Setting up workstation logon auditing
With workstation logon auditing, you can audit user logon and logoff events including lock and unlock. See Monitoring user logon activity.
Deploying the workstation logon audit agent adds these workstation events to the event definitions:
Deploying the workstation logon audit agent
Enabling workstation auditing
To enable workstation logon auditing
1 Select Configuration | User Logon Agent Settings.
NOTE: If Windows® Firewall is enabled on the workstation where the Active Administrator Workstation Logon Auditing Agent is installed, you need to create an exception to allow communication with Active Administrator Foundation Service (AFS) through port 15601. See Enabling the default port for the workstation logon auditing agent.
3 Click Save.
Deploying the workstation logon agent
To deploy the workstation logon agent
▪ Copy ActiveAdministrator.admx to C:\Windows\PolicyDefinitions on the domain controller.
▪ Copy ActiveAdministrator.adml to C:\Windows\PolicyDefinitions\en-US on the domain controller.
▪ Copy Active Administrator 8.6.2 Workstation Audit Agent.msi to a share where everyone has access.
3 Start Active Administrator 8.6.2 Workstation Audit Agent.msi.
4
6 Click Install.
7 Click Finish.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center