Before installing ChangeAuditor, ensure your system meets the following minimum hardware and software requirements:
ChangeAuditor Client (Client-side Component)
The ChangeAuditor Client connects to a ChangeAuditor Coordinator and queries the audited event database for the desired results.
| Client Hardware | Minimum: P4 2.0 GHz or better; 1 GB RAM or better
Recommended: P4 3.0 GHz or better; 2 GB RAM or better
A machine running on any x86 or x64 editions of the following minimum platforms: - Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
- Windows XP SP2
- Windows Vista
- Windows 7
- Screen resolution of at least 1024 x 768 with at least 256 colors
|
| Client Software and Configuration | - x86 or x64 versions of Microsoft's .NET Framework v3.5 SP1 or higher
NOTE: To verify that you are running the appropriate version of Microsoft's .NET Framework use Add/Remove Programs (Start | Control Panel | Add or Remove Programs). - Microsoft Data Access Components (MDAC) 2.8 SP1
- X86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
- X86 or x64 versions of Microsoft SQLXML 4.0
- Internet Explorer 6.0 (or higher)
|
| Client Footprint | - Estimated hard disk space usage of 70 MB
- Estimated RAM physical memory of 100 - 200 MB
NOTE: Queries that return a lot of data can cause the client to use as much memory as required to store the results in RAM.
|
ChangeAuditor Coordinator (Server-side component)
The ChangeAuditor Coordinator is responsible for fulfilling client and agent requests and generating alerts.
| Coordinator Hardware | Minimum: P4 2.0 GHz or better; 1 GB RAM or better
Recommended: P4 3.0 GHz or better; 2 GB RAM or better
Member server running on any x86 or x64 editions of the following minimum platforms: - Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
|
| Coordinator Software and Configuration | Coordinator Software and Configuration: - For the best performance Quest recommends:
- The ChangeAuditor Coordinator be installed on a dedicated member server.
- The ChangeAuditor database be configured on a separate, dedicated SQL server instance.
- Supported SQL Server versions:
- Microsoft SQL Server 2005 SP2 or higher service pack
- Microsoft SQL Server 2008
- Microsoft SQL Server 2008 R2
- The Coordinator must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.
- x86 or x64 versions of Microsoft's .NET Framework v3.5 SP1 (or higher)
- X86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
- X86 or x64 versions of Microsoft SQLXML 4.0
- Microsoft Data Access Components (MDAC) 2.8. SP1
|
| Coordinator Footprint | - Estimated hard disk space used: 40 MB
- Estimated RAM physical memory of 100 MB
- Additional 80 MB disk space used by Agent MSI's
- Estimated database size will vary depending on the number of agents deployed and audited events captured.
|
| Minimum Permissions | User account performing the coordinator installation:
The user account that will be performing the coordinator installation needs to have the appropriate permissions to perform the following tasks on the target server: - Windows permissions to create and modify registry values.
- Windows administrative permissions to install software and stop/start services.
* It is recommended that the user account performing the installation, be a member of the Domain Admins group in the domain where the coordinator is being installed.
Service account running the coordinator service (LocalSystem by default): - Active Directory permissions to create and modify SCP (Service Connection Point) objects under the computer object that will be running a ChangeAuditor Coordinator.
- Local Administrator permissions on the coordinator server.
SQL Server database access account specified during installation:
An account must be created to be used by the Coordinator service on an ongoing basis for access to the SQL Server database. This account must have a SQL Login and be assigned the following SQL permissions: - Must be assigned the db_owner role on the ChangeAuditor database
- Must be assigned the SQL Server role of dbcreator
- Must be assigned the following database roles in the msdb database:
- db_datareader
- db_datawriter
- SQLAgentUserRole
|
Quest ChangeAuditor Agent (Server-side component)
A ChangeAuditor Agent can be deployed to domain controllers (DCs) and member servers to monitor the configuration changes made on these servers. These agents will then report these audit events to the SQL database or ChangeAuditor Coordinator.
| Agent Hardware | - Minimum: PIII 1.0 GHz or better; 512 MB RAM or better
Recommended: P4 2.0 GHz or better; 2 GB RAM or better
- Server running on any x86 or x64 editions of the following minimum platforms:
- Windows Server 2003 SP1
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 Core
- Windows Server 2008 R2
- Windows Server 2008 R2 Core
- ChangeAuditor Agent requires File and Printer Sharing on Windows Server 2008. By default, File and Printer sharing is not enabled on Windows Server 2008 installations. In order to remotely deploy agents to Windows Server 2008 (Full UI and Server Core), enable the File and Printer sharing (SMB-in) Inbound rule in the Windows Firewall (Port 445) on the target host machine.
- The File and Printer Sharing for Microsoft Networks service on the network adapter must also be enabled for remote deployment.
- Auditing of some Exchange events require the latest Exchange service pack to be installed. Please refer to the ChangeAuditor for Exchange Events Reference Guide for the minimum service packs required for Exchange events.
- The ChangeAuditor Agent uses the COM+ and Distributed Transaction Coordinator (DTC) services locally on the host server for detecting Exchange Server message created, moved, copied and deleted events. If the COM+ or DTC services are disabled or inoperative, these events will not be detected but the Agent will otherwise run normally. Network access to DTC is not required. When enabling the COM+ service, a ChangeAuditor Agent restart is required, because COM+ service registration occurs at agent startup time.
|
| Agent Software and Configuration | - Microsoft .NET Framework 3.5 SP1 – ONLY where the agent is installed on Exchange servers with the CAS (OWA) role
- Microsoft Data Access Components (MDAC) 2.8.
- Requires an active Global Catalog
ChangeAuditor Agents must be able to reach a global catalog (GC) server to resolve SIDs and mailbox names. If a GC is not available, the agent will temporarily use a DC to perform GC functions. The agent will attempt to connect to a GC every nine hours or on restart. The following events will not be captured while the GC is unavailable: - Exchange Mailbox events
- Linked GPO changed events
- QAS configuration events
|
| Minimum Permissions | - ChangeAuditor Agent must run as localsystem.
|
| Exchange Monitoring Minimum Service Pack Requirements | - Microsoft Exchange Server 2003 Service Pack 2
- Microsoft Exchange Server 2007 x64 Service Pack 1
- Microsoft Exchange Server 2010 RTM and Service Pack 1
|
| Agent Footprint | Estimated hard disk space used: 500 MB or greater
Estimated RAM used:
- Core Agent: 25 MB
- CAAD: 25 MB
- CAADAM: 3 MB
- CAEX: 20 MB
- CAWFS: 20 MB
- CASQL: 15 MB
- CALDAP: 15 MB
- CAEMC: 10MB
- CANETAPP: 10MB
|
Language Supported: