Chat now with support
Chat with Support

Active Administrator 8.4 - Installation Guide

Installation Considerations for Active Administrator Installing and configuring Active Administrator

Setting up auditing on domain controllers

To gather the proper information from the security event logs, the information must first be audited. You need to modify the Default Domain Controllers Policy to enable auditing.

NOTE: If you have not installed the Active Administrator® console, you also can use the Active Directory® Users and Computers MMC snap-in.
2
Select Group Policy | Group Policy Objects.
3
Select Default Domain Controllers Policy, and click Edit.
4
Expand Computer Configuration | Windows Settings | Security Settings | Local Policies, and select Audit Policy.

[Success, Failure]

[Success]

[Success]

[Success]

[Success]

[Success]

6
Close the Group Policy window.
7

Installing audit agents

To collect data on a computer, you must install and activate the audit agent. A wizard guides you through installing the audit agent.

1
Select Auditing & Alerting | Agents.
2
Click Install.
3
Click Next.
5
If necessary, click Find Domain Controllers.
7
Click Next.

Install on target Domain Controller(s)

By default, the audit agent is installed on the domain controllers you selected on the previous page.

Audit from an agent on the following computer

Select to install the audit agent on a computer in the domain. Type a computer's fully qualified domain name in the box, or browse to locate a computer.

Start collecting events immediately after installation of the agent

By default, the audit agent is activated and collection begins immediately upon completion of the installation process. Clear the check box if you want to activate the audit agents manually.

Enable agent monitoring and recovery

By default, Active Administrator monitors the status of the audit agent.

9
Click Next.
10
In the Run as box, type an account with domain administrator rights, or browse to locate an account, and enter the password.
11
To verify the account, click Test Audit Agent Account.
12
Click Next.
14
Click Next.
15
Click Finish.
The Audit Agent page lists the domain controllers you selected, the time and date of the last event collected, the status of the audit agent and the advanced audit agent, the name of the server on which Active Administrator is installed, and the version number of the audit agent installed on the domain controller.

You can view details about the install in the AuditAgentInstall*.log file, which is located here: Program Files\Quest\Active Administrator\Server\Logging.

Creating alerts

A wizard guides you through creating a new Active Administrator® alert. Alerts provide you the opportunity to combine different conditions into one alert that is sent to specified email recipients. You also can add a filter to the alert to further isolate audit events for the recipient.

1
Select Auditing & Alerting | Alerts.
2
Click New.
3
On the Welcome page, click Next.
6
Click Next.
To add a new email address, click Add and type the email address.
8
Click Next.
To filter the list, type text in the Filter box. The list changes as you type characters. The definitions displayed contain the characters you type. For example, if you type com, the definitions displayed may contain the words Completed or Computer.
To show only selected definitions, open the Show box, and choose Selected.
To show only unselected definitions, open the Show box, and choose Unselected.
10
Click Next.
a
Click Add to add a new alert filter.
Click Edit to edit a selected alert filter.
b
Select if the email Contains or Does not contain the condition text.
d
By default the filter conditions are combined using the OR operator. If you want to connect with the AND operator, select AND all conditions.
12
Click Next.
NOTE: There is also a global quiet time that you can set. The quiet times set here are in addition to any global quiet times. See Setting global quiet time in the Quest® Active Administrator® User Guide.
a
Click Add to add a new quiet time.
Click Edit to edit a selected quiet time.
b
Select Enabled. To disable a quiet time, clear the check box.
c
Select All Days or specify a specific day.
14
Click Next.
a
Click Add to add a new threshold.
Click Edit to edit a selected threshold.
b
Select Enabled. To disable a threshold, clear the check box.
19
Click Next.
a
Select Enabled. To disable an action, clear the check box.
e
16
Click Next.
18
Click Finish.

Setting up workstation logon auditing

With workstation logon auditing, you can audit user logon and logoff events including lock and unlock. Enabling the default port adds these workstation events to the event definitions:

Related Documents