サポートと今すぐチャット
サポートとのチャット

Change Auditor 7.3 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Registry Auditing

Introduction

The ability to audit registry settings improves operational efficiency dramatically. For example, some applications, such as virus scanning software, modify registry keys when an update is installed. By capturing these change events proactively, administrators can determine whether or not specific machines received an update.

Furthermore, other applications may warrant the tracking of modifications to certain registry settings to ensure that they have not been tampered with. Change Auditor’s registry auditing feature allows you to audit changes to a specific key or to a folder and its sub folders.

To capture registry events, you must define the registry keys to be audited and the events to be captured:

Registry Auditing page

The Registry Auditing page is displayed when Registry is selected from the Auditing task list in the navigation pane of the Administration Tasks page. From this page you can launch the Registry Auditing wizard to specify a registry key to be audited. You can also edit existing templates, disable/enable templates and remove templates that are no longer being used.

The Registry Auditing page contains an expandable view of all the Registry Auditing templates that have been previously defined. To add a new template to the list, use the Add tool bar button. Once added, the following information is provided for the template:

Indicates whether the template is enabled or disabled. To enable/disable the template, place your cursor in this Status cell, click the arrow control and select the appropriate option from the drop-down menu.

Click the expansion box to the left of the Template name to expand this view and display additional details about an auditing template.

Registry Auditing templates

To enable custom registry auditing you must create a Registry Auditing template which specifies the registry keys and events to audit. You can then assign this template to an agent configuration, which then needs to be assigned to the appropriate agents.

2
Select Registry (under the Server heading in the Auditing task list) to open the Registry Auditing page.
3
Click Add to start the Registry Auditing wizard which will step you through the process of creating a Registry Auditing template.
Selecting the Browse | Local Registry option displays the Select registry key dialog allowing you to select a registry key from the local server.
Selecting the Browse | Remote Registry option displays the Select Active Directory Object dialog allowing you to select the server whose registry you would like to browse. Use the Browse or Search pages to locate and select the server. On the Select registry key dialog select the registry key to be audited.
7
In the Scope cell, use the drop-down menu to select the scope of coverage:
NOTE: Selecting the Key Events or Value Events check box at the top of the events list on the Events tab will select all of the events listed under the heading. Similarly, clearing the check boxes will clear all of the selected events.
9
If you selected the This object and child objects only option in the Scope cell, you can also specify a specific value for the selected key. To audit a specific value, open the Value tab and enter the value in the text box provided.
Selecting Browse | Local Registry displays the Select registry key dialog allowing you to select a sub key from the local server.
Selecting Browse | Remote Registry displays the Select Active Directory Object dialog allowing you to select the server whose registry you would like to browse. Use the browse or search pages to locate and select the server. From the Select registry key dialog, select the sub key to be excluded.
Once you have specified a sub key for exclusion, click Add to add it to the Exclusions list at the bottom of the page.
Clicking Finish creates the template, closes the wizard and returns to the Registry Auditing page, where the newly created template will now be listed.
12
To create the template and assign it to an agent configuration, expand Finish and click Finish and Assign to Agent Configuration.
NOTE: On the Auditing page, you can also use the Assign tool bar button to assign the selected template to an agent configuration. Clicking this button will display the Configuration Setup dialog allowing you to select the agent configuration to which this template is to be assigned.
13
3
Once you have made your modifications, click Finish or expand Finish and click Finish and Assign to Agent Configuration.

Disabling allows you to temporarily stop auditing the specified registry key without having to remove the auditing template or individual registry key from an active template.

1
On the Auditing page, place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled.
The entry in the Status column for the template will change to ‘Disabled’.
2
To re-enable the auditing template, use the Enable option in either the Status cell or right-click menu.
1
On the Registry Auditing page, place your cursor in the Status cell for the registry key to be disabled, click the arrow control and select Disabled from the drop-down menu
The entry in the Status column for the registry key will change to ‘Disabled’.
2
To re-enable the auditing of a registry key, use the Enable option in either the Status cell or right-click menu.
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択