The upgrade scenario covered here assumes that you are upgrading to Quest
ChangeAuditor 5.x (thus replacing the InTrust Plug-ins) and will continue to
use InTrust as your log collection solution.
To ensure a successful upgrade of an InTrust Plug-in, please install/upgrade the
ChangeAuditor and InTrust Plug-in components in the following order:
• Install ChangeAuditor
• Install ChangeAuditor Coordinator
• Install ChangeAuditor Client
• Optionally, run the InTrust2CA utility to export a list of servers with installed plug-ins from the InTrust database.
• Upgrade InTrust Plug-in Agents to ChangeAuditor Agents
• Install ChangeAuditor Knowledge Pack
• Remove InTrust Plug-in objects
• Upgrade Report Pack
Installing ChangeAuditor 5.x in an existing InTrust Plug-in environment will preserve the following InTrust Plug-in configurations in the new ChangeAuditor environment:
• Active Directory protection
• Active Directory filters
• ADAM protection (See note below)
• GPO protection
• Exchange protection (See note below)
• File Access auditing and protection
After an upgrade, open the Administration Tasks tab (View | Administration) in the ChangeAuditor Client to review the protection and auditing configurations that were brought over.
INTRUST PLUG-IN FOR ADAM (ITADAM) UPGRADES:
To successfully migrate ITADAM protection configurations into ChangeAuditor, the user account used to upgrade the ChangeAuditor Agent must have read permissions in all the protected ADAM instances. The Deployment page in the ChangeAuditor Client will prompt for these credentials whenever ITADAM is detected on a server.
INTRUST PLUG-IN FOR EXCHANGE (ITEX) UPGRADES:
Upgrade is NOT supported for Exchange 2000 Server and Windows 2000 Server-based computers.
To upgrade the InTrust Plug-in for Exchange on clustered Exchange servers:
1. Before you start the service upgrade, take the Quest InTrust Plug-in for Exchange Instance resource offline in every Exchange Virtual Server group in the cluster.
2. Install ChangeAuditor Agents on all nodes of the cluster.
3. After the upgrade is completed, InTrust for Exchange Instance resources will be removed from the cluster automatically.
4. Restart the Microsoft Exchange Information Store service on all nodes of clustered Exchange servers in order to complete the upgrade process.
5. It is also recommended to run IISReset on all nodes of the cluster.
Step 1: Install ChangeAuditor
1. Install the first ChangeAuditor Coordinator:
• From the desired member server, run the autorun.exe file.
• On the Install page of the Quest ChangeAuditor autorun, select Install ChangeAuditor Coordinator.
• Enter the information requested in the Coordinator Setup wizard.
2. Install the ChangeAuditor Client:
• From the desired workstation, laptop or member server, run the autorun.exe file.
• On the Install page of the Quest ChangeAuditor autorun, select Install ChangeAuditor Client.
• Enter the information requested in the ChangeAuditor Client Setup wizard.
For more details on installing the ChangeAuditor components, please refer to Install ChangeAuditor.
Step 2: Export Server List from InTrust Database (Optional)
This step is optional. The InTrust Plug-in configurations will be automatically
imported into ChangeAuditor simply by deploying a ChangeAuditor Agent to
these servers. All this utility provides is an indication as to which servers
currently contain an InTrust Plug-in.
1. If you want to identify which servers are currently running InTrust Plug-ins, you must first run the InTrust2CA.exe utility on the InTrust Server.
This utility can be found in the ChangeAuditor Client Utility directory, e.g., C:\Program Files\Quest Software\ChangeAuditor\Client\Utility.
2. To run this utility, use the following syntax:
InTrust2CA.exe <config> <output>
<config> is the path to the input configuration xml file
<output> is the destination xml file path
InTrust2CA.exe input.xml output.xml
An example input configuration XML file (InTrust2CA.Config.xml) is included in the utility directory where the InTrust2CA.exe is located. Create an input configuration XML file to specify the location of the InTrust servers in your environment.
<InTrustServer name="INTRUST_1" protocol="ncacn_ip_tcp" endpoint="8340"/>
<InTrustServer name="INTRUST_1" protocol="ncacn_np" endpoint="\pipe\\adccfg"/>
<InTrustServer name="INTRUST_2" protocol="ncalrpc" endpoint="adccfg"/>
3. Running this utility will create an XML file which contains a list of the servers currently running an InTrust Plug-in. You can then import this XML file to display which servers contain an InTrust Plug-in.
Step 3: Upgrade InTrust Agents to ChangeAuditor Agents
You can upgrade InTrust Plug-in Agents either manually or using the ChangeAuditor Client. This procedure walks you through the process of upgrading agents using the ChangeAuditor Client. To manually upgrade InTrust Plug-in Agents, run the ChangeAuditor Agent installation program on each server where an InTrust Plug-in resides. Refer to the Windows Installer Command Line Options appendix for the command-line options available for deploying ChangeAuditor Agents.
1. Launch the ChangeAuditor Client.
If you have not added the appropriate user account(s) to either the ChangeAuditor Administrators or ChangeAuditor Operators group, you will be denied access to the ChangeAuditor Coordinator when you launch the client. Proceed to Add Users to ChangeAuditor Security Groups for more information on these security groups and SQL database roles.
2. If not already displayed, open the Deployment page (View | Deployment menu command).
3. (Optional) If you exported a server list from the InTrust database using the InTrust2CA utility, expand the Advanced Options tool bar button and select Import InTrust Plug-ins. Locate and select the InTrust2CA.config.xml file previously created. Use the Browse or Search pages to locate and select the servers to be imported. Back on the Deployment page, a Plug-In column will be added which indicates which servers were imported from this list.
4. Select the agents to be upgraded and select the Install or Upgrade tool bar button or right-click command. If you get an Access Denied status in the Deployment Results column, use the Credentials | Set command to enter the proper credentials for installing agents.
5. On the Install or Upgrade dialog select one of the following options to schedule the deployment task:
• Now (default)
6. If you select the When option, enter the date and time when you want the deployment task to be initiated. Select OK to initiate or schedule the deployment task.
Please refer to Deploy ChangeAuditor Agents for more information about deploying agents and the Deployment page.
7. InTrust Plug-in protection configurations and File Access auditing configurations will be preserved and recreated in ChangeAuditor.
Open the Administration Tasks tab to review and modify these configurations.
• Select View | Administration (or Ctrl+F12) to open the Administration Tasks tab.
• Select the appropriate item under the Protection task list in the
left-hand pane. For example, selecting Protection | Exchange Mailbox will display the Exchange Mailbox Protection page which lists the protection templates that were created based on the protection configurations discovered in the InTrust for Exchange Plug-in. If you upgrade from InTrust Plug-in for Exchange (ITEX) 2.1, any users that
can bypass overall protection will be added as an entry under Override Account on the Exchange Mailbox Protection page. To be more specific, after the upgrade, all of the members that were specified in the ITEX global list will be added as an override account to every Exchange Mailbox protection template in ChangeAuditor.
To restore InTrust Plug-in for Exchange configuration settings thatare not saved:
1. Account filtering settings will not be saved after the upgrade to ChangeAuditor. Use the Auditing | Excluded Accounts task on the Administration Tasks tab to configure account and event filtering options.
2. Event filtering settings will not be saved after the upgrade to ChangeAuditor. Use the Auditing | Excluded Accounts task on the Administration Tasks tab to configure account and event filtering options.
Step 4: Install ChangeAuditor Knowledge Pack
1. On the InTrust Manager computer, install the new ChangeAuditor Knowledge Pack. A link to install the new ChangeAuditor Knowledge Pack is available on the Knowledge Packs page of the ChangeAuditor autorun.
2. Manually move customizations from the old InTrust Plug-in versions of the knowledge packs to the new one. Please refer to the Knowledge Pack Correlation Tables appendix for the correlation between the objects in the new and old versions of the knowledge packs.
Step 5: Remove Old InTrust Plug-In Objects
When all InTrust Plug-ins have been migrated to ChangeAuditor Agents, remove
the following InTrust Plug-in objects:
1. Use InTrust Manager to manually remove all deprecated objects from the previous version of the knowledge packs. Refer to the Knowledge Pack Correlation Tables appendix for a list of the deprecated knowledge objects. (That is, the objects marked in red in this appendix are to removed.)
2. Use Add/Remove Programs to remove the old InTrust Plug-in knowledge packs.The above two steps are optional. However, if you want to remove all old
InTrust Plug-in objects from your environment, you must run both of these steps.
3. Uninstall the InTrust Plug-ins management user interfaces:
• For ITAD: Uninstall ITAD manager extension from computers with InTrust Manager GUI installed.
• For ITEX: Uninstall ITEX management console.
• For ITFAP: Uninstall ITFAP manager extension from computers within InTrust Manager GUI installed.
Step 6: Upgrade Report Pack
The old InTrust Plug-in Report Packs will work with ChangeAuditor events; however, it is recommended that you install the new ChangeAuditor Report Pack
because there are new reports that take advantage of the new events being captured.
1. Install the ChangeAuditor Report Pack for Quest Knowledge Portal on the reporting server that is associated with the InTrust audit database. A link to install the new ChangeAuditor Report Pack is available on the Knowledge Packs page of the ChangeAuditor autorun.
2. Use SQL Server Reporting Services Manager to remove obsolete InTrust Plug-in Report Pack(s):
• InTrust Plug-in for Active Directory Report Pack
• InTrust Plug-in for Exchange Report Pack
• InTrust Plug-in for File Access Report Pack
Please refer to the ChangeAuditor Report Pack for Quest Knowledge Portal appendix for a list of the report changes made in the new ChangeAuditor Report