|

Change Auditor for Windows File Servers

Buy more. Save more. Do more.
On OptiPlex, Latitude, Precision and XPS systems over $499: Save an extra 5% for up to 35% off when buying two PCs and save an extra 10% for up to 40% off when buying three or more PCs. Shop Now ›

Easy and secure Windows File Server auditing.

Track, report and alert on critical changes to Windows File Servers.


 
Software Change Auditor for Windows File Servers

 

Change Auditor for Windows File Servers helps you control and audit changes to Microsoft® Windows® file servers efficiently and cost-effectively. It proactively tracks, audits, reports and alerts on vital changes in real time and without the overhead of native auditing.

You will instantly know the “who, what, when, where and originating workstation” details, and get the original and current values for fast troubleshooting. You can then automatically generate intelligent, in-depth forensics for auditors and management, reducing the risks associated with day-to-day modifications and ensuring confidence at your next audit.

At-a-glance display
Tracks user and administrator activity with detailed information including who, what, when, where, which workstation and why for change events, plus original and current values for all changes.

Real-time alerts on the move
Sends critical change and pattern alerts to email and mobile devices to prompt immediate action, enabling you to respond faster to threats even while you're not on site.

Account lockout
Captures the originating IP address/workstation name for account lockout events to simplify troubleshooting.

Object protection
Provides protection against changes to the most critical files and folders from being modified or accidentally deleted.

High-performance auditing engine
Removes auditing limitations and captures change information without the need for native audit logs, resulting in faster results and significant savings of storage resources.

Auditor-ready reporting
Generates comprehensive reports for best practices and regulatory compliance mandates for SOX, PCI-DSS, HIPAA, FISMA, GLBA and more.

Role-based access
Configures access so auditors can run searches and reports without making any configuration changes to the application, and without requiring the assistance and time of the administrator.

Event timeline
Enables the viewing, highlighting and filtering of change events and the relation of other events over the course of time in chronological order across your Windows environment for better understanding and forensic analysis of those events and trends.

Related searches
Provides instant, one-click access to all information on the change you're viewing and all related events, such as what other changes came from specific users and workstations, eliminating additional guesswork and unknown security concerns.

Centralized auditing
Provides the ability to manage, monitor and audit all file server changes from a single location, which streamlines management of multiple servers and locations to a single, easy-to-use console.

Share auditing
Tracks all events related to file shares, helping administrators ensure access to shared files is maintained by capturing all change events in real time.

Web-based access with dashboard reporting
Searches from anywhere using a web browser and creates targeted dashboard reports to provide upper management and auditors with access to the information they need without having to understand architecture or administration.
  • Change Auditor 6.5 System requirements

    Change Auditor is made up of the following components, all which have specific system requirements:
    Change Auditor coordinator(s)
    Change Auditor client
    Change Auditor agents
    Change Auditor workstation agents
    Microsoft SQL Server database
    Change Auditor web client

    Change Auditor coordinator (Server-side component)

    The Change Auditor coordinator is responsible for fulfilling client and agent requests.

    Coordinator hardware:
    Minimum: Quad core 2.0 GHz or better; 8 GB RAM or better
    Recommended: Quad core 3.0 GHz or better; 32 GB RAM or better

    Member server running on the following minimum platforms:
    Windows Server® 2003 SP2
    Windows Server 2003 R2
    Windows Server 2008
    Windows Server 2008 R2
    Windows Server 2012 (Essentials, Standard and Datacenter)
    Windows Server 2012 R2 (Essentials, Standard and Datacenter)

    Microsoft’s Windows Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.)

    Note: Microsoft’s Windows Small Business Server 2003, 2008 and 2011 are NOT supported.

    Note: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.

    Coordinator software and configuration:
    Install the Change Auditor coordinator on a dedicated member server.
    The Change Auditor database should be configured on a separate, dedicated SQL Server instance.

    IMPORTANT: Do NOT pre-allocate a fixed size for the Change Auditor database.

    Supported SQL Server versions:
    Microsoft SQL Server 2008 SP1, SP2 or SP3
    Microsoft SQL Server 2008 R2, SP1 or SP2
    Microsoft SQL Server 2012 or SP1

    Note: Change Auditor does not support SQL high availability technology other than clusters.

    The coordinator must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.

    x86 or x64 versions of Microsoft’s .NET framework 4.0 (or higher)
    x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
    x86 or x64 versions of Microsoft SQLXML 4.0

    Coordinator footprint:
    Estimated hard disk space used: 200 MB
    Estimated physical memory (RAM) used for an agent-less coordinator: 100 MB

    Note: Coordinator RAM usage is highly dependent on the environment, number of agent connections, and event volume.

    Estimated database size will vary depending on the number of agents deployed and audited events captured.

    IMPORTANT: Minimum permissions

    User account performing the coordinator installation:

    The user account that will be performing the coordinator installation needs to have the appropriate permissions to perform the following tasks on the target server:
    Windows permissions to create and modify registry values.
    Windows administrative permissions to install software and stop/start services.

    The user account performing the installation, must be a member of the Domain Admins group in the domain where the coordinator is being installed.

    Service account running the coordinator service (LocalSystem by default):
    Active Directory permissions to create and modify SCP (Service Connection Point) objects under the computer object that will be running a Change Auditor coordinator.
    Local Administrator permissions on the coordinator server.

    If you are running the coordinator under a service account (instead of LocalSystem), define a Manual connection profile where you can specify the IP address of the server hosting the Change Auditor coordinator. You can specify and select connection profiles whenever you launch the Change Auditor client. See the Dell™ Change Auditor User Guide or online help for more information on defining and selecting a connection profile.

    SQL Server database access account specified during installation:
    An account must be created to be used by the coordinator service on an ongoing basis for access to the SQL Server database. This account must have a SQL Login and be assigned the following SQL permissions:
    Must be assigned the db_owner role on the Change Auditor database
    Must be assigned the SQL Server role of dbcreator

    Change Auditor client (Client-side component)

    The Change Auditor client connects to a Change Auditor coordinator and queries the audit event database for the desired results.

    Client hardware:
    Minimum: Dual core 2.0 GHz or better; 4 GB RAM or better
    Recommended: Quad core 3.0 GHz or better; 8 GB RAM or better

    A machine running on the following minimum platforms:
    Windows Server® 2003
    Windows Server 2003 R2
    Windows Server 2008
    Windows Server 2008 R2
    Windows Server 2012 (Essentials, Standard and Datacenter)
    Windows Server 2012 R2 (Essentials, Standard and Datacenter)
    Windows 7 (Pro, Enterprise and Ultimate)
    Windows 8 and 8.1 (Pro and Enterprise)

    Microsoft’s Windows Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.

    Note: Microsoft’s Windows Small Business Server 2003, 2008 and 2011 are NOT supported.

    Note: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.

    Screen resolution of at least 1024 x 768 with at least 256 colors

    Client software and configuration:
    x86 or x64 versions of Microsoft’s .NET framework 4.0 (or higher)
    x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
    x86 or x64 versions of Microsoft SQLXML 4.0

    Client footprint:
    Estimated hard disk space used: 140 MB
    Estimated physical memory (RAM) used: 150 - 500 MB

    Note: Client RAM usage is dependent on the number of tabs you have open.

    Note:
    Queries that return a lot of data can cause the client to use as much memory as required to store the results in RAM.

    Change Auditor agent (Server-side component)

    A Change Auditor agent can be deployed to domain controllers (DCs) and member servers to monitor the configuration changes made on these servers. The agents will then report these audit events to a Change Auditor coordinator which will insert the event details into the Change Auditor database.

    Agent hardware:
    Minimum: Dual core 2.0 GHz or better; 4 GB RAM or better
    Recommended: Quad core 3.0 GHz or better; 8 GB RAM or better

    Server running on the following minimum platforms:
    Windows Server® 2003 SP1
    Windows Server 2003 R2
    Windows Server 2008

    Note: Windows Server 2008 Core is no longer supported because it does not support the required .NET 4.0 framework for Change Auditor 6.5 agents.

    Windows Server 2008 R2
    Windows Server 2008 R2 Core SP1
    Windows Server 2012 (Essentials, Standard and Datacenter)
    Windows Server 2012 Core (Essentials, Standard and Datacenter)
    Windows Server 2012 R2 (Essentials, Standard and Datacenter)
    Windows Server 2012 R2 Core (Essentials, Standard and Datacenter)

    Microsoft’s Windows Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.)

    Note: Microsoft’s Windows Small Business Server 2003, 2008 and 2011 are NOT supported.

    Note: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.

    Note: Change Auditor agent requires File and Printer Sharing on Windows Server 2008. By default, File and
    Printer sharing is not enabled on Windows Server 2008 installations. In order to remotely deploy agents to Windows Server 2008, enable the File and Printer sharing (SMB-in) Inbound rule in the Windows Firewall (Port 445) on the target host machine.
    The File and Printer Sharing for Microsoft Networks service on the network adapter must also be enabled for remote deployment.

    Note: Auditing of some Exchange events require the latest Exchange service pack to be installed.
    Please refer to the Dell™ Change Auditor for Exchange Event Reference Guide for the minimum service packs required for Exchange events.

    Agent software and configuration:
    x86 or x64 versions of Microsoft’s .NET framework 4.0 (or higher)
    x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
    The agent must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.

    The Change Auditor agent service depends on the following Windows services to be running:
    DNS client
    Remote Procedure Call (RPC)
    Windows event log

    Note: Ensure communication over RPC between coordinators and agents.

    Agent footprint:
    Estimated hard disk space used: 120 MB + local database size + agent logs

    Note: Change Auditor agent log retention and content is configurable. That is, you can define how many files to retain and the level of logging.

    Estimated physical memory (RAM) used: 60 - 100 MB

    Note: Agent RAM usage is dependent on the auditing modules you have licensed.

    Agent installation is NOT compatible with the following applications:
    Pre-5.6 versions of Change Auditor
    SecurityManager
    Dell™ InTrust™ plug-ins: ITAD, ITADAM, ITFA and ITEX
    ScriptLogic Active Administrator
    DirectoryLockdown
    EMC EmailXtender®

    IMPORTANT: Minimum permissions

    Permissions required for deploying agents:
    The Agent Deployment wizard runs under the security context of the currently logged on user account. Therefore, you must have administrative authority to install software on every target machine. This means you must be a Domain Admin in every domain that contains servers that you are targeting for installation.

    If you are targeting domain controllers only, membership in the Enterprise Admins group will grant you authority to all domain controllers in the forest.

    In addition, all users responsible for deploying Change Auditor agents must also be a member of the ChangeAuditor Administrators group in the specified Change Auditor installation. If you are not a member of this security group for this installation, you will get an access denied error.

    IMPORTANT: Minimum permissions
    Change Auditor agents must run as localsystem.

    Exchange Servers auditing requirements

    Change Auditor license requirement:
    Change Auditor for Exchange

    Minimum service pack requirements:
    Windows Server 2003 and 2003 R2:
    Microsoft Exchange Server 2007 x64 SP1

    Windows Server 2008 and 2008 R2:
    Microsoft Exchange Server 2007 x64 SP1
    Microsoft Exchange Server 2010 RTM

    Windows Server 2008 R2 SP1:
    Microsoft Exchange Server 2007 x64 SP1
    Microsoft Exchange Server 2010 RTM
    Microsoft Exchange Server 2013 CU1

    Windows Server 2012:
    Microsoft Exchange Server 2010 SP3
    Microsoft Exchange Server 2013 RTM

    Windows Server 2012 R2:
    Microsoft Exchange Server 2013 SP1

    Note: Mailbox auditing and protection is NOT supported for Outlook® client connections running Exchange Server 2013 SP1 (or higher).

    SQL Server auditing requirements

    Change Auditor license requirement:
    Change Auditor for SQL Server

    Supported SQL server versions:
    Microsoft SQL Server 2005
    Microsoft SQL Server 2008 SP1, SP2 or SP3
    Microsoft SQL Server 2008 R2, SP1 or SP2
    Microsoft SQL Server 2012 or SP1

    Authentication Services auditing requirements

    Change Auditor license requirement:
    Change Auditor for Authentication Services

    Authentication Services versions:
    Dell One Identity Authentication Services 4.0 (or higher)

    Defender auditing requirements

    Change Auditor license requirement:
    Change Auditor for Defender

    Defender versions:
    Dell One Identity Defender 5.7 (or higher)

    EMC auditing requirements

    Change Auditor license requirement:
    Change Auditor for EMC

    EMC requirements:
    EMC Celerra® Event Enabler (CEE) Framework 4.6.7 or 6.x
    EMC VNX® Event Enabler (VEE) Framework 4.8.5 (through 5.1)

    Note: VNXe® is NOT supported. VNXe does not support CEPA at this time and therefore Change Auditor for EMC will NOT run successfully in VNXe environments.

    EMC Isilon®:
    CEE 6.3.1 (or higher)
    Change Auditor for EMC 6.5 (or higher)
    Requires manual configuration to audit Isilon file servers

    See the Dell™ Change Auditor for EMC® User Guide for information on installing, configuring and using Change Auditor for EMC.

    NetApp auditing requirements

    Change Auditor license requirement:
    Change Auditor for NetApp

    NetApp requirements:
    NetApp Filer with Data ONTAP® 7.2 (or higher)

    Note: Clustering FPolicy was added in NetApp 8.2; but has not yet been implemented in Change Auditor.

    See the Dell™ Change Auditor for NetApp® User Guide for more information on installing, configuring and using Change Auditor for NetApp.

    SharePoint auditing requirements

    Change Auditor license requirement:
    Change Auditor for SharePoint

    SharePoint auditing requirements:
    SharePoint Server 2010 or 2013
    SharePoint Foundation 2010 or 2013

    See the Dell™ Change Auditor for SharePoint® User Guide for detailed information on installing, configuring and using Change Auditor for SharePoint.

    VMware® auditing requirements

    Change Auditor license requirement:
    Change Auditor (any license)

    VMware auditing requirements:
    ESX/ESXi 5.0 or 5.1
    vCenter™ 5.0 or 5.1

    Exchange Online/Office 365™ auditing requirements

    Change Auditor license requirement:
    Change Auditor for Exchange 6.5 (or higher)

    Office 365 platforms supported and required permissions

    Office 365 Small Business

    Minimum permissions:
    The user account configured for Change Auditor auditing must be assigned the Administrator role for Office 365 Small Business. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).

    Office 365 Small Business Premium

    Minimum permissions:
    The user account configured for Change Auditor auditing must be assigned the Administrator role for Office 365 Small Business Premium. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).

    Office 365 Midsize Business

    Minimum permissions:
    The user account configured for Change Auditor auditing must be assigned the Global Administrator role for
    Office 365 Midsize Business. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).

    Office 365 Enterprise

    Minimum permissions:
    The user account configured for Change Auditor auditing must be assigned the Global Administrator role for Office 365 Enterprise. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).

    See the Dell™ Change Auditor for Exchange User Guide for more information on Exchange Online auditing.

    SonicWALL auditing requirements

    Change Auditor license requirement:
    Change Auditor for SonicWALL

    SonicWALL requirements:
    SonicWALL firewall device running SonicOS firmware version 6.1.1.7 (or higher)

    Firewall requirements:
    At least one SonicWALL firewall that supports AppFlow with the ‘IPFIX with extensions’ external flow reporting format.
    The SonicWALL firewall must support the SonicOS DPI-SSL feature for cloud or SSL-based web site activity auditing.
    The firewall must be configured to send AppFlow data to the Change Auditor agent.

    See the Dell™ Change Auditor for SonicWALL User Guide for more information on configuring and using Change Auditor for SonicWALL.

    Logon Activity auditing requirements

    Change Auditor license requirement:
    Change Auditor for Logon Activity User for auditing server agents

    Note: See Change Auditor agent (Server-side component) for server agent system requirements• Change Auditor for Logon Activity Workstation for auditing workstation agents

    Note: See Change Auditor workstation agent (Optional) for workstation agent system requirements.

    Change Auditor workstation agent (Optional)

    Change Auditor workstation agents can be deployed to capture authentication activity and logon session events from monitored workstations when the Dell™ Change Auditor for Logon Activity Workstation license is applied.

    Note: The recommended installation for domain workstations is from the Deployment tab of the Change Auditor Windows client. However, for non-domain workstations you must manually install the Change Auditor workstation agent. See Workstation Agent Deployment for recommendations and instructions on manually deploying workstation agents.

    Workstation agent hardware:
    Minimum: 1 GHz CPU; 1 GB RAM (x86)/2 GB RAM (x64)
    Recommended: Dual core 2.0 GHz or better; 4 GB RAM or better

    A machine running on the following minimum platforms:
    Windows 7 (Pro, Enterprise and Ultimate)
    Windows 8 and 8.1 (Pro and Enterprise)

    Microsoft’s Windows Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.

    Workstation agent software and configuration:
    x86 or x64 versions of Microsoft’s .NET framework 4.0 (or higher)
    x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
    The agent must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.

    The Change Auditor workstation agent service depends on the following Windows services to be running:
    DNS client
    Remote Procedure Call (RPC)• Windows event log

    Note: Ensure communications over RPC between coordinators and agents.

    IMPORTANT: For workstation log management (such as Get Logs or View Agent Log), the following must be enabled on the workstation:
    Windows Management Instrumentation (WMI) must be enabled in the firewall rule set (usually domain) on the workstation
    Network Discovery and File Sharing must be enabled
    Remote Registry Service must be set to ‘Start Automatically’. By default, this service is stopped and set to ‘Manual’ for Windows 7 and Windows 8/8.1.

    In order to capture Authentication Activity events, you must first enable (that is, set to Success,Failure) the ‘Audit Logon events’ audit policy for all servers and workstations.

    Domain - Group Policy:
    Default Domain Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events

    Workgroup - Local Group Policy:
    Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events

    See the Dell™ Change Auditor for Logon Activity User Guide for more information on using Change Auditor for Logon Activity.

    Change Auditor web client (Optional)

    The Change Auditor web client is an optional component that is installed on the Internet Information Services (IIS) web server to provide users access to Change Auditor data through a standard or mobile web browser.

    Application server running on the following minimum platforms:
    Windows Server 2008 (with IIS 7 or above)
    Windows Server 2012 (with IIS 8 or above)

    Minimum standard browser versions supported:
    Chrome™ 17 (or higher)
    Firefox® 10 (or higher)
    Internet Explorer® 9 (or higher) NOT running in Compatibility View mode
    Safari® 5.x for Mac OS (Windows Safari is not supported)

    See the Dell™ Change Auditor Web Client User Guide for more information on installing, configuring and using the web client.


Documents Documents
Download printable materials to gain insight on how this product can help you simplify IT challenges.
   
Events Events
Peruse webcasts and in-person activities near you to explore the technology behind this product.
   
Community Community
Get the most from this product as you join your peers and Dell experts to access tools and learn best practices.
Dell Software | Contact Us

Contact a Dell Expert

Get help with all your business needs.

Learn More
Dell Software | Support

Software Product Support

Single location for all your product needs.

Learn More
close
 
 
CS05