Securing the Infrastructure and company domain is one step and auditing is another step that works side by side to close any gap. Unfortunately some system admin or security admins invest time, effort and money in several solutions and devices to protect their network under the assumption that these devices or software are working out of the box with no need to continuously monitor and audit them.
- The full auditor suite can be downloaded from Lepide website, the trial version runs for 15 days with all needed features.
- The Suite was installed on a Windows 10 (1703) machine.
- SQL 2016 Express was installed and a DB for Lepide was created (Installed SQL Management Studio).
- Group Policy Management console need to be installed to collect/get Group policy data.
- After downloading the LepideAuditor Suite, you get a Zip folder with 4 files as shown below
- I picked the LepideAuditor Suite and installed the EXE in this folder.
- It took me another 3 or 4 clicks (Next) and the suite was installed. The overall process is around 7-8 minutes.
- After Installation and opening the Lepide Icon you get prompted to either use the logged in account or another account.
- The Next screen is to start adding the components that you would like to Audit
- For the trial purpose I picked the AD, Exchange, GP……..etc components which will give you great details and deep auditing on your domain, Exchange, Usernames…..etc since everything is tied to the Active directory. For the configuration type you get the Express option and the advanced option, as the name implies the express is the quicker way to setup your domain configuration with default values and you have the flexibility to change it later from the Lepide settings. I picked the Express option to get my system up and running in few clicks.
- Enter your domain credentials and pick the option of Auditing with or Without agent. I tried both and i can’t see major difference regarding the audit data. For large Organizations with huge data activity the agent option can provide better option for data compression and reporting.
- I picked all options on the next configuration screen, the wizard already listed all Domain controllers, Exchange servers in the environment and Group policy servers with health monitoring and change Auditing enabled.
- The next step is to configure the SQL DB, I already installed SQL express on my PC and I created a DB named Lepide using the SQL Management studio. I entered my local machine details and picked the DB I created earlier.
- Finish and that’s it, you have a running Auditing system for your AD, Exchange, Group Policy, User modifications in 5 clicks. LepideAuditor Suite will restart and you will get the dashboard/360view and it start pulling data within few minutes.
- Go to Settings – Component Management and add component (File Server)
- In the File server Console Settings, click on the + Icon to add the Windows File server
- You need to enter the Server IP, Domain and User credentials.
- Enter the SQL settings. You can use an existing DB or create a new one to host your File Server Audit changes.Tracking.
- The Wizard will install the agent and then Finish.
- The File Server Reports in the Audit Reports are very detailed including file modifications, deletions, permissions…….etc
The first thing to test the FileServer Audit was to delete a test file from one of the shares and check the Audit Reports (File and Folder Deletion) for the File Server and it was clearly shown with all details on which file, who deleted, when……….etc