1 |
Open the Administration Tasks tab. |
2 |
Click Protection. |
3 |
Select Active Directory Database in the Protection task list. |
4 |
Click Add to open the Active Directory Database Protection wizard. |
7 |
Select one or more processes from the process list and click Add to move these processes to the exclusion list. By default, all processes (except lsass.exe) will be protected from accessing the Active Directory database. |
8 |
Click Finish or Finish and Assign to Agent Configuration to assign the template to an Agent Configuration immediately. |
• |
On the Agent Configuration page, select the agents assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents are using the latest configuration. |
1 |
On the Active Directory Database Protection page, select the required template and click Edit. This opens the Active Directory Database Protection wizard where you can modify the current settings. |
2 |
Click Finish to save your changes and return to the Active Directory Database Protection page. |
Disabling a template temporarily stops protection without having to remove the protection template.
2 |
To enable the protection template, select Enable in the Status cell. |
1 |
On the Active Directory Database Protection page, select the required template and click Delete | Delete Template. |
2 |
Click Yes to confirm. |
The Active Directory Database Protection wizard opens when you click Add or Edit on the Active Directory Database Protection page. Using this wizard you can define the Active Directory Database processes to protect from unauthorized modifications.
Select Active Directory Database processes to protect: On the first page of the wizard, enter a name for the template and select the Active Directory database processes that are exempt from protection. | |
(Optional) Select processes exempt from protection: Select processes to exclude from protection (for example, changes made by the processes specified on this page will be excluded from protection). | |
Select one or more processes from the process list and click Add to move these processes to the exclusion list. By default, all processes (except lsass.exe) will be audited. You can also view processes on a different server or enter a process not listed in the process list. | |
The list box across the bottom of the page displays the objects that are exempt from auditing. Click Remove to remove a process from the exemption list. |
Each entry for the objects listed in the Protection template has it's individual security settings.
1 |
On the Active Directory Protection page (or Group Policy Protection page), click the + icon next to the protection template. |
For simple Active Directory attribute changes (such as Add Attribute, Modify Attribute, Delete Attribute), the Event Details pane features an option to restore changed values. When applicable, Restore Value is displayed at the top of the Event Details pane, allowing you to restore a changed value without needing to leave the client or use additional tools.
2 |
At the top of the Event Details pane, click Restore Value. |
• |
A confirmation dialog is displayed explaining that you are about to restore the value of an attribute. Click Yes to perform the restore or No to cancel the restore operation. |
• |
A confirmation dialog is displayed explaining that the restore operation is not restoring the most recent value for an attribute. Click Yes to perform the restore or No to cancel the restore operation. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center