Chatta subito con l'assistenza
Chat con il supporto

Change Auditor 7.1.1 - Installation Guide

Installation Overview Install Change Auditor Add Users to Change Auditor Security Groups Connecting to the Clients Deploy Change Auditor Agents Upgrade Change Auditor Installation Notes and Best Practices Multi-Forest Deployments Foreign Forest Agent Deployment Workstation Agent Deployment Agent Comparison Install an agent to audit ADAM (AD LDS) on workgroup servers Active Roles Integration Quest GPOADmin Integration Windows Installer Command Line Options

Post upgrade considerations

Querying the Change Auditor database directly is not supported

Querying the database directly is not supported. Any 5.x scripts previously created to manipulate the 5.x (or earlier) events do not work with Change Auditor 7.0 and later.

Data gateway service

The Data Gateway Service is no longer used in Change Auditor for capturing user logon activity events. If you had an earlier version of this service running, you can remove it.

Active Roles integration

If the Active Roles scripting module has been deployed in a previous Change Auditor version, refer to the following knowledge base article which details the process to move to the updated version of these scripting modules that are available in Change Auditor 6.x: https://support.quest.com/change-auditor/kb?k=119136

Exchange Online auditing templates

When you upgrade the client and coordinator from Change Auditor version 6.8 or earlier:
Previously created Exchange Online auditing templates are deleted from the database and no longer display in the client.
Agents previously assigned to audit Exchange Online stop auditing the tenant.
* 
NOTE: You can still search and report on previously captured events. All legacy events are shown in the Office 365 subsystem, or Office 365 Exchange Online Mailbox and Office 365 Exchange Online Administration facilities.
To capture new events and avoid losing any audited activities after an upgrade:
1
Upgrade an existing agent to version 7.1.
2
Create an Office 365 auditing template.
Azure Active Directory and Office 365 auditing templates

As of Change Auditor version 7.0.4, additional Microsoft Graph API permissions are required to audit Azure Active Directory and Office 365. If you are updating from version 7.0.3 or older see Updating Azure Active Directory templates in the Office 365 and Azure Active Directory User Guide.

Installation Notes and Best Practices

This section contains notes and best practices that should be considered when installing Change Auditor. These notes and best practices are listed under the following topics:
Licensing Change Auditor products
Permissions
Other installation notes
Change Auditor for Windows File Servers
Change Auditor for Exchange
Change Auditor for Authentication Services
Change Auditor for SharePoint
Backup notes
Agent behavior notes
Client notes
ADAM (AD LDS) auditing
Change Auditor for SQL Server — SQL auditing

Licensing Change Auditor products

Upgrading Change Auditor

You can upgrade to Change Auditor 7.1 from the following versions of Change Auditor: 6.0, 6.5, 6.6, 6.7, 6.8, 6.9. and 7.0.

NOTE: As of Change Auditor 7.0 a new license is required for all modules.
* 
NOTE: The Change Auditor for Lync license has been deprecated. You must obtain and import a new Change Auditor for Skype for Business license file to continue auditing Skype for Business and Lync 2013.
Applying licenses for multiple Change Auditor products

The following Change Auditor products all require separate licenses which can be applied during the coordinator installation process:
Change Auditor for Active Directory
Change Auditor for Exchange
Change Auditor for Windows File Servers
Change Auditor for SQL Server
Change Auditor for Active Directory Queries
Change Auditor for EMC
Change Auditor for NetApp
Change Auditor for SharePoint
Change Auditor for Logon Activity User (captures login activity on monitored server agents)
Change Auditor for Logon Activity Workstation (captures login activity on monitored workstation agents)
Change Auditor for Skype for Business

If you are licensing multiple Change Auditor products, you can apply the licenses in any order but must apply all the licenses provided.

Applying licenses after initial installation

If you purchased more Change Auditor products after the initial installation, you can apply new licenses from the coordinator icon in the system tray.

1
Right-click the coordinator icon in the system tray and select Licensing.
2
From the Licenses tab, click Select License.
3
Locate and apply the new product licenses.
The new licenses are applied once the configuration is updated.

Permissions

Coordinator required permissions

User account performing the coordinator installation:

The user account installing the coordinator needs permission to perform the following tasks on the target server:
Windows permissions to create and modify registry values.
Windows administrative permissions to install software and stop/start services.

The user account performing the installation, must be a member of the Domain Admins group in the domain where the coordinator is being installed.

Service account running the coordinator service (LocalSystem by default):
Active Directory permissions to create and modify SCP (Service Connection Point) objects under the computer object running a coordinator.
Local Administrator permissions on the coordinator server.

By default, the Coordinator service runs as LocalSystem. To run the Change Auditor service as a Domain User or service account other than Local System, the Change Auditor SPN (Service Connection Point) must be removed from the Coordinator computer (local system) account and added to the Domain Account used to run the Coordinator service.

To do so, open a command prompt on a Domain Controller and perform the following:

1
Remove the SPN from the computer object by entering:
setspn -D NPRepository4(INSTALLATION_NAME)/SERVER.DOMAIN.TLD SERVERNAME
2
Add the SPN to the service account by entering:
setspn -A NPRepository4(INSTALLATION_NAME)/SERVER.DOMAIN.TLD USERNAME
INSTALLATION_NAME = Change Auditor Installation (Default name is DEFAULT)
SERVER.DOMAIN.TLD = FQDN of the coordinator server
SERVERNAME = Short name of the coordinator server
USERNAME = SAM account name of the service account
3
Update the Coordinator service to run under the user name context in question.
4
Restart the Coordinator service.

SQL Server database access account specified during installation:

An account must be created to be used by the coordinator service on an ongoing basis for access to the SQL Server database. This account must have a SQL Login and be assigned the following SQL permissions:
Must be assigned the db_owner role on the Change Auditor database
Must be assigned the SQL Server role of dbcreator
Required permissions for deploying agents

The Agent Deployment wizard runs under the security context of the currently logged on user account. Therefore, you must have administrative authority to install software on every target machine. This means you must be a Domain Admin in every domain that contains servers that you are targeting for installation.

If you are targeting domain controllers only, membership in the Enterprise Admins group will grant you authority to all domain controllers in the forest.

All users responsible for deploying agents must also be a member of the ChangeAuditor Administrators group in the specified Change Auditor installation. If you are not a member of this security group for this installation, you will get an access denied error.

Required permissions to deploy agents using the Windows Installer (MSIEXEC.exe)

The user account used to install the agent by running the Windows Installer directly on the domain controller or member server or workgroup server or workstation needs permissions to perform the following tasks on the server:
Windows permissions to create and modify registry values.
Windows administrative permissions to install software and start or stop services.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione