How to exclude computer account initiated changes from auditing via Excluded Accounts wizard.
Audit event noise created by computer accounts.
Events can be excluded by types (Facility) or individually depending on the situation. It is more efficient to exclude by Facility when excluding numerous events in the same Facility.
1. Start the Change Auditor Client
2. Open the client’s Administration view.
3. Open the Auditing menu.
4. Open the Excluded Accounts page.
5. Add an new Excluded Accounts template. The Excluded Accounts Wizard will appear.
6. Enter a Template Name.
7. Under Facility, locate the Facility you want to exclude events from (For example, for DNS events use "DNS Zone"). Click on any entry with that facility name.
8. Press the Add button, and select “Add All Events in Facility”.
9. Press the Next button.
10. Select any specific account(s) to be excluded and press the Add button. If using wildcards (to deal with computer accounts for example) click Next.
11. To exclude computer account initiated changes add *$ as an account filter on the "Select Accounts to Exclude using Wildcards." tab.
12. Press the down arrow on the Finish button, and select “Finish and Assign to Agent Configuration”.
13. The Configuration Setup wizard will appear. The new Account Exclusions template should appear in the templates list, and should be assigned/enabled on the configuration in question.
14. Change the Assigned column for the Account Exclusions template to “Yes” and press the OK button.
15. The agents will automatically receive the configuration update within 15 minutes.
16. (Optional) You can refresh the configuration manually to push the new template to the agents.
© ALL RIGHTS RESERVED. Feedback 使用条款 隐私 Cookie Preference Center