Change Auditor 7.1.1 - Installation Guide

ChangeAuditor Web Shared Overview Users — <InstallationName> Group — provides access to the web client shared overviews, while restricting access to only what has been shared. See the Change Auditor Web Client User Guide for more information about sharing overviews.

The installation name assigned during the coordinator installation is appended to these security groups. For example, when using the default installation name, these groups are named:

•

ChangeAuditor Administrators — DEFAULT

•

ChangeAuditor Operators — DEFAULT

•

ChangeAuditor Web Shared Overview Users — DEFAULT

Two Domain Local Security Groups are created in the same domain as the coordinator. The Group Scope can be changed to Universal as long as the Group Names remain ChangeAuditor Administrators — <InstallationName> and ChangeAuditor Operators — <InstallationName>.


	NOTE: If the domain’s Functional Level is in Windows 2000 Mixed mode, then Local Security groups are created on each coordinator member server.

Membership in the ChangeAuditor Administrators and ChangeAuditor Operators groups enable the client to connect and authenticate to a coordinator; therefore, any user that is running a Change Auditor client must be added to one of these groups. In addition, all users responsible for deploying agents must also be a member of the ChangeAuditor Administrators group in the specified Change Auditor installation. If you are not a member of this security group for this installation, you get an access denied error.


	NOTE: If multiple coordinators are installed in a mixed mode environment, to connect to each coordinator, you must add your user account to one of these groups on each of the member servers where the coordinators reside.

All users running a client must also have the proper SQL credentials for accessing a Change Auditor archive database. One way of accomplishing this would be to add the ChangeAuditor Administrators and ChangeAuditor Operators groups into the appropriate SQL database roles which were also created during the coordinator installation: ChangeAuditor_Administrators and ChangeAuditor_Operators.

Add accounts to security groups

During the coordinator installation process, you could add the current user to the ChangeAuditor Administrators security group in the specified Change Auditor installation. If you selected not to add the current user during the installation process or want to add more user accounts, use the following procedure.

To add user accounts to security groups:

Use the Active Directory Users and Computers MMC snap-in to add the appropriate user accounts to one of the Change Auditor groups:

Open the Active Directory Users and Computers snap-in.

Connect to the domain where the coordinator was installed.

Right-click and select Properties on the group called ChangeAuditor Administrators — <InstallationName> or ChangeAuditor Operators — <InstallationName>.

Select the Members tab.

Click Add and browse to the appropriate user object.

Click OK to close the Active Directory Users and Computers snap-in.

To apply this change, log out and back in.

Adding the appropriate users to one of these groups allow the client to successfully connect to the coordinator.

To add user accounts to security groups (Domain in Windows 2000 mixed mode):

Use the Microsoft Computer Management tool to add the appropriate user accounts to one of the Change Auditor groups:

From the member server where the Change Auditor coordinator is installed, right-click My Computer and select Manage.

From the Computer Management dialog, expand Local Users and Groups and select Groups.

Right-click and select Properties on the group called ChangeAuditor Administrators — <InstallationName> or ChangeAuditor Operators — <InstallationName>.

Click Add and browse to the appropriate user object.

Click OK to close the Computer Management tool.

To apply this change, log out and back in.

Adding the appropriate users to one of these groups allow the client to successfully connect to the coordinator.

Add accounts to ChangeAuditor database role


	NOTE: This process only applies to archive databases and must be modified each year to apply to the new archive for that year

To add accounts to the ChangeAuditor database role:

Use the Microsoft SQL Management Studio to add the appropriate user or group accounts to one of the ChangeAuditor database roles:

Open the Microsoft SQL Server Management Studio and connect to the SQL database server.

Navigate to the <SQL Server(Instance)> | Security | Logins directory. Expand the Logins node.

Right-click the Logins node and select New Login.

On the Select User or Group dialog, click Object Types and make sure that the Groups check box is selected. Click Location to search either the Entire Directory or local SQL server (depending on where the group was created, which is determined by the domain functional level). Click Check Names to select the user or group account (for example, ChangeAuditor Administrators) to be added.

In the Select a Page pane (left pane), select User Mapping.

In the Users mapped to this login pane (top pane), select the Change Auditor database.

In the bottom pane, Database role membership for: ChangeAuditor, select the ChangeAuditor_Administrators role.

Click OK. Your SQL Login account for Change Auditor database access is now mapped to the appropriate role.

Repeat these steps to create a SQL Login for the ChangeAuditor Operators group and assign this login to the ChangeAuditor_Operators role for the Change Auditor database.