JIJI AUDIT REPORTER FEATURES JiJi AuditReporter is a web based auditing solution for live monitoring of the enterprise changes and for generating audit reports on each and every event occurring in the enterprise environments such as AD, GPO, Exchange, Fileserver and SharePoint events.
Components The various components available under JiJi AuditReporter are: Component Active Directory Reports Active Directory Changes Account Lockout Analyzer Logon Logoff Audit GPO Reports GPO Changes Exchange Reports Exchange Changes File Server Reports File Server Audit SharePoint Reports Description Audits and reports on Active Directory schema, configuration and domain objects Analyzes the user account lockout reasons for security breach Detailed analysis and reports user logon logoff activity in the workstations Track, compare and audit Group Policy Object Audits and reports Exchange mailboxes, distribution lists, client access and routing Reports the detailed activities on File Server such as file access, copy, move, delete, access failures, etc. Generate reports on the framework of SharePoint Farm such as Farm, Web Applications, Site Collections Index 1. Real-Time Reports 2. Change Reports 3. Innovative Report Builder 4. Active Directory Management 5. Automated Active Directory Management 6. Active Directory Cleaner 7. Smart Alerts 8. GPO Compare 9. Automation of Report Generation 10. Role Based Access Control 11. Support for multiple Domains 12. Archiving and Retrieving Audit Data 13. Support for Compliance audits 14. Support for Governance, Risk, & Compliance (GRC) 15. JiJi AuditReporter for Windows File Server 16. Logon/Logoff Audit Reports Copyright JiJi & XuiS 2014. All rights reserved P a g e 1
Real-Time Reports The real-time reports in JiJi AuditReporter extract and list the most updated current information from Active Directory, GPO, Exchange Server, File Server and SharePoint. The real-time report categories included under Active Directory Reporting are: - User - Contact - Logon - Group - Computer - OU - Container - GPO - Security - Password Policy - Printer - Schema - Trust Relationship - Terminal Services - Service Connection Point - Dynamic Access Control - Central Access Policy The real-time report categories included under GPO are: - All GPO Settings - Security - Administrative Templates - Internet Explorer - Policy-based QoS - Control Panel - Windows Settings(Preferences) - Scripts - Software Installation - GPO Compare - Others The real-time report categories included under Exchange Server are: - General - Mailbox Settings - Mail Flow Settings - Mailbox Feature - Archive Settings Copyright JiJi & XuiS 2014. All rights reserved P a g e 2
- Distribution Group - Message Moderation - Distribution Lists - Global Address Lists The real-time report categories included under SharePoint are: - Farm - Web Application - Site - Library - List - Document - User - Group - Permission - Workflow - SharePoint Usage The real-time report categories included under File Server are: - Effective Permissions security report - File or Folder Permissions (Detailed and Summary view) The real-time report categories included under User Logon Logoff Audit are: - Successful Logon/Logoff Audit - Logon Failure Activity - Logon Activity Summary - Logon Summary based on User - Logon Summary based on Workstation Change Reports Active Directory Auditing can be performed from change reports in JiJi AuditReporter which audit Active Directory Changes. It performs live-monitoring of Active Directory changes, without depending on the native auditing tools. Also supports tracking of Exchange and GPO changes. JiJi AuditReporter provides complete information on each Active Directory Change: - What - Who - When - Where Copyright JiJi & XuiS 2014. All rights reserved P a g e 3
JiJi AuditReporter captures changes in real-time by monitoring both active directory and event logs to provide details about each and every change. If an object undergoes changes from A->B->C->D during the stipulated time, AuditReporter captures all the changes in the background and will provide you the details such as Who, What, When and Where for all changes. AuditReporter is therefore the complete change auditing solution. Snapshotting Method: In general, the Snapshotting method is used to generate the Change Reports. This method tends to use periodic snapshots for active directory and compares the difference between the data stored on the previous snapshot and the present one. As a result, the monitoring tracks changes between the snapshot periods. For an example when an object undergoes change from A-> B->C->D and an administrator chooses to look at the tool once a week, they will only see that the object has changed from A to D, leaving the gap unmonitored. They will be completely unaware of other events happenings between A and D. Failing Scenario: Consider the case shown in the following figure The change report categories included under Active Directory are: All Objects, User, User Logon, Computer, Group, OU, GPO, Password Policy, Others The change report categories included under GPO are: All GPO Changes, Computer Settings Changes, User Settings Changes Copyright JiJi & XuiS 2014. All rights reserved P a g e 4
The change report categories included under Exchange are: All Exchange Changes, Mailbox Changes, Mailbox Policy Changes, Client Access Changes, Receive Connector Changes, Administrative Group Changes, Routing Group Changes Below is the sample AD Change Report - User Changes Innovative Report Builder Using JiJi AuditReporter s web based report builder, you can: - Create your own report - View how the in-built report is created - Clone the in-built report to add additional conditions to create your customized report In the report builder, you can create a report using: - Simple-to-use web based GUI to form conditions (or) - LDAP query (or) - SQL query With report builder you can nest the multiple conditions using AND/OR operators. This report builder is customized according the various features available in JiJi AuditReporter. Below is the report builder for Active Directory Reports module. Using the report builder, you can query against any Active Directory object type and attribute for a value to form your own conditions. Copyright JiJi & XuiS 2014. All rights reserved P a g e 5
Below is the report builder for Active Directory Change reporting module. Here you can build the customized report to display the action/who/where/when. The report builder is designed according to each module (SharePoint, Exchange, GPO, File Server). Active Directory Management From JiJi AuditReporter s Active Directory Reports module, the administrator can perform various Active Directory Management tasks on the following objects: - User - Computer - Group - Restore deleted objects Copyright JiJi & XuiS 2014. All rights reserved P a g e 6
Some of the operations that can be performed on Active Directory User objects by an administrator to manage AD through JiJi AuditReporter are: - Enable - Disable - Unlock - Reset Password - Move - Delete - Add Group Membership - Remove Group Membership Below is the screen-shot of the actions that can be performed across All Users Active Directory Reports. Automated Web based Active Directory Management Administering AD requires multiple skilled resources. For example, managing AD user accounts involves multiple admins and helpdesks in user provisioning, de-provisioning, password management, account management, etc. Using Active Directory Reports scheduling you can automate the administration of AD user accounts. Consider the requirement for automatic unlock of specific locked out AD user accounts, performed every 5 minutes. How you can automate? Just create a schedule and select your options: Report Selection - Locked out Users report. Action Selection - Unlock. Time Period for triggering the action - Every 5 minutes. Below is the screenshot of the actions that can be automated for Locked out Users report. Copyright JiJi & XuiS 2014. All rights reserved P a g e 7
Active Directory Cleaner Regular clean up of Active Directory is a major task. Unwanted accounts kept in AD can represent a security threat. Expired data adds additional load on the server. Inactive users / computers and disabled users result in the accumulation of unrequired data. As time passes, this makes analysis and management more difficult and can severely affect performance. It is vital to keep data in AD clean and relevant. Housekeeping of AD is also important for SOX compliance audits. Using JiJi AuditReporter s scheduler, the administrator can perform various housekeeping AD Cleanup activities such as: - Old users / computers cleanup. - Cleanup automation through schedules. - Generating reports from the desired scope of Active Directory. Users can sort the columns of their interest. - Cleanup actions that are performed can be exported to PDF, CSV and Excel formats and sent as a notification to the administrators. - Helps to perform actions such as delete, move, disable, enable and reset objects in bulk. - Restore deleted users and computer objects in bulk. Some of the sample Active Directory Cleaner activities are: - Disable the inactive computers/users for past N days - Move the disabled computers/users before N days to Disabled Objects OU - Delete the computers/users disabled before N days Below is a screenshot showing selection of Inactive Users for the past 10 days for automated disabling. Copyright JiJi & XuiS 2014. All rights reserved P a g e 8
Smart Alerts JiJi AuditReporter provides a robust solution for notifying each and every audit of Active Directory changes to the email-ids of administrators and responsible users. In general, certain events in your Active Directory domain frequently need to be monitored. For example, in an Active Directory domain, changes such as user creation need to be brought before the attention of administrators and concerned authorities. JiJi AuditReporter ensures that they are kept informed of Active Directory changes, promptly and with the latest information. Below is the screen-shot of an alert creation for AD User Account Lockout, showing the partial list of actions that can be provided in the alert. Copyright JiJi & XuiS 2014. All rights reserved P a g e 9
Below is an example of the alert notification content. GPO Compare JiJi AuditReporter s GPO Compare is a first of its kind in the industry. With the GPO Compare feature you can compare as many GPOs for a detailed comparison report. This screen-shot shows the detailed comparison report for three GPO [TestGPO, Default Domain Policy and Default Domain Controller Policy]. The generated report can also be exported. Automation of Report Generation Using JiJi AuditReporter, administrators can automate generating, sending and storing the specific reports during the scheduled task. The supported file formats for report are HTML, EXCEL, PDF and CSV. The report generation can be scheduled automatically at convenient times. Moreover you can decide which users to notify and configure their email address for periodic sending of specific reports via email. Multiple schedules can be created for different actions, different objects and different time intervals. These schedules can be created on a daily basis, weekly, monthly and even once. How can you use the automated reports? Email Notification : You can trigger email notifications to the concerned authorities regarding their current enterprise status or changes which have occurred in their enterprise for a past time period. For example you can create a schedule to create a monthly report regarding the Locked out Users and send it as a PDF file to a list of email addresses of administartors. This is helpful for administrators to identify and analyze the source from which the invalid logon was attempted, and as a result this helps to strneghten the enterprise security. Copyright JiJi & XuiS 2014. All rights reserved P a g e 10
Storing the Scheduled Reports: In addition to sending the scheduled reports to concerned authorities, you can store the scheduled reports for future reference. You can store the scheduled reports in the following locations: Shared Folder Local Drive Below is the screenshot of storing the scheduled reports to a Shared folder, with option selected for reports to be automatically saved in new folder with name-format Date_Time Role Based Access Control JiJi AuditReporter provides role based access for AD users to manage and track real-time reports and audit information on Active Directory/GPO/Exchange changes, independent of Active Directory permissions. In simple words, JiJi AuditReporter allows multiple users, such as administrators, helpdesk and users, with specific roles, to access the product and manage/view the audit information, depending upon the role (Admin/Normal User) provided by JiJi AuditReporter. For example, if the organization s requirement is to provide the Normal User role to Helpdesk and the Admin role to a particular user, then the Helpdesk will be provided with limited access to just generate and view the reports. On the other hand, the user delegated with the Admin role can manage the complete functionalities of JiJi AuditReporter. Apart from the above functionalities, granular roles can be designed with minute details. For example, your requirement may be to create a role with the following specifications: Permission to view only AD Reports Permission to edit the existing schedules for AD Reports and execute the schedules It is possible to create a role with the above specifications in JiJi AuditReporter. Below is the screenshot of a role with permission to view only AD Reports, edit the existing schedules for AD Reports and execute the schedules. Copyright JiJi & XuiS 2014. All rights reserved P a g e 11
Support for multiple Domains JiJi AuditReporter supports multiple Active Directory domains for auditing and reporting. This is helpful for administrators to audit Active Directory changes, not only in their current domain, but also remote Active Directory domains. For example, if your company is managing the Active Directory domains of your clients, then it simple for you to just add your required AD domains using the corresponding Domain Admin credentials, then start generating reports, audit changes, schedule reports, enable alerts and many more from the central web console. Below is the screenshot of the Server Configuration section of JiJi AuditReporter listing multiple AD domains. Archiving and Retrieving Audit Data JiJi AuditReporter offers a special service for the enterprises to archive the audit data for AD, GPO, Exchange and Logon changes. It also supports the archiving of log details, such as Event Log and Error Log data. Archived data can be retrieved easily using the product s UI. The retrieved audit data helps enterprises to conduct regulatory audits like SOX, HIPAA, ITIL, etc. This data provides the supporting hand for administrators to analyze each and every event which has occurred during a specified day, week or month and remain vigilant. Support is also provided for cleaning the entire or custom archives is available via the product s UI. Manual triggering of data archiving is available or automation at regular time intervals. Once the data is archived, it is independent of the database. Therefore it helps in reducing the database size and improves system performance. If your AuditReporter database has grown very large, but your requirement is to view only the audit details of specific time periods, you can archive the complete audit data by selecting the appropriate date range and cleanup the database. Then later you can restore the audit data for your specific time period from the archive. Below is the screenshot for Archive and Restore of Audit Data. Copyright JiJi & XuiS 2014. All rights reserved P a g e 12
Support for Compliance audits Compliance Management helps Enterprises to manage risks. JiJi AuditReporter helps organizations to generate compliance data, in the form of generating real-time reports on AD/Exchange/GPO/SharePoint and change reports on AD/Exchange/GPO for conducting regulatory audits. It provides extensive reports on almost every change that occurs in your Windows Active Directory. JiJi AuditReporter helps you analyze every change in Active Directory, while ensuring the change confirms with standards set by IT regulatory acts. How JiJi AuditReporter satisfies SOX audit: JiJi AuditReporter supports SOX audit under the following categories: Access Security Risk Using Policy Reports, you can extract information about Default Domain Policy, Resultant Policy and Fine- Grained Password Policy. Also obtain the members for the given Fine Grained Password Policy. You can also identify and remove Groups without members. You can track the AD users in nested security groups and extract their aggregate permissions. You can extract WHO (AD User) has permission on WHAT (file/folder) in the file share using the File Server permission Reports. Data Protection You can track and report the failed log on user attempts. You can track the logon attempts for Inactive Users and Inactive Computers for any malpractices. You can automate the cleanup of Inactive Users / Inactive Computers / Disabled Users from AD. You can track illegal file/folder access using the File Server Audit Reports. Copyright JiJi & XuiS 2014. All rights reserved P a g e 13
Support for Governance, Risk, & Compliance (GRC) Support for Governance JiJi AuditReporter assists IT administrators in finding any discrepancies in systems securities, as well as enforcing predefined company IT policies. AuditReporter empowers administrator to spot who made the change, when, what and much more. With just a few clicks, AuditReporter can be configured to generate audit reports to review the status of your company s AD environment. In simple words, JiJi AuditReporter helps administrators to take prompt action before the situation goes too far. Also, administrators can easily configure the tool to report instantly, on demand. Support for Risk Management Having internal audit and external regulatory audit in mind, JiJi AuditReporter is designed to handle any Active Directory based audit requests. In JiJi AuditReporter, 120+ out-of-the-box reports are available to provide support for conducting inch by inch investigation on changes undergone by any AD object, whether it was done by manual intervention or by services. This tool helps IT administrators ensure continuous compliance and stay on top of potential security loop holes. Support for Compliance JiJi AuditReporter is an excellent AD reporting tool that can furnish reports to satisfy regularity authorities and courts. Using this tool you can access and generate numerous reports which are mainly requested for SOX, HIPAA, ITIL compliances audits. JiJi AuditReporter for Windows File Server Every business requires storage of digital files; the files may be product documentation, knowledge base, Purchase Orders, Receipts, Videos, Executables, etc. In simple words, the concept behind file server is a shared disk access of digital data essential for the staff in an organization, each with a specific business purpose. So it is naturally necessary to protect the integrity of the file server i.e. to identify WHO has WHAT permissions on the file/folder on the file server. Moreover it is critical to track the file/folder access or changes occurring in the file server for forensic analysis. JiJi AuditReporter for Windows File Server Auditing provides a complete solution for File Server permissions and File Server auditing. JiJi AuditReporter captures each and every file/folder access or changes in the File Server. Apart from tracking file/folder access, it helps administrators to extract Ad-hoc reports on file/folder permissions of AD users on file shares. These Ad-hoc reports extract current file / folder access permissions of AD users on the Windows File Server connected to the Active Directory domain. File Server Reporting (Ad-hoc Reports) The file server reports extract the different types of AD Users permissions on file/folder in the file server. These reports play an important role as compliance data in identifying the security risk on file/ folder access for conducting SOX audits. The list of report categories included under File Server Reporting are: Security - Effective Permission of specific AD users on file/folder in specified file share NTFS - NTFS permission of AD users on file/folder in specified file share Copyright JiJi & XuiS 2014. All rights reserved P a g e 14
File Server Access/Change Reporting (Access/Change Reports) The file server audit reports monitor and track the access / changes happening to mission critical files/folders in the Windows File Servers connected to the Active Directory domain. Using these reports you can track both successful and failed accesses on the file/folder, helping to identify the unauthorized resource access for investigating computer crimes. Moreover you can track and audit the changes occurring to the file/folder such as Add, Rename, Copy, Move, Modify and Delete. These audit reports are an essential source of information for conducting SOX audit on data protection. The list of report categories included under File Server Change Reporting are: All File/Folder Access Actions made on File/Folder (Add, Rename, Open, Copy, Move, Modified, Delete) File/Folder Access based on (User, File/Folder name, File Share path, Permission Changes) All File/Folder Access Failures Logon/Logoff Audit Reports An expectation of every organization from their employees is to spend quality time during their working hours rather than quantity time. So it is essential to track user logon/logoff activity during their working hours to ensure their actions are planned and legitimate. Logon/Logoff Audit Reports included in JiJi AuditReporter can be used to track the logon/logoff reports for improving their productivity. How Logon/Logoff Audit Reports track user activity? For a selected time period: You can track WHO has logged on to a selected domain machine (Server/Workstation). How many logon attempts are made by a user? How much time he/she remained logged on for each successful logon? When has the user logged out from the machine after a successful logon? You can track the failed logon attempts by a user. You can generate Attendance Reports of employees based on their logon/logoff activity such as Logon Time, Logon Duration and Logoff Time. Below is the screenshot of an Attendance Report of employees based on their logon/logoff activity, Copyright JiJi & XuiS 2014. All rights reserved P a g e 15
About XuiS XuiS is a British registered private company (number 2845405) which was established in 1993 to service the growing need across Europe for cost effective system management solutions. From day one, XuiS key strength has been the provision of complementary quality professional services to ensure that its customers benefit from the maximum possible return from their investment in XuiS products and services. In 2001, XuiS expanded its portfolio of niche software solutions to include powerful access & identity management products with associated services.. For more information about AuditReporter and other XuiS Solutions: Web: www.auditreporter.co.uk www.xuis.com Email: support@xuis.com Trademarks All trademarks and registered trademarks used in this guide are property of their respective owners. Copyright JiJi & XuiS 2014. All rights reserved P a g e 16