立即与支持人员聊天
与支持团队交流

Change Auditor 7.5 - Installation Guide

Installation Overview Install Change Auditor Add Users to Change Auditor Security Groups Connecting to the Clients Deploy Change Auditor Agents Upgrade Change Auditor Installation Notes and Best Practices Deployment Options Workstation Agent Deployment Agent Comparison Install an agent to audit ADAM (AD LDS) on workgroup servers Windows Installer Command Line Options

Backup notes

The coordinator uses Microsoft SQL Server as the main database for collecting and reporting audit information. This data must be protected and backed up regularly, acceptable to your data retention policies. There are several third-party tools available, including Microsoft’s SQL Tools, which provide backup and restore functions.

The agent uses a SQLCE database file (ChangeAuditorAgent.sdf) on the local drive of each agented DC/member server. This database is primarily used to capture the state values for Active Directory® objects, File System values, and Windows registry changes. The agent files are not required as part of the backup job since the data contained in the database files can be recreated upon agent installation. Quest recommends that you exclude the agent files (%ProgramFiles%\Quest\ChangeAuditor\Agent\DBScripts) from your backup solution.

Agent behavior notes

When an agent comes online, it queries the Active Directory Catalog (GC) for a list of all coordinator SCPs within its same installation to determine which to connect to.

When there are available coordinators within the agent’s site, the agent connects to all coordinators in the site. When there are no coordinators running within the agent’s site, the agent connects to any online coordinator. However, when coordinators within the site come back online, the agent switches to connect to just the coordinators within the same site and drop nonsite coordinator connections. If this behavior is problematic for your environment, contact Quest Technical Support to discuss possible configuration options.

The connection behavior after these initial steps depends on the type of agent:

Change Auditor server agents: Starting with Change Auditor 6.0, server agents submit events to all coordinators in the site and load balancing occurs automatically. All connected coordinators can then participate in receiving events from the server agent, allowing a high volume of events to be distributed for processing.
Change Auditor workstation agents: The workstation agents randomly connect to a single coordinator. This enables ‘scaling out’ options for large workstation agent deployments within a single site.

Junction point creation may fail on a server where both a Symantec™ Backup Exec™ CPS agent and a Change Auditor agent are running. To resolve the problem, upgrade the CPS agent to 12.5 or later.

Client notes

Some events are disabled by default to improve the initial deployment process and reduce the amount of audited event information initially collected. These audited events can easily be enabled on the Audited Events page of the Administration Tasks tab.

See the appropriate Event Reference Guide for a list of the events that are disabled by default.

By default, connections to a SQL Server are not encrypted; however to encrypt all data transmitted between an application computer and a computer running a SQL Server instance, you can use the Secure Sockets Layer (SSL). For more details on configuring client network protocols, see the following Microsoft article: http://msdn2.microsoft.com/en-us/library/ms190425.aspx

ADAM (AD LDS) auditing

Run the appropriate Change Auditor Agent.msi file on the workgroup server to install an agent to monitor ADAM (AD LDS) instances on nondomain servers. See Install an agent to audit ADAM (AD LDS) on workgroup servers for more information.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级