Chat now with support
Chat with Support

Change Auditor - For Advanced Users 7.2 - Technical Insight Guide

Change Auditor Services Change Auditor licensing processes Component Start-up Considerations Change Auditor network communications Coordinator internal tasks Registry Settings Change Auditor built-in fault tolerance Change Auditor protection Database Considerations Account exclusions best practices

Account exclusions best practices

Some administrative user accounts are responsible for large amounts of Exchange Server utilization, but are trusted accounts and do not need to be audited. In particular, users of BlackBerry Enterprise Server will find that the BES background processes on the Exchange Server Mailbox role (Exchange 2013 and higher) consumes significant resources, particularly when the agent is running. Other such accounts may be used for mailbox backup and archiving, spam filtering, and anti-virus protection.

To limit Change Auditor’s utilization and unwanted audit events, by default the BlackBerry Enterprise Server administrative accounts, and accounts with similar special Active Directory permissions, are excluded automatically from auditing. This feature can be turned off if necessary (contact Quest Technical Support); however, utilization may increase unacceptably as a result when those accounts are active.

Other trusted user accounts can be manually excluded from auditing. If you find that trusted accounts are generating large numbers of unwanted audit events, or if Exchange Server utilization is unusually high when such accounts are active and Change Auditor is running, Quest recommends that you exclude the accounts as described here to reduce overhead and improve performance of the agent.

1
Select View | Administration to open the Administration Tasks tab.
2
Click Auditing.
3
Select Excluded Accounts (under the Configuration heading) to open the Excluded Accounts Auditing page.
4
Click Add to start the Excluded Accounts wizard.
Template Name — enter a descriptive name for the template. For example, Exclude BlackBerry Service Account.
Facility/Event Class list (middle pane) — scroll and locate the Exchange Mailbox Monitoring events. Select one of these events, click Add, and select Add All Events in Facility.
NOTE: Using the Add All Events in Facility option is important because excluding the entire facility allows Change Auditor to ignore all Exchange activity for this account, reducing CPU utilization in the Exchange store or client access service. Excluding some or all individual mailbox monitoring events using the Add This Event option disables those events, but does not reduce utilization.
Click Next.
7
Click the down-arrow on the Finish button and select Finish and Assign to Agent Configuration to assign the template to the configuration that applies to the agents on the Exchange Servers hosting the Exchange Server Mailbox role (Exchange 2013 and higher).
9
Click OK to save the changes and close the dialog.
If an Exchange Server agent does not have ‘Auditing’ in the Exclude Account column, select that agent from the list and click Assign. On the Agent Assignment dialog, select the correct configuration and click OK.

To minimize the disruption on networks with many Outlook users, Quest recommends that scheduled installations, upgrades, and starting and stopping of agents on Exchange servers be performed during periods when relatively few users are connected.

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating