Vous ne pouvez pas remplir de formulaires sur le site de support pour le moment, pour des raisons de maintenance. Si vous avez besoin d’aide immédiatement, veuillez contacter le support technique. Veuillez nous excuser pour la gêne occasionnée.
InTrust Predefined Objects for Windows-Based Computers
InTrust offers a set of predefined objects that will help you configure the gathering and monitoring event data from your Windows-based computers. The following is a list of these objects. For a list of Windows reports, see Report Pack for Windows.
Gathering Policies
Windows/AD: Security: All Events Defines all Windows/AD security events to be collected to a repository. The most critical security events, such as Failed Logons, Account Management, etc. are to be collected into database for analysis. The policy is intended to be used for gathering on a daily basis.
Windows/AD: Security: All Logons Defines the Logon events to be collected both to a repository and a database.
Windows/AD: Security: Failed Logons Defines the Failed Logon events to be collected to both a repository and a database.
Windows/AD: Security: Account Management Defines the Account Management events to be collected both to a repository and a database.
Windows/AD: Security: Policy Changes Defines the Policy Changes to be collected both to a repository and a database.
Windows/AD: Security: Objects Access Defines the Object Access events to be collected both to a repository and a database.
Windows/AD: Security: Misc Defines all Windows/AD miscellaneous security events to be collected to a repository. The most critical of miscellaneous security events such as Security Subsystem and Audit Subsystem Faults are to be collected into database for analysis.
Windows/AD: DHCP Collects all the DHCP events from both the Windows System Log and the DHCP Audit Log to a repository and a database.
Windows/AD: Security: Objects Access: Registry Access Defines the Registry Access events to be collected both to a repository and a database.
Windows/AD: Successful AD Administrator Logons Defines the AD Administrator events to DC to be collected both to a repository and a database.
Auditing Domain Controllers: Events from DCs Defines all events from domain controller logs to be collected to the repository and then imported to an audit database as part of the “Auditing Domain Controllers” best practice scenario. No filters are applied.
Auditing Domain Controllers: Events from DCs for the Last 24 Hours Defines all events from domain controller logs to be collected to the repository and then imported to an audit database as part of the “Auditing Domain Controllers” best-practice scenario. All events older than 24 hours are filtered out.
Auditing Exchange Servers: Events from Exchange Servers Defines all Exchange-related events to be collected to the repository and then imported to an audit database as part of the “Auditing Exchange Servers” best practice scenario. No filters are applied.
Auditing Exchange Servers: Exchange Events for the Last 24 Hours Defines all Exchange-related events to be collected to the repository and then imported to an audit database as part of the “Auditing Exchange Servers” best practice scenario. All events older than 24 hours are filtered out.
Auditing File Servers: Events from File Servers Defines all file server-related events to be collected to the repository and then imported to an audit database as part of the “Auditing File Servers” best practice scenario. No filters are applied.
Auditing File Servers: File Server Events for the Last 24 Hours Defines all file server-related events to be collected to the repository and then imported to an audit database as part of the “Auditing File Servers” best practice scenario. All events older than 24 hours are filtered out.
Auditing Workstations: Events from Workstations Defines all events from desktop logs to be collected to the repository and then imported to an audit database as part of the “Auditing Workstations” best practice scenario. No filters are applied.
Auditing Workstations: Events from Workstations for the Last 24 Hours Defines all events from desktop logs to be collected to the repository and then imported to an audit database as part of the “Auditing Workstations” best practice scenario. All events older than 24 hours are filtered out.
Import Policies
Windows/AD: Security: All Events Defines all Windows/AD security events to be imported to a database for analysis.
Windows/AD: Security: All Logons Defines the Logon events to be imported to a database.
Windows/AD: Security: Failed Logons Defines the Failed Logon events to be imported to a database.
Windows/AD: Security: Account Management Defines the Account Management events to be imported to a database.
Windows/AD: Security: Policy Changes Defines the Policy Changes to be imported to a database.
Windows/AD: Security: Objects Access Defines the Object Access events to be imported to a database.
Windows/AD: Security: Misc Defines the most critical of miscellaneous security events such as Security Subsystem and Audit Subsystem Faults to be imported to database for analysis.
Windows/AD: DHCP Imports the DHCP events from both the Windows System Log and the DHCP Audit Log to a database.
Windows/AD: Security: Objects Access: Registry Access Defines the Registry Access events to be imported to a database.
Windows/AD: Successful AD Administrator Logons Defines the AD Administrator events to DC to be imported to a database.
Auditing Domain Controllers: Weekly Reporting Defines events from the Windows Security, System and Application logs and the InTrust for AD log to be imported to an audit database. Events older than one week are excluded.
Auditing Domain Controllers: Daily Reporting Defines events from the Windows Security, System and Application logs and the InTrust for AD log to be imported to an audit database. Events older than one day are excluded.
Auditing Exchange Servers: Weekly Reporting Defines events from the Windows Security, System, Directory Service and Application logs, Exchange tracking log and CA for Exchange log to be imported to an audit database. Events older than one week are excluded.
Auditing Exchange Servers: Daily Reporting Defines events from the Windows Security, System, Directory Service and Application logs, Exchange tracking log and CA for Exchange log to be imported to an audit database. Events older than one day are excluded.
Auditing File Servers: Weekly Reporting Defines events from the Windows Security, System, Directory Service and Application logs and CA for file servers log to be imported to an audit database. Events older than one week are excluded.
Auditing File Servers: Daily Reporting Defines events from the Windows Security, System, Directory Service and Application logs and CA for file servers log to be imported to an audit database. Events older than one day are excluded.
Auditing Workstations: Weekly Reporting Defines events from the Windows Security, System and Application logs to be imported to an audit database. Events older than one week are excluded.
Auditing Workstations: Daily Reporting Defines events from the Windows Security, System and Application logs to be imported to an audit database. Events older than one day are excluded.
Jobs
All Windows and AD Security Events collection Collects all the Windows/AD security events to the default repository. The most critical security events such as failed logons are also collected to the default database for analysis
DHCP Events collection Collection of the DHCP events to the default repository and the default database.
Daily Windows and AD Security Events Reporting Controls daily reporting of the most critical Windows/AD security events
Notify Security Operators Notifies the Security Operators notification group of task completion.
InTrust Log Collection Collection of the InTrust log from all InTrust servers in the organization.
Audit Database Cleanup Clears all default InTrust audit database contents older than one week.
Event Collection Gathers all domain controller-related, all Exchange-related events, or all desktop-related events to the default repository.
Reports on DCs Builds reports as part of the “Auditing Domain Controllers” best-practice scenario.
Windows Event Log Reports Builds Windows log-based reports as part of the “Auditing Domain Controllers” best-practice scenario.
ChangeAuditor for AD Reports Builds ChangeAuditor for AD reports as part of the “Auditing Domain Controllers” best-practice scenario.
Event Import Imports all domain controller-related events, all Exchange-related events or all desktop-related events from the default repository to the default audit database.
Reports on Exchange Servers Builds reports as part of the “Auditing Exchange Servers” best-practice scenario.
CA for Exchange Servers Reports Builds CA for Exchange log reports as part of the “Auditing Exchange Servers” best-practice scenario.
Reports on Workstations Builds reports based on the most common events as part of the “Auditing Workstations” best-practice scenario.
Comprehensive Reports on Workstations Builds diverse reports as part of the “Auditing Workstations” best-practice scenario.
Tasks
Windows and AD Security Daily collection and reporting Daily collection of all the Windows/AD security events to the default repository. The most critical security events such as failed logons are collected also to the default database for analysis.
Weekly InTrust Log Collection Collection of the InTrust log from all InTrust servers in the organization.
Auditing Domain Controllers: Daily Gathering Gathers all domain controller-related events to the default repository three times a day: about 6 AM, noon and 6 PM. This task is used in the “Auditing Domain Controllers” best-practice scenario when it is set to use a schedule.
Daily Audit Database Cleanup Clears all default InTrust audit database contents older than one week. This task runs daily and is shared by all best-practice scenarios: “Auditing Domain Controllers”, “Auditing Exchange Servers”, “Auditing File Servers” and “Auditing Workstations”.
Auditing Domain Controllers: Ad-Hoc Reporting for the Last 24 Hours Gathers domain controller-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing Domain Controllers” best-practice scenario.
Auditing Domain Controllers: Daily Reporting Gathers domain controller-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing Domain Controllers” best-practice scenario. This task runs daily.
Auditing Domain Controllers: Weekly Reporting Gathers domain controller-related events for the last week, imports them to the default audit database and creates reports as part of the “Auditing Domain Controllers” best-practice scenario. This task runs weekly.
Auditing Exchange Servers: Daily Gathering Gathers all Exchange-related events to the default repository three times a day: about 6 AM, noon and 6 PM. This task is used in the “Auditing Exchange Servers” best-practice scenario when it is set to use a schedule.
Auditing Exchange Servers: Ad-Hoc Reporting for the Last 24 Hours Gathers Exchange-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing Exchange Servers” best-practice scenario.
Auditing Exchange Servers: Daily Reporting Gathers Exchange-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing Exchange Servers” best-practice scenario. This task runs daily.
Auditing Exchange Servers: Weekly Reporting Gathers Exchange-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing Exchange Servers” best-practice scenario. This task runs weekly.
Auditing File Servers: Daily Gathering Gathers all file server-related events to the default repository three times a day: about 6 AM, noon and 6 PM. This task is used in the “Auditing File Servers” best-practice scenario when it is set to use a schedule.
Auditing File Servers: Ad-Hoc Reporting for the Last 24 Hours Gathers file server-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing File Servers” best-practice scenario.
Auditing File Servers: Daily Reporting Gathers file server-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing File Servers” best-practice scenario. This task runs daily.
Auditing File Servers: Weekly Reporting Gathers file server-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing File Servers” best-practice scenario. This task runs weekly.
Auditing Workstations: Daily Gathering Gathers all workstation-related events to the default repository three times a day: about 6 AM, noon and 6 PM. This task is used in the “Auditing Workstations” best-practice scenario when it is set to use a schedule.
Auditing Workstations: Ad-Hoc Reporting for the Last 24 Hours Gathers desktop-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing Workstations” best-practice scenario.
Auditing Workstations: Daily Reporting Gathers desktop-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing Workstations” best-practice scenario. This task runs daily.
Auditing Workstations: Weekly Reporting Gathers desktop-related events for the last 24 hours, imports them to the default audit database and creates reports as part of the “Auditing Workstations” best-practice scenario. This task runs weekly.
Sites
All MS Windows NT based computers in the domain All supported Microsoft Windows-based computers in the domain
All Windows servers in the domain
All Windows desktops in the domain
All DHCP servers in the domain
All InTrust servers
Auditing Domain Controllers: DCs
Auditing Exchange Servers: Exchange Servers
Auditing File Servers: File Servers
Auditing Workstations: Workstations
Real-Time Monitoring Policies
Windows/AD Security: full Specifies monitoring of all the security events on all the NT-based computers in the domain
Windows/AD Security: Detecting Common Attacks Specifies only common attacks to be monitored on all the NT-based computers in the domain
Windows/AD Security: Administrative Activity Monitoring Specifies administrative activity to be monitored on all the NT-based computers in the domain
InTrust: Tracking Log Monitoring Specifies monitoring of critical events from all the InTrust servers in the organization.
Vous trouverez le support en ligne correspondant à Quest *produit* sur les sites d’assistance affiliés. Cliquez sur Continuer pour être dirigé vers l’assistance et le contenu correspondant à *produit*.
Documents connexes
The document was helpful.
Sélectionner une évaluation
I easily found the information I needed.
Sélectionner une évaluation
Les versions 8, 9, et 10 d’Internet Explorer ne sont plus prises en charge.
Le portail Quest Software ne prend plus en charge Internet Explorer 8, 9 et 10. Il est recommandé de mettre à niveau votre navigateur vers la version la plus récente d’Internet Explorer ou de Chrome.
Mise à niveau vers Internet Explorer 11 Cliquez ici
Si vous continuez à utiliser Internet Explorer 8, 9 ou 10, vous ne serez pas en mesure d’exploiter pleinement les excellentes fonctionnalités en libre-service que nous proposons.
