What are the best practices for Change Auditor? (4218697)

The following is a list of the best practices for an ideal Change Auditor deployment:

• Ensure that the minimum system requirements are met for the Change Auditor Coordinator.  See the appropriate Install and Release Notes Guides for the version in use for the specific requirements.
• Always double-check required user account permissions also run executables and the CA Windows client as Administrator (From an elevated cmd prompt or right-click > Run As... > Run As Administrator)
• The Change Auditor Database should be isolated on a dedicated SQL Server, and it should be on a separate box from the Change Auditor Coordinator.  See the appropriate Microsoft documentation for the specific SQL resource specifications needed.
• Having two or more Change Auditor Coordinators installed on separate boxes will allow for dynamic load balancing. The agents will be dynamically spread across all Coordinators. If one Coordinator becomes unavailable, the agents that were connected to that Coordinator will automatically connect to an available Coordinator.
• The Change Auditor Coordinator(s) should be installed as close to the SQL server as possible.  Avoid installing where the two would be connected over a WAN link or other high-latency connection.
• Make sure to have and periodically do a full SQL backup of the Change Auditor database as this holds all your important core configuration and live events for your installation.
• Schedule automated database cleanup and keep only 6 months to 1 year's worth of data in the production database. This allows you to keep critical and relevant data online and current while eliminating or archiving events that are no longer required.
  This not only prevents your database from growing in size, but it increases overall operational efficiency by speeding up searches and data retrieval from the database.
• For File system auditing, Please avoid auditing the root of the C drive as that will result in the Change Auditor Database growing exponentially in a small amount of time. If you do audit C drive try to be specific with the folders that need to be audited and add PROCESS exclusions on the File template to avoid useless events from coming in.