About This GuideInstallation OverviewInstall ChangeAuditorAdd Users to ChangeAuditor Security GroupsDeploy ChangeAuditor AgentsInstall ChangeAuditor Web ClientUpgrade ChangeAuditorAppendix A Installation Notes and Best PracticesAppendix B Multi-Forest DeploymentsAppendix C Install ChangeAuditor to Audit ADAM (AD...Appendix D Quest ActiveRoles Server IntegrationAppendix E Quest GPOADmin IntegrationAppendix F Windows Installer Command Line OptionsAppendix G Knowledge Pack Correlation TablesAppendix H ChangeAuditor Report Pack for Quest...
IntroductionBefore You BeginSystem RequirementsSQL Server Performance RequirementsSystem Statistics and FacilitiesSystem OverviewInstallation Overview

ChangeAuditor for Windows File Servers 5.8 – ChangeAuditor Installation Guide

System Requirements

Last revised: 10/16/2012
Installation Overview
System Requirements
Minimum: P4 2.0 GHz or better; 1 GB RAM or better
Recommended: P4 3.0 GHz or better; 2 GB RAM or better
Microsoft Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.)
To verify that you are running the appropriate version of Microsoft’s .NET Framework, use Add/Remove Programs (Start | Control Panel | Add or Remove Programs).
Minimum: P4 2.0 GHz or better; 1 GB RAM or better
Recommended: P4 3.0 GHz or better; 2 GB RAM or better
Microsoft Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.)
The ChangeAuditor database be configured on a separate, dedicated SQL server instance. (For smaller environments, you can use a well equipped SQL server that meets the performance requirements defined in SQL Server Performance Requirements.)
SQL Database Mirroring is NOT recommended because the ChangeAuditor archive and purge functions do not work on mirrored SQL databases.
The coordinator must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.
The user account that will be performing the coordinator installation needs to have the appropriate permissions to perform the following tasks on the target server:
* It is recommended that the user account performing the installation be a member of the Domain Admins group in the domain where the coordinator is being installed.
Active Directory permissions to create and modify SCP (Service Connection Point) objects under the computer object that will be running a ChangeAuditor Coordinator.
If you are running the coordinator under a service account (instead of LocalSystem), use a Manual connection profile that specifies the IP address of the server hosting the ChangeAuditor Coordinator whenever you launch the ChangeAuditor Client. See the ChangeAuditor User Guide or online help for more information on defining and selecting a connection profile.
An account must be created to be used by the Coordinator service on an ongoing basis for access to the SQL Server database. This account must have a SQL Login and be assigned the following SQL permissions:
Must be assigned the db_owner role on the ChangeAuditor database
A ChangeAuditor Agent can be deployed to domain controllers (DCs) and member servers to monitor the configuration changes made on these servers. These agents will then report these audit events to the SQL database or ChangeAuditor Coordinator.
Minimum: PIII 1.0 GHz or better; 512 MB RAM or better
Recommended: P4 2.0 GHz or better; 2 GB RAM or better
Microsoft Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.)
ChangeAuditor Agent requires File and Printer Sharing on Windows Server 2008. By default, File and Printer sharing is not enabled on Windows Server 2008 installations. In order to remotely deploy agents to Windows Server 2008 (Full UI and Server Core), enable the File and Printer sharing (SMB-in) Inbound rule in the Windows Firewall (Port 445) on the target host machine.
The File and Printer Sharing for Microsoft Networks service on the network adapter must also be enabled for remote deployment.
Auditing of some Exchange events require the latest Exchange service pack to be installed. Please refer to the ChangeAuditor for Exchange Event Reference Guide for the minimum service packs required for Exchange events.
The ChangeAuditor Agent uses the COM+ and Distributed Transaction Coordinator (DTC) services locally on the host server for detecting Exchange Server 2003 message created, moved, copied and deleted events. If the COM+ or DTC services are disabled or inoperative, these events will not be detected but the Agent will otherwise run normally. Network access to DTC is not required. When enabling the COM+ service, a ChangeAuditor Agent restart is required, because COM+ service registration occurs at agent startup time.
VNXe is NOT supported. VNXe does not support CEPA at this time and therefore ChangeAuditor for EMC will NOT run successfully in VNXe environments.
See the ChangeAuditor for EMC User Guide for information on how to install, configure and use ChangeAuditor for EMC.
See the ChangeAuditor for NetApp User Guide for more information on the requirements, as well as how to install, configure and use ChangeAuditor for NetApp.
See the ChangeAuditor for SharePoint User Guide for detailed information on installing, configuring and using ChangeAuditor for SharePoint.
See the ChangeAuditor InTrust Integration Guide for more information on the requirements, as well as how to configure ChangeAuditor to retrieve user logon activity events from InTrust.
The ChangeAuditor web client is an optional component that is installed on the Internet Information Services (IIS) web server to provide users access to ChangeAuditor data through a standard or mobile web browser.