Change Auditor 6.9.5 - User Guide

Change Auditor Overview Change Auditor Client Overview Agent Deployment Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Change Auditor Overview

Change Auditor provides total auditing and security coverage for your enterprise network. Change Auditor audits the activities taking place in your infrastructure and, with real-time alerts, delivers detailed information about vital changes and activities as they occur. Instantly know who made the change including the IP address of the originating workstation, where and when it occurred along with before and after values. Then automatically turn that information into intelligent, in-depth forensics for auditors and management — and reduce the risks associated with day-to-day modifications.


Was this topic helpful?

[Select Rating]



Available Change Auditor auditing modules

Continually being in-the-know helps you to prove compliance, drive security, and improve uptime while proactively auditing changes to configurations and permissions. You can automatically generate intelligent, in-depth reports, protecting you against policy violations and avoiding the risks and errors associated with day-to-day modifications.

Quest provides the following products to help you track, audit, report, and receive alerts on vital changes and activity:

 

Table 1.  

Quest Change Auditor for Active Directory

Drives the security and control of Active Directory by tracking vital configuration changes to users, groups, nested groups, GPOs, computers, services, registry, local users and groups and DNS — without the overhead costs of native auditing. You can also lock down critical Active Directory, ADAM (AD LDS), and Group Policy objects, to protect them from unauthorized or accidental modifications or deletions.

Change Auditor for Active Directory also audits activity in Microsoft Azure Active Directory.

Correlating activity across the on-premises and cloud directories, provides a single pane-of-glass view of your hybrid environment and makes it easy to search all events regardless of where they occurred.

Quest Change Auditor for Exchange

Simplifies auditing the activities taking place in your entire Exchange environment. You can audit over 300 Exchange events covering owner and nonowner mailbox changes, server configurations and permissions, and more.

Through the Exchange Mailbox protection feature, you can prevent unwanted access to Exchange mailboxes, making it much more difficult for rogue administrators to access critical mailboxes.

You can also audit Office 365 Exchange Online configuration and permission changes.

Quest Change Auditor for Windows File Servers

Enables administrators to achieve the comprehensive auditing coverage of native tools without the mass of cumbersome data that native event logs generate. You can audit activity related to files and folders, shares, and changes to permissions.

Change Auditor provides an access control model that allows administrators to protect business-critical files and folders on the file server.

Quest Change Auditor for EMC

Eliminates the time and complexity of native auditing by providing EMC Celerra/VNX file and folder changes in real time and translating events into plain English.

Quest Change Auditor for NetApp

Eliminates the time and complexity of native auditing by providing NetApp file and folder changes in real time and translating events into plain English.

Quest Change Auditor for SQL Server

Provides database auditing to secure SQL database assets with extensive, customizable auditing and reporting for all critical SQL changes including broker, database, object, performance, and transaction events, plus errors and warnings.

Helps tighten enterprise-wide change and control policies by tracking user and administrator activity such as database additions and deletions, granting and removing SQL access.

SQL Data Level auditing allows you to audit changes to databases and tables.

Quest Change Auditor for Active Directory Queries

Monitors directory access across all domain controllers in the environment and aggregates that information in a central database identifying LDAP-enabled applications and how they use Active Directory. The LDAP access data can then be used during Active Directory forest migration and restructuring projects.

Quest Change Auditor for SharePoint

Provides centralized auditing, including configuration, event collection and reporting, for Microsoft SharePoint 2010 and SharePoint 2013 servers and farms. It provides built-in queries and reports that focus on auditing the following areas:

You can also audit Office 365 SharePoint Online and OneDrive for Business changes.

Quest Change Auditor for Logon Activity

Change Auditor for Logon Activity has removed the dependency on InTrust® and the Change Auditor Data Gateway Service to capture user logon activity. This auditing module consists of two licenses (one for server agents and another for workstation agents) and may be used to collect logon activity events for regulatory compliance and user activity tracking.

Quest Change Auditor for Skype for Business

Allows you to audit configuration and security setting changes in Microsoft Skype for Business Server 2015 and Microsoft Lync Server 2013, providing change notifications for Skype user setup, permissions, and application configuration from the Microsoft Skype for Business Server 2015 / Microsoft Lync Server 2013 Central Management Store (CMS).

Quest Change Auditor for Authentication Services

Quest Authentication Services enables organizations to extend the security and compliance of Active Directory to Unix, Linux, and Mac platforms and enterprise applications. Using Change Auditor for Authentication Services, users of Authentication Services can audit on critical changes to:

Quest Change Auditor for Defender

Enhances security by enabling two-factor authentication to network, Web, and applications-based resources. Defender was designed to base all administration and identity management on an organization’s existing investment in Active Directory and eliminates the costs and time involved in setting up and maintaining proprietary databases. Change Auditor for Defender tracks changes to user accounts enabled with Defender tokens in Active Directory.

Because Defender extends the Active Directory schema, once the Change Auditor for Defender license is applied, agents installed on Domain Controllers detect any changes made to the Defender-specific attributes in Active Directory and generate events. No audit template is needed.

Quest Change Auditor for VMware vCenter

Helps to ensure the security, compliance, and control of event activity and the security of VMware vCenter Server. It audits, reports, and provides alerts on all changes to the platform in real time, making VMware monitoring easy. You can analyze events and changes without complexity and fear of unknown security concerns, and be confident that compliance demands satisfy the scrutiny of any auditor.

Change Auditor for VMware vCenter is freeware and included with other Change Auditor modules.

Quest Change Auditor for Fluid File System

Eliminates the time and complexity of native auditing by providing Fluid File System file and folder changes in real time.

 


Was this topic helpful?

[Select Rating]



Change Auditor Client Overview


Was this topic helpful?

[Select Rating]



Starting the Change Auditor client

To connect to the client, the following conditions must be met:

1
Select Start | All Programs | Quest | Change Auditor | Change Auditor Client.
2
Select Connect to use the default connection profile.

Was this topic helpful?

[Select Rating]



Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing
Technical Support
View All Contacts
Related Documents