1 |
Select Auditing & Alerting | Agents. |
2 |
Click Install. |
3 |
Click Next. |
5 |
If necessary, click Find Domain Controllers. |
• |
To select all listed domain controllers, click Select all. |
• |
To clear all the check boxes, click Clear all. |
7 |
Click Next. |
IMPORTANT: When installing the audit agent on a member server instead of a domain controller, the following inbound firewall exceptions for Windows® Management Instrumentation must be enabled:
|
Start collecting events immediately after installation of the agent |
|
By default, Active Administrator monitors the status of the audit agent. |
9 |
Click Next. |
10 |
In the Run as box, type an account with domain administrator rights, or browse to locate an account, and enter the password. |
11 |
To verify the account, click Test Audit Agent Account. |
12 |
Click Next. |
14 |
Click Next. |
15 |
Click Finish. |
NOTE: By default, the audit agent is activated upon installation. To change the default setting, select Configuration | Agent Installation Settings.
You can view details about the install in the AuditAgentInstall*.log file, which is located here: Program Files\Quest\Active Administrator\Server\Logging. |
A wizard guides you through creating a new Active Administrator® alert. Alerts provide you the opportunity to combine different conditions into one alert that is sent to specified email recipients. You also can add a filter to the alert to further isolate audit events for the recipient.
1 |
Select Auditing & Alerting | Alerts. |
2 |
Click New. |
3 |
6 |
Click Next. |
• |
To add a new email address, click Add and type the email address. |
8 |
Click Next. |
• |
To filter the list, type text in the Filter box. The list changes as you type characters. The definitions displayed contain the characters you type. For example, if you type com, the definitions displayed may contain the words Completed or Computer. |
• |
• |
10 |
Click Next. |
a |
Click Add to add a new alert filter. |
b |
d |
By default the filter conditions are combined using the OR operator. If you want to connect with the AND operator, select AND all conditions. |
12 |
Click Next. |
a |
Click Add to add a new quiet time. |
b |
Select Enabled. To disable a quiet time, clear the check box. |
c |
Select All Days or specify a specific day. |
14 |
Click Next. |
a |
Click Add to add a new threshold. |
b |
Select Enabled. To disable a threshold, clear the check box. |
19 |
Click Next. |
a |
Select Enabled. To disable an action, clear the check box. |
e |
Click OK. |
16 |
Click Next. |
18 |
Click Finish. |
With workstation logon auditing, you can audit user logon and logoff events including lock and unlock. Enabling the default port adds these workstation events to the event definitions:
1 |
Select Configuration | User Logon Agent Settings. |
3 |
Click Save. |
• |
Copy ActiveAdministrator.admx to C:\Windows\PolicyDefinitions on the domain controller. |
• |
Copy ActiveAdministrator.adml to C:\Windows\PolicyDefinitions\en-US on the domain controller. |
• |
Copy Active Administrator 8.6.2 Workstation Audit Agent.msi to a share where everyone has access. |
3 |
Start Active Administrator 8.6.2 Workstation Audit Agent.msi. |
4 |
6 |
Click Install. |
7 |
Click Finish. |
© ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center