ChangeAuditor for Exchange

• Visualizzazione al volo: Traccia l'attività degli utenti e degli amministratori con informazioni dettagliate sugli eventi di modifica relativamente a chi, cosa, quando, dove, quale stazione di lavoro e perché, oltre ai valori originali e attuali delle modifiche a ogni permesso.
• Controllo degli accessi di non proprietari alle caselle di posta: Fornisce una panoramica dettagliata di tutte le modifiche apportate alle caselle di posta a cui hanno avuto accesso i non proprietari, così da potenziare la sicurezza e la conformità.
• Avvisi intelligenti in tempo reale: invio immediato di avvisi nel momento in cui vengono modificati elementi critici o quando vengono effettuate delle modifiche strutturate, così da permettere agli amministratori di reagire tempestivamente.
• Controllo delle modifiche alla configurazione dei server: Traccia le modifiche apportate ai parametri di configurazione dei server Exchange, come per esempio le modifiche alle policy (dimensione dei messaggi e delle caselle di posta), in modo da fornire protezione da eventuali problemi prestazionali di sistema e falle non desiderate nei sistemi di sicurezza.
• Supporto alle cartelle pubbliche: Traccia le modifiche apportate alle cartelle pubbliche di Exchange, in modo da velocizzare l'individuazione e la risoluzione dei problemi e garantire la conformità.
• Controlli configurabili: Consente di abilitare o disabilitare la generazione degli eventi; in tal modo, gli amministratori possono escludere dai controlli, qualora lo desiderino, gli account ad alto traffico o "sicuri", in modo da evitare il sovraccarico del database sotto controllo con informazioni non necessarie sugli eventi.
• Controlli nativi non necessari: cattura le informazioni sulle modifiche senza necessità di log di controllo nativo, comportando in tal modo un risparmio notevole di memoria.
• Reporting: Offre agli amministratori la flessibilità e la possibilità di generare rapidamente dei report personalizzati e predeterminati utilizzando dei report predefiniti e un'ampia libreria di report per la conformità.
• Accesso basato su ruoli: Configura l'accesso in modo da permettere agli auditor di eseguire ricerche e generare report senza poter apportare modifiche di configurazione alle applicazioni, senza il bisogno di assistenza e di rubare tempo prezioso agli amministratori.

Before installing ChangeAuditor, ensure your system meets the following minimum hardware and software requirements:

ChangeAuditor Client (Client-side Component)

The ChangeAuditor Client connects to a ChangeAuditor Coordinator and queries the audited event database for the desired results.

Client Hardware	Minimum: P4 2.0 GHz or better; 1 GB RAM or better Recommended: P4 3.0 GHz or better; 2 GB RAM or better A machine running on any x86 or x64 editions of the following minimum platforms: Windows Server 2003 Windows Server 2003 R2 Windows Server 2008 Windows Server 2008 R2 Windows XP SP2 Windows Vista Windows 7 Screen resolution of at least 1024 x 768 with at least 256 colors
Client Software and Configuration	x86 or x64 versions of Microsoft's .NET Framework v3.5 SP1 or higher NOTE: To verify that you are running the appropriate version of Microsoft's .NET Framework use Add/Remove Programs (Start | Control Panel | Add or Remove Programs). Microsoft Data Access Components (MDAC) 2.8 SP1 X86 or x64 versions of Microsoft XML Parser (MSXML) 6.0 X86 or x64 versions of Microsoft SQLXML 4.0 Internet Explorer 6.0 (or higher)
Client Footprint	Estimated hard disk space usage of 70 MB Estimated RAM physical memory of 100 - 200 MB NOTE: Queries that return a lot of data can cause the client to use as much memory as required to store the results in RAM.

 

ChangeAuditor Coordinator (Server-side component)

The ChangeAuditor Coordinator is responsible for fulfilling client and agent requests and generating alerts.

Coordinator Hardware	Minimum: P4 2.0 GHz or better; 1 GB RAM or better Recommended: P4 3.0 GHz or better; 2 GB RAM or better Member server running on any x86 or x64 editions of the following minimum platforms: Windows Server 2003 Windows Server 2003 R2 Windows Server 2008 Windows Server 2008 R2
Coordinator Software and Configuration	Coordinator Software and Configuration: For the best performance Quest recommends: The ChangeAuditor Coordinator be installed on a dedicated member server. The ChangeAuditor database be configured on a separate, dedicated SQL server instance. Supported SQL Server versions: Microsoft SQL Server 2005 SP2 or higher service pack Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 The Coordinator must have LDAP and GC connectivity to all domain controllers in the local domain and the  forest root domain. x86 or x64 versions of Microsoft's .NET Framework v3.5 SP1 (or higher) X86 or x64 versions of Microsoft XML Parser (MSXML) 6.0 X86 or x64 versions of Microsoft SQLXML 4.0 Microsoft Data Access Components (MDAC) 2.8. SP1
Coordinator Footprint	Estimated hard disk space used: 40 MB Estimated RAM physical memory of 100 MB Additional 80 MB disk space used by Agent MSI's Estimated database size will vary depending on the number of agents deployed and audited events captured.
Minimum Permissions	User account performing the coordinator installation: The user account that will be performing the coordinator installation needs to have the appropriate permissions to perform the following tasks on the target server: Windows permissions to create and modify registry values. Windows administrative permissions to install software and stop/start services. * It is recommended that the user account performing the installation, be a member of the Domain Admins group in the domain where the coordinator is being installed. Service account running the coordinator service (LocalSystem by default): Active Directory permissions to create and modify SCP (Service Connection Point) objects under the computer object that will be running a ChangeAuditor Coordinator. Local Administrator permissions on the coordinator server. SQL Server database access account specified during installation: An account must be created to be used by the Coordinator service on an ongoing basis for access to the SQL Server database. This account must have a SQL Login and be assigned the following SQL permissions: Must be assigned the db_owner role on the ChangeAuditor database Must be assigned the SQL Server role of dbcreator Must be assigned the following database roles in the msdb database: db_datareader db_datawriter SQLAgentUserRole

 

Quest ChangeAuditor Agent (Server-side component)

A ChangeAuditor Agent can be deployed to domain controllers (DCs) and member servers to monitor the configuration changes made on these servers. These agents will then report these audit events to the SQL database or ChangeAuditor Coordinator.

Agent Hardware	Minimum: PIII 1.0 GHz or better; 512 MB RAM or better Recommended: P4 2.0 GHz or better; 2 GB RAM or better Server running on any x86 or x64 editions of the following minimum platforms: Windows Server 2003 SP1 Windows Server 2003 R2 Windows Server 2008 Windows Server 2008 Core Windows Server 2008 R2 Windows Server 2008 R2 Core ChangeAuditor Agent requires File and Printer Sharing on Windows Server 2008. By default, File and Printer sharing is not enabled on Windows Server 2008 installations. In order to remotely deploy agents to Windows Server 2008 (Full UI and Server Core), enable the File and Printer sharing (SMB-in) Inbound rule in the Windows Firewall (Port 445) on the target host machine. The File and Printer Sharing for Microsoft Networks service on the network adapter must also be enabled for remote deployment. Auditing of some Exchange events require the latest Exchange service pack to be installed. Please refer to the ChangeAuditor for Exchange Events Reference Guide for the minimum service packs required for Exchange events. The ChangeAuditor Agent uses the COM+ and Distributed Transaction Coordinator (DTC) services locally on the host server for detecting Exchange Server message created, moved, copied and deleted events. If the COM+ or DTC services are disabled or inoperative, these events will not be detected but the Agent will otherwise run normally. Network access to DTC is not required. When enabling the COM+ service, a ChangeAuditor Agent restart is required, because COM+ service registration occurs at agent startup time.
Agent Software and Configuration	Microsoft .NET Framework 3.5 SP1 – ONLY where the agent is installed on Exchange servers with the CAS (OWA) role Microsoft Data Access Components (MDAC) 2.8. Requires an active Global Catalog ChangeAuditor Agents must be able to reach a global catalog (GC) server to resolve SIDs and mailbox names. If a GC is not available, the agent will temporarily use a DC to perform GC functions. The agent will attempt to connect to a GC every nine hours or on restart. The following events will not be captured while the GC is unavailable: Exchange Mailbox events Linked GPO changed events QAS configuration events
Minimum Permissions	ChangeAuditor Agent must run as localsystem.
Exchange Monitoring Minimum Service Pack Requirements	Microsoft Exchange Server 2003 Service Pack 2 Microsoft Exchange Server 2007 x64 Service Pack 1 Microsoft Exchange Server 2010 RTM and Service Pack 1
Agent Footprint	Estimated hard disk space used: 500 MB or greater Estimated RAM used: Core Agent: 25 MB CAAD: 25 MB CAADAM: 3 MB CAEX: 20 MB CAWFS: 20 MB CASQL: 15 MB CALDAP: 15 MB CAEMC: 10MB CANETAPP: 10MB

Language Supported:

• US English

• ChangeAuditor for Exchange Overview Video
  Learn how ChangeAuditor enables administrators to report on and analyze events and actions without the complexity and time required by native auditing or concerns over system performance.

  Watch the Video »

• Microsoft Audit Collection Services: How Does It Stack Up as a Security Log Solution?

  Watch the Webcast »

• Change Auditing Your Exchange Environment with ChangeAuditor

  Watch the Webcast »