Chat now with support
Chat with Support

Change Auditor 7.0.3 - Web Client User Guide

Install Change Auditor Web Client Web Client Overview Overview Page Shared Overviews Administration Page Searches Page Search Results Page Administration Tasks Page Configuration Tasks (Administration Tasks Page) Auditing Tasks (Administration Tasks Page) Protection Tasks (Administration Tasks Page) Change Auditor Client Comparison

ADAM (AD LDS) Auditing page

The ADAM (AD LDS) Auditing page is displayed when ADAM (AD LDS) is selected from the Auditing task list in the navigation pane of the Administration Tasks page. Use the ADAM (AD LDS) Auditing page to create a list of ADAM instances, directory objects or containers, and object classes to be audited.

NOTE: For more information, including a full description of the page, refer to the Change Auditor for Active Directory User Guide.
2
Click Auditing.
3
Select ADAM (AD LDS) in the Auditing task list to open the ADAM (AD LDS) Auditing page.
4
Click Add to launch the ADAM (AD LDS) Auditing wizard.

ADAM (AD LDS) Instance

Select the ADAM (AD LDS) instance from which to choose audited objects and enter the credentials for a user with access to the instance.

3
Click Test to verify the credentials.
4
Click Next.

Object Selection

Select where to conduct the audit.

See Directory object picker for a detailed description of this wizard page.

3
Click Next.

Object Classes

Select object classes to audit under the selected container.

2
Click Add to move it to the Audited Object Class list (right pane).
3
Click Finish to save your selections and close the wizard.

ADAM (AD LDS) Attribute Auditing page

The ADAM (AD LDS) Attribute Auditing page is displayed when ADAM (AD LDS) | Attributes is selected from the Auditing task list in the navigation pane of the Administration Tasks page. Using the ADAM (AD LDS) Attribute Auditing feature, you can specify the individual schema attributes to be audited for the selected object class(es). In addition to specifying individual attributes for auditing, you can also assign a severity.

NOTE: For more information, including a full description of the page, refer to the Change Auditor for Active Directory User Guide.
2
Click Auditing.
3
Select Attributes under ADAM (AD LDS) in the Auditing task list to open the AD Attribute Auditing page.
6
To change the severity level assigned to an attribute, in the right pane, click in the Severity cell and use the drop-down arrow to select the severity you want to assign to the selected attribute.
7
To remove an attribute from auditing, select the attribute from the right pane and click Remove. Selecting this button moves the selected attribute back into the Unaudited Attribute list.
8
Click Finish to save the selected attributes, close the dialog and return to the ADAM (AD LDS) Attribute Auditing page.

Applications

The tasks under this heading are used to define auditing for different types of applications within your environment.

See the following administration task descriptions for more information:

Exchange Mailbox auditing

Exchange Mailbox auditing helps tighten enterprise-wide change and control policies by tracking user and administrator activity such as user account changes, delivery restriction changes, send on behalf updates, and more. With these types of real-time alerts and in-depth analysis and reporting capabilities, your Exchange infrastructure is always protected from exposure to suspicious behavior or unauthorized access and kept in compliance with corporate and government standards.

To enable Exchange Mailbox auditing, you must first define whose (users or groups) mailbox activities are to be audited.

IMPORTANT: When the Message read by non-owner event is enabled and a mailbox is moved from one mailbox store to another, Change Auditor generates an event for every email in the mailbox that is being moved. For example, if a user has 1,000 emails in his/her mailbox, you will receive 1,000 Message read by non-owner events in Change Auditor.

To avoid generating these events, do not add the user account for the mailbox to be moved to the list on the Exchange Mailbox Auditing page on the Administration Tasks page.

To enable Exchange mailbox auditing, you must first specify whose mailbox activities are to be audited. To create this mailbox list, use the Exchange Mailbox Auditing page, which is displayed when Exchange Mailbox is selected from the Auditing task list in the navigation pane of the Administration Tasks page.

2
Click Auditing.
3
Select Exchange Mailbox (under the Applications heading in the Auditing task list) to open the Exchange Mailbox Auditing page.
4
Click Add to display the Exchange Auditing wizard.
5
Select one of the options at the top of the page: Enterprise or This Object (default).
6
If the This Object option is selected, use the Browse and Search pages to locate and select a directory object (i.e., User, Group, Container, DomainDNS, OrganizationalUnit, or BuiltinDomain) and use Add to add the selected directory object to the selection list at the bottom of the page.
7
Click Finish to close this wizard and return to the Exchange Mailbox Auditing page, where your selections will now be listed with a No in the Exclude cell.
9
The default scope of coverage is displayed in the Scope cell. You can change this by clicking in the Scope cell and selecting the appropriate option from the list:
Object - to audit an individual object
One Level - to audit an object and its direct child objects
Subtree - to audit an object and all of its subordinate objects (all levels)

From the Exchange Mailbox Auditing page you can exclude a previously included mailbox by changing the setting in the Exclude cell.

Click in the Exclude cell of the mailbox to be included and select Yes.

For example, if you wanted to audit all mailboxes in the Enterprise, except those belonging to the accounts in the ExchangeAdmin organizational unit, you would create two entries in the Exchange Mailbox Auditing list:

Use Add to create an audit entry for the Enterprise with Exclude = No.
Use Add to create an audit entry for the ExchangeAdmin OU and change Exclude to Yes.
Related Documents