Chatee ahora con Soporte
Chat con el soporte

Change Auditor 7.3 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Introduction

Account exclusion allows you to define a list of trusted accounts to exclude from auditing. This enables you to exclude events generated by accounts that make a large number of changes or by accounts which are trusted.

To use account exclusion, you must first define the user/computer accounts that can make changes without triggering an event in Change Auditor:

Excluded Accounts Auditing page

The Excluded Accounts Auditing page is displayed when Excluded Accounts is selected from the Auditing task in the navigation pane of the Administration Tasks tab. From this page you can launch the Excluded Accounts wizard to create a new template. You can also edit existing templates, disable/enable templates, and remove templates that are no longer being used.

The Excluded Accounts Auditing page contains an expandable view of all the Excluded Accounts templates that have been defined. To add a new template to this list, use the Add tool bar button. Once added, the following information is provided for each Excluded Accounts template:

Indicates whether the template is enabled or disabled. To enable/disable the template, place your cursor in this Status cell, click the arrow control and select the appropriate option from the drop-down menu.

Click the expansion box to the left of the Template Name to expand this view and display the following details about the template:

Excluded Accounts templates

To exclude accounts from auditing, you must first create an Excluded Accounts template which specifies the user or computer accounts that are to be excluded. You can then add this template to an agent configuration, which then needs to be assigned to the appropriate agents.

2
Select Excluded Accounts (under the Configuration heading in the Auditing task list) to open the Excluded Accounts Auditing page.
3
Click Add to start the Excluded Accounts wizard which will step you through the process of creating an Excluded Accounts template.
Template Name - Enter a name for the template.
Use the Browse or Search pages to locate and select the account to be excluded. Click Add to add the selected account to the list box at the bottom of the page.
Click Add to add the string to the Account list.
7
After specifying the accounts to be excluded, click Finish to create the template without assigning it to an agent configuration.
Clicking Finish creates the template, closes the wizard and returns to the Excluded Accounts Auditing page, where the newly created template will now be listed.
8
To create the template and assign it to an agent configuration, expand the Finish button and click Finish and Assign to Agent Configuration.
9
On the Agent Configuration page, select the agents assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents are using the latest configuration.
3
Click Finish or expand the Finish button and click Finish and Assign to Agent Configuration.

Disabling allows you to temporarily stop excluding the specified accounts without having to remove the auditing template.

Place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled.
The entry in the Status column for the template will change to ‘Disabled’.
2
To re-enable the auditing template, use the Enable option in either the Status cell or right-click menu.

Excluded Accounts wizard

The Excluded Accounts wizard is displayed when you click Add on the Excluded Accounts Auditing page. This wizard steps you through the process of creating a new Excluded Accounts template, identifying the user, computer or group accounts to be included in the template. You will also use this wizard to modify a previously defined Excluded Accounts template.

The following table provides a description of the fields and controls in the Excluded Accounts wizard:

On the first page of the wizard, enter a name for the template and optionally select the event classes/facilities to be excluded.

Template Name

Enter a descriptive name for the Excluded Accounts template being created.

Facility/Event Class data grid

The data grid located across the middle of the page displays all of the event classes available for auditing in Change Auditor.

By default, all event classes/facilities will be excluded for the selected accounts. To exclude individual event classes and/or facilities, use this grid to select the event classes and/or facilities to be excluded and use Add to add them to the Exclusion list box at the bottom of the page.

Exclusion list

The list box located at the bottom of this page displays the individual event classes or facilities selected for exclusion. Use the buttons above this list box to add or remove entries from this list.

Add | Add This Event - Click this option to add the selected events to the list box. This option is selected by default when more than one event is selected in the data grid.
Add | Add All Events in Facility - Click this option to add all of the events in the selected facility to the list box. This option is only available when a single event is selected in the data grid.
Remove - Select an entry in the list box and click the Remove button to remove it from the template.

Use this page to select the individual accounts to be excluded from auditing.

Browse page

Displays a hierarchical view of the directory objects in your environment allowing you to locate and select the accounts to excluded from auditing.

If required, use the Forest drop-down box to select in which forest the objects reside. Foreign agent forests may require foreign forests credentials which can be entered on the Credentials Required dialog.

Once you have selected an account, click Add to add it to the list box at the bottom of the page.

Search page

Use the controls at the top of the Search page to search your environment to locate the desired account.

Once you have selected an account, click Add to add it to the list box at the bottom of the page.

Options page

Use the Options page to modify the search options used to retrieve directory objects.

Account list

The list box located across the bottom of this page, displays the accounts selected for exclusion. Use the buttons located above this list box to add and remove objects.

Add - Select an account in the Browse or Search page and click Add to add it to the list.
Remove - Select an entry from the list and then click Remove to remove it.

Use this page to optionally add additional user accounts (Domain(NetBIOS)\NT 4 account) that match a wildcard search expression to the excluded accounts list.

Search expression

In the text box, enter the string of characters and/or wildcard character to be used to search for additional user accounts that are to be excluded from auditing. Valid wildcards are:

Click Add to add the string to the Account list.

Account list

The list at the bottom of the page displays the wildcard search expressions to be used to search for additional user accounts that are to be excluded from auditing. Use the buttons to the left of the text box to add, remove and modify a search expression.

Add - Click Add to add the search expression in the text box to the Account list.
Remove - Select an entry in the Account list and click Remove to remove it from the list.
Modify - Select an entry in the Account list, make the necessary changes to the search expression (which is displayed in the text box) then click the Modify button to replace it in the Account list.
NOTE: If you click Add after modifying a search expression, an additional entry will be added instead of replacing the original search expression.

 

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación