• |
Change Auditor 7.2 is a major release, with enhanced features and functionality.
The following enhancements and features are available in this release:
Certificate authentication for Office 365
See the Office 365 and Azure Active Directory Auditing User Guide for details.
The following events have also been added:
Active Directory Federation Services auditing enhancements
Additional foreign forest support
Events to audit failed client logons:
The following support has been added:
The following support has been removed:
Miscellaneous features and enhancements
• |
Troubleshooting EMC events: If EMC events are not being audited by the Change Auditor agent, first check to see if the EMC CAVA agent service is running on your Windows Server where the EMC events are being collected. Second, check to see if the CEPP service on the EMC Data Mover is running or if the state is offline, by using the command: |
• |
Change Auditor agent requires File and Printer Sharing on Windows Server 2012: By default, File and Printer sharing are not enabled on Windows Server 2012 installations. To remotely install agents to Windows Server 2012 (Full UI and Server Core), enable the File and Printer Sharing (SMB-in) Inbound rule in the Windows Firewall (Port 445) on the target host machine. |
• |
File System auditing for NAS and mapped network drives: Change Auditor does not support File System auditing on NAS devices or mapped network drives other than EMC Celerra/VNX/Isilon or NetApp Data ONTAP filers. |
• |
Microsoft Office files: Since the Change Auditor for Windows File Servers, NetApp, and EMC drivers capture events related to file activity, it is possible that a folder containing files being opened and edited by Microsoft Office products (Word, Excel, PowerPoint, and so on) will generate unexpected results. Understanding how MS Office products interact with the file system might help explain some of the audit events captured. See http://support.microsoft.com/kb/211632 for more details. |
• |
File System Auditing for SAN: Support and engineering will attempt to troubleshoot and resolve issues to the best of their ability when the SAN is attached to a Windows-based file server such that it appears as a local drive on that host. In this configuration, the SAN generally behaves as an extra disk drive on the server which can be audited by a Change Auditor agent on that server. Success in this configuration depends on many factors and is not guaranteed. |
• |
File System auditing: Change Auditor does not audit files with a size of zero (0) bytes. |
• |
Recompiling the Change Auditor MOF file: Change Auditor no longer ships with a MOF file as part of the coordinator installer. Should the CA WMI namespace become corrupt, or should there be an installation failure, the file can be recompiled using the following command line: |
• |
Blackberry Enterprise Server (or similar) services: To eliminate auditing of automated tasks, the Change Auditor agent attempts to automatically exclude auditing of mailbox accesses by Blackberry Enterprise Server (BES) or similar service accounts. These accounts have both ‘Receive All’ and ‘Administer Information Setup’ rights on the mailbox database. If these explicit rights are granted to user accounts, those accounts are also excluded from mailbox auditing, which may not be wanted. If necessary, this automated exclusion can be disabled on a server-by-server basis. |
• |
Exclude Change Auditor components and monitored processes from antivirus software: Quest recommends excluding the following Change Auditor components and monitored processes from any antivirus software that uses technology similar to “Buffer Overrun Protection” or “On Access Scanner”: |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center