|

Change Auditor for Exchange

Prepare your business for the holiday rush.
For a limited time, get Office Home & Business included on select PCs and Windows Server OS included on select servers. Shop Now

Microsoft Exchange Server change auditing and reporting.

Track, audit, report and alert on Microsoft® Exchange Server configuration and permission changes in real time.


 
Software Change Auditor for Exchange

 

Change Auditor for Exchange simplifies the audit process by tracking, auditing, reporting and alerting on Microsoft® Exchange Server configuration and permission changes in real time. To ensure Exchange compliance, you can automatically generate intelligent, in-depth reports, protecting you against policy violations and avoiding the risks and errors associated with day-to-day modifications. And, for fast troubleshooting, you always get the original and current values.

Change Auditor for Exchange audits all critical changes to Exchange including administrative groups, mailbox policies, and public and private information store auditing. You’ll be advised of all organizational changes, such as Active Sync mailbox policy changes, distribution list changes and more. Now, Exchange auditing is simple with real-time auditing that protects your organization’s security policies and prevents compliance violations, system downtime and massive productivity losses.

Features

At-a-glance display
Tracks user and administrator activity with detailed information including who, what, when, where, which workstation and why for change events, plus original and current values for all changes.

Non-owner mailbox-access auditing
Provides a detailed view of any changes made to mailboxes that have been accessed by a non-owner, which enhances security and compliance.

Real-time alerts on the move
Sends critical change and pattern alerts to email and mobile devices to prompt immediate action, enabling you to respond faster to threats even while you're not on site.

Object protection
Prevents anyone but the mailbox owner from accessing sensitive or critical mailboxes.

Event timeline
Enables the viewing, highlighting and filtering of change events and the relation of other events over the course of time in chronological order across your Windows environment for better understanding and forensic analysis of those events and trends.

Related searches
Provides instant, one-click access to all information on the change you're viewing and all related events, such as what other changes came from specific users and workstations, eliminating additional guesswork and unknown security concerns.

Server configuration change auditing
Tracks changes to Microsoft® Exchange Server configuration parameters such as policy changes, (message size, mailbox size), which protects against system performance issues and unwanted security gaps.

ActiveSync auditing
Audits mobile devices using the Microsoft ActiveSync to track email and calendar access, device registration and more.

O365 auditing
Audits administrator access and end user mailbox activity for mailboxes hosted on Office 365. Events are searchable and integrated into reports for a more complete picture of what’s happening in Exchange.

Public Folders support
Tracks changes made to Exchange Public Folders, which speeds troubleshooting and ensures compliance.

High-performance auditing engine
Removes auditing limitations and captures change information without the need for native audit logs, resulting in faster results and significant savings of storage resources.

Auditor-ready reporting
Generates comprehensive reports for best practices and regulatory compliance mandates for SOX, PCI-DSS, HIPAA, FISMA, GLBA and more.

Role-based access
Configures access so auditors can run searches and reports without making any configuration changes to the application, and without requiring the assistance and time of the administrator.

Web-based access with dashboard reporting
Searches from anywhere using a web browser and creates targeted dashboard reports to provide upper management and auditors with access to the information they need without having to understand architecture or administration.
  • Change Auditor 6.8 System requirements


    Before installing Change Auditor 6.8, ensure that your system meets the following minimum hardware and software requirements.
    Change Auditor coordinator (Server-side component)
    Change Auditor client (Client-side component)
    Change Auditor agent (Server-side component)
    Authentication Services auditing requirements
    Cloud storage auditing requirements
    Defender auditing requirements
    EMC® auditing requirements
    Exchange Server auditing requirements
    Fluid File System auditing requirements
    Logon Activity auditing requirements
    Lync auditing requirements
    NetApp auditing requirements
    Office 365™ Exchange Online auditing requirements
    SharePoint® auditing requirements
    SonicWALL auditing requirements
    SQL Server® auditing requirements
    SQL Server® Data Level auditing requirements
    VMware® auditing requirements
    Change Auditor workstation agent (optional component)
    Change Auditor web client (optional component)

    Change Auditor coordinator (Server-side component)


    The Change Auditor coordinator is responsible for fulfilling client and agent requests and for generating alerts.

    Coordinator requirements:
    Processor
    Quad core Intel® Core™ i7 equivalent or better

    Memory
    Minimum: 8 GB RAM or better
    Recommended: 32 GB RAM or better

    SQL Server
    SQL databases supported up to the following versions:

    Microsoft® SQL Server® 2008 SP4
    Microsoft SQL Server 2008 R2 SP3
    Microsoft SQL Server 2012 SP3
    Microsoft SQL Server 2014 SP1

    NOTE:
    Change Auditor does not support SQL high availability technology other than clusters.

    Installation platforms supported up to the following versions:
    Windows Server 2008 SP2 x64
    Windows Server 2008 R2 SP1 x64
    Windows Server 2012 (Essentials, Standard and Datacenter) x64
    Windows Server 2012 R2 (Essentials, Standard and Datacenter) x64

    NOTE: Microsoft Windows Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.)

    NOTE: Microsoft’s Windows Small Business Server 2008 and 2011 are NOT supported.

    NOTE: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.

    Coordinator software and configuration:
    For the best performance, Dell strongly recommends:
    Install the Change Auditor coordinator on a dedicated member server.
    The Change Auditor database should be configured on a separate, dedicated SQL Server instance.

    NOTE: Do NOT pre-allocate a fixed size for the Change Auditor database. In addition, the following software/configuration is required:

    The coordinator must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.
    x64 version of Microsoft’s .NET 4.5.2 or higher
    x64 version of Microsoft XML Parser (MSXML) 6.0
    x64 version of Microsoft SQLXML 4.0

    Coordinator footprint:
    Estimated hard disk space used: 1 GB
    Coordinator RAM usage is highly dependent on the environment, number of agent connections, and event volume.
    Estimated database size will vary depending on the number of agents deployed and audited events captured.

    Coordinator minimum permissions
    User account performing the coordinator installation:

    The user account that will be performing the coordinator installation needs to have the appropriate permissions to perform the following tasks on the target server:
    Windows permissions to create and modify registry values.
    Windows administrative permissions to install software and stop/start services.

    NOTE: The user account performing the installation, must be a member of the Domain Admins group in the domain where the coordinator is being installed.

    Service account running the coordinator service (LocalSystem by default):
    The service account running the coordinator service must have the following permissions:
    Active Directory® permissions to create and modify SCP (Service Connection Point) objects under the computer object that will be running the Change Auditor coordinator.
    Local Administrator permissions on the coordinator server.

    NOTE:If you are running the coordinator under a service account (instead of LocalSystem), use a Manual connection profile that specifies the IP address of the server hosting the Change Auditor coordinator whenever you launch the Change Auditor client. See the Dell™ Change Auditor User Guide or online help for more information on defining and selecting a connection profile.

    SQL Server database access account specified during installation:
    An account must be created to be used by the coordinator server on an ongoing basis for access to the SQL Server database. This account must have a SQL Login and be assigned the following SQL permissions:
    Must be assigned the db_owner role on the Change Auditor database
    Must be assigned the SQL Server role of dbcreator

    Change Auditor client (Client-side component)


    The Change Auditor client connects to a Change Auditor coordinator and queries the audited event database for the desired results.

    Client requirements:
    Processor
    Dual core Intel® Core™ i5 equivalent or better

    Memory
    Minimum: 4 GB RAM or better
    Recommended: 8 GB RAM or better

    Installation platforms supported up to the following versions
    Windows Server 2008 SP2 x64
    Windows Server 2008 R2 SP1 x64
    Windows Server 2012 (Standard, Essentials and Datacenter) x64
    Windows Server 2012 R2 (Standard, Essentials and Datacenter) x64
    Windows 7 SP1 (Pro, Enterprise and Ultimate) x64
    Windows 8 and 8.1 (Pro and Enterprise) x64

    NOTE: Microsoft® Data Access Components (MDAC) must be enabled. MDAC is part of the operating system and is enabled by default.

    NOTE: Microsoft’s Windows Small Business Server 2008 and 2011 are NOT supported.

    NOTE: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.

    Client software and configuration
    x64 version of Microsoft’s .NET 4.5.2 or higher
    x64 version of Microsoft XML Parser (MSXML) 6.0
    x64 version of Microsoft SQLXML 4.0

    Client footprint:
    Estimated hard disk space used: 140 MB
    Estimated physical memory (RAM) used: 150 - 500 MB
    Client RAM usage is dependent on the number of tabs you have open.

    NOTE: Queries that return a lot of data can cause the client to use as much memory as required to store the results in RAM.

    Change Auditor agent (Server-side component)


    A Change Auditor agent can be deployed to domain controllers (DCs) and member servers to monitor the configuration changes made on these servers. These agents will then report these audit events to the Change Auditor coordinator which will insert the event details into the Change Auditor database. Table 14. Client requirements

    Agent requirements:
    Processor:
    Dual core Intel® Core™ i5 equivalent or better

    Memory:
    Minimum: 4 GB RAM or better
    Recommended: 8 GB RAM or better

    Installation platforms (x86 and x64) supported up to the following versions
    Windows Server® 2003 SP2
    Windows Server 2003 R2 SP2
    Windows Server 2008 SP2

    NOTE: Windows Server 2008 Core is no longer supported because it does not support the required .NET 4.0 framework for Change Auditor 6.5 (and above) agents.

    Windows Server 2008 R2 SP1
    Windows Server 2008 R2 Core SP1
    Windows Server 2012 (Essentials, Standard and Datacenter)
    Windows Server 2012 Core (Essentials, Standard and Datacenter)
    Windows Server 2012 R2 (Essentials, Standard and Datacenter)
    Windows Server 2012 R2 Core (Essentials, Standard and Datacenter)

    NOTE: Microsoft® Data Access Components (MDAC) must be enabled. MDAC is part of the operating system and is enabled by default.

    NOTE: Microsoft’s Windows® Small Business Server 2003, 2008 and 2011 are NOT supported.

    NOTE: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.

    NOTE: Windows File System auditing is supported in a Windows failover cluster configuration. However, the agent is not aware of the cluster and will only audit the active nodes in the cluster where agents are deployed.

    NOTE: Agents auditing Fluid File Systems must be installed on 64-bit Windows 2008 SP2 or later.

    Agent software and configuration:
    x86 or x64 version of Microsoft’s .NET 4.0 or higher
    x86 or x64 version of Microsoft XML Parser (MSXML) 6.0
    x86 or x64 version of Microsoft SQLXML 4.0
    The agent must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.

    The Change Auditor agent service depends on the following Windows services to be running:
    DNS client
    Remote Procedure Call (RPC)
    Windows event log

    NOTE: Ensure communication over RPC between coordinators and agents.

    Agent footprint:
    Estimated hard disk space used: 120 MB + local database size + log size

    Change Auditor agent log retention and content is configurable. That is, you can define how many files to retain and the level of logging.

    Estimated physical memory (RAM) used: 60 - 100 MB; Agent RAM usage is dependent on the auditing modules you have licensed.

    Agent installation incompatibilities
    Agent installation is NOT compatible with the following applications:
    The Change Auditor agent cannot be installed on the same server as agents from Dell products that were pre-cursors to Change Auditor including:
    InTrust for Active Directory
    InTrust for ADAM
    InTrust for Exchange
    InTrust for File Access
    DirectoryLockdown
    SecurityManager

    These products are no longer available, but if their agents are still installed they should be removed before installing Change Auditor. Change Auditor can also be incompatible with Active Administrator if both products’ agents are installed on Windows Server 2003.

    Due to the way Change Auditor integrates with Active Directory to capture all change details there may be incompatibilities with 3rd party agents that integrate with Active Directory in a similar way such as Active Directory auditing tools from other vendors.

    Change Auditor may be incompatible out-of-the-box with agents that are designed to detect suspicious software such as antivirus tools. In these cases, it may be necessary to configure the 3rd party product to exclude the Change Auditor process from its scope.

    If Change Auditor is going to be installed alongside products that conform to either of these patterns it is highly recommended that the installation be tested in a non-production environment first to identify any incompatibilities and adjust the product configurations as necessary before deploying to production.

    Agent minimum permissions
    User account deploying agents
    The Agent Deployment wizard runs under the security context of the currently logged on user account. Therefore, you must have administrative authority to install software on every target machine. This means you must be a Domain Admin in every domain that contains servers that you are targeting for installation.

    If you are targeting domain controllers only, membership in the Enterprise Admins group will grant you authority to all domain controllers in the forest.

    In addition, all users responsible for deploying Change Auditor agents must also be a member of the ChangeAuditor Administrators group in the specified Change Auditor installation. If you are not a member of this security group for this installation, you will get an access denied error.

    System account running on agent

    Change Auditor agents must run as localsystem.

    Authentication Services auditing requirements

    Change Auditor
    Change Auditor for Authentication Services

    Authentication Services -Latest supported version
    Dell™ Authentication Services 4.1

    Defender auditing requirements

    Change Auditor
    Change Auditor for Defender

    Defender - Latest supported version
    Dell™ Defender 5.8.1

    EMC® auditing requirements

    Change Auditor

    Change Auditor for EMC

    NOTE: Change Auditor for EMC 6.5 (or higher) is required for EMC Isilon® auditing

    EMC Celerra®/VNX® - Supported up to the following versions
    EMC Common Event Enabler (CEE) Framework up to 7.0

    NOTE:CEE requires .Net 3.5 for EMC auditing. Ensure that it is installed on the computer where you have installed CEE.

    EMC Celerra Event Enabler (CEE) Framework 4.6.7
    EMC VNX Event Enabled (VEE) Framework 4.8.5 (through 5.1)

    NOTE: VNXe® is NOT supported. VNXe does not support CEPA at this time and therefore Change Auditor for EMC will NOT run successfully in VNXe environments.

    NOTE: Starting with release 6.0.0.0, the VNX Event Enabler (VEE) is called the Common Event Enabler (CEE).

    EMC Isilon
    EMC Common Event Enabler (CEE) Framework up to 7.0

    NOTE: CEE requires .Net 3.5 for EMC auditing. Ensure that it is installed on the computer where you have installed CEE.

    NOTE: Isilon Server pre-configured for auditing. See the EMC User Guide for more information.

    For more information
    See the Dell™ Change Auditor for EMC® User Guide for detailed information on installing, configuring and using Change Auditor for EMC.

    Exchange Server auditing requirements

    Change Auditor
    Change Auditor for Exchange

    Exchange servers supported up to the following versions:
    Windows Server 2003 SP2 and 2003 R2:
    Microsoft Exchange Server 2007 SP3

    Windows Server 2008 SP2
    Microsoft Exchange Server 2007 SP3
    Microsoft Exchange Server 2010 SP3 RU12

    Windows Server 2008 R2 SP1
    Microsoft Exchange Server 2007 SP3
    Microsoft Exchange Server 2010 SP3 RU12
    Microsoft Exchange Server 2013 CU11

    Windows Server 2012:
    Microsoft Exchange Server 2010 SP3 RU12
    Microsoft Exchange Server 2013 CU11

    Windows Server 2012 R2:
    Microsoft Exchange Server 2013 CU11

    NOTE: MAPI over HTTP protocol requires a minimum of Microsoft Exchange Server 2013 CU8.

    For more information
    See the Dell™ Change Auditor for Exchange User Guide for information on using Change Auditor for Exchange.

    Fluid File System auditing requirements

    Change Auditor
    Change Auditor for Fluid File System

    Dell™ Fluid File System
    Dell Fluid File System version 5.0.10

    Dell Enterprise Manager
    Dell Enterprise Manager version 15.3

    NOTE: The FluidFS cluster that is going to be audited must be registered with Enterprise Manager’s Data Collector service.

    NOTE: Administrator rights to Enterprise Manager are required to create, edit, delete FluidFS auditing templates in Change Auditor.

    Dell Change Auditor FluidFS Configuration service
    Dell Change Auditor FluidFS Configuration service. The Dell Change Auditor FluidFS Configuration.msi is located in the Integration/FluidFS folder of the installation package.

    IMPORTANT: The service can be installed only on 64-bit Windows 2008 SP2 and later and requires .NET 4.0.

    NOTE: The domain of the configuration service must have a twoway trust with the domain of the auditing agent and trust the domain of the coordinator (one-way trust).

    Windows PowerShell
    Windows PowerShell version 3 on the computer where the configuration service is installed.

    Agent requirements
    Locate a Change Auditor agent in close proximity to the Dell FS8600 cluster (use fastest connection type available).

    NOTE: The agent must be installed on 64-bit Windows 2008 SP2 or later.

    Ports
    To receive events, the following ports must be open:
    Configuration Service TCP port 9003 on the local computer where the Dell Change Auditor FluidFS Configuration service is installed.
    TCP port 9004 on the agent host for inbound connections with the FluidFS cluster.

    These are default port values that are configurable.

    Encryption
    If you are going to turn on encryption for auditing, the domain of the coordinator must trust the domain of the user account specified (one-way trust) during encryption configuration.

    For more information
    See the Dell™ Change Auditor for Fluid File System User Guide for more information on configuring and using Change Auditor for Fluid File Service.

    Logon Activity auditing requirements

    Change Auditor | Server agents
    Change Auditor for Logon Activity User

    NOTE: See Change Auditor agent (Server-side component).

    Change Auditor | Workstation agents
    Change Auditor for Logon Activity Workstation

    NOTE:
    See Change Auditor workstation agent (optional component).

    Lync auditing requirements

    License required
    Change Auditor for Lync

    Lync
    Microsoft Lync version 2010 and 2013

    NetApp auditing requirements

    Change Auditor
    Change Auditor for NetApp

    NetApp Filer
    NetApp Filer with Data ONTAP® 7.2 to 8.3.1
    Cluster mode is supported as of version 8.2.1

    For more information
    See the Dell™ Change Auditor for NetApp® User Guide for detailed information on installing, configuring and using Change Auditor for NetApp.

    Office 365™ Exchange Online auditing requirements

    Change Auditor
    Change Auditor for Exchange 6.5 (or higher)

    Office 365 Exchange Online
    Office 365 platforms supported and required permissions

    Office 365 Small Business
    Minimum permissions: The user account configured for Change Auditor auditing must be assigned the Administrator role for Office 365 Small Business. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).

    Office 365 Small Business Premium
    Minimum permissions: The user account configured for Change Auditor auditing must be assigned the Administrator role for Office 365 Small Business Premium. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).

    Office 365 Midsize Business
    Minimum permissions: The user account configured for Change Auditor auditing must be assigned the Global Administrator role for Office 365 Midsize Business. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).

    Office 365 Enterprise
    Minimum permissions: The user account configured for Change Auditor auditing must be assigned the Global Administrator role for Office 365 Enterprise. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).

    For more information
    See the Dell™ Change Auditor for Exchange User Guide for more information on Exchange Online auditing.

    SharePoint® auditing requirements

    Change Auditor
    Change Auditor for SharePoint

    SharePoint
    SharePoint Server 2010 or 2013
    SharePoint Foundation 2010 or 2013

    For more information
    See the Dell™ Change Auditor for SharePoint® User Guide for detailed information on installing, configuring and using Change Auditor for SharePoint.

    SonicWALL auditing requirements

    Change Auditor
    Change Auditor for SonicWALL

    SonicWALL firewall device
    SonicWALL firewall device running SonicOS firmware version 6.1.1.7 (or higher)

    Firewall requirements:
    At least one SonicWALL firewall that supports AppFlow with the ‘IPFIX with extensions’ external flow reporting format.
    The SonicWALL firewall must support the SonicOS DPI-SSL feature for cloud or SSL-based web site activity auditing.
    The firewall must be configured to send AppFlow data to the Change Auditor agent.

    For more information
    See the Dell™ Change Auditor for SonicWALL User Guide for more information on configuring and using Change Auditor for SonicWALL.

    SQL Server® auditing requirements

    Change Auditor
    Change Auditor for SQL Server

    SQL Servers supported up to the following versions
    Microsoft SQL Server 2005 SP4
    Microsoft SQL Server 2008 SP4
    Microsoft SQL Server 2008 R2 SP3
    Microsoft SQL Server 2012 SP3
    Microsoft SQL Server 2014 SP1

    NOTE: Auditing is supported on SQL clusters only when they are not using high availability technologies. In this configuration, the agent is not aware of the cluster and will only audit the active nodes in the cluster where agents are deployed.

    For more information
    See the Dell™ Change Auditor for SQL Server® User Guide for information on using Change Auditor for SQL Server.

    SQL Server® Data Level auditing requirements

    Change Auditor
    Change Auditor for SQL Server

    SQL Servers supported up to the following versions
    Microsoft SQL Server 2008 SP4
    Microsoft SQL Server 2008 R2 SP3
    Microsoft SQL Server 2012 SP3
    Microsoft SQL Server 2014 SP1

    NOTE: Auditing is supported on SQL clusters only when they are not using high availability technologies. In this configuration, the agent is not aware of the cluster and will only audit the active nodes in the cluster where agents are deployed.

    NOTE: Due to some limitations on gathering logon information for SQL Server 2008 and 2008 R2, the following information may not be captured:
    Who
    Origin
    Application name

    NOTE: Change Auditor SQL Data Level auditing currently only supports auditing databases in Full and Bulk logged recovery models. Minimally logged operations performed in bulk logged recovery model may not produce auditing events. An initial backup is required for both Full and Bulk logged databases before the transaction log will properly support auditing.

    NOTE: Encrypted databases are not supported.

    NOTE:SQL Data Level auditing templates are assigned to an agent when you create the template. Each audited database requires one template assigned to a single agent. Ensure that the credentials for the account specified when you create a template has the following permissions:
      Permission to open a connection to the targeted database.
      Read permissions on targeted tables and system tables.
      VIEW SERVER STATE permission.
      For SQL 2012 and later: CONTROL SERVER permission and ensure that the specified database can be opened on the target server.

    For more information
    See the Dell™ Change Auditor for SQL Server® User Guide for information on using Change Auditor for SQL Server.

    VMware® auditing requirements

    Change Auditor
    Change Auditor (any license)

    VMware
    ESX®/ESXi® 5.0 to 6.0
    vCenter™ 5.0 to 6.0

    Change Auditor workstation agent (optional component)


    Change Auditor workstation agents can be deployed to capture authentication activity and logon session events from monitored workstations when the Dell™ Change Auditor for Logon Activity Workstation license is applied and cloud storage information (Box, DropBox, and OneDrive) when the Dell Change Auditor for Cloud Storage license is applied.

    NOTE:The recommended installation for domain workstations is from the Deployment tab of the Change Auditor Windows® client. However, for non-domain workstations you must manually install the Change Auditor workstation agent. See the Dell™ Change Auditor Installation Guide for recommendations and instructions on manually deploying workstation agents.

    Workstation agent requirements


    Processor
    Dual core Intel® Core™ i5 equivalent or better

    Memory
    Minimum: 2 GB RAM
    Recommended: 4 GB RAM or better

    Operating System
    Installation platforms supported up to the following versions:
    Windows 7 (Pro, Enterprise and Ultimate)
    Windows 8 and 8.1 (Pro and Enterprise)

    NOTE: Microsoft® Data Access Components (MDAC) must be enabled. MDAC is part of the operating system and is enabled by default.

    NOTE: Workstation agents are not supported on Windows 8.1 for cloud storage monitoring.

    Client software and configuration
    x86 or x64 versions of Microsoft’s .NET framework 4.0 (or higher)
    x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
    x86 or x64 versions of Microsoft SQLXML 4.0
    The agent must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.

    The Change Auditor agent service depends on the following Windows services to be running:
    DNS client
    Remote Procedure Call (RPC)
    Windows event log

    NOTE: Ensure communications over RPC between coordinators and agents.

    IMPORTANT: For workstation log management (such as Get Logs or View Agent Log), the following must be enabled on the workstation:
    Windows Management Instrumentation (WMI) must be enabled in the firewall rule set (usually domain) on the workstation
    Network Discovery and File Sharing must be enabled
    Remote Registry Service must be set to ‘Start Automatically’. By default, this service is stopped and set to ‘Manual’ for Windows 7 and Windows 8/8.1.

    Authentication Activity auditing
    To capture Authentication Activity events, you must first enable (that is, set to Success, Failure) the ‘Audit Logon events’ audit policy for all servers or workstations:
    Domain - Group Policy

    Default Domain Policy\Computer Configuration\Windows Settings\Security Settings\Local Policy\Audit Policy\Audit logon events
    Workgroup - Local Group Policy

    Local Computer Policy\Computer Configuration\Windows Sercurity\Security Settings\Local Policies\Audit Policy\Audit logon events

    For more information
    See the Dell™ Change Auditor for Logon Activity User Guide for more information on using Change Auditor for Logon Activity.

    Change Auditor web client (optional component)


    The Change Auditor web client is an optional component that is installed on the Internet Information Services (IIS) web server to provide users access to Change Auditor through a standard or mobile web browser.

    Processor
    Quad core Intel® Core™ i7 equivalent or better

    Change Auditor
    Change Auditor (any license)

    NOTE:
    Change Auditor 6.5 (or higher) is required for using the Administration Tasks page to manage Change Auditor.

    Installation platforms supported up to the following versions:
    Windows Server 2008 SP2 x64 with Application Server and Web Server roles
    Windows Server 2008 R2 SP1 x64 with Application Server and Web Server roles
    Windows Server 2012 x64 (Standard, Essentials and Datacenter) with Application Server and Web Server roles
    Windows Server 2012 R2 x64 (Standard, Essentials and Datacenter) with Application Server and Web Server roles

    Software and configuration
    x64 version of Microsoft’s .NET 4.5.2 or higher
    x64 version of Microsoft XML Parser (MSXML) 6.0
    x64 version of Microsoft SQLXML 4.0

    Browsers supported up to the following versions
    Chrome™ 47
    Firefox® 43
    Internet Explorer® 11 NOT running in Compatibility View mode
    Safari® 9.0.3 for Mac® OS (Windows® Safari is not supported)

    For more information
    See the Dell™ Change Auditor Web Client User Guide for more information on installing, configuring and using the web client.
Documents Documents
Download printable materials to gain insight on how this product can help you simplify IT challenges.
   
Events Events
Peruse webcasts and in-person activities near you to explore the technology behind this product.
   
Community Community
Get the most from this product as you join your peers and Dell experts to access tools and learn best practices.
Dell Software | Contact Us

Contact a Dell Expert

Get help with all your business needs.

Learn More
Dell Software | Support

Software Product Support

Single location for all your product needs.

Learn More
Chat

Go ahead. Ask us anything.

You've got questions, we've got experts that can help. Find out now.

Chat Online
close
 
 
P60-CS05