Change Auditor 7.1.1

The Administration Tasks tab allows you to perform various administration tasks based on the Change Auditor licenses that are applied. Use the View | Administration menu command to display the Administration Tasks tab, which consists of a navigation pane to the left and information pages to the right.


	NOTE: Authorization to use the administration tasks on the Administration Tasks tab is defined using the Application User Interface page. Members of the ChangeAuditor Administrators security group have full administrative privileges with access to all aspects of the client. Members of the ChangeAuditor Operators security group only have limited access to the client and therefore, do not have access the Administration Tasks tab. For more information about assigning users and groups authorization to this tab, see Change Auditor User Interface Authorization.

The Administration Tasks tab navigation pane is divided into different task lists: Configuration, Auditing, and Protection. Click a task button from the bottom of the navigation pane to display a task list. Then select a task from the displayed task list to display the appropriate information page, from which you can perform the corresponding administrative task.

Administration Task lists

The following table lists the navigation pane’s task lists and a description of the administrative tasks that you can perform. Many of the tasks listed require a specific license, which is indicated by the following codes in the last column of the table:

•

Any - does not require a specific license; available with any license

•

CAAD - Change Auditor for Active Directory

•

CAEX - Change Auditor for Exchange

•

CAFS - Change Auditor for Windows File Servers

•

CASQL - Change Auditor for SQL Server

•

CAAD-Q - Change Auditor for Active Directory Queries

•

CAEMC - Change Auditor for EMC

•

CANA - Change Auditor for NetApp

•

CAFFS- Change Auditor for Fluid File System

•

CASP - Change Auditor for SharePoint


	NOTE: You are not prevented from performing any of the administration tasks on the Administration Tasks tab; however, associated events are not be captured and associated protection does not occur unless the proper license is applied. To hide unlicensed Change Auditor features from the Administration Tasks tab (including unavailable audit events throughout the client), use Action \| Hide Unlicensed Components.

Table 1. Administration Task tab: Task descriptions
Task List/Task	Description	License
Configuration: The following tasks are available in the Configuration task list:
Agent	Define and assign agent configurations. For more information, see Agent Configurations.	Any
Coordinator	Enable email alert notifications/reports, configure mail server to be used for SMTP alerting/reporting, configure the ability to send reports to a shared folder, define group membership expansion, modify agent heartbeat check interval, and select which coordinators will process scheduled reports, purge, and archive jobs. For more information, see Coordinator Configuration.	Any
Purge and Archive Jobs	Define and schedule purge jobs for deleting events from the production database. Define and schedule archive jobs to create a yearly archive database for older events that are no longer required to be represented in your reports. For more information, see Purging and Archiving your Change Auditor Database.	Any
Private Alerts and Reports	View and manage all private search queries where alerting and/or reporting has been enabled. For more information, see Disable Private Alerts and Reports.	Any
SQL Reporting Services	Define SQL Reporting Services (SRS) templates that define all the necessary Report Server information (URL and credentials) and Change Auditor data source information for publishing reports. These templates can then be made available to users who choose to publish Change Auditor reports to SRS. For more information, see SQL Reporting Services Configuration.	Any
Report Layouts	Define report layout templates which contain the header/footer information to be used in reports. For more information, see Generate and Schedule Reports.	Any
Application User Interface	Define who is authorized to use the various Change Auditor client features. In addition, you can define who is authorized to view the Active Directory and Group Policy protection tasks in Change Auditor. For more information, see Change Auditor User Interface Authorization.	Any
Client Authentication	Specify the authentication method that all clients will use to access Change Auditor. There are two methods available - Windows Forms or Active Directory Client Certificate authentication. For more information, see Client Authentication.	Any
Event Subscriptions	Configure and manage a Splunk integration. You can add, edit, delete, and view event subscriptions. For more information see the Change Auditor SIEM Integration Guide.	Any
Auditing: The Auditing task list is divided into separate lists that identify configuration tasks, forest-level tasks that are globally applied, tasks that define auditing for different applications, server-level tasks that must be assigned to an agent configuration, and tasks that define NAS device auditing.
Configuration: Use the tasks under this heading to configure the audit events to be captured by Change Auditor and to define accounts that are to be included and excluded from auditing.
Audit Events	Enable/disable event auditing and modify an event’s severity level or description. For more information, see Enable/Disable Event Auditing.	Any
Excluded Accounts	Create Excluded Accounts templates to define individual accounts that are to be excluded from Change Auditor auditing. For more information, see Account Exclusion.	Any
Forest: Use the tasks under this heading to define custom auditing definitions for your Active Directory forest.
Active Directory	Define custom Active Directory object class auditing. For more information, see the Quest Change Auditor For Active Directory User Guide.	CAAD
Attributes	Define custom Active Directory attribute auditing. For more information, see the Quest Change Auditor for Active Directory User Guide.	CAAD
Member of Group	Define a Member of Group auditing list to specify the users to be audited based on their group membership. For more information, see the Quest Change Auditor for Active Directory User Guide.	CAAD
AD Query	Define the Active Directory containers that are to be included and excluded from AD query auditing. For more information, see the Quest Change Auditor for Active Directory Queries User Guide.	CAAD-Q
Active Directory Federation Services	Define Active Directory Federation Services auditing. For more information, see the Quest Change Auditor For Active Directory User Guide.	CALA
Active Directory Database	Define the Active Directory database auditing. For more information, see the Quest Change Auditor For Active Directory User Guide.	CAAD
ADAM (AD LDS)	Define custom ADAM (AD LDS) object auditing. For more information, see the Quest Change Auditor for Active Directory User Guide.	CAAD
Attributes	Define custom ADAM (AD LDS) attribute auditing. For more information, see the Quest Change Auditor for Active Directory User Guide.	CAAD
Applications: Use the tasks under this heading to define auditing for different types of applications within your environment.
Exchange Mailbox	Define an Exchange Mailbox auditing list to specify which directory object’s mailbox activities are to be audited by Change Auditor for Exchange. For more information, see the Quest Change Auditor for Exchange User Guide.	CAEX
Office 365	Specify the Office 365 service and Exchange Online mailboxes that are to be audited by Change Auditor for Exchange and Change Auditor for SharePoint. For more information, see the Office 365 and Azure Active Directory Auditing User Guide.	CAEX CASP
SQL SQL Server SQL Data Level	Create SQL Auditing templates to define the SQL instances and operations that are to be audited. Create SQL Data Level Auditing templates to define the operations that are to be audited. For more information, see the Quest Change Auditor for SQL Server User Guide.	CASQL
VMware	Create VMware Auditing templates to define the VMware hosts to be audited and the Change Auditor agent to be used to audit these hosts. For more information, see VMware Auditing.	Any
SharePoint	Create SharePoint Auditing templates to define the SharePoint farm to be audited and the Change Auditor agent to be used to audit this farm. For more information, see the Quest Change Auditor for SharePoint User Guide.	CASP
Server: Use the tasks under this heading to create auditing templates that can then be assigned to agent configurations to enable custom server-level auditing.
File System	Create File System Auditing templates to define the files/folders that are to be audited. For more information, see the Quest Change Auditor for Windows File Servers User Guide.	CAFS
Registry	Create Registry Auditing templates to define the registry keys and events that are to be audited. For more information, see Registry Auditing.	Any
Services	Create Service Auditing templates to specify the system services that are to be audited. For more information, see Service Auditing.	Any
NAS: Use the tasks under this heading to create auditing templates for NAS devices. For more information, see the Quest Change Auditor for NetApp User Guide, Quest Change Auditor for EMC User Guide, Quest Change Auditor for Fluid File System User Guide.
EMC	Create a separate EMC Auditing template for each CIFS file access protocol to be audited by Change Auditor, defining the EMC file server (CIFS), auditing scope and Change Auditor agents that are to receive the EMC audit events.	CAEMC
NetApp	Create a separate NetApp Auditing template for each NetApp filer to be audited by Change Auditor, defining the location of the NetApp filer, the auditing scope, and the Change Auditor agents that are to receive the NetApp filer audit events.	CANA
FluidFS	Create a separate FluidFS Auditing template for each file server to be audited by Change Auditor, defining the cluster, the auditing scope, and the Change Auditor agents that are to receive the audit events.	CAFFS
Protection: The Protection task list is divided into separate task lists as well: one for forest-level tasks that are globally applied, one for tasks that define protection for applications, and another for server-level tasks that must be assigned to an agent configuration. To use Active Directory Protection templates, you must be logged in to Change Auditor with an account with Enterprise Admin privileges.
Forest: Use the tasks under this heading to define global protection definitions for your Active Directory forest. For more information, see the Quest Change Auditor for Active Directory User Guide.
Active Directory	Create Active Directory Protection templates to define critical Active Directory objects that are to be protected against unauthorized modifications. NOTE: If you have Quest GPOADmin integrated with your Change Auditor deployment, the GPOADmin service account is exempt from protection. NOTE: A protected GPO can only be changed by override accounts that are excluded from protection.	CAAD
ADAM (AD LDS)	Create ADAM (AD LDS) Protection templates to define critical ADAM objects that are to be protected against unauthorized modifications.	CAAD
Group Policy	Create Group Policy Protection templates to define critical Group Policy objects that are to be protected against unauthorized modifications.	CAAD
Active Directory Database	Create Active Directory Database Protection templates to prevent copying and other tampering attempts on the Active Directory database (NTDS.dit) file. Extraction of this file could lead to parsing of usernames and passwords resulting in a security breach.	CAAD
Applications: Use the task under this heading to define global protection for your Exchange Mailbox application. For more information, see the Quest Change Auditor for Exchange User Guide.
Exchange Mailbox	Create Exchange Mailbox Protection templates to define critical Exchange Mailboxes that are to be protected against unauthorized modifications.	CAEX
Server Use the task under this heading to create protection templates that can then be assigned to agent configurations to enable server-level protection. For more information, see the Quest Change Auditor for Windows File Servers User Guide.
File System	Create File System Protection templates to define critical files/folders that are to be protected against unauthorized modifications.	CAFS

Export/import Administration Task settings

Using the Export and Import commands on the Action menu, you can export/ import the settings defined on the various Administration Tasks tabs. Selecting one of these commands allows you to select the configuration, auditing and protection settings to be exported/imported.

To export Administration Task settings:

Open the Administration Tasks tab and click Action | Export.

Select the configuration, auditing and protection settings to be exported:

Table 2. Export dialog settings
Configuration NOTE: By default, all settings except for the Coordinator Configuration and Application User Interface settings are selected for export. When imported, these configuration settings overwrite any existing settings that may be present.
Agent	Select to export all agent configurations including the settings and auditing and protection template assignments. When selected, the auditing and protection templates that must be assigned to agent configurations are selected by default, and cannot be cleared.
Coordinator	Select to export the coordinator configuration settings. This option is not selected by default.
Application User Interface	Select to export Change Auditor client feature authorizations. This option is not selected by default.
Report Layouts	Select to export any Report Layout templates.
Purge Jobs	Select to export any scheduled purge jobs.
Auditing
Audit Events	Select to export the audit event settings, such as enabled/disabled events, event severity and descriptions.
Excluded Accounts	Select to export any Excluded Accounts templates. NOTE: When the Agent option is selected in the Configuration section of this dialog, this option is also selected and cannot be cleared. This is because this type of template must be assigned to an agent configuration in order to work properly.
Active Directory	Select to export any custom Active Directory auditing definitions.
Active Directory \| Attributes	Select to export any custom Active Directory attribute auditing definitions.
Active Directory \| Member Of Group	Select to export the contents of the Member of Group list.
Active Directory \| AD Query	Select to export the contents of the AD Query list.
ADAM (AD LDS)	Select to export any ADAM (AD LDS) auditing definitions.
ADAM (AD LDS) \| Attributes	Select to export any ADAM (AD LDS) attribute auditing definitions.
Office 365	Select to export the Office 365 Exchange Online mailbox auditing list.
Exchange Mailbox	Select to export the Exchange mailbox auditing list.
SQL	Select to export any SQL auditing templates. NOTE: When the Agent option is selected in the Configuration section of this dialog, this option is also selected and cannot be cleared. This is because this type of template must be assigned to an agent configuration in order to work properly.
VMware	Select to export any VMware auditing templates.
SharePoint	Select to export any SharePoint auditing templates.
File System	Select to export any File System auditing templates. NOTE: When the Agent option is selected in the Configuration section of this dialog, this option is also selected and cannot be cleared. This is because this type of template must be assigned to an agent configuration in order to work properly.
Registry	Select to export any Registry auditing templates. NOTE: When the Agent option is selected in the Configuration section of this dialog, this option is also selected and cannot be cleared. This is because this type of template must be assigned to an agent configuration in order to work properly.
Services	Select to export any Service auditing templates. NOTE: When the Agent option is selected in the Configuration section of this dialog, this option is also selected and cannot be cleared. This is because this type of template must be assigned to an agent configuration in order to work properly.
EMC	Select to export any EMC auditing templates.
NetApp	Select to export any NetApp auditing templates.
FluidFS	Select to export any FluidFS auditing templates. NOTE: Encryption settings are not maintained when a template is exported. You will need to re-configure this setting on any previously deleted templates after it has been imported.
Protection
Active Directory	Select to export any Active Directory protection templates.
ADAM (AD LDS)	Select to export any ADAM (AD LDS) protection templates.
Group Policy	Select to export any Group Policy protection templates.
Exchange Mailbox	Select to export any Exchange Mailbox protection templates.
File System	Select to export any File System protection templates. NOTE: When the Agent option is selected in the Configuration section of this dialog, this option is also selected and cannot be cleared. This is because this type of template must be assigned to an agent configuration in order to work properly.

Click OK to export the selected settings into an XML file.

On the Save Configuration dialog, select the location where the XML file is to be saved. By default, the name of the file is Change Auditor Configuration; however, you can change this in the File name field. Click Save.


	NOTE: A similar dialog appears when you use the Action \| Import menu command. From this dialog, you can then select the configuration, auditing and protection settings to be imported.