Hello Everyone,
This post is to share knowledge
on new tool which is used for auditing different components in organisation like Active Directory, SQL Server, Exchange Server and SharePoint.
When I talk about Audit then it is important to understand what is
Auditing & why it is required in an organisation?
Audit is a method to examine
& evaluate the process or function or tool in an organisation to ensure its
compliance requirements. It can be internal or external by 3rd party.
As defined in ISO
19011:2011—Guidelines for auditing management systems, an audit is a
“systematic, independent and documented process for obtaining audit evidence
[records, statements of fact or other information which are relevant and
verifiable] and evaluating it objectively to determine the extent to which the
audit criteria [set of policies, procedures or requirements] are fulfilled.”
Auditing is not only related to process
or function but it is used to examine & evaluate tools like Domain, SQL
Server and SharePoint etc.
You
might think why organisation need to audit tools? What benefits you will get
with the auditing? How to audit tools?
Let’s take an example for Domain.
In large environments, there are “n” no of objects changes in Active Directory
on daily basis. It’s not easy to track who did what changes or update in AD. If
any employee leaves the organisation then how to track whether all
objects/access is deleted or disabled in AD.
For monitoring/tracking AD, there
must be any auditing tool which helps in generating report with all security
& compliance challenges.
Similarly, Group Policy is
another example where every day new policies are created & deployed or
changes done in existing policies. Who created policy, for what purpose policy
is created, when it is created & deployed, it’s not easy to track all these
details manually in large environments. Also, if you need to roll back any
changes done in policy is not possible until you have backup of policy. If you
don’t have any backup then how will you roll back policy? These are the
critical challenges which may have big compliance issue in any organisation.
To overcome such challenges, I
will introduce you to a new Tool known as LEPIDEAUDITOR SUITE which Audit
multiple products which includes:
·
Domain (AD, Group Policies, User Password
Expiration Reminder etc)
·
Exchange Server
·
SQL Server
·
SharePoint Server
·
File Server
Let’s start understanding
requirements & capabilities of LepideAuditor Tool…
SYSTEM REQUIREMENTS:
REQUIRED ACCESS RIGHTS:
REQUIRED PORTS:
OTHER REQUIREMENTS FOR GROUP POLICIES OBJECTS:
OPTIONAL CONFIGURATION:
- You can install SQL Server remotely or locally
where you install LepideAuditor software.
These are the basic requirements for the software.
Now let’s start with configuring Prerequisites &
deployment process for LepideAuditor Software.
LAB ENVIRONMENT DETAILS:
- 1 Active Directory VM – Windows Server 2012 R2
- 1 LepideAuditor VM – Windows Server 2012 R2 & SQL Server 2012 SP1
- LepideAuditor VM is joined with Domain
- GPMC Console is installed & configured locally on LepideAuditor Machine.
- Default Port for SQL Server is 1433.
PREREQUISITES:
Prerequisites on Domain Machine:
Login to Primary Domain Machine, Open RUN Command (Window
Key + R), type “gpmc.msc” & click OK:
Expand Group Policy Management -> Domain->
DOMAIN_NAME-> Domain Controllers & Click on Default Domain Controller:
Right click on Default Domain Controller &
Click Edit:
Group Policy Management Editor Console will
open. Expand Computer Configuration->
Policies-> Windows Settings-> Security Settings-> Local Policies &
Click on Security Options:
Right Click on “Audit: Force Audit Policy
subcategory settings (Windows Vista or Later) to override audit policy category
settings” & Click on Edit:
Make Sure Define this Policy setting is
unchecked:
Close the tab.
Now Click on Event Log:
Right Click on “Maximum security log size” &
click on Properties:
Enable this policy & set the
size to 1048576 kilobytes:
Close the tab once done.
Now Right Click on “Retention method for security
log” & click on Properties:
Enable this policy, Select “Overwrite events as
needed”, Click Apply & OK:
Open Command Prompt as an administrator &
update group policies using “gpupdate /force”:
All prerequisites are completed
on Domain Machine.
Prerequisites on LepideAuditor Machine:
Install GPMC on LepideAuditor Machine:
Open Add Roles & Features in Server Manager, Select
Feature “Group Policy Management” & Install:
Click Install:
Once done, open Run Window, type “GPMC.msc” & click OK:
GPMC Console is installed on LepideAuditor Machine:
Install SQL Server 2012 SP1 on machine:
SQL Server installation is shown in my other posts. Same
steps are followed except 2 point:
- Choose Default Instance instead of Named instance.
- Add All Accounts which are used for LepideAuditor software on Page: Database Engine Configuration.
Rest all steps are same.
Refer below link for reference:
Once all prerequisites are completed, you can proceed to
install LepideAuditor Software.
LEPIDEAUDITOR SOFTWARE INSTALLATION:
You can download LepideAuditor Suite from below link:
Once You download the setup, extract it:
Click Extract All:
Click Extract:
Once file is extracted, right click on it & run as
administrator:
Click Next:
Accept License Terms & Click Next:
Click Next:
Click Next:
Click Next:
Click Install:
Once Done, click finish:
Now, You have to provide domain credential which is used to
install LepideAuditor:
If account is not configured for Service LogOn rights then
it will ask to configure the same so Click Yes:
Once account right is configured, click OK:
Now, it will ask which component You want to Audit. I will show
You for Domain (complete) so I have selected 1st option:
Now, there are 2 configuration types:
- Express Configuration – This includes all default settings
- Advance Configuration – Here you can select individually all configuration settings which You want to Audit.
I have used default settings:
Now provide Primary Domain Details (IP Address, Credentials
& Auditing method):
Here accept all required configuration changes for auditing:
NOTE: There are
no such changes done by LepideAuditor software which will have any impact on
Your Domain by any means. Only required changes will be done (if any) which
will be used for collecting required Auditing information’s from Domain.
Create new Group policy object by any name as LepideAuditor
will not accept to do any changes in default domain controller policy:
So, Provide Domain IP & Type new GPO Name:
Here, it will ask you to select Domain Components which You
want to be audited by LepideAuditor. You can click on tool icon () in front of component to configure required options as well:
Click on ICON & Configure each policies 1 by 1 as shown
below:
Schedule Group Policy Backup settings based on Daily, Weekly
or Monthly basis.
Schedule Backup as per Your requirement & Click OK:
Configure Active Directory Cleanup Settings where You have
options to set notification & cleanup settings for inactive accounts or those
who left the organization:
Configure User Password Expiration Reminder Settings:
Once all required settings are configured, Click Next &
Check if IP Settings are correct for Domain (If not then change else click
next):
Here You have to provide LepideAuditor Database details
where all log inventories will be stored:
NOTE: Do check
credentials by click Test Connection.
Once all settings are configured, It will ask to restart the
software so Click Yes:
Below is the default console for LEPIDEAUTOR Software:
NOTE: By default, LepideAuditor,
provide you free trail for 15 Days. Later, you have to buy License from LepideAuditor.
EXPLORE CAPABILITIES:
RADAR:
Default Dashboard view where you have 360 views or Domain
level view to see status update on all changes done based on customer time
period or particular day, week or month. This view gives you complete
information for AD, Exchange, and SharePoint or DB level.
Below
are other dashboard views available:
- Changes by Criticality
- All Changes by Source
- Top Admins
- Failed Logon trends
- Top modified classes
- User with Soon to Expire Password
- Actions Performed by Active Directory Cleaner
- All Changes Trend
- Resource Utilization on Server(s)
- Live Feed
If You click on any Changes
Dashboard section, It will open Audit report view where You can see report for
changes done based on required inputs like Component Name, Server Name, Object
Name, Who, When etc.
You can also see Compliance
Reports where You have “n” no of reports to check compliance status like
Password Policy modified, User Expiry Modified etc:
Click on Permission Analysis Tab
to view all historical permission changes on File Server, Active Directory or
Exchange Server:
If you want to restore previous
back for Active Directory Objects or Group Policy then LepideAuditor provide
this capability as well. Click on Restore Tab and provide required details to
restore to previous state:
HEALTH MONITORING:
Here you can see complete health status of all
servers which includes:
- Server Availability
- CPU & Memory Usage
- Active Directory Services
- ESENT Database Performance
- Active Directory Web Service
- DFSR Replicated Folders
- Replication Status
- LDAP Status
- Address Book Status
- Directory Service Status
- NTDS Performance Counters
- DNS Performance Counters
- And so on…
ALERTS:
Here you can view auditing alerts & health monitoring
alerts for all AD, DB, Exchange Server, Group Policies and SharePoint:
SETTINGS:
Configure settings as per your requirements:
LICENSE INFORMATION:
Here you can see license information. If you
don’t have license key then click on Request License button. This will download
a License Request File which you have to email to LepideAuditor Team (sales@lepide.com). Lepide Sale Team will generate key & share with you on email.
Once key is available, click on Activate License & provide license key:
CONCLUSION:
LepideAuditor is an excellent tool which helps
administrators to track all reports for AD, SQL DB, SharePoint, Exchange Server
& Group Policies. This tool gives not only audit reports but compliance
reports as well. Key capabilities include auditing, compliance reports, health
monitoring, alerts and notifications, backup & restore functionality.
REFERENCE LINK:
Share Your feedback or any query!!!
Happy Reading!!!
If You like my post then follow my updates:
Join my Facebook group for updates on trending technologies/technical references/issues etc: