立即与支持人员聊天
与支持团队交流

Change Auditor 7.2 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Excluded Accounts wizard

The Excluded Accounts wizard is displayed when you click Add on the Excluded Accounts Auditing page. This wizard steps you through the process of creating a new Excluded Accounts template, identifying the user, computer or group accounts to be included in the template. You will also use this wizard to modify a previously defined Excluded Accounts template.

The following table provides a description of the fields and controls in the Excluded Accounts wizard:

On the first page of the wizard, enter a name for the template and optionally select the event classes/facilities to be excluded.

Template Name

Enter a descriptive name for the Excluded Accounts template being created.

Facility/Event Class data grid

The data grid located across the middle of the page displays all of the event classes available for auditing in Change Auditor.

By default, all event classes/facilities will be excluded for the selected accounts. To exclude individual event classes and/or facilities, use this grid to select the event classes and/or facilities to be excluded and use Add to add them to the Exclusion list box at the bottom of the page.

Exclusion list

The list box located at the bottom of this page displays the individual event classes or facilities selected for exclusion. Use the buttons above this list box to add or remove entries from this list.

Add | Add This Event - Click this option to add the selected events to the list box. This option is selected by default when more than one event is selected in the data grid.
Add | Add All Events in Facility - Click this option to add all of the events in the selected facility to the list box. This option is only available when a single event is selected in the data grid.
Remove - Select an entry in the list box and click the Remove button to remove it from the template.

Use this page to select the individual accounts to be excluded from auditing.

Browse page

Displays a hierarchical view of the directory objects in your environment allowing you to locate and select the accounts to excluded from auditing.

If required, use the Forest drop-down box to select in which forest the objects reside. Foreign agent forests may require foreign forests credentials which can be entered on the Credentials Required dialog.

Once you have selected an account, click Add to add it to the list box at the bottom of the page.

Search page

Use the controls at the top of the Search page to search your environment to locate the desired account.

Once you have selected an account, click Add to add it to the list box at the bottom of the page.

Options page

Use the Options page to modify the search options used to retrieve directory objects.

Account list

The list box located across the bottom of this page, displays the accounts selected for exclusion. Use the buttons located above this list box to add and remove objects.

Add - Select an account in the Browse or Search page and click Add to add it to the list.
Remove - Select an entry from the list and then click Remove to remove it.

Use this page to optionally add additional user accounts (Domain(NetBIOS)\NT 4 account) that match a wildcard search expression to the excluded accounts list.

Search expression

In the text box, enter the string of characters and/or wildcard character to be used to search for additional user accounts that are to be excluded from auditing. Valid wildcards are:

Click Add to add the string to the Account list.

Account list

The list at the bottom of the page displays the wildcard search expressions to be used to search for additional user accounts that are to be excluded from auditing. Use the buttons to the left of the text box to add, remove and modify a search expression.

Add - Click Add to add the search expression in the text box to the Account list.
Remove - Select an entry in the Account list and click Remove to remove it from the list.
Modify - Select an entry in the Account list, make the necessary changes to the search expression (which is displayed in the text box) then click the Modify button to replace it in the Account list.
NOTE: If you click Add after modifying a search expression, an additional entry will be added instead of replacing the original search expression.

 

Registry Auditing

Introduction

The ability to audit registry settings improves operational efficiency dramatically. For example, some applications, such as virus scanning software, modify registry keys when an update is installed. By capturing these change events proactively, administrators can determine whether or not specific machines received an update.

Furthermore, other applications may warrant the tracking of modifications to certain registry settings to ensure that they have not been tampered with. Change Auditor’s registry auditing feature allows you to audit changes to a specific key or to a folder and its sub folders.

To capture registry events, you must define the registry keys to be audited and the events to be captured:

Registry Auditing page

The Registry Auditing page is displayed when Registry is selected from the Auditing task list in the navigation pane of the Administration Tasks page. From this page you can launch the Registry Auditing wizard to specify a registry key to be audited. You can also edit existing templates, disable/enable templates and remove templates that are no longer being used.

The Registry Auditing page contains an expandable view of all the Registry Auditing templates that have been previously defined. To add a new template to the list, use the Add tool bar button. Once added, the following information is provided for the template:

Indicates whether the template is enabled or disabled. To enable/disable the template, place your cursor in this Status cell, click the arrow control and select the appropriate option from the drop-down menu.

Click the expansion box to the left of the Template name to expand this view and display additional details about an auditing template.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级