Chat now with support
Chat with Support

Change Auditor 7.5 - User Guide

Welcome to Change Auditor Help Change Auditor Core Functionality
Change Auditor Core Functionality Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags
Microsoft 365 and Microsoft Entra ID Auditing Change Auditor for Active Directory
Change Auditor for Active Directory Overview Custom Active Directory Searches and Reports Custom Active Directory Object Auditing Custom Active Directory Attribute Auditing Member of Group Auditing Active Directory Federation Services Auditing ADAM (AD LDS) Auditing Active Directory Database Auditing Active Roles Integration Quest GPOADmin Integration Active Directory Protection Event Details Pane About us
Change Auditor for Authentication Services Change Auditor for Defender Change Auditor for EMC Change Auditor for Exchange Change Auditor for Windows File Servers Change Auditor for Active Directory Queries Change Auditor for Logon Activity Change Auditor for NetApp Change Auditor for SharePoint Change Auditor for SQL Server Change Auditor SIEM Integration Guide
Webhooks in Change Auditor Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Splunk event subscription wizard Managing an IBM QRadar integration QRadar event subscription wizard Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration ArcSight event subscription wizard Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Syslog event subscription wizard Managing a Microsoft Sentinel integration Microsoft Sentinel event subscription wizard
Webhook technical insights
Change Auditor Threat Detection Deployment Change Auditor Threat Detection Dashboard Change Auditor PowerShell Command Guide Change Auditor Dialogs
Change Auditor dialogs
Quest Change Auditor dialog Add Administrator Add Agents, Domains, Sites dialog Add Container dialog Add Active Directory Container dialog (AD Query) Add Facilities or Event Classes dialog Add Facilities or Event Classes dialog (Add With Events) Add File System Path dialog Add Foreign Forest Credential Add Group Policy Container dialog Add Local Account dialog Add Logons dialog Add Logons dialog (Add With Events) Add Object Classes dialog Add Object Classes dialog (Add With Events) Add Origin dialog Add Origin dialog (Add With Events) Add Registry Key dialog Add Results dialog Add Service dialog Add Service dialog (Add With Events) Add Severities dialog Add Severities dialog (Add With Events) Add SharePoint Path dialog Add SQL Instance dialog Add SQL Data Level Object Add Users, Computers or Groups dialog Add Where dialog Add Who dialog Advanced Deployment Options dialog Agent Assignment dialog Alert Body Configuration dialog Alert Custom Email dialog Auditing and Protection Templates dialog Authorizations: Application Group dialog Authorizations: Operations | Role Definitions | Task Definitions | Application Group Authorizations: Role dialog Authorizations: Task dialog Auto Deploy to New Servers in Forest dialog Browse for Folder dialog Browse SharePoint dialog Comments dialog Configuration Setup dialog Configure cepp.conf Auditing dialog Connection screen Coordinator Configuration tool Coordinator Credentials Required dialog Credentials Required dialog Custom Filter dialog Database Credentials Required dialog Directory object picker Domain Credentials dialog Eligible Change Auditor Agents dialog Event Logging dialog Export/Import dialog Install or Upgrade/Uninstall/Update Foreign Agent Credentials IP Address dialog Log page Logon Credentials dialog (Deployment page) Logon Credentials dialog (EMC Auditing wizard) Manage Connection Profiles dialog New Report Layout dialog Microsoft 365 dialog Rename dialog Save As dialog Select a SQL Instance and Database dialog Select Destination Folder dialog Select Exchange Users dialog Select Registry Key dialog Select SQL Reporting Services Template dialog Shared Mailboxes dialog SharePoint Credentials Required dialog When dialog
About Us

Add task definition

Previous Next

Add task definition

A task is a collection of operations and sometimes lower-level tasks that can be performed.

1
Open the Administration Tasks tab and click Configuration.
2
Select Application User Interface in the Configuration task list to open the Application User Interface Authorization page.
3
Expand Add and click Add Task Definition.
4
On the Task page of the Authorizations: Task dialog, enter the following information:
Name: Enter a name for the task
Description: Enter a brief description of the task
5
Open the Definition tab and add the operations and lower-level tasks that can be performed:
To add a lower-level task, click Add Task and select a task from the Authorizations: Task Definitions dialog.
To add an operation, click Add Operation and select one or more operations from the Authorizations: Operations dialog.
6
Click OK to save your new task definition and close the Authorizations: Task dialog.

This task will now be included in the task list on the Authorizations: Task Definitions dialog and can be included in a role definition.

Task definitions are also listed on the Application User Interface Authorization page.

Add role definition

Previous Next

Add role definition

A role definition defines who is authorized to perform specific tasks and/or individual operations in the client. A role usually corresponds to a job function or responsibility and consists of a collection of tasks that a user must be authorized to perform to do their job function.

1
Open the Application User Interface Authorization page.
2
Select Add | Add Role Definition.
3
On the Authorizations: Role dialog, enter the following on the Role tab:
Name: Enter a name for the role
Description: Enter a brief description of the role
4
Open the Definition tab to add a role, task or operation to this role:
To add a role, click Add Role and select a role from the Authorizations: Role Definitions dialog.
To add a task, click Add Task and select a task from the Authorizations: Task Definitions dialog.
To add an operation, click Add Operation and select one or more operations from the Authorizations: Operations dialog.
5
Open the Members tab to add a user, group or application group to this role.
To add an application group, click Add Application Groupn and select an application group from the Authorizations: Application Groups dialog.
To add a user or group, click Add User or Group, which will display the Select one or more Directory Objects dialog. Use the Browse page or Search page to locate and select the user and/or group accounts to add.
* 
NOTE: If a user or group account is added to multiple access roles, the account will have the authority to perform the operations defined in the more authoritative role.
6
Click OK to save your new role definition and close the Authorizations: Role dialog.

Role definitions are displayed on the Application User Interface Authorization page.

Add application group

Previous Next

Add application group

Application groups allow you an alternate way of assigning users to roles. An application group is a feature of Windows Authorization Manager (AzMan) where you can define a group of users without having to go through your domain administrator to add a new group to Active Directory.

1
Open the Application User Interface Authorization page.
2
Expand Add and click Add Application Group.
3
On the Group tab of the Authorizations: Application Group dialog, enter the following information:
Name: Enter a name for the application group
Description: Enter a brief description for the application group

Select one of the following methods which is to be used to define a group of users:
Basic (default)
LDAP Query
* 
NOTE: Basic groups are a lot like Active Directory groups; however you can define both included and excluded members. LDAP query groups allow you to define an LDAP query to dynamically create a group of users who are similar. Refer to the Windows Authorization Manager documentation for more information on basic and LDAP query groups.
4
Open the Members tab and add the users and groups that are to be members of this application group.
To add an application group, click Add Application Group and select an application group from the Authorizations: Application Groups dialog.
To add a user or group, click Add User or Group, which will display the Select Active Directory Objects dialog. Use the Browse page or Search page to locate and select the user(s) and/or group(s) to be added.
5
Optionally, open the Non-Members tab and add the users and groups that are to be excluded from this application group.
To add an application group, click Add Application Group and select an application group from the Authorizations: Application Groups dialog.
To add a user or group, click Add User or Group, which will display the Select Active Directory Objects dialog. Use the Browse page or Search page to locate and select the user(s) and/or groups to add.
6
Click OK to save your new role definition and close the Authorizations: Role dialog.
7
When the selected members now try to define Active Directory protection they will be restricted to defining protection for the selected domain or organizational unit.

Remove a task definition

Previous Next

Remove a task definition

Authorization for operations can be removed when no longer required.

1
Open the Administration Tasks tab and click Configuration.
2
Select Application User Interface in the Configuration task list to open the Application User Interface Authorization page.
3
Right-click the required task in the list.
4
Select Edit.
5
Select the Definition tab.
6
Highlight the required operation and click Remove.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating