1 |
Select Auditing & Alerting | Alerts. |
2 |
Click New. |
3 |
6 |
Click Next. |
• |
To add a new email address, click Add and type the email address. |
8 |
Click Next. |
• |
To filter the list, type text in the Filter box. The list changes as you type characters. The definitions displayed contain the characters you type. For example, if you type com, the definitions displayed may contain the words Completed or Computer. |
• |
• |
10 |
Click Next. |
a |
Click Add to add a new alert filter. |
b |
d |
By default the filter conditions are combined using the OR operator. If you want to connect with the AND operator, select AND all conditions. |
12 |
Click Next. |
a |
Click Add to add a new quiet time. |
b |
Select Enabled. To disable a quiet time, clear the check box. |
c |
Select All Days or specify a specific day. |
14 |
Click Next. |
a |
Click Add to add a new threshold. |
b |
Select Enabled. To disable a threshold, clear the check box. |
19 |
Click Next. |
a |
Select Enabled. To disable an action, clear the check box. |
e |
Click OK. |
16 |
Click Next. |
18 |
Click Finish. |
With workstation logon auditing, you can audit user logon and logoff events including lock and unlock. Enabling the default port adds these workstation events to the event definitions:
1 |
Select Configuration | User Logon Agent Settings. |
3 |
Click Save. |
• |
Copy ActiveAdministrator.admx to C:\Windows\PolicyDefinitions on a domain controller. |
• |
Copy ActiveAdministrator.adml to C:\Windows\PolicyDefinitions\en-US on a domain controller. |
• |
Copy Active Administrator 8.7 Workstation Audit Agent.msi to a share where everyone has access. |
4 |
Open the Group Policy Management Console (GPMC) and create a new Group Policy Object (GPO), such as Active Administrator Workstation Logon Agent. |
5 |
Edit the GPO. Navigate to Computer Configuration | Policies | Software Settings | Software installation, right click and choose New | Package. |
6 |
Select the Active Administrator 8.7 Workstation Audit Agent.msi package that you copied in step 2. |
7 |
8 |
On the same GPO, navigate to Computer Configuration | Administrative Templates | Quest Software | Active Administrator, and edit the Enable Workstation Audit Agent setting. |
• |
Select Enabled. |
• |
In the Server Name box, type the fully qualified domain name (FQDN) of the Active Administrator server. |
• |
In the Server Port box, type 15601. |
9 |
If Windows Firewall is enabled on the workstation where the workstation logon auditing agent is installed, you need to create an exception to allow communication with Active Administrator® Foundation Service (AFS) through port 15601.
1 |
On the workstation where the workstation logon auditing agent is installed, start the Windows Firewall with Advanced Security snap-in, right-click on Outbound Rules, and choose New Rule. |
2 |
Select Port. |
3 |
Click Next. |
4 |
5 |
Click Next. |
6 |
Select Allow the connection. |
7 |
Click Next. |
8 |
Click Next. |
10 |
Click Finish. |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center