permissions, and more.

Through the Exchange Mailbox protection feature, you can prevent unwanted access to Exchange mailboxes, making it much more difficult for rogue administrators to access critical mailboxes.

You can also audit Office 365 Exchange Online configuration and permission changes.

Quest Change Auditor for Windows File Servers

Enables administrators to achieve the comprehensive auditing coverage of system provided tools without the mass of cumbersome data that system provided event logs generate. You can audit activity related to files and folders, shares, and changes to permissions.

Change Auditor provides an access control model that allows administrators to protect business-critical files and folders on the file server.

Quest Change Auditor for EMC

Eliminates the time and complexity of system provided auditing by providing EMC Celerra/VNX file and folder changes in real time and translating events into plain English.

Quest Change Auditor for NetApp

Eliminates the time and complexity of system provided auditing by providing NetApp file and folder changes in real time and translating events into plain English.

Quest Change Auditor for SQL Server

Provides database auditing to secure SQL database assets with extensive, customizable auditing and reporting for all critical SQL changes including broker, database, object, performance, and transaction events, plus errors and warnings.

Helps tighten enterprise-wide change and control policies by tracking user and administrator activity such as database additions and deletions, granting and removing SQL access.

SQL Data Level auditing allows you to audit changes to databases and tables.

Quest Change Auditor for Active Directory Queries

Monitors directory access across all domain controllers in the environment and aggregates that information in a central database identifying LDAP-enabled applications and how they use Active Directory. The LDAP access data can then be used during Active Directory forest migration and restructuring projects.

Quest Change Auditor for SharePoint

Provides centralized auditing, including configuration, event collection and reporting, for Microsoft SharePoint 2010, SharePoint 2013, SharePoint 2016, and SharePoint 2019 servers and farms. It provides built-in queries and reports that focus on auditing the following areas:
Access to content in SharePoint sites
Modifications of content (creation, modification, and deletion)
Changes to permissions and security settings

You can also audit Office 365 SharePoint Online and OneDrive for Business changes.

Quest Change Auditor for Logon Activity

Change Auditor for Logon Activity has removed the dependency on InTrust and the Change Auditor Data Gateway Service to capture user logon activity. This auditing module consists of two licenses (one for server agents and another for workstation agents) and may be used to collect logon activity events for regulatory compliance and user activity tracking.
The Change Auditor for Logon Activity User license enables server agents to audit authentication activity, domain controller authentication activity (Kerberos), and user logon session activity (the actual time spent on a server).
The Change Auditor for Logon Activity Workstation license enables workstation agents to audit authentication activity and user logon session activity (the actual time spent on a workstation).

Quest Change Auditor for Skype for Business

Allows you to audit configuration and security setting changes in Microsoft Skype for Business Server 2015 and Microsoft Lync Server 2013, providing change notifications for Skype user setup, permissions, and application configuration from the Microsoft Skype for Business Server 2015 / Microsoft Lync Server 2013 Central Management Store (CMS).

Quest Change Auditor for Authentication Services

Authentication Services enables organizations to extend the security and compliance of Active Directory to Unix, Linux, and Mac platforms and enterprise applications. Using Change Auditor for Authentication Services, users of Authentication Services can audit on critical changes to:
Unix/Linux/Mac-related data for Active Directory users, groups, computers, NIS objects, and Authentication Services personalities
Unix/Linux/Mac settings in Group Policy Objects
NOTE: Authentication Services auditing is only available if you have licensed Change Auditor for Active Directory. If you do not have a valid license you can use the features, however, associated events are not captured.

Quest Change Auditor for Defender

Enhances security by enabling two-factor authentication to network, Web, and applications-based resources. Defender was designed to base all administration and identity management on an organization’s existing investment in Active Directory and eliminates the costs and time involved in setting up and maintaining proprietary databases. Change Auditor for Defender tracks changes to user accounts enabled with Defender tokens in Active Directory.

Because Defender extends the Active Directory schema, once the Change Auditor for Defender auditing is enabled, agents installed on Domain Controllers detect any changes made to the Defender-specific attributes in Active Directory and generate events. No audit template is needed.

NOTE: Defender auditing is only available if you have licensed Change Auditor for Active Directory. If you do not have a valid license you can use the features, however, associated events are not captured. To verify that it is licensed, right-click the coordinator icon in the system tray and select Licensing.

Quest Change Auditor for VMware vCenter

Helps to ensure the security, compliance, and control of event activity and the security of VMware vCenter Server. It audits, reports, and provides alerts on all changes to the platform in real time, making VMware monitoring easy. You can analyze events and changes without complexity and fear of unknown security concerns, and be confident that compliance demands satisfy the scrutiny of any auditor.

Change Auditor for VMware vCenter is freeware and included with other Change Auditor modules.

Quest Change Auditor for Fluid File System

Eliminates the time and complexity of system provided auditing by providing Fluid File System file and folder changes in real time.

 

Agent Deployment
Deployment page
Deploy agents
Change the agent installation location and system tray option
Enable auto deployment
Refresh or clear Deployment page information

Deployment page

The Deployment page displays all the servers and workstations discovered in your Active Directory environment. From here, you specify the servers and workstations (if the Change Auditor for Logon Activity Workstation license is applied) to host a Change Auditor agent.

The first time you open Change Auditor, the Deployment tab is available for you to deploy agents. After agents are deployed, use the View | Deployment menu to open the page.

* 
NOTE: The Deployment page does not display non-member objects, such as ADAM workgroup servers or non-Active Directory workstations, because agents cannot be deployed to non-member objects using the Deployment tab. See the Change Auditor Installation Guide for information about manually installing agents to workgroup servers or non-Active Directory workstations.
Filter the fields on the Deployment page

The Deployment page may contain the following for each server and workstation discovered in your Active Directory forest. To display fields other than the defaults, click the Field Chooser located to the far left of the column headings and select the columns to display.

 
Table 1. Deployment page: Field descriptions
Column
Default
Description

Agent Status

Yes

Displays the current deployment status:
Active
Inactive
Pending
Copying Files
Executing Installer
Uninstalled

Coordinator

No

Displays the computer name of the coordinator to which the agent is connected.

Creds

Yes

Indicates whether user credentials have been entered for the selected domain. To enter the credentials to use to install agents on a domain, click Credentials.

Deployment Result

Yes

Indicates the status of the last deployment task:
Success - agent was successfully deployed
Valid Creds - user credentials have been verified; you can schedule a deployment task
Access Denied - user credentials are not valid; use the Credentials command to enter the proper user credentials for installing an agent on the selected domain
The target version is already installed - no action required.
NOTE: You can select Clear Results to clear the entry in this column for the selected server.

DN

No

Displays the distinguished name of a server. (The ‘path’ to the server in the Active Directory schema.)

DNS Name

No

Displays the DNS name of a server.

Domain

Yes

Displays the name of the domain where a server is located.

Exchange Server

No

Indicates whether Exchange is installed on a server.

Foreign Forest

No

Indicates whether an agent is connected to a coordinator in a foreign forest.

Forest

No

Displays the name of the forest where the agent resides.

GC

No

Indicates whether the server is a Global Catalog server.

Installation

No

Displays the installation name assigned to the coordinator to which the agent is connected.

IP Address

No

Displays the IP address of a server.

Name

Yes

Displays the NetBIOS name of a server.

Operating System

No

Displays what version of the operating system is running on a server.

Read-Only DC

No

Displays the Read-Only DCs.

Site

No

Displays the name of the site where a server resides.

Type

No

Displays the type of server:

Server - member servers joined to the domain
Domain Controller - domain controllers joined to the domain
Read-Only - domain controller servers that are read-only
Global Catalog - domain controller servers designated as Global Catalog servers
Workstation - workstations that are joined to the domain
NOTE: Non-member objects are not included in the Deployment tab because you cannot use this tab to deploy agents to objects which are not a member of the local forest.

See the Change Auditor Installation Guide for information about deploying agents to workgroup servers or non-Active Directory workstations.

Version

Yes

Displays the version number of the Change Auditor agent currently installed on a server.

When

No

Displays the date and time for a scheduled deployment task. That is, the date and time entered on the Install or Update dialog (or Uninstall dialog) when the When option is selected.

NOTE: Based on the client’s current local date and time. The format used to display this date and time is determined by the local machine’s regional and language setting.
 

Workstation

No

Indicates whether the agent is a workstation agent used for capturing user logon activity when the Change Auditor for Logon Activity Workstation auditing module is licensed.

Filter the computers on the Deployment page

In addition to selecting the fields, you can define what type of computers to display.

The following table describes how to use these controls to filter the content displayed on the Deployment page.

 
Table 2. Deployment page: Filter controls
Control
Description

Type

Use the left-most control to specify the type of Active Directory objects to be included in the display:
All - select to display all domain controllers, member servers and workstations in the forest, domain or site
DCs - select to display all domain controllers in the forest, domain or site
Read-Only DCs - select to display the Read-Only domain controllers in the forest
Servers - select to display the servers in the forest, domain or site
Workstations - select to display the workstations in the forest, domain or site
NOTE: Non-member objects are not included in the Deployment tab because you cannot use this tab to deploy agents to objects which are not a member of the local forest.
NOTE: See the Change Auditor Installation Guide for information about deploying agents to workgroup servers or non-Active Directory workstations.

Active Directory view

By default, the Deployment page provides a forest view of the servers found. However, you can use the right-most controls to limit your view to an individual domain or site.

Use the middle control to select the Active Directory view (forest, domain, or site) then use the right-most control to select an individual forest, domain, or site for which servers and workstations are to be displayed.

Self-Service-Tools
Knowledge Base
Benachrichtigungen und Warnmeldungen
Produkt-Support
Software-Downloads
Technische Dokumentationen
Benutzerforen
Videoanleitungen
RSS Feed
Kontakt
Unterstützung bei der Lizenzierung
Technische Support
Alle anzeigen
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen