Changing the Agent Account
When installing agents to process site objects, you can select to use the LocalSystem account for agent operation on the target computers, or specify another account:
- In InTrust Manager, select Configuration | Sites, right-click the site where the agent is installed, and select Properties.
- Open the Accounts tab, select the account that will be used to process site objects with the agents (LocalSystem or another account).
If you select to use an account other than LocalSystem, InTrust automatically attempts to grant the account the Log on as a service right. However, Group Policy settings may prevent this. If the account fails to get the right, you can configure account rights using the Local Security Policy console.
To grant user rights to a service account
- From the Windows Control Panel, go to Administrative Tools, and then double-click Local Security Policy. The Local Security Policy console opens.
- In the console tree, select Security Settings | Local Policies | User Rights Assignments.
- In the details pane, right-click the Log on as a service right, and select Properties.
- Click Add User or Group and add the user or group you want.
To change the account for an agent that is already running
- On the computer where the agent runs, in the Services MMC snap-in select the Quest InTrust Agent service.
- Right-click it and select Properties from the shortcut menu.
- Change the account on the Log On tab.
Setting Up Agent Security
See the following topics:
Extending a Default InTrust Deployment
The default InTrust deployment is mainly designed for a specific scenario: real-time collection of logs to an InTrust repository, viewing the contents of the repository and generating reports on those contents in Repository Viewer. If you want to depart from this scenario (collect a rare log, add real-time alerts, make SSRS-based reports with correlated events and so on), you should begin by extending your default deployment with new InTrust components.
For that, run the InTrust setup suite on the computer where the default set of components is installed, as described in Installing and Configuring InTrust Components. The necessary components will be added.
|
|
Caution: Due to an issue in the installer, customizing the communication ports on the Review Default Settings step currently does not work. You can specify custom ports and successfully complete the setup, but these changes will have no effect, and InTrust will keep using the default ports: 900 and 8340. |
Best Practice: Keep Real-Time Workflows Separate
After you have extended a default InTrust deployment, it is not recommended that you mix real-time event collection with classic InTrust real-time monitoring. In your new extended deployment, let the original InTrust server keep performing real-time event collection. For real-time monitoring, use other servers in the same InTrust organization (add them if necessary).
Mapping out Your Environment for InTrust
In InTrust, your environment is represented by InTrust sites. Sites define the scope of InTrust operation and also specify the computers where InTrust agents can reside. See the following topics: