Setting up auditing on domain controllers
To set up auditing on a domain controller
2 Select Group Policy | Group Policy Objects.
3
4 Expand Computer Configuration | Windows Settings | Security Settings | Local Policies, and select Audit Policy.
6 Close the Group Policy window.
7 From the command prompt, refresh the Group Policies by typing gpupdate /force.
Installing audit agents
To collect data on a computer, you must install and activate the audit agent.
To install an audit agent
1 Select Auditing & Alerting | Agents.
2 Click Install.The Welcome page reminds you to enable auditing in Active Directory®. See Setting up auditing on domain controllers.
3 Click Next.
4 In the Domain box, type the domain name; or browse to locate a domain.
5 If necessary, click Find Domain Controllers.
▪ To select all listed domain controllers, click Select all.
▪ To clear all the check boxes, click Clear all.
7 Click Next.
Table 66. Options for the install process
Start collecting events immediately after installation of the agent
By default, Active Administrator® monitors the status of the audit agent.
9 Click Next.
10 In the Run as box, type an account with domain administrative rights, or click to locate an account, and then enter the password.
NOTE: The Active Administrator Agent service can also run under a domain user account provided it is a local administrative account, which gives it the rights to log on as a service, log on locally, and manage auditing and security log, or these privileges can be granted individually. This user or service account should also be a member of the AA_Admin group, which by default is located in the Local groups of the server where the ActiveAdministrator database is located. If the group is not found in this location, the settings during the initial database creation were modified and it can be found under the Users container object of Active Directory.
11 To verify the account, click Test Audit Agent Account.
12 Click Next.
14 Click Next.
15 Click Finish.The Audit Agent page lists the domain controllers you selected, the time and date of the last event collected, the status of the audit agent and the advanced audit agent, the name of server on which Active Administrator is installed, and the version number of the audit agent installed on the domain controller.
NOTE: By default, the audit agent is activated upon installation. To change the default setting, click Configuration | Agent Installation Settings. See Setting agent installation options.You can view details about the install in the AuditAgentInstall*.log file, which is located in the Program Files\Quest\Active Administrator\Server\Logging folder.
Modifying the audit agent startup account
To modify the audit agent startup account
1 Select Auditing & Alerting | Agents.
2 Select a domain controller, and select More | Set Startup Account.
NOTE: A domain administrator account is recommended. The Active Administrator® audit agent service can run under a domain user account if it is a local administrative account, which gives it the rights to log on as a service and log on locally, or an account with these two privileges granted individually. This account should also be a member of the AA_Admin group, which by default is located in the Local groups of the server where the ActiveAdministrator database is located. If the group is not found in this location, the settings during the initially database creation were modified and the group can be found under the Users container object of Active Directory®.
5 Click OK.
Modifying the audit agent test account
By default, Active Administrator® monitors the status of the audit agent.
To modify the audit agent test account
1 Select Auditing & Alerting | Agents.
2 Select a domain controller, and select More | Test Startup Account.
5 Click OK.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center