• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Change Auditor - For Advanced Users 7.1.1
• Change Auditor - For Advanced Users 7.1.1 - Technical Insight Guide

Change Auditor - For Advanced Users 7.1.1 - Technical Insight Guide

Table of Contents  

Change Auditor Services

Quest Change Auditor Coordinator Quest Change Auditor Workstation Agent Quest Change Auditor Agent Change Auditor for EMC

Change Auditor licensing processes

License check process Component licensing User counts

Component Start-up Considerations

Start up delays

Change Auditor network communications

Service Connection Points

CN=ChangeAuditor.Coordinator

Ports and protocols Network encryption

Secure password storage Client to coordinator connection Agent to coordinator connection (version 6.x and 7.0.1) Agent to coordinator connection (version 7.0.2) Coordinator to SQL Server connection

Coordinator internal tasks

Forest topology collection Group expansion Alert processing License check Remote deployment Agent heartbeat check Refresh coordinator statistics Event aggregator SQL upgrade monitor Open handle Scheduled purge job Scheduled archive job Scheduled report job

Registry Settings

Force agent WCF port Force client port Force SDK port Use predefined GC for name resolution Allow collation switch Report zip limit SQL command timeout Enable ChangeAuditor Agent service to start with the Microsoft security update (KB2264107) Adjust memory dumps settings

Change Auditor built-in fault tolerance Change Auditor protection

Using multiple protection templates

How access rules are evaluated How scheduling and location works with denied access

Database Considerations

How to move the Change Auditor database and coordinator to another server How to estimate the required SQL server disk space How SQL Server Autogrow affects Change Auditor How to query an archive database

Account exclusions best practices

• Viewing Topics 49 - 52 of 56
•  Previous
• Next 

×

How access rules are evaluated

When a user attempts to access a protected object, each template is evaluated separately, and the ‘deny’ access rule takes precedence over any ‘allow’ access rule. This means, that if at least one protection template evaluates to ‘deny’, attempts to access the protected object is denied. The following table illustrates the overall results of conflicting access rules:

 

Table 18. How access rules are evaluated

Based on Settings in Template 1:	Based on Settings in Template 2:	Overall Result
User is allowed access	User is allowed access	User is allowed to access protected objects
User is allowed access	User is denied access	User is denied access to protected objects
User is denied access	User is allowed access	User is denied access to protected objects
User is denied access	User is denied access	User is denied access to protected objects

For Exchange Mailbox Protection templates, you can set the Mailbox owner can bypass protection option to allow the object’s owner to access their own mailbox, even if the protection template would normally deny access.

This override flag only affects the evaluation on a template where it is defined. It does not affect the evaluation of other protection templates.

IMPORTANT: Care should be taken when defining multiple Exchange Mailbox Protection templates. For example, even though you cannot create a duplicate Exchange Mailbox protection template for the same object name, you could be including the same mailbox in multiple templates. That is, if you define templates for the Enterprise object, the top-level domain object, an OU container and several groups, this same mailbox could be a child or member of all these objects. The access to this mailbox is evaluated for each of the templates to which it belongs.

NOTE: Exchange Mailbox protection is designed to provide protection coverage for a few high-value mailboxes. After monitoring has been enabled or changed, it may take several minutes to complete the configuration process necessary to enable the protection feature on the agent. Protecting a large number of mailboxes slows down the configuration process.

NOTE: To control memory utilization, each Exchange Mailbox Protection template can have up to 20 users selected as ‘override accounts’ that can bypass the protection feature. This number applies to both allowed and denied user accounts and includes members of groups in the list.

How scheduling and location works with denied access

You can select to have the protection to always run or have it run only during specific times and control when the protection is enabled based on the location.

This section explains how the scheduling and location options affect the user and group accounts that have been denied access to protected objects.

Scheduling option

If you have denied specific users or groups the ability to change the protected objects and you have enabled a protection schedule, those users or groups are denied access only during this time. Anytime outside of when the schedule is set to enabled, these denied accounts will be able to access the protected object.

When the schedule is turned off, all options are turned off with it, including any denied access to the specified users.

The scheduling options override all other protection settings.

Location option

If you have denied specific users or groups access to protected objects, but you have specified locations that can access the protected object, the denied user or group can access the protected objects from these locations.

The location options override all other protection settings.

 

 

Database Considerations

•	How to move the Change Auditor database and coordinator to another server

•	How to estimate the required SQL server disk space

•	How SQL Server Autogrow affects Change Auditor

•	How to query an archive database

How to move the Change Auditor database and coordinator to another server

NOTE: These instructions are for Change Auditor 5.6 (or higher).

To move the database from one SQL server to another:

1	Determine the current database path

•	Open SQL Server Management Studio.

•	Go to the properties of the Change Auditor database and determine where the database files are located. You need to know this path to copy the files later.

2	Disable the coordinator

•	Go to the Change Auditor server.

•	Right-click the coordinator system tray icon and select Disable Coordinator.

3	Detach the database

•	Open SQL Server Management Studio.

•	Locate and right-click the Change Auditor database.

•	Select Tasks | Detach.

•	On the General page of the Detach Database screen, selecKeep and click OK.

4	Copy the old database to the new SQL server

Copy the files (.mdf and .ldf) to your new SQL Server (most likely to the same location as the other database’s on the new server).

5	Attach the old database

•	Open or connect to the new SQL Server.

•	Using SQL Server Management Studio, right-click Databases and select Attach.

•	On the General page of the Attach Databases screen, click Add and select the database you copied over.

•	On the warning dialog, click OK.

6	Point your old Change Auditor coordinator/server to your new SQL Server

IMPORTANT: Only perform this step on the old Change Auditor server if you do not plan to replace the old coordinator. If you plan to install a new Change Auditor server to replace your old Change Auditor server, proceed to the next step and do not do anything to your old Change Auditor server yet.

•	Go to the Change Auditor server.

•	Right-click the coordinator system tray icon and select Coordinator Configuration.

•	On the Security page of the Coordinator Configuration Tool, enter the following information:

•	SQL Server and instance of the new SQL Server

•	Database name of the original database

•	Credentials to access the new SQL Server

This completes the database move.

7	Start up the coordinator service.

•	Go to the Change Auditor server.

•	Right-click the coordinator system tray icon and select Enable Coordinator.

The agents should reconnect. Run the client to ensure that everything is back to normal.

To move the Change Auditor coordinator to another server after moving the SQL database:

If you plan to replace the old Change Auditor coordinator/server, install a newer version of Change Auditor and it connects your existing agents to the new Change Auditor server without a problem. Make sure that you join the existing installation.

1	Install the new version of the coordinator.

•	On the Customer Installation Information page, enter the same installation name as the original.

•	On the SQL Server Information page, select the (new) SQL server and (original) database name you attached earlier.

After you have completed the installation, start up the coordinator service. Agent communication is re-established.

2	Use Add or Remove Programs to uninstall the disabled coordinator from your old Change Auditor server.

This should remove the old Service Connection Point (SCP) and create a new SCP. If the new SCP is not present when you start the client (Profile field is blank on the Change Auditor Connection screen), restart the coordinator server on the new Change Auditor server.

Restarting the coordinator service on the new Change Auditor server recreates the SCP and you should be able to connect to the default profile when you start the client.

3	Open the Agent Statistics page to review the agents’ status. Agents automatically reconnect. Agent activity was not interrupted.

4	You can now upgrade your agents using the Deployment page.

To move the Change Auditor coordinator/server to another Windows Server:

Use the following steps if your SQL database is already on another server and you do not plan to move it. This scenario installs a second Change Auditor coordinator and then disables and uninstalls the first one. All agents transition over to the new Change Auditor server.

1	Install a second coordinator.

•	On the Product Licensing page, use the same license files used for the first coordinator.

•	On the Customer Installation Information page, be sure to enter the same installation name as the first coordinator.

•	On the SQL Server Information page, select the SQL Server and database name used in the first coordinator installation.

2	You now have your new Change Auditor coordinator attached to the database. Start up the coordinator service.

•	Go to the new Change Auditor server.

•	Right-click the coordinator system tray icon and select Enable Coordinator.

3	Disable the first coordinator

•	Go to the first Change Auditorserver.

•	Right-click the coordinator system tray icon and select Disable Coordinator.

4	To ensure the agents connect to the second coordinator, pen the Agent Statistics page.

5	Use Add or Remove Programs to uninstall the disabled coordinator from your first Change Auditor server.

•  Previous
• Viewing Topics 49 - 52 of 56
• Next 

Search this document Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center