Chat now with support
Chat with Support

Change Auditor 7.0.3 - Installation Guide

Installation Overview Install Change Auditor Add Users to Change Auditor Security Groups Connecting to the Clients Deploy Change Auditor Agents Upgrade Change Auditor Installation Notes and Best Practices Multi-Forest Deployments Workstation Agent Deployment Agent Comparison Install an agent to audit ADAM (AD LDS) on workgroup servers Active Roles Integration Quest GPOADmin Integration Windows Installer Command Line Options

Introducing Change Auditor security groups

During the coordinator installation, the following security groups are created to allow access for performing various functions within Change Auditor:

ChangeAuditor Administrators — <InstallationName> Group — provides access to all aspects of Change Auditor and to deploy agents.
ChangeAuditor Operators — <InstallationName> Group — provides access to Change Auditor except for making configuration changes.
ChangeAuditor Web Shared Overview Users — <InstallationName> Group — provides access to the web client shared overviews, while restricting access to only what has been shared. See the Change Auditor Web Client User Guide for more information about sharing overviews.

The installation name assigned during the coordinator installation is appended to these security groups. For example, when using the default installation name, these groups are named:

Two Domain Local Security Groups are created in the same domain as the coordinator. The Group Scope can be changed to Universal as long as the Group Names remain ChangeAuditor Administrators — <InstallationName> and ChangeAuditor Operators — <InstallationName>.

Membership in the ChangeAuditor Administrators and ChangeAuditor Operators groups enable the client to connect and authenticate to a coordinator; therefore, any user that is running a Change Auditor client must be added to one of these groups. In addition, all users responsible for deploying agents must also be a member of the ChangeAuditor Administrators group in the specified Change Auditor installation. If you are not a member of this security group for this installation, you get an access denied error.

All users running a client must also have the proper SQL credentials for accessing a Change Auditor archive database. One way of accomplishing this would be to add the ChangeAuditor Administrators and ChangeAuditor Operators groups into the appropriate SQL database roles which were also created during the coordinator installation: ChangeAuditor_Administrators and ChangeAuditor_Operators.

Add accounts to security groups

During the coordinator installation process, you could add the current user to the ChangeAuditor Administrators security group in the specified Change Auditor installation. If you selected not to add the current user during the installation process or want to add more user accounts, use the following procedure.

Use the Active Directory Users and Computers MMC snap-in to add the appropriate user accounts to one of the Change Auditor groups:

1
Open the Active Directory Users and Computers snap-in.
3
Right-click and select Properties on the group called ChangeAuditor Administrators — <InstallationName> or ChangeAuditor Operators — <InstallationName>.
4
Select the Members tab.
5
Click Add and browse to the appropriate user object.
6
Click OK to close the Active Directory Users and Computers snap-in.

Adding the appropriate users to one of these groups allow the client to successfully connect to the coordinator.

Use the Microsoft Computer Management tool to add the appropriate user accounts to one of the Change Auditor groups:

2
From the Computer Management dialog, expand Local Users and Groups and select Groups.
3
Right-click and select Properties on the group called ChangeAuditor Administrators — <InstallationName> or ChangeAuditor Operators — <InstallationName>.
4
Click Add and browse to the appropriate user object.
5
Click OK to close the Computer Management tool.

Adding the appropriate users to one of these groups allow the client to successfully connect to the coordinator.

Add accounts to ChangeAuditor database role

Use the Microsoft SQL Management Studio to add the appropriate user or group accounts to one of the ChangeAuditor database roles:

2
Navigate to the <SQL Server(Instance)> | Security | Logins directory. Expand the Logins node.
4
On the Select User or Group dialog, click Object Types and make sure that the Groups check box is selected. Click Location to search either the Entire Directory or local SQL server (depending on where the group was created, which is determined by the domain functional level). Click Check Names to select the user or group account (for example, ChangeAuditor Administrators) to be added.
8
Click OK. Your SQL Login account for Change Auditor database access is now mapped to the appropriate role.

 

Connecting to the Clients

 

Related Documents