How to create an Active Directory auditing template
説明
Steps to create an Active Directory auditing template
対策
Open the Administration Tasks page.
Click Auditing.
Select Active Directory Database in the Auditing task list.
Click Add to open the Active Directory Auditing wizard.
Enter a name for the Active Directory Database auditing template.
(Optional) Select the processes to exclude from auditing (for example, changes made by the processes specified on this page will be excluded from auditing).
Select one or more processes from the process list and click Add to move these processes to the exclusion list. By default, all processes (except lsass.exe) will be audited.
NOTE: You can also view processes on a different server or enter a process not listed in the process list.
Click Finish or Finish and Assign to Agent Configuration to assign the template to an agent configuration.
On the Configuration Setup dialog, use one of the following methods to assign this template to an agent configuration:
Select the newly created template and drag and drop it onto a configuration in the Configuration list.
Select a configuration from the Configuration list and ‘drag and drop’ it onto the newly created template.
Select a configuration, then select the newly created template, right-click and select Assign.
Select a configuration, then select the newly created template, click in the corresponding Assigned cell and click Yes.
If this configuration is not assigned to any agents, you will need to assign it to agents installed on your Domain Controllers to apply the Active Directory database auditing.
NOTE:
Agents should be installed on all Domain Controllers to ensure auditing has complete coverage.
The auditing should be applied on all Domain Controllers to ensure complete coverage.
On the Agent Configuration page, select one or more agents from the agent list and click Assign.
On the Agent Assignment dialog, select the configuration definition to be assigned to the selected agents and click OK.
On the Agent Configuration page, select the agents assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents are using the latest configuration.
NOTE: If you do not refresh the agent’s configuration, the agent will automatically check for a new agent configuration based on the polling interval setting (located on the System Settings tab of the Configuration Setup dialog). The default is every 15 minutes.