Chat now with support
Chat with Support

Change Auditor 7.0.3 - Installation Guide

Installation Overview Install Change Auditor Add Users to Change Auditor Security Groups Connecting to the Clients Deploy Change Auditor Agents Upgrade Change Auditor Installation Notes and Best Practices Multi-Forest Deployments Workstation Agent Deployment Agent Comparison Install an agent to audit ADAM (AD LDS) on workgroup servers Active Roles Integration Quest GPOADmin Integration Windows Installer Command Line Options

Change Auditor for SharePoint

The Microsoft SharePoint requirements must be met. Change Auditor for SharePoint does not need any additional requirements.

See the Change Auditor for SharePoint User Guide for information about installing, configuring, and using Change Auditor for SharePoint.

Agent deployment

You need deploy an agent on one of the SharePoint servers in the SharePoint farm that you want to monitor.

The agent selected to connect to and collect events from the SharePoint farm must have the following permissions:

Recommended: Use the SharePoint farm administrator account that was supplied when SharePoint was installed.

For proper auditing of the sites within the MySite Site Collection or Web Application, add the account Change Auditor uses to access the SharePoint database as a Site Collection Administrator (primary or secondary) or to the User Web Policy for the MySite host. Depending on how your MySite host is initially set up, use the Central Administration website to verify, and if necessary add, this account.

For Change Auditor to capture some of the SharePoint events, the following settings must be enabled:

Native Auditing enabled for all SharePoint web applications (including each user site under MySite)Change Auditor
Versioning enabled for each individual Library and List Item pertaining to the Sites, if you want Change Auditor to capture versioning activities.

See the Change Auditor for SharePoint User Guide or Event Reference Guide for a list of the events that require these additional settings.

Backup notes

The coordinator uses Microsoft SQL Server as the main database for collecting and reporting audit information. This data must be protected and backed up regularly, acceptable to your data retention policies. There are several third-party tools available, including Microsoft’s SQL Tools, which provide backup and restore functions.

The agent uses a SQLCE database file (ChangeAuditorAgent.sdf) on the local drive of each agented DC/member server. This database is primarily used to capture the state values for Active Directory® objects, File System values, and Windows registry changes. The agent files are not required as part of the backup job since the data contained in the database files can be recreated upon agent installation. Quest recommends that you exclude the agent files (%ProgramFiles%\Quest\ChangeAuditor\Agent\DBScripts) from your backup solution.

Agent behavior notes

When an agent comes online, it queries the Active Directory Catalog (GC) for a list of all coordinator SCPs within its same installation to determine which to connect to.

When there are available coordinators within the agent’s site, the agent connects to all coordinators in the site. When there are no coordinators running within the agent’s site, the agent connects to any online coordinator. However, when coordinators within the site come back online, the agent switches to connect to just the coordinators within the same site and drop nonsite coordinator connections. If this behavior is problematic for your environment, contact Quest Technical Support to discuss possible configuration options.

The connection behavior after these initial steps depends on the type of agent:

Change Auditor 6.x server agents: Starting with Change Auditor 6.0, server agents submit events to all coordinators in the site and load balancing occurs automatically. All connected coordinators can then participate in receiving events from the server agent, allowing a high volume of events to be distributed for processing.
Change Auditor workstation agents: The workstation agents randomly connect to a single coordinator. This enables ‘scaling out’ options for large workstation agent deployments within a single site.

Junction point creation may fail on a server where both a Symantec™ Backup Exec™ CPS agent and a Change Auditor agent are running. To resolve the problem, upgrade the CPS agent to 12.5 or later.

Related Documents