Chat now with support
Chat mit Support

Change Auditor 7.2 - Installation Guide

Installation Overview Install Change Auditor Add Users to Change Auditor Security Groups Connecting to the Clients Deploy Change Auditor Agents Upgrade Change Auditor Installation Notes and Best Practices Deployment Options Workstation Agent Deployment Agent Comparison Install an agent to audit ADAM (AD LDS) on workgroup servers Windows Installer Command Line Options

Installation workflow

Quest recommends installing the Change Auditor components in the following order:

 

Install the first coordinator

The coordinator fulfills client and agent requests and generates alerts. You can install multiple coordinators in a single forest to provide fault tolerance of the Change Auditor service tier. See Install the client.

NOTE:  

The coordinator installation creates the following components:

NOTE: See the Change Auditor User Guide for more information about the Change Auditor coordinator system tray icon.
Where <InstallationName> is a unique name selected during the coordinator installation to isolate your components from any other Change Auditor installation in your Active Directory forest.
NOTE: See the Change Auditor Web Client User Guide for more information about the ChangeAuditor Web Shared Overview Users security group.

User account installing the coordinator:

The user account that is installing the coordinator must have permission to perform the following tasks on the target server:

The user account must also be a member of the Domain Admins group in the domain where the coordinator is being installed.

Service account running the coordinator service (LocalSystem by default):

By default, the Coordinator service runs as LocalSystem. To run the Change Auditor service as a Domain User or service account other than Local System, the Change Auditor SPN (Service Connection Point) must be removed from the Coordinator computer (local system) account and added to the Domain Account used to run the Coordinator service.

To do so, open a command prompt on a Domain Controller and perform the following:

SQL Server database access account specified during installation:

Create an account that the coordinator service can use on an ongoing basis for access to the SQL Server database. This account must have a SQL Login and be assigned the following SQL permissions:

Must be assigned the db_owner role on the Change Auditor database
NOTE:  
1
Verify that the user account used to run the coordinator installation is at least a Domain Admin in the domain to which the coordinator server belongs.
5
Click Install for the Install Change Auditor Coordinator option to open the Change Auditor Coordinator Setup wizard.

Licenses

Click Open License Dialog to locate and apply a license.

After licensing the product, the setup wizard prompts you to enter a unique installation name to identify the database to which the coordinator will connect.

NOTE: If you plan on installing multiple coordinators, see Install the client for more details regarding the ChangeAuditor installation name.

ChangeAuditor Installation Name

Enter a unique Change Auditor installation name that identifies the current installation within your Active Directory environment. An installation name is required; has a limit of 22 characters; can only contain alphanumeric characters and underscores; and is converted to all caps.

SQL Server and Instance

Enter the server name or IP address (member server running the SQL instance) and the SQL instance name for the Change Auditor coordinator database such as, <FQDN of the SQL server>\<instance name> or browse your Active Directory network to locate the required instance.

Azure SQL Managed Instance:

Name of database catalog

Enter the name to assign to the Change Auditor database.

Authentication/ Credentials

Use the authentication section to specify whether to use Windows authentication or SQL authentication when communicating with the SQL database instance. (The authentication method is set up when SQL is installed.)

NOTE: If Windows Authentication is used to access the designated SQL instance, a verification screen is displayed. Verify that the server name, SQL instance name, and credentials are correct before proceeding. Incorrect entries cause the Change Auditor coordinator service to fail on startup.

Encrypt connection

Select to use SSL encryption for all data sent between the coordinator and the SQL server. To use this option, the SQL server must have a certificate installed and the format of the SQL server name specified must be an exact match to the name format used in the certificate (for example FQDN or NetBios).

Add the current user to the “ChangeAuditor Administrators - <InstallationName>” security group

This check box is selected by default and adds the current user to the ChangeAuditor Administrators — <InstallationName> group.

Any user that is running a Change Auditor client must be added to either this security group or the ChangeAuditor Operators security group.

In addition, users responsible for deploying Change Auditor agents must be a member of the ChangeAuditor Administrators group in the specified ChangeAuditor installation.

See Add Users to Change Auditor Security Groups for more information about these security groups and how to add more user accounts.

By default Change Auditor dynamically assigns communication ports to use to communicate with each installed coordinator. However, using the port settings on this screen you can specify static SCP listening ports to use instead.

Client Port

Enter the static port number for the Change Auditor client to communicate with the coordinator.

Public SDK Port

Enter the static port number for external applications to access the coordinator.

Agent Port (Legacy)

Enter the static port number for legacy (5.x) Change Auditor agents to communicate with the coordinator.

Agent Port

Enter the static port number for Change Auditor agents to communicate with the coordinator.

7
After you have entered all the requested information, click Install to start the installation process.

Install the client

The client connects directly to the coordinator or to an archive database and is the user interface that provides immediate access to key configuration change information.

2
Select Install Change Auditor Client to open the Client Setup wizard.
NOTE: If Microsoft .NET 4.6.1 is not installed on the computer, an extra screen is displayed explaining that this application was not found and the install cannot continue. Click Close to stop the client install. Download and install the required .NET version. After .NET is successfully installed, restart the client installation.
6
Click Install.

Install multiple coordinators

When installing multiple coordinators in your Active Directory forest, the Change Auditor installation name entered during the coordinator installation determines if they connect to the same SQL database or to different database installation. That is,

A unique installation name allows you to isolate your installation of Change Auditor from any other installations of Change Auditor in your Active Directory forest. When all Change Auditor installations are upgraded in the forest, the installation name:

1
Run the autorun program (autorun.exe) on the individual member servers that are to host a coordinator.
2
On the Install page of the autorun, select the Install Change Auditor Coordinator option. Enter the information requested in the Coordinator Setup wizard.

Licenses

Use the same license files used for the first coordinator.

Change Auditor Installation Name

Enter a unique installation name to use a different database. Enter an existing installation name or browse to connect to an existing Change Auditor installation.

By default Change Auditor dynamically assigns communication ports used to communicate with each installed coordinator. However, using the port settings on this screen you can specify static SCP listening ports to use.

Client Port

Enter the static port number for the client to communicate with the coordinator.

Public SDK Port

Enter the static port number for external applications to access the coordinator.

Agent Port (Legacy)

Enter the static port number to for legacy (5.x) agents to communicate with the coordinator.

Agent Port

Enter the static port number for Change Auditor agents to communicate with the coordinator.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen