Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Change Auditor - For Advanced Users 7.1 - Technical Insight Guide

Table of Contents

Change Auditor Services

Quest Change Auditor Coordinator Quest Change Auditor Workstation Agent Quest Change Auditor Agent Change Auditor for EMC

Change Auditor licensing processes

License check process Component licensing User counts

Component Start-up Considerations

Start up delays

Change Auditor network communications

Service Connection Points

CN=ChangeAuditor.Coordinator

Ports and protocols Network encryption

Secure password storage Client to coordinator connection Agent to coordinator connection (version 6.x and 7.0.1) Agent to coordinator connection (version 7.0.2) Coordinator to SQL Server connection

Coordinator internal tasks

Forest topology collection Group expansion Alert processing License check Remote deployment Agent heartbeat check Refresh coordinator statistics Event aggregator SQL upgrade monitor Open handle Scheduled purge job Scheduled archive job Scheduled report job

Registry Settings

Force agent WCF port Force client port Force SDK port Use predefined GC for name resolution Allow collation switch Report zip limit SQL command timeout Enable ChangeAuditor Agent service to start with the Microsoft security update (KB2264107) Adjust memory dumps settings

Change Auditor built-in fault tolerance Change Auditor protection

Using multiple protection templates

How access rules are evaluated How scheduling and location works with denied access

Database Considerations

How to move the Change Auditor database and coordinator to another server How to estimate the required SQL server disk space How SQL Server Autogrow affects Change Auditor How to query an archive database

Account exclusions best practices

Allow collation switch

Use the following registry setting to allow an upgrade to proceed even if it detects a different collation between the two databases. When this is set to 0 (default), you will receive an error indicating that the server collation is different and the upgrade process will stop.

Table 13. Registry setting: Allow collation switch
Location	Registry
Path	HKEY_LOCAL_MACHINE\SOFTWARE\Quest\ChangeAuditor\Coordinator
Value Name	AllowCollationSwitch
Value Type	DWORD
Default	0 - Upon coordinator start, do not allow the detection of a collation switch to proceed.
Value	0 - Upon coordinator start, do not allow the detection of a collation switch to proceed. 1 - Upon coordinator start, allow the detection of a collation switch to proceed.

Report zip limit

Use the following registry setting to specify the maximum number of bytes that can be included in a report zip file.

Table 14. Registry setting: Report zip limit
Location	Registry
Path	HKEY_LOCAL_MACHINE\SOFTWARE\Quest\ChangeAuditor\Coordinator
Value Name	Report Zip Limit
Value Type	DWORD
Default	1024
Value	Report zip limit in bytes

SQL command timeout

Use the following registry setting to specify the maximum amount of time (in seconds) to allocate for executing a SQL command.

Table 15. Registry setting: SQL command timeout
Location	Registry
Path	HKEY_LOCAL_MACHINE\SOFTWARE\Quest\ChangeAuditor
Value Name	SQLTimeout
Value Type	DWORD
Default	30 seconds
Value	Maximum time in seconds for SQL command to execute.
Note	This value is overridden by some SQL commands, which are known to be long-running.

Enable ChangeAuditor Agent service to start with the Microsoft security update (KB2264107)

Enable ChangeAuditor Agent service to start with the Microsoft security update (KB2264107)

In 2010, Microsoft introduced a security update (KB2264107) to disallow the loading of 'unsafe' DLLs. The update sets the CWDIllegalInDllSearch registry entry to 0xFFFFFFFF under KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager.

This computer-wide setting will not allow the Change Auditor agent service (NPSrvHost.exe) to start.

To keep the strict system-wide setting, but still allow the Change Auditor agent to start:

1

Log on as an administrator on the computer hosting the agent.

2

Open the Registry Editor.

3

In the following registry key create a new key named NPSrvHost.exe:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options.

4

Right-click the newly created key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPSrvHost.exe.

5

Select New | DWORD (32-bit) Value and type CWDIllegalInDllSearch.

6

Set the value of CWDIllegalInDllSearch to 1.

Table 16. Registry setting: CWDIllegalInDllSearch
Location	Registry
Path	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Value Name	CWDIllegalInDllSearch
Value Type	DWORD
Default	Not present. Change Auditor Agent service will fail to start if the computer-wide setting is present.
Value	1 – Overrides the computer-wide setting for Change Auditor Agent service, it will be allowed to start.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center