Tchater maintenant avec le support

Obtenir une aide instantanée
Terminer l’enregistrement

Se connecter

Demander les tarifs

Contacter le service des ventes

Change Auditor 7.4 - Quick Start Guide

Parcourir le contenu

Change Auditor Overview

Overview Business challenges Business solutions What is Change Auditor? How does Change Auditor work? System requirements

Install Change Auditor

Before you begin an installation Installation overview

Step 1: Install a coordinator Step 2: Install the client Step 3: Add user accounts to Change Auditor security groups Step 4: Start the client Step 5: Deploy agents

Change Auditor Walkthrough

Check agent status Change Auditor client overview Client walkthrough

Make changes to Active Directory and run a query Set up email alert notifications and reporting Enable email alerts for 'all events' Enable and schedule email reporting for 'all events'

Change Auditor for Active Directory

Audit custom user attributes Audit users based on their group membership

Change Auditor for Windows File Servers

Getting started Create a File System Auditing template Make file system changes and run a query

Change Auditor for Exchange

Getting started Make changes in Exchange and run a query Enable Exchange mailbox auditing

Customizing Change Auditor

Create a custom search Group and filter data Create a Change Auditor events list Exclude accounts from auditing

Change Auditor Product Specific Features

Our brand, our vision. Together. Contacting Quest Technical support resources

Audit custom user attributes

Active Directory Attribute auditing allows you to specify individual schema attributes to audit.

To define custom attribute auditing:

1

Open the Administration Tasks tab.

2

Click Auditing.

3

Select Attributes under Active Directory in the Auditing task list to open the Active Directory Attribute Auditing page.

4

Select an object class from the list located across the top of this page. Selecting an entry in this list, will populate the list boxes across the bottom of the dialog with the applicable attributes.

For example, select the group object.

5

In the Unmonitored Attribute list box, located in the lower left pane of this page, select one or more attributes and use the Add button to select them for auditing.

For example, select the description attribute.

6

To change the severity level assigned to an attribute, in the right-hand list box, place your cursor in the Severity cell and use the drop-down arrow to select the severity you want to assign to the selected attribute.

7

To remove an attribute from auditing, select the attribute from the right pane and click Remove to move the selected attribute back into the Unmonitored Attribute list box.

8

Once you have selected at least one attribute for auditing, the associated Monitored Attributes column in the list box across the top of this page will display the number of custom attributes selected for auditing. This value will also be displayed in the Monitor Attributes column back on the Active Directory Auditing page.


	NOTE: The default attributes which are automatically being audited for each object are NOT included in the Monitored Attributes counts.

9

To test these events, make a change to the attribute selected for auditing.

For example, launch Active Directory Users and Computers and change the description of a user.

10

Go back to the client and re-run the All Events report.

•

Open the Searches tab.

•

Expand the Shared | Built-In | All Events folder in the left pane.

•

Locate and double-click All Events in the right pane.

•

This will display a new Search Results page displaying the events.

Audit users based on their group membership

The Member of Group auditing feature allows you to audit specific users based on their group membership.

To define a Member of Group Auditing list:

1

Open the Administration Tasks tab.

2

Click Auditing.

3

Select Active Directory under the Auditing task list to display the Active Directory Auditing page.

4

From this page, select the user object class and click the Delete tool bar button. (By default, Change Auditor monitors all users; therefore, to use this feature, you must first delete the user object class.)

5

From the left pane of the Administration Tasks tab, select Member of Group under Active Directory in the Auditing task list to display the Member of Group Auditing page.

6

Click Add to display the Member of Group Auditing wizard.

7

Use the Browse and Search pages to locate and select a group and click Add to add the selected group to the Selected Objects list at the bottom of the wizard.

Repeat this step until you have selected all of the groups you want to add to the Member of Groups Auditing list. Then click Select to save your selections, close the wizard and return to the Member of Group Auditing page, where your selections will now be listed.

8

To test the auditing of users based on their group membership, make one or more changes to a user object that is included in the previously defined Member of Groups Auditing list.

You can also make changes to a user object that is not in the list to verify that no events will be generated for that user.

9

Go back to the Change Auditor client and re-run the All Events report.

•

Open the Searches tab.

•

Expand the Shared | Built-In | All Events folder in the left pane.

•

Locate and double-click All Events in the right pane.

•

This will display a new Search Results page displaying the events.

10

Ensure that the changes you made to the user objects in the list are displayed and that the changes you made to the user objects not in the list are not displayed.

Change Auditor for Windows File Servers

Change Auditor for Windows File Servers allows you to search, report and alert on changes to a specific file or folder or all volumes. You can receive real-time alerts whenever someone tries to access a secure file or folder. The scenarios in this chapter show you how to set up file system auditing.

•

Getting started

•

Create a File System Auditing template

•

Make file system changes and run a query


	NOTE: File System auditing is only available if you have licensed the Change Auditor for Windows File Servers auditing module. You will not be prevented from specifying file system auditing; however, associated events will not be captured unless the proper license is applied.

See Change Auditor Product Specific Features for a list of features/functionality dependent on a specific product license. For more detailed information about file system auditing, see the Change Auditor for Windows File Servers User Guide.

Getting started

1

Verify that Change Auditor for Windows File Servers is licensed.

2

To view applied licenses, select Help | Licensing from the client.

To view and apply a license, right-click the coordinator icon in the system tray and select Licensing. If required, click Select License to locate and apply the license.

3

Create a new folder on the C: drive of an agented server and then add a new .txt file in this folder. This folder will be used in the following scenarios as an auditing target.

4

In order to capture File System events in Change Auditor, you must first complete the following steps to define the files/folders to be audited and the operations to be captured:

•

Create a File System Auditing template which specifies the files/folders and operations to be audited.

•

Add this template to an agent configuration.

•

Assign the agent configuration to Change Auditor Agents.

Refer to the procedures on the following pages to perform these tasks.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation

© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center