LT Auditor+ for Windows



Similar documents
Pearl Echo Installation Checklist

Partner. Sage Pastel. Accounting. Installation Guide

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

4cast Client Specification and Installation

Keystone 600N5 SERVER and STAND-ALONE INSTALLATION INSTRUCTIONS

NETWRIX EVENT LOG MANAGER

File System Auditor Release Notes

Installation Instruction STATISTICA Enterprise Small Business

Installation Instruction STATISTICA Enterprise Server

NETWRIX WINDOWS SERVER CHANGE REPORTER

Installing the Microsoft Network Driver Interface

AdminToys Suite. Installation & Setup Guide

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

LifeSize Control Installation Guide

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

@ptitude Observer. Installation Manual. Part No Revision G

Trend ScanMail. for Microsoft Exchange. Quick Start Guide

Active Directory Change Notifier Quick Start Guide

How to deploy SurveilStar PC/Internet Monitoring Software

NTP Software File Auditor for Windows Edition

SQL Server 2008 R2 Express Edition Installation Guide

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Kaseya Server Instal ation User Guide June 6, 2008

TANDBERG MANAGEMENT SUITE 10.0

Web Filter. SurfControl Web Filter 5.0 Installation Guide. The World s #1 Web & Filtering Company

Batch Eligibility Long Term Care claims

AVG 8.5 Anti-Virus Network Edition

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

File Auditor for NAS, Net App Edition

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Mobility Services Platform Software Installation Guide

VERITAS Backup Exec TM 10.0 for Windows Servers

Installation / Migration Guide for Windows 2000/2003 Servers

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

KASPERSKY LAB. Kaspersky Administration Kit version 6.0. Administrator s manual

Bosch ReadykeyPRO Unlimited Installation Guide, product version 6.5. This guide is item number DOC , revision 2.029, May 2012.

Getting started. Symantec AntiVirus Business Pack. About Symantec AntiVirus. Where to find information

Installation & Maintenance Guide

Remote Management System

Crystal Reports Installation Guide

Version 3.8. Installation Guide

MRI Commercial. MRI Residential. CRE Manager. Windows Version 4.0 Installation Guide

How To Install Powerpoint 6 On A Windows Server With A Powerpoint 2.5 (Powerpoint) And Powerpoint On A Microsoft Powerpoint 4.5 Powerpoint (Powerpoints) And A Powerpoints 2

Installation Instructions Release Version 15.0 January 30 th, 2011

Dell Statistica Statistica Enterprise Installation Instructions

Quick Start Guide for the SupportDesk Web Interface

Sage 200 Web Time & Expenses Guide

Upgrading to Document Manager 2.7

NTP Software QFS for NAS, NetApp Edition Installation Guide

Network Scanner Tool R3.1. User s Guide Version

Remote Backup Software User Manual V 2.0

Introduction and Overview

SonicWALL Global Management System Installation Guide Entry Edition. Version 2.1

STATISTICA VERSION 11 CONCURRENT NETWORK LICENSE WITH BORROWING INSTALLATION INSTRUCTIONS

PC-Duo Web Console Installation Guide

LT Auditor Windows Assessment SP1 Installation & Configuration Guide

Installation Manual (MSI Version)

Musition 4. Installation & Quick Start

MAS 90. Installation and System Administrator's Guide 4WIN /04

NETWRIX USER ACTIVITY VIDEO REPORTER

WhatsUp Event Archiver v10 and v10.1 Quick Setup Guide

Meridian 1 Meridian 1 Attendant PC LAN Interface Installation Guide

GUARD1 PLUS SE Administrator's Manual

Sage 100 ERP. Installation and System Administrator s Guide

Microsoft SQL 2008 / R2 Configuration Guide

MobileStatus Server Installation and Configuration Guide

HP Client Automation Standard Fast Track guide

Zanibal Plug-in For Microsoft Outlook Installation & User Guide Version 1.1

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Print Audit 6 Network Installation Guide

Getting started. Symantec AntiVirus Corporate Edition 8.1 for Workstations and Network Servers

Desktop Surveillance Help

LepideAuditor Suite for File Server. Installation and Configuration Guide

FAS Asset Accounting FAS CIP Accounting FAS Asset Inventory SQL Server Installation & Administration Guide Version

Universal Management Service 2015

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

National Fire Incident Reporting System (NFIRS 5.0) NFIRS Data Entry/Validation Tool Users Guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

MGC WebCommander Web Server Manager

Symantec Backup Exec 12.5 for Windows Servers. Quick Installation Guide

SplendidCRM Deployment Guide

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Short Manual Intellect v SP2 module Unipos Contents:

Server & Workstation Installation of Client Profiles for Windows

BillQuick Agent 2010 Getting Started Guide

Lepide Software Asset Management

TROUBLESHOOTING GUIDE

Diamond II v2.3 Service Pack 4 Installation Manual

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

Reporting Installation Checklist

Preparing Your Server for an MDsuite Installation

Lepide Software. LepideAuditor for File Server [CONFIGURATION GUIDE] This guide informs How to configure settings for first time usage of the software

MAPILab Reports for Hardware and Software Inventory Installation Guide. Document version 1.0

Embarcadero Performance Center 2.7 Installation Guide

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Transcription:

LT Auditor+ for Windows Quick Start Guide Documentation issue: 5.3 Copyright Blue Lance Inc. Distributed by:

LT Auditor+ for Windows: Overview LT Auditor+ is a security software application that provides surveillance of user activity for Microsoft Windows & Novell NetWare servers and security activity for Microsoft Active Directory/NT Domains & Novell edirectory/nds to produce an enterprise wide audit trail. LT Auditor+ monitors, records, alerts on & reports on key user generated events across your network servers, providing consolidated reporting of security sensitive activity. LT Auditor+ meets the requirements of auditors by providing detailed reporting of who did what, where and when. LT Auditor+ for Windows works in conjunction with event logs and can be configured to monitor Microsoft Windows Active Directory or NT Domain activity, file/directory activity, login activity and system activity on the network in real time. Filters can be configured as per user defined security policies to collect logs for auditing. Audit logs collected on individual servers can be sent to a single server for enterprise wide consolidated reporting. SUPPORTED FEATURES Unobtrusively monitors and audits users, files and system activity Tracks sensitive files and directories using powerful filtering technology Immediate notification of security breaches via optional real time alerts Alerts deliverable via SNMP, SMTP or network broadcasts Granular reporting for faster and easier forensic analysis Monitors all Active Directory/NT Domain changes Supports Windows 2000, server 2003, Windows NT4 & all Active Directory/NT Domain versions on these platforms Powerful event filtering at collection and/or reporting stage Consolidated repository; multi server and cross platform (Windows/NetWare) Supports MS SQL & Oracle databases as well as XML & Pervasive Btrieve Pre defined audit exception reports and customisable options Drill down for more extensive forensic reporting All trademarks contained in this document are the properties of their respective owners.

Concept LT Auditor+ Management Console installed on a Windows server that will be the LT Auditor+ Manager Windows servers are remotely installed from this console Audit policies set on each server cause Windows to write events to the Event Logs Agent Services run on every Windows server collecting from Event Logs in real time (including the LT Auditor+ Manager server) Data collected according to configured filters, via logical Groups defined on the Manager Optional alerts according to configured filters Regular transfer to the Manager server Daily rollup to database Reports run from database using the LT Auditor+ SQL Report Generator Cross platform consolidation from NetWare: Data is transferred via IP from LT Auditor+ NetWare gateway server to LT Auditor+ Windows Manager server

1. Getting Started For further information or if you encounter any problems installing please see the files: README.TXT in the unzip folder or Windows folder of the CD, LT Auditor+ for Microsoft Windows User Guide.PDF (Adobe Acrobat) in the Manuals folder, LTA.CHM (Compiled Help) in the "Program Files\BlueLance, Inc\LT Auditor+ for Windows" folder. For additional information, please try our web support page (www.altman.co.uk/support), which has a Frequently Asked Questions (FAQ) section; if this does not help, contact Altman Technologies (see front sheet for contact details). The software is available as a download from the web or can be supplied on CD. The zip file you are provided with specifies the version number in its name & needs to be unzipped. Please read this entire document before starting the installation. Setting up Windows 2000/NT security policies Windows audit policies determine which security events are logged to the event logs. To set up audit policies: In your Microsoft Windows 2000 environment: a. From the Administrative Tools folder, launch the Local Security Policy (Windows 2000 Professional), Domain Controller Security Policy (Windows 2000 Server) or the Domain Security Policy (Windows 2000 Advanced Server) application. Note: The application you select is determined by the type of Windows 2000 operating system installed on your computer. b. Select Local Policies _Audit Policy and double click a policy name to modify that policy s settings. In your Microsoft Windows NT environment: a. From the Administrative Tools folder, launch the User Manager or Domain User Manager application. b. Select Policies _Audit and modify the policy s settings. You can set up file auditing policies for each directory that you want to audit. For complete instructions on setting file auditing policies, refer to Appendix A of the manual. It is recommended that the user installing LT Auditor+ should have administrative rights (i.e. Administrator equivalent on the Windows server that is Manager & a member of the Domain & Enterprise Administrators groups for remote server installs). System Requirements: Hardware Software 128 MB of RAM or more Windows NT 4 (SP6a) + IE 5.x or above & TCP/IP enabled Windows 2000 (SP3 or above) Windows XP (SP1 or above) Windows 2003 server

300 MB of disk space or more

2. Server Installation Event Log configurations To set up the event log configuration in a Windows environment: 1. Launch the Event Viewer. 2. In Windows 2000, right click an event log folder and select Properties. In Windows NT, select the Log menu and Log Settings. 3. Modify the log properties settings. a. Modify the Maximum log size field based on your storage requirements but not less than 10240KB (Security event log) or 1024KB (all other event logs). b. Modify the When maximum log size is reached section. To ensure that all events are correctly captured, select Overwrite events as needed. Setting up the database LT Auditor+ can be used with any of the following databases: Btrieve or XML Microsoft SQL Server 2000/7.0 Oracle databases 8i or later Btrieve and XML are built in to the product, so no set up is required. To create a database using SQL Server 7.0 or SQL Server 2000, refer to the following guidelines: Create a basic or custom database. Create the structure within the database for LT Auditor+ to run properly. This structure comprises three database components (i) Tables (ii) Views (iii) Stored procedures Assign permissions to the database. Note: For SQL Server installation requirements, refer to the Microsoft website at: http://www.microsoft.com Note: For Oracle installation requirements, refer to the Oracle website at: http://www.oracle.com For further instructions on constructing a SQL or Oracle database, refer to Chapter 3 Constructing a Database in the manual. To install LT Auditor+ on a workstation or server: Installing LT Auditor+ for Windows 1. Insert the LT Auditor+ CD into the CD ROM drive. 2. If Autorun is enabled, select LT Auditor+ for Windows. If Autorun is not enabled, execute Setup.exe from the NT folder on the CD. 3. The Install Wizard displays a welcome message and guides you through the installation process. Remote Server Installation Before you attempt to install LT Auditor+ on a remote server or workstation, you must be connected to the workstation/server and have administrative rights. To install LT Auditor+ remotely

on a workstation or server, select Start _Programs _LT Auditor+ _LT Auditor+ for Windows _Remote Install and the Install Wizard guides you through the installation process. 3. Configuring LT Auditor+ To configure LT Auditor+, launch the LT Auditor+ Management Console. 1. Configure the rollup destination database by performing the following steps: a. Select the Manager Console window. b. Right click on the root and select Settings for [machinename] c. On the General tab, select one of the following databases: i. LT Auditor+ Custom Format (= XML) ii. Pervasive Btrieve iii. Microsoft SQL Server iv. Oracle d. Click the Advanced button to configure database connectivity information such as server name, database name, user, and password. If you select LT Auditor+ Custom Format or Pervasive Btrieve, you can specify the destination file name. 2. On the Event Log List tab add the Event logs to be audited; recommended to use the LT Auditor+ Processed Log for evaluation purposes. Note: An event log will be audited only if there is at least 1 filter statement associated with it. a. Amend Archive, Transfer settings used within the application, SNMP and SMTP settings if required from their respective Tabs. 3. a. Create a filter statement for each event log that needs to be audited. Ensure that RealTime is specified for the log collection type. b. Configure jobs to: i. Transfer audit data ii. Rollup data into the required database Note: For complete details on creating a job policy or filter statement, refer to the manual. 4. Create group(s) and their agent server(s) by performing these steps: a. From the Manager Console window, create a new group. b. Right click the newly created group and create a new agent. Note: An agent can be added to a group only if it is not assigned to another manager. 5. Modify the agent s policy information by performing the following steps: a. From the Manager Console window, right click the group just created and select Policy Information for xxx (where xxx represents the group name). b. Repeat steps 2. & 3. (above) to configure the group s policy information. c. Create a Deployment job to send the group configuration to all member agents.

Assigning authorised users to manage LT Auditor+ By default, the user installing LT Auditor+ is the only user authorised to manage LT Auditor+. To allow other users to manage LT Auditor+ they need to be included into the authorised users list. All authorised users must have the following Windows trustee rights on all servers they manage: Full Control to the folder where LT Auditor+ is installed Full Control to the Windows directory (usually C:\WinNT). For complete instructions on using LT Auditor+ for Windows, refer to the manual. Uninstalling Uninstalling the software from the Manager server desktop does not automatically uninstall the agent servers. To do this, first free the agents by deleting them from within the group in the Manager Console, then uninstall the agent server(s) from their Control Panel, Add/Remove programs. Finally, run uninstall for the LT Auditor+ Windows software from the Control Panel, Add/Remove programs on the Manager server. Registering LT Auditor+ comes with a fully functional, 30 day evaluation licence. Before the end of this evaluation, if you wish to buy, we will supply you with a serial number to turn the evaluation into a full licensed version, enabling you to keep all the data & filters you have collected and customised. Updating versions There is no need to uninstall first. New versions can safely be installed over previous versions as long as you are within maintenance. You need to run Setup on a workstation, say Yes when it detects that a version of LT Auditor+ Windows is already installed and then use Patch job from the Management Console to update all agent servers. For more detailed instructions on how to upgrade, please see the Upgrade Start_Up document that accompanies each new version. Testing To test everything is running correctly, we recommend you set up filters & jobs as above, and then leave the agent services collecting for a day. You should then be able to report from the data collected using the (separately installed) LT Auditor+ Report Generator.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information