Installation Considerations for Active Administrator
System requirements
Server hardware requirements
Server software requirements
SQL Server requirements
Console requirements
Audit agents requirements
Workstation logon audit agents requirements
Web Console requirements
System Center requirements
Port requirements
User privilege requirements
Active Administrator module requirements
Installing and configuring Active Administrator
Home
Search
Certificates
Security and Delegation
Active Directory Health
Active Directory Health minimum permissions
Required permissions for Active Directory Health
Active Administrator Data Services (ADS) requirements
Data collectors requirements
Auditing & Alerts
Group Policy
Active Directory Recovery
DC Management
DNS Management
Active Administrator Module Configuration
Active Directory Health module
Active Directory Health Module Configuration
Agents
Notifications
Troubleshooter
AFS service account minimum permissions
Diagnostic Console minimum permissions
Backing up your data
Installing Active Administrator server
Configuring the server
Appendix: Active Administrator Server Manager
Applying a license file
Using a passphrase
Setting the Active Administrator database
Setting the Active Administrator archive database
Configuring purge and archive settings
Storing Active Administrator data
Setting up features and the owner
Configuring active template delegation enforcement
Configuring group policy history
Configuring Active Directory backups
Configuring Active Administrator users
Configuring service accounts
Connecting to System Center Operations Manager and Enabling SNMP Notifications
Reviewing selections
Installing Active Administrator console
Setting up the console
Setting up workstation logon auditing
Using Active Administrator
Starting the Active Administrator Server Manager
Managing the Active Administrator Foundation and Data Services
Managing Security
Managing the passphrase
Managing Active Administrator file security
Managing Active Administrator database security
Recovering from a lost passphrase
Managing Notification Services
Web Server Configuration
Creating alerts
|
1 |
Select Auditing & Alerting | Alerts. |
|
2 |
Click New. |
|
3 |
|
6 |
Click Next. |
|
• |
To add a new email address, click Add and type the email address. |
|
8 |
Click Next. |
|
• |
To filter the list, type text in the Filter box. The list changes as you type characters. The definitions displayed contain the characters you type. For example, if you type com, the definitions displayed may contain the words Completed or Computer. |
|
• |
|
• |
|
10 |
Click Next. |
Use this feature to help limit the number of emails sent to the specified email list. Alert filters are optional and applied to the details section of the event. Only the events that match the filter will be included in the notification email. For example, if the alert filter is Contains OU=Sales, only the events where OU=Sales appears in the details section are included in the notification email.
|
a |
Click Add to add a new alert filter. |
Click Edit to edit a selected alert filter.
|
b |
|
d |
By default the filter conditions are combined using the OR operator. If you want to connect with the AND operator, select AND all conditions. |
|
12 |
Click Next. |
|
a |
Click Add to add a new quiet time. |
Click Edit to edit a selected quiet time.
|
b |
Select Enabled. To disable a quiet time, clear the check box. |
|
c |
Select All Days or specify a specific day. |
|
14 |
Click Next. |
|
a |
Click Add to add a new threshold. |
Click Edit to edit a selected threshold.
|
b |
Select Enabled. To disable a threshold, clear the check box. |
|
19 |
Click Next. |
|
a |
Select Enabled. To disable an action, clear the check box. |
|
e |
Click OK. |
|
16 |
Click Next. |
|
18 |
Click Finish. |
Setting up workstation logon auditing
With workstation logon auditing, you can audit user logon and logoff events including lock and unlock. Enabling the default port adds these workstation events to the event definitions:
Deploying the workstation logon audit agent
|
1 |
Select Configuration | User Logon Agent Settings. |
|
3 |
Click Save. |
|
• |
Copy ActiveAdministrator.admx to C:\Windows\PolicyDefinitions on a domain controller. |
|
• |
Copy ActiveAdministrator.adml to C:\Windows\PolicyDefinitions\en-US on a domain controller. |
|
• |
Copy Active Administrator 8.7 Workstation Audit Agent.msi to a share where everyone has access. |
|
4 |
Open the Group Policy Management Console (GPMC) and create a new Group Policy Object (GPO), such as Active Administrator Workstation Logon Agent. |
|
5 |
Edit the GPO. Navigate to Computer Configuration | Policies | Software Settings | Software installation, right click and choose New | Package. |
|
6 |
Select the Active Administrator 8.7 Workstation Audit Agent.msi package that you copied in step 2. |
|
7 |
|
8 |
On the same GPO, navigate to Computer Configuration | Administrative Templates | Quest Software | Active Administrator, and edit the Enable Workstation Audit Agent setting. |
|
• |
Select Enabled. |
|
• |
In the Server Name box, type the fully qualified domain name (FQDN) of the Active Administrator server. |
|
• |
In the Server Port box, type 15601. |
|
9 |
Enabling the default port
If Windows Firewall is enabled on the workstation where the workstation logon auditing agent is installed, you need to create an exception to allow communication with Active Administrator® Foundation Service (AFS) through port 15601.
|
1 |
On the workstation where the workstation logon auditing agent is installed, start the Windows Firewall with Advanced Security snap-in, right-click on Outbound Rules, and choose New Rule. |
|
2 |
Select Port. |
|
3 |
Click Next. |
|
4 |
|
5 |
Click Next. |
|
6 |
Select Allow the connection. |
|
7 |
Click Next. |
|
8 |
Click Next. |
|
10 |
Click Finish. |