2 |
Select Group Policy | Group Policy Objects. |
3 |
4 |
Expand Computer Configuration | Windows Settings | Security Settings | Local Policies, and select Audit Policy. |
6 |
Close the Group Policy window. |
7 |
From the command prompt, refresh the Group Policies by typing gpupdate /force. |
To collect data on a computer, you must install and activate the audit agent.
1 |
Select Auditing & Alerting | Agents. |
2 |
Click Install. |
3 |
Click Next. |
4 |
In the Domain box, type the domain name; or browse to locate a domain. |
5 |
If necessary, click Find Domain Controllers. |
• |
To select all listed domain controllers, click Select all. |
• |
To clear all the check boxes, click Clear all. |
7 |
Click Next. |
Start collecting events immediately after installation of the agent |
|
By default, Active Administrator® monitors the status of the audit agent. |
9 |
Click Next. |
10 |
In the Run as box, type an account with domain administrative rights, or click to locate an account, and then enter the password. |
NOTE: The Active Administrator Agent service can also run under a domain user account provided it is a local administrative account, which gives it the rights to log on as a service, log on locally, and manage auditing and security log, or these privileges can be granted individually. This user or service account should also be a member of the AA_Admin group, which by default is located in the Local groups of the server where the ActiveAdministrator database is located. If the group is not found in this location, the settings during the initial database creation were modified and it can be found under the Users container object of Active Directory. |
11 |
To verify the account, click Test Audit Agent Account. |
12 |
Click Next. |
14 |
Click Next. |
15 |
Click Finish. |
NOTE: By default, the audit agent is activated upon installation. To change the default setting, click Configuration | Agent Installation Settings. See Setting agent installation options.
You can view details about the install in the AuditAgentInstall*.log file, which is located in the Program Files\Quest\Active Administrator\Server\Logging folder. NOTE: If you experience deactivated audit agents after installing agents in a new domain on a Windows Server® 2016 or Windows 2019 domain controller, clear the security event log and restart the audit agent. |
1 |
Select Auditing & Alerting | Agents. |
2 |
Select a domain controller, and select More | Set Startup Account. |
NOTE: A domain administrator account is recommended. The Active Administrator® audit agent service can run under a domain user account if it is a local administrative account, which gives it the rights to log on as a service and log on locally, or an account with these two privileges granted individually. This account should also be a member of the AA_Admin group, which by default is located in the Local groups of the server where the ActiveAdministrator database is located. If the group is not found in this location, the settings during the initially database creation were modified and the group can be found under the Users container object of Active Directory®. |
5 |
Click OK. |
By default, Active Administrator® monitors the status of the audit agent.
1 |
Select Auditing & Alerting | Agents. |
2 |
Select a domain controller, and select More | Test Startup Account. |
5 |
Click OK. |
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy