Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Change Auditor 7.2 - User Guide

Table of Contents

Change Auditor Overview

Available Change Auditor auditing modules

Agent Deployment

Deployment page Deploy agents Change the agent installation location and system tray option Enable auto deployment Refresh or clear Deployment page information

Change Auditor Client Overview

Starting the Change Auditor client Accessing Change Auditor news and updates Managing connection profiles

Connection wizard

Client components Customize table content

Sort data Resize or move columns Add or remove columns Group data

Using custom filters

Directory object picker

Overview My Favorite Search Define a favorite search Overview panes

Top Agent Activity Recent Event Activity Count of Events By Agent Status Coordinator Status

Event Details pane

Introduction Searches page

Explorer view Searches list Search Properties tabs

View a list of available searches Run searches Run a quick search

Search Results and Event Details

Introduction Search Results page

Search Results grid Search Properties tabs Event Details pane

View search results

Display results in different formats

Preview search results Compare results side-by-side View event details or search properties Copy event details Email event details Display event's knowledge base entry Add comments View user context and run related searches Protect critical objects, mailboxes, files and folders Add search properties to existing event queries

Custom Searches and Search Properties

Introduction Create a custom search Search Properties tabs

Info tab Who tab What tab Where tab When tab Origin tab Alert tab Report tab Layout tab SQL tab XML tab

Enable Alert Notifications

Introduction Alert tab (Search Properties tabs) Enable alerts Disable alerts Alert History page View alert history View event details or alert properties

Administration Tasks

Administration Tasks tab Administration Task lists Export/import Administration Task settings

Agent Configurations

Introduction Agent Configuration page Define agent configurations Assign agent configurations to server agents Enable event logging

Coordinator Configuration

Coordinator Configuration page SMTP Configuration Configure email alert notifications/reports Customize alert email content Shared Folder Configuration Group Membership Expansion Add groups to Group Membership Expansion list Agent Heartbeat Check Disconnect client after 30 minutes of inactivity Scheduled Task Handling

Purging and Archiving your Change Auditor Database

Introduction Planning your jobs Purge and Archive page Create and maintain jobs Purge and Archive wizard Purge selected records

Disable Private Alerts and Reports

Introduction Private Alerts and Reports page Disable private alerts and reports

Generate and Schedule Reports

Schedule reports for distribution

Create global report template Define report content and layout Enable and schedule reporting

Launch Report Designer Publish reports Print or save a page's contents

SQL Reporting Services Configuration

Introduction SQL Reporting Services Page SQL Reporting Services Templates SQL Reporting Services Wizard

Change Auditor User Interface Authorization

Introduction Application User Interface Authorization page Add task definition Add role definition Add application group Remove a task definition

Client Authentication

Introduction Client Authentication Page

Changing authentication methods

Certificate authentication for client coordinator communication

Installation settings Deployment Coordinator configuration Windows client configuration

Integrating with On Demand Audit

Managing a Quest On Demand Audit integration

Creating an On Demand Audit configuration Working with an On Demand Audit configuration

Enable/Disable Event Auditing

Introduction Audit Events page Enable/disable event auditing Modify event's severity level or event class description Define events to be captured based on results View event information

Account Exclusion

Introduction Excluded Accounts Auditing page Excluded Accounts templates Excluded Accounts wizard

Registry Auditing

Introduction Registry Auditing page Registry Auditing templates Registry Auditing wizard

Service Auditing

Introduction Services Auditing page Service Auditing templates Service Auditing wizard

Agent Statistics and Logs

Introduction Agent Statistics page

Agent Statistics grid Resource Properties pane

Machine Info page Processors page Drives page Shares page Services page Exchange Mailboxes page

Agent system tray icon

Change Auditor Agent Status dialog

View agent status/statistics Manage Change Auditor agents Agent Log page View and save agent trace logs

Coordinator Statistics and Logs

Introduction Coordinator Statistics page Coordinator system tray icon

Change Auditor Coordinator Status dialog Coordinator Configuration tool

View coordinator status and statistics Manage Change Auditor coordinators Coordinator Log page View and save coordinator trace logs

Change Auditor Commands

Menu commands Tool bar buttons Right-click commands

Change Auditor Email Tags

Introduction

The following section provides information on configuring and maintaining certificate authentication between the client and coordinator in environments where NTLM restrictions are in place.

NOTE:

•

When using certificate authentication for client / coordinator authentication, the option to use Active Directory Client Certificate Authentication for the client in the Client Authentication page is not available.

•

For information on connecting to a coordinator with certificate authentication using PowerShell refer to the Connect-CAClient, Find-CASuitableCoordinator, and Install-CALicenses commands in the Change Auditor PowerShell User Guide.

Installation settings

The default Change Auditor installation includes the following configuration:

•

Windows authentication for the connection between the Windows client and the coordinator.

•

Coordinator and agent services run with the local system computer account.

In environments with stringent security requirements, administrators can:

•

Restrict NTLM in their Active Directory domains by enabling and changing one or more of the following group policy settings:

•

Network security: Restrict NTLM: Incoming NTLM traffic.

•

Network security: Restrict NTLM: NTLM authentication in this domain.

•

Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers.

•

Configure the coordinator to run with an alternate service account.

When these security options are in place, the default Windows authentication cannot be used for client - coordinator communication; instead certificate authentication can be used.

Deployment

Certificates are required for both the coordinators and the clients that connect to them. In a default deployment, administrators can use:

•

Domain Certificate Services with default templates for user and computer certificates that manage deployment details such as certificate properties, deployment requests, and the certificate stores and folders.

•

Manual certificate deployment and manually-created self-signed certificates are also supported for evaluation or other low-security purposes.

When using certificate authentication, the following must be in place:

•

Each server that hosts a coordinator must have a valid, trusted certificate with at least the “Server authentication” and “Client authentication” purposes located in the Local Machine\Personal certificate store. The certificate must include the private key. The trust chain of the certificate must evaluate to a trusted root CA certificate in the “Trusted Root Certification Authorities” Certificates folder of the coordinator host and all client hosts. Peer (“Trusted People”) trusts are not supported.

•

Each client must have a valid, trusted certificate with at least the “Client authentication” purpose located in the User\Personal certificate store. The certificate must include the private key. The trust chain of the certificate must evaluate to a trusted root CA certificate in the “Trusted Root Certificate Authorities” Certificates folder of the client host and all coordinator hosts. Peer trusts are not supported. Active Directory or IIS certificate identity mapping of client certificates is not required, and is not used by Change Auditor if provided.

•

When self-signed certificates are used, Certificate Revocation List checking must be disabled as described in Coordinator configuration.

Coordinator configuration

To configure certificate authentication on a coordinator:

1

Ensure a valid Server authentication certificate is deployed on the host server.

2

Install the Change Auditor coordinator as described in the Change Auditor Installation Guide.


	NOTE: When specifying the Coordinator SQL Server information, connections using Windows authentication may fail if NTLM restrictions are in place and the SQL server specified is not excepted from the restrictions. In this case the use of SQL authentication is recommended.

3

Stop the coordinator, if it is running.

4

In the Coordinator installation folder (located by default in Program files\Quest\ChangeAuditor\Service). Make a backup copy of the ChangeAuditor.Service.exe.config file, then open the file using a text editor such as Notepad.exe.

5

Under the <configuration> <appSettings file=””> nodes, locate the <add key="WcfAuth" value="Windows" /> node and change the value from “Windows” to “Certificate”.

If you are using self-signed certificates (without Certificate Revocation List information), locate the <add key="DisableCrlCheck" value="false" /> node and change the value from “false” to “true”.

By default a suitable service certificate is selected from the Local Machine\Personal certificate store automatically. If an alternate certificate in the Local Machine\Personal certificate store is required, locate the <add key="ServiceCertificate" value="" /> node and change the value from “” (empty string) to the thumbprint string copied from a certificate found in the certlm.msc Certificate Manager for Local Machine applet in the User\Personal certificate store. Ensure that the certificate is trusted, is not expired, has a private key and at least the “Server Authentication” (“Ensures the identity of a remote computer”) purpose.

6

Save the changes to the file and restart the coordinator.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center