Default Set of Components
Individual Components
InTrust Deployment Manager
InTrust Manager
InTrust Server
InTrust Monitoring Console
InTrust Repository Viewer
InTrust Repository
Repository Indexing Tool
Supported Platforms
Microsoft Windows Events
Microsoft IIS Events
Microsoft Forefront Threat Management Gateway and ISA Server Events
Microsoft DHCP Server Events
Solaris Events
Red Hat Enterprise Linux Events
Oracle Linux Events
SUSE Linux Events
Debian GNU/Linux Events
Ubuntu Linux Events
VMware vCenter Events
VMware ESX and ESXi Events
Minimal Rights and Permissions Required for InTrust Operations
Repository Indexing Tool
Repository indexing implicitly uses the IndexingTool.exe utility. This utility can also be used directly from the command line. The following requirements apply to all computers where IndexingTool.exe is launched, whether explicitly or automatically.
| Architecture |
|
| Operating System | Any of the following:
|
|
Additional Software and Services |
Microsoft Visual C++ Redistributable, provided in the Redist folder of your InTrust distribution |
| Other Requirements | InTrust agents that perform indexing must be deployed in the same domain as the index-managing InTrust server. |
Supported Platforms
- Microsoft Windows Events
- Microsoft IIS Events
- Microsoft Forefront Threat Management Gateway and ISA Server Events
- Microsoft DHCP Server Events
- Exchange Server
- Solaris Events
- Red Hat Enterprise Linux Events
- Oracle Linux Events
- SUSE Linux Events
- Debian GNU/Linux Events
- Ubuntu Linux Events
- VMware vCenter Events
- VMware ESX and ESXi Events
Microsoft Windows Events
InTrust provides auditing and real-time monitoring facilities for the following logs in Windows event log format:
- Windows Security Log
- Windows System Log
- Windows Application Log
- Categorized event logs in the the Application and Services Logs container
- Windows Directory Service Log
- Windows DNS Server Log
- Windows File Replication Service Log
- Active Roles Server Log (EDM Server Event Log)
- InTrust for MIIS Log
- InTrust Server Log
- Custom data source of "Windows Event Log" type
Server side:
- InTrust Server
Processed computer:
|
Architecture |
| ||
|
Operating System |
Any of the following:
| ||
|
Additional Software and Services |
|
Rights and permissions for gathering without agents:
- Access this computer from the network right.
- Deny access to this computer from network right must be disabled.
- Manage auditing and security log right to gather events from the Security log; members of the local Administrators group have this right by default.
- Starting with Windows Server 2008, the Network access: Remotely accessible registry paths and sub-paths policy must be enabled, and the following registry paths must be added to it:
- Software\Microsoft\Windows NT\CurrentVersion
- System\CurrentControlSet\Services\EventLog
- System\CurrentControlSet\Control\TimeZoneInformation
- Starting with Windows Server 2008, to make the Security log accessible for gathering using a specific account, this account must have the Read permission on the HKLM\CurrentControlSet\Services\EventLog\Security registry key.
- Starting with Windows Vista, if the Windows firewall is enabled, the "Remote Event Log Management" exception should be added to its configuration. Otherwise, the Category field is not resolved in the gathered events.
- To clear logs after gathering: membership in the local Administrators group and an open Admin$ share.
- To permit agentless gathering of logs in the Application and Services Logs container, enable Remote Event Log Management in the list of allowed programs and features in Windows Firewall configuration.
Rights and permissions for gathering with agents and real-time monitoring:
The following rights and permissions must be assigned to the InTrust agent account if the agent is not running under the LocalSystem account:
- Manage auditing and security log right is required to gather events from the Security event log.
|
|
Note: For more information about job and task accounts, ee the Understanding Jobs and Tasks topic and Minimal Rights and Permissions Required for InTrust Operations. |
Microsoft IIS Events
Server side:
- InTrust Server
- The IIS 6 Metabase Compatibility role service (Management Tools | IIS 6 Management Compatibility | IIS 6 Metabase Compatibility in the IIS role service tree) must be installed
Processed computer:
| Architecture |
|
| Microsoft Internet Information Services |
|
| Additional Software and Services |
|
|
|
Notes:
|
Rights and permissions for data gathering without agents:
- Access this computer from the network right
- Deny access to this computer from network right must be disabled
- Membership in the local Administrators group
- Membership in the local Site Operators group
- Read permission to the
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation registry key - Read permission to the
HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language registry key - Read and List Folder Contents permissions on log file folders; the Delete permission must also be granted if the Clear log after gathering option is turned on for the data source
Rights and permissions for data gathering with agents:
The following rights and permissions must be assigned to the InTrust agent account if the agent is not running under the LocalSystem account:
- Membership in the local Site Operators group
- Read permission to the
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation registry key - Read and List Folder Contents permissions to log file folders; the Delete permission must also be granted if the Clear log after gathering option is turned on for the data source
Rights and permissions for real-time monitoring:
The InTrust agent account must have the following privilege if the agent is not running under the LocalSystem account:
- Membership in the Site Operators group
|
|
Note: For more information about job and task accounts, see the Understanding Jobs and Tasks topic and Minimal Rights and Permissions Required for InTrust Operations. |