• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Change Auditor for Defender 7.1.1
• Change Auditor for Defender 7.1.1 - User Guide

Change Auditor for Defender 7.1.1 - User Guide

Table of Contents  

Change Auditor for Defender Overview

Introduction Deployment requirements

Getting Started

Deployment requirements and notes Enable Defender auditing Make changes and run a report Troubleshooting

Defender Searches/Reports

Defender built-in searches Search results

• Viewing Topics 5 - 8 of 11

×

Deployment requirements and notes

Because Defender extends the Active Directory schema, once Defender auditing is enabled, agents installed on Domain Controllers detect any changes made to the Defender-specific attributes in Active Directory and generate events.

NOTE:   • Specific Defender templates or configuration is not required. • After an agent upgrade from version 7.0.4 or earlier, you will need to update your configuration setup to enable Defender auditing where required.

Enable Defender auditing

Defender auditing is enabled and disabled on a configuration basis from through the configuration setup.

To enable Defender auditing:

1	Open the Administration Tasks tab and click Configuration.

2	Select Agent in the Configuration task list.

3	From the Agent Configuration page, click Configurations to see the available configuration definitions. From here you can edit a configuration to include Defender or create a new configuration.

4	Select the required agent configuration, select the Defender tab, and click the option to enabled auditing.

Make changes and run a report

1	To test that events are being captured, make some changes on a domain where Defender is deployed.

For example:

•	Add a Defender security server to a domain

•	Change a Defender policy for a group or user

2	Select Start | All Programs | Quest | Change Auditor | Change Auditor Client to review the events generated.

3	Open the Searches tab.

4	Expand the Shared | Built-in | Defender folder in the left pane.

5	Locate and double-click All Defender events in the last 30 days in the right pane.

A new Search Results tab is added to the client displaying the events captured over the last seven days.

6	Select an event from the Search Results grid to display the event details for the selected event.

NOTE: If the Search Properties tabs are displayed across the bottom of the Search Results page, double-click an event to display the event details for the selected event.

Troubleshooting

If you have enabled Defender auditing but you are not receiving any events, ensure that the required Domain Controllers have agents deployed to them. Defender events are recorded in the Active Directory subsystem.

•  Previous
• Viewing Topics 5 - 8 of 11
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center