Change Auditor for Lync

Strengthen policy enforcement with proactive Lync management

Get complete visibility into how your communication environment is set up and enforced with a single solution. Change Auditor for Lync audits, alerts and reports on administrator activity, security and configuration changes in real time. With its enterprise-wide visibility, it allows you to see how Lync is configured and enforced so you can take a proactive management approach. By doing so, you can:

  • Better enforce communication policies
  • Eliminate mistakes or violations
  • Reduce downtime
  • Strengthen compliance and security

Features

  • At-a-glance display - Tracks critical Lync changes made by administrators including adding, deleting or modifying user accounts, backend configurations and security settings. Provides detailed information on who, what, when, where and from which workstation for change events, plus original and current values for all changes.
  • Real-time alerts on the move - Sends critical change and pattern alerts to email and mobile devices to prompt immediate action, enabling you to respond faster to threats even when you’re off-site.
  • Related searches - Provides instant, one-click access to all information on the change you're viewing and all related events, eliminating guesswork and unknown security concerns.
  • Best practice reporting - Provides system visibility with comprehensive reports for best practices, such as infrastructure updates, administrator changes and user configurations.
  • Role-based access - Configures access so auditors can run searches and reports without making any configuration changes to the application or having to involve the administrator.
  • Event timeline - Enables the viewing, highlighting and filtering of change events and their relation to other events over time, resulting in better understanding of trends and events.
  • Web-based access with dashboard reporting - Enables searches from anywhere using a web browser, and creates targeted dashboard reports that provide upper management and auditors with access to the information they need quickly.

Specifications

Change Auditor 6.7 System requirements

Change Auditor is made up of the following components, all which have specific system requirements

  • Change Auditor coordinator(s)
  • Change Auditor client
  • Change Auditor agents
  • Change Auditor workstation agents
  • Microsoft SQL Server database
  • Change Auditor web client

Change Auditor coordinator (Server-side component)

The Change Auditor coordinator is responsible for fulfilling client and agent requests.

Coordinator requirements

RequirementDetails
Processor

Intel® Core™ i7 equivalent or better

MemoryMinimum: 8 GB RAM or better

Recommended: 32 GB RAM or better

SQL Server

SQL databases supported up to the following versions:

  • Microsoft® SQL Server® 2008 SP4
  • Microsoft SQL Server 2008 R2 SP3
  • Microsoft SQL Server 2012 SP2
  • Microsoft SQL Server 2014 SP1

NOTE: Change Auditor does not support SQL high availability technology other than clusters.

Operating system

Installation platforms supported up to the following versions:

  • Windows Server 2003 SP2
  • Windows Server 2003 R2 SP2
  • Windows Server 2008 SP2
  • Windows Server 2008 R2 SP1
  • Windows Server 2012 (Essentials, Standard and Datacenter)
  • Windows Server 2012 R2 (Essentials, Standard and Datacenter)

NOTE: Microsoft Windows Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.)
NOTE: Microsoft’s Windows Small Business Server 2003, 2008 and 2011 are NOT supported.
NOTE: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.
Coordinator software and configurationFor the best performance, Dell strongly recommends:
  • Install the Change Auditor coordinator on a dedicated member server.
  • The Change Auditor database should be configured on a separate, dedicated SQL server instance.

IMPORTANT: Do NOT pre-allocate a fixed size for the Change Auditor database.

  • The coordinator must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.
  • UDP port 389 must be open when the coordinator first starts on initial installs and upgrades. If it is not, the coordinator will not start.
  • x86 or x64 versions of Microsoft’s .NET 4.0.3 (or higher)
  • x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
  • x86 or x64 versions of Microsoft SQLXML 4.0
Coordinator footprint
  • Estimated hard disk space used: 1 GB
  • Coordinator RAM usage is highly dependent on the environment, number of agent connections, and event volume.
  • Estimated database size will vary depending on the number of agents deployed and audited events captured.

Coordinator minimum permissions

AccountMinimum permissions
User account performing the coordinator installationThe user account that will be performing the coordinator installation needs to have the appropriate permissions to perform the following tasks on the target server:
  • Windows permissions to create and modify registry values.
  • Windows administrative permissions to install software and stop/start services.

NOTE: The user account performing the installation, must be a member of the Domain Admins group in the domain where the coordinator is being installed.

Service account running the coordinator service (LocalSystem by default)The service account running the coordinator service must have the following permissions:
  • Active Directory® permissions to create and modify SCP (Service Connection Point) objects under the computer object that will be running the Change Auditor coordinator.
  • Local Administrator permissions on the coordinator server.

NOTE:If you are running the coordinator under a service account (instead of LocalSystem), define a Manual connection profile where you can specify the IP address of the server hosting the Change Auditor coordinator. You can specify and select connection profiles whenever you launch the Change Auditor client. See the Dell™ Change Auditor User Guide or online help for more information on defining and selecting a connection profile.

SQL Server database access account specified during installation

An account must be created to be used by the coordinator service on an ongoing basis for access to the SQL Server database. This account must have a SQL Login and be assigned the following SQL permissions:

  • Must be assigned the db_owner role on the Change Auditor database
  • Must be assigned the SQL Server role of dbcreator

Change Auditor client (Client-side component)

The Change Auditor client connects to a Change Auditor coordinator and queries the audited event database for the desired results.

Client requirements

RequirementDetails
Processor

Intel® Core™ i5 equivalent or better

MemoryMinimum: 4 GB RAM or better

Recommended: 8 GB RAM or better

Operating systemA machine running on the following minimum platforms:
  • Windows Server® 2003 SP2
  • Windows Server 2003 R2 SP2
  • Windows Server 2008 SP2
  • Windows Server 2008 R2 SP1
  • Windows Server 2012 (Essentials, Standard and Datacenter)
  • Windows Server 2012 R2 (Essentials, Standard and Datacenter)
  • Windows® 7 (Pro, Enterprise and Ultimate)
  • Windows 8 and 8.1 (Pro and Enterprise)

NOTE: Microsoft® Data Access Components (MDAC) must be enabled. MDAC is part of the operating system and is enabled by default.
NOTE: Microsoft’s Windows Small Business Server 2003, 2008 and 2011 are NOT supported.
NOTE: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.

  • Screen resolution of at least 1024 x 768 with at least 256 colors
Client software and configuration
  • x86 or x64 versions of Microsoft’s .NET framework 4.0 (or higher)
  • x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
  • x86 or x64 versions of Microsoft SQLXML 4.0
Client footprint
  • Estimated hard disk space used: 140 MB
  • Estimated physical memory RAM) used: 150 - 500 MB

NOTE: Client RAM usage is dependent on the number of tabs you have open.

NOTE: Queries that return a lot of data can cause the client to use as much memory as required to store the results in RAM.

Change Auditor agent (Server-side component)

A Change Auditor agent can be deployed to domain controllers (DCs) and member servers to monitor the configuration changes made on these servers. These agents will then report these audit events to the Change Auditor coordinator which will insert the event details into the Change Auditor database.

Agent requirements

RequirementDetails
Processor

Intel® Core™ i5 equivalent or better

MemoryMinimum: 4 GB RAM or better

Recommended: 8 GB RAM or better

Operating system

Installation platforms supported up to the following versions:

  • Windows® Server® 2003 SP2
  • Windows Server 2003 R2 SP2
  • Windows Server 2008 SP2

NOTE: Windows Server 2008 Core is no longer supported because it does not support the required .NET 4.0 framework for Change Auditor 6.5 (and above) agents.

  • Windows Server 2008 R2 SP1
  • Windows Server 2008 R2 Core SP1
  • Windows Server 2012 (Essentials, Standard and Datacenter)
  • Windows Server 2012 Core (Essentials, Standard and Datacenter)
  • Windows Server 2012 R2 (Essentials, Standard and Datacenter)
  • Windows Server 2012 R2 Core (Essentials, Standard and Datacenter)

NOTE: Microsoft Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and is enabled by default.)

NOTE: Microsoft’s Windows Small Business Server 2003, 2008 and 2011 are NOT supported.

NOTE: Microsoft’s Windows Server 2012 Foundation edition is NOT supported.

NOTE: Change Auditor agent requires File and Printer Sharing on Windows Server 2008. By default, File and Printer sharing is not enabled on Windows Server 2008 installations. In order to remotely deploy agents to Windows Server 2008, enable the File and Printer sharing (SMB-in) Inbound rule in the Windows Firewall (Port 445) on the target host machine.

The File and Printer Sharing for Microsoft Networks service on the network adapter must also be enabled for remote deployment.

NOTE: Auditing of some Exchange events require the latest Exchange service pack to be installed.  Please refer to the Dell™ Change Auditor for Exchange Event Reference Guide for the minimum service packs required for Exchange events.

Agent software and configuration
  • x86 or x64 versions of Microsoft’s .NET framework 4.0 (or higher)
  • x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
  • x86 or x64 versions of Microsoft SQLXML 4.0
  • The agent must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.
  • The Change Auditor agent service depends on the following Windows services to be running:
    • DNS client
    • Remote Procedure Call (RPC)
    • Windows event log

NOTE: Ensure communication over RPC between coordinators and agents.

Agent footprint
  • Estimated hard disk space used: 120 MB + local database size + agent logs

NOTE: Change Auditor agent log retention and content is configurable. That is, you can define how many files to retain and the level of logging.

  • Estimated physical memory (RAM) used: 60 - 100 MB

NOTE: Agent RAM usage is dependent on the auditing modules you have licensed.

Agent installation incompatibilities

Agent installation is NOT compatible with the following applications:

  • Pre-5.6 versions of Change Auditor
  • Dell SecurityManager
  • Dell InTrust plug-ins
    • InTrust for Active Directory
    • InTrust for ADAM
    • InTrust for File Access
    • InTrust for Exchange
  • Dell Active Administrator
  • Dell DirectoryLockdown
  • EMC EmailXtender®

Agent minimum permissions

AccountPermissions
Permissions required for deploying agents

The Agent Deployment wizard runs under the security context of the currently logged on user account. Therefore, you must have administrative authority to install software on every target machine. This means you must be a Domain Admin in every domain that contains servers that you are targeting for installation.

If you are targeting domain controllers only, membership in the Enterprise Admins group will grant you authority to all domain controllers in the forest.

In addition, all users responsible for deploying Change Auditor agents must also be a member of the ChangeAuditor Administrators group in the specified Change Auditor installation. If you are not a member of this security group for this installation, you will get an access denied error.

System account running on agentChange Auditor agents must run as localsystem.

Exchange Servers auditing requirements

ComponentSupported versions
License requiredChange Auditor for Exchange
Exchange Server

Exchange servers supported up to the following versions:

Windows Server® 2003 SP2 and 2003 R2:

  • Microsoft Exchange Server 2007 x64 SP3

Windows Server 2008 SP2:

  • Microsoft Exchange Server 2007 x64 SP3
  • Microsoft Exchange Server 2010 SP3

Windows Server 2008 R2 SP1:

  • Microsoft Exchange Server 2007 x64 SP3
  • Microsoft Exchange Server 2010 SP3
  • Microsoft Exchange Server 2013 CU9

Windows Server 2012:

  • Microsoft Exchange Server 2010 SP3
  • Microsoft Exchange Server 2013 CU9

Windows Server 2012 R2:

  • Microsoft Exchange Server 2013 CU9

NOTE: MAPI over HTTP protocol is supported only on Microsoft Exchange Server 2013 CU8 and higher.

SQL Server auditing requirements

ComponentSupported versions
License requiredChange Auditor for SQL Server
SQL Server

SQL Servers supported up to the following versions:

  • Microsoft SQL Server 2005 SP4
  • Microsoft SQL Server 2008 SP4
  • Microsoft SQL Server 2008 R2 SP3
  • Microsoft SQL Server 2012 SP2
  • Microsoft SQL Server 2014 SP1
SQL Server Data Level Auditing

SQL Servers supported up to the following versions:

  • Microsoft SQL Server 2008 SP4
  • Microsoft SQL Server 2008 R2 SP3
  • Microsoft SQL Server 2012 SP2
  • Microsoft SQL Server 2014 SP1

NOTE: SQL Server Clusters are not supported.

Dell One Identity Authentication Services auditing requirements

ComponentSupported versions
License requiredChange Auditor for Authentication Services
Dell One Identity Authentication Services

Dell One Identity Authentication Services latest supported version:

  • Dell One Identity Authentication Services 4.1

Dell One Identity Defender auditing requirements

ComponentSupported versions
License requiredChange Auditor for Defender
Dell One Identity Defender

Dell One Identity Defender latest supported version:

  • Dell One Identity Defender 5.7

EMC auditing requirements

ComponentSupported versions
License requiredChange Auditor for EMC
EMC Celerra®/VNX®
  • EMC Common Event Enabler (CEE) Framework 6.7.0
  • EMC Celerra® Event Enabler (CEE) Framework 4.6.7
  • EMC VNX® Event Enabler (VEE) Framework 4.8.5 (through 5.1)
  • Microsoft .NET Framework 3.5 is required by the EMC Common Event Enabler (CEE) Framework

NOTE: VNXe® is NOT supported. VNXe does not support CEPA at this time and therefore Change Auditor for EMC will NOT run successfully in VNXe environments.

EMC Isilon
  • CEE 6.3.1 to 6.7.0
  • Change Auditor for EMC 6.5 (or higher)
  • Microsoft .NET Framework 3.5 is required by the EMC Common Event Enabler (CEE) Framework
NOTE: Requires manual configuration to audit Isilon file servers.
For more informationSee the Dell™ Change Auditor for EMC® User Guide for detailed information on installing, configuring and using Change Auditor for EMC.

NetApp® auditing requirements

ComponentSupported versions
License requiredChange Auditor for NetApp
NetApp Filer
  • NetApp Filer with Data ONTAP® 7.2 to 8.3
  • Cluster mode is supported as of version 8.2.1
For more informationSee the Dell™ Change Auditor for NetApp® User Guide for detailed information on installing, configuring and using Change Auditor for NetApp.

SharePoint® auditing requirements

ComponentSupported versions
License requiredChange Auditor for SharePoint
SharePoint
  • SharePoint Server 2010 and 2013
  • SharePoint Foundation 2010 and 2013
For more informationSee the Dell™ Change Auditor for SharePoint® User Guide for detailed information on installing, configuring and using Change Auditor for SharePoint.

VMware® auditing requirements

ComponentSupported versions
License requiredChange Auditor (any license)

VMWare

  • ESX/ESXi 5.0 to 6.0
  • vCenter™ 5.0 to 6.0

Exchange Online/Office 365 auditing requirements

ComponentSupported versions
License requiredChange Auditor for Exchange 6.5 (or higher)
Office 365 Exchange OnlineOffice 365 platforms supported and required permissions:
  • Office 365 Small Business
    Minimum permissions: The user account configured for Change Auditor auditing must be assigned the Administrator role for Office 365 Small Business. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).
  • Office 365 Small Business Premium
    Minimum permissions: The user account configured for Change Auditor auditing must be assigned the Administrator role for Office 365 Small Business Premium. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).
  • Office 365 Midsize Business
    Minimum permissions: The user account configured for Change Auditor auditing must be assigned the Global Administrator role for Office 365 Midsize Business. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).
  • Office 365 Enterprise
    Minimum permissions: The user account configured for Change Auditor auditing must be assigned the Global Administrator role for Office 365 Enterprise. The account must also be licensed for Exchange Online (other Office 365 licenses are not required).
For more informationSee the Dell™ Change Auditor for Exchange User Guide for more information on Exchange Online auditing.

Logon Activity auditing requirements

ComponentSupported versions
License required
  • Change Auditor for Logon Activity User for auditing server agents

NOTE: See Change Auditor agent (Server-side component) for server agent system requirements

  • Change Auditor for Logon Activity Workstation for auditing workstation agents

NOTE: See Change Auditor workstation agent (Optional) for workstation agent system requirements.

Lync auditing requirements

ComponentSupported versions
License requiredChange Auditor (any license)
LyncMicrosoft Lync version 2010 and 2013

Change Auditor workstation agent (optional component)

Change Auditor workstation agents can be deployed to capture authentication activity and logon session events from monitored workstations when the Dell™ Change Auditor for Logon Activity Workstation license is applied and cloud storage information (Box, DropBox, and OneDrive) when the Dell Change Auditor for Cloud Storage license is applied.

NOTE:The recommended installation for domain workstations is from the Deployment tab of the Change Auditor Windows client. However, for non-domain workstations you must manually install the Change Auditor workstation agent. See Workstation Agent Deployment for recommendations and instructions on manually deploying workstation agents.

Workstation agent requirements

RequirementDetails
Processor

Intel® Core™ i5 equivalent or better

Memory:Minimum: 1 GB RAM (x86)/2 GB RAM (x64) or better

Recommended:4 GB RAM or better

Operating systemInstallation platforms supported up to the following versions:
  • Windows 7 (Pro, Enterprise and Ultimate)
  • Windows 8 and 8.1 (Pro and Enterprise)
NOTE: Workstation agents are not supported on Windows 8.1 for cloud storage monitoring.
NOTE: Microsoft® Windows Data Access Components (MDAC) must be enabled. (MDAC is part of the operating system and enabled by default.)
Agent software and configuration
  • x86 or x64 versions of Microsoft’s .NET framework 4.0 (or higher)
  • x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
  • x86 or x64 versions of Microsoft SQLXML 4.0
  • The agent must have LDAP and GC connectivity to all domain controllers in the local domain and the forest root domain.

The Change Auditor workstation agent service depends on the following Windows services to be running:

  • DNS client
  • Remote Procedure Call (RPC)
  • Windows event log

NOTE: Ensure communications over RPC between coordinators and agents.

IMPORTANT: For workstation log management (such as Get Logs or View Agent Log), the following must be enabled on the workstation:

  • Windows Management Instrumentation (WMI) must be enabled in the firewall rule set (usually domain) on the workstation
  • Network Discovery and File Sharing must be enabled
  • Remote Registry Service must be set to ‘Start Automatically’. By default, this service is stopped and set to ‘Manual’ for Windows 7 and Windows 8/8.1.

To capture Authentication Activity events, you must first enable (enable Success and Failure) the ‘Audit Logon events’ audit policy for all servers and workstations.

  • Domain - Group Policy:
    • Default Domain Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events
  • Workgroup - Local Group Policy:
    • Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events
For more informationSee the Dell™ Change Auditor for Logon Activity User Guide for more information on using Change Auditor for Logon Activity and the Dell™ Change Auditor for Cloud Storage Event Reference Guide for more information on using Change Auditor for Cloud Storage.

Change Auditor web client (optional component)

The Change Auditor web client is an optional component that is installed on the Internet Information Services (IIS) web server to provide users access to Change Auditor through a standard or mobile web browser.

RequirementDetails
Processor

Intel® Core™ i7 equivalent or better

Memory

Minimum: 1 GB RAM (x86)/2 GB RAM (x64) or better

Recommended: 4 GB RAM or better
Operating System

Installation platforms supported up to the following versions:

  • Windows Server 2008 SP2 with Application Server and Web Server roles
  • Windows Server 2008 R2 SP1 with Application Server and Web Server roles
  • Windows Server 2012 (Standard, Essentials and Datacenter) with Application Server and Web Server roles
  • Windows Server 2012 R2 (Standard, Essentials and Datacenter) with Application Server and Web Server roles
Software and configuration
  • x86 or x64 versions of Microsoft’s .NET 4.0 or higher
  • x86 or x64 versions of Microsoft XML Parser (MSXML) 6.0
  • x86 or x64 versions of Microsoft SQLXML 4.0
Browsers

Browsers supported up to the following versions:

  • Chrome™ 42
  • Firefox® 37
  • Internet Explorer® 9, 10, or 11 NOT running in Compatibility View mode
  • Safari® 8.0.5 for Mac® OS (Windows® Safari is not supported)
For more informationSee the Dell™ Change Auditor Web Client User Guide for more information on installing, configuring and using the web client.