FAQs - LepideAuditor

Auditing configuration changes is not an option but a necessity considering the security risk and repercussions of internal and external compliance failure. Change auditing has always been a challenge for the IT administrators as manual auditing is very difficult, time-consuming and inefficient.

Lepide Auditor Suite helps you minimize security risk arising out of unauthorized changes and helps you to stay compliant with regulations and compliance standards. It offers a centralized platform to track, collect and report on configurational changes to Active Directory, Group Policy objects and Exchange Server.

Lepide Auditor Suite helps you to achieve a number of objectives:

  • It ensures complete change auditing and control with command over configurational changes right after installation.
  • It's a futuristic tool that never lets you miss a thing which is critical to network security.
  • Track object changes, map changed states and roll back changes through a single click to ensure control.
  • Stay compliant to compliance standards such as SOX, HIPAA, PCI, DSS, GLBA, FISMA etc.
  • Be watchful of all changes happening in the IT environment through real-time alerts, scheduled reports, and Live feed.
  • LepideAuditor provides a composite platform to audit different elements of the IT environment. It offers intuitive interface that makes it a readily acceptable application for delegated Users and junior IT staff; as they can work on it without any formal training.
  • It has separate console to audit Exchange Server, Active Directory and Group Policy which can be customized to audit only required Objects and filter specific data from logs.
  • LepideAuditor is very economical in comparison to other competitive products available in the market and offers complete auditing solution.
Yes. Free Trial Version of this software is available for limited period that will function just like its paid version. After downloading the software, you can generate the license key and send it to our Sales Team at sales@lepide.com to get a trial license. To use software after trial period and to experience all its features for extended period, purchase license for Lepide Auditor Suite.
You can purchase Lepide Auditor Suite directly by contacting our sales team anytime at sales@lepide.com.
  • Trial Version: Trial version of the product will work just like the paid version; however, the software will remain active only for 15 days. The software comes with a pre-activated trial license. Once the trial period is over, the user has to purchase a paid license.
  • Subscription License: The product will remain active only for the subscribed period. The license has to be renewed after that.
  • Perpetual License: The product will remain active for a lifetime. There is no time limitation.
  • Support License: This license enables the user to receive the Technical Support for the software. It is available in both Subscription and Perpetual modes.

A user has to obtain any product activation license for each of the following components.

  • ctive Directory Auditing + Group Policy Auditing (includes Health Monitoring)
  • Exchange Server Auditing (includes Health Monitoring)
  • SQL Server Auditing (includes Health Monitoring)
  • SharePoint Auditing

You have to obtain the license of all components to use all features of LepideAuditor. If you have received the license(s) of only one or two component(s), then you cannot use the features of other non-licensed components until you get separate licenses for them.

Yes, you can upgrade from different applications to our single console-LepideAuditor. However, you have to obtain a fresh license for the already purchased auditor component from our Sales Team without paying any extra cost. Also, you may need the help of our Support Team to migrate the auditing logs and other settings from an earlier product to LepideAuditor.

No. You can obtain a new license for the already purchased version of your component without any additional cost against your existing license of that standalone application. You can download the complete suite but use only the licensed component. To avail more features, you need to get a license for the required component.

Yes, you can continue to use the component(s) for which you have paid, but you cannot use those components whose license have expired. Moreover, you will receive the license warning at the bottom of software until you purchase the additional licenses or remove the component(s) from the software with expired licenses.

Yes, you can upgrade to the latest version of LepideAuditor without paying any extra cost. Please make sure not to remove the installation folder while upgrading the software to keep the settings for added domains and license activation files.

Follow the steps below to generate a license request file for any component:

  • Go to the License Information Tab. This will display the added components in the left panel.
  • Select a component. Its license details will be displayed in the Right Panel.
  • Click “Request License”. This will generate the license request file on the desktop of the current user. It will have the name “LicenseRequest (Domain).LicInfo” where the domain will replace the name or IP Address of the domain provided while adding it.
  • Email this license file to the sales team at sales@lepide.com. If you have to activate the Trial License, then you will receive a key in an email to your address provided while downloading the software’s installer file.
  • They will send you back a license activation file after payment and other formalities.

Follow the steps below:

  • Download the license activation file received in your email from sales@lepide.com. Start LepideAuditor and go to the License Information Tab.
  • Select the domain in the Left Panel to access its licensing information.
  • Click “Activate License”. This will display a dialog box to add the license activation file.
  • Click the open folder icon and select the received activation file.
  • Click “OK”. This will apply the license for the domain.

Follow the steps below

  1. Click | (options icon).
  2. Click "Manage Profile". This will show the options to manage application profile.
  3. Click "Add".
  4. Here, you have to provide the following inputs.
    • Application ID
      • Enter the Application ID manually.
      • Or click "Get Application ID from QR Code". This will open the camera, take the phone to QR code being displayed onscreen at LepideAuditor. Take its picture to feed the QR Code.
    • User ID
    • Password
    • You have defined User ID and Password for mobile application already in Software Settings "Delivery Message Settings". Application ID is also mentioned therein already.

  5. Click "Add". This will create the new profile and connects the application with LepideAuditor.

Follow the steps below

  1. In Application, go to "Manage Profile" "Add". This will display the options to add a profile.
  2. Click "Get Application ID from QR Code". This will launch camera.
  3. Now, launch LepideAuditor and go to "Settings" tab "Delivery Message Settings".
  4. Either add a new App Account or modify an existing account.
  5. This will display an image of QR Code.
  6. Hold the Camera up to QR Code about 6 inches away.
  7. Camera will automatically feed the QR Code and save it in LepideAuditor App.

Follow the steps below

  1. Launch LepideAuditor.
  2. Go to "Settings" "Delivery Message Settings".
  3. Click "+" icon and select "Add App Account".
  4. Provide the following login credentials, with which you can login at the application.
    • User ID
    • Password
  5. Here, you will also notice the application ID in "Mobile App ID" text box. Note down this App ID so that it can be used while adding a profile in mobile application.
  6. Click "OK" to create the profile.

Follow the steps below

  1. Select | (options icon).
  2. Click "Manage Profile". This will list the already created profiles.
  3. Select a profile and click "Remove". This will delete the selected profile.

Follow the steps below

  1. Select | (options icon).
  2. Click "Manage Profile". This will list the already created profiles.
  3. Select a profile and click "Modify".
  4. You can update User ID and Password.
A user can use either Lepide Server or own Server for managing the feeds.

Follow the steps below

  1. Click | (option icon).
  2. Click "Settings". This will show Settings.
  3. In the "Get Data From" section, select "My Own Server".
  4. Enter the IP Address of your server.
  5. Hit back button to go back.
  6. Go to "Manage Profile", click "Modify" and then click "Apply".

Follow the steps below

  1. Click | (option icon).
  2. Click "Settings". This will show Settings.
  3. In the "Feed Count" section, you have to select the numbers of feeds to be displayed.
Yes, you can decide whether to show notifications on top or not. Follow the steps below
  1. Click | (option icon).
  2. Click "Settings". This will show "Settings".
  3. You will notice an option named "Popup Notification".
  4. Touch the button to change its value to "NO" or "YES".
You can follow the steps below to change the date and time format.
  1. Click | (option icon).
  2. Click "Settings". This will show Settings.
  3. In "Date and Time Format" section, you will find the following options.
    • Default
    • [YYYY]-[MM]-[DD]
    • [MM]-[DD]-[YYYY]
    • [DD]-[MM]-[YYYY]
  4. Select any of the above options to change the date and time format of the feeds being displayed in the application.

Follow any of the methods below

  1. Method 1: Tap and hold a feed. This will show the following options
    • Share
    • Copy
  2. Method 2: Select any feed, click | icon on top, and select "Share".

Follow the steps below

  1. Click "search" icon.
  2. Type the keyword for which you want to search the updates.
  3. Once typed, application will enable only the updates containing provided keyword and disable others.
  • You may have selected different server option in mobile application and LepideAuditor software. Make sure to have same server preferences both in software and mobile application.
  • If you have changed the server in “Get Data From” section in Settings, then make sure to modify the App Profile.
Make sure that you have created an alert in LepideAuditor software and selected the desired objects and operations to view their alerts in mobile application. Go to Alerts tab in software to create or modify the alerts for desired objects and operations.
You have to modify the alert in Software to change the report for which feeds are being displayed.
One App account will work for only one mobile application. You have to create multiple App Accounts to configure multiple mobile applications.
No, using single mobile App Account in multiple applications will not work. Only the last configured application will receive the feeds, whereas earlier others will not get or display any feed.

LepideAuditor performs various tasks at server level, including auditing of Active Directory, Group Policy, Exchange Server, SQL Server and SharePoint Server. The software also makes some changes to Windows Registry and Windows Services. Such tasks cannot be performed without admin rights.

The RADAR tab gives a birds-eye-view of all changes made within your IT infrastructure. It shows all major changes, change count, change trends with graphs and LiveFeeds. It contains a 360-degree View Tab and individual tabs for each added server component.

Individual tabs contain Dashboards for each added component, displaying graph widgets and LiveFeed updates. The former shows the top modification trends, active user or object, etc. for its server and the latter shows the live updates of all changes being made in real-time within the environment.

Perform the following steps:

  • Click on RADAR and select the component tab where you wish to create a new
  • Click “Add” in the navigation bar. This will display the “Add” dialog box.
  • Select the report that you wish to be displayed in this dashboard.
  • In the "Add to" section, select the option "New Dashboard". This will enable the adjacent
  • Enter the desired name and click "OK" to create a new dashboard.

Please note that you cannot remove the default Dashboard. To remove other added dashboards, Perform the following steps:

  • Go to the desired component tab.
  • Click “Remove” icon in the navigation bar.
  • Select “Dashboard” in the dropdown box titled “Select”.
  • Select the name of added Dashboard.
  • Click “Remove” to delete the selected dashboard.

Perform the following steps:

  • Go to the desired component tab.
  • For SharePoint and SQL Server component tabs, there will be only one preselected option for report type.
  • Select the report type between the following options for a domain component tab.
    • Active Directory
    • Group Policy Object
    • Exchange Server
  • Now select the report of which graph widget, you want to add.
  • In the "Add to" section, select Dashboard or create a new one, where the above graph widget will be added.
  • Click "OK" to add the new graph widget to the selected screen.

Each graph widget has the following four buttons in the top right corner: 1, 7, 31. You can click:

  • 1 to display changes that day
  • 7 display changes within the last seven days
  • 31 display changes within the last 31 days
  • Refresh button to update the widgets

Perform the following steps:

  • Go to the desired component tab.
  • Click “Remove” in the top row.
  • Select “Report” in the first drop-down box titled “Select”.
  • Select the name of the screen in the “Dashboard Name”.
  • Now, select the graph widget in the “Report Type” drop-down menu.
  • Click “Remove” to delete the selected graph widget.

LepideAuditor offers you the following auditing modes:

  1. Agent-based Auditing- An agent is required to be installed and run on the server.
  2. Agentless Auditing- No agent is required to be installed and run on the server to audit Active Directory, Group Policy, Exchange Server and SQL Server. However, the following agents will still be installed in agentless mode:
    • Agent for auditing SharePoint Server
    • Agent for auditing Non-owner Mailbox Access
    • Agent for collecting logon/logoff events
    • A temporary agent to enable auditing at the domain level. This will be removed after enabling auditing.
Factor Agent-based Auditing Agentless Auditing
Agent Installation

Agents will be installed to

  1. enable auditing at domain level
  2. audit Active Directory + Group Policy
  3. collect and transmit logon/logoff events
  4. audit Exchange Server
  5. audit Non-Owner Mailbox Accesses
  6. audit SQL Server

No agent (neither a program nor a temporary file) will be installed on the server for Active Directory, Group Policy, Exchange Server or SQL Server auditing. However, the following agents will still be installed:

  1. A temporary agent is required to enable auditing at domain level. This will be removed after enabling the auditing.
  2. An agent is required to collect logon/logoff events and send them to the software.
  3. An agent is required to audit Non-owner Mailbox Accesses in the Exchange Server.
Resource Consumption Auditing agents will run continuously on the server and consume resources. No auditing agents are installed on the server, so no resources will be consumed
Speed of Log Collection, Transmission, and Display The collection, transmission, conversion and display of auditing logs will be faster. The collection, transmission, conversion and display of auditing logs will be slower as no program is dedicated entirely for this task
Bandwidth Consumption Agents consume regular bandwidth for transmission of auditing logs. Without agents, the software consumes some extra bandwidth to transmit the auditing logs.

You can switch between agentless and agent-based auditing by performing the steps below:

  • Go to "Settings" tab → "Component Management", select the component either domain or SQL Server.
  • Right click on the server component and click "Properties" in "Actions" pane on the left.
  • Wizard to modify the listing of the domain will appear.
  • Here, you can select "With Agent" in the "Auditing Method" section to switch to agent-based auditing. If you are switching from agentless to agent-based auditing, the "Install Agent" wizard will run.
  • You can select the "Without Agent" option to choose agentless based auditing. If you are switching from agent-based auditing to agentless auditing, the "Uninstall Agent" wizard will run.

You can add a domain for auditing using either of the following two methods:

  • Express Configuration – Use this method to add a domain with default settings in a quick, two-step process.
  • Advanced Configuration – Use this method to configure the advanced settings for domain auditing.

Please note that removing a domain will disable the following processes:

  • Change auditing for Active Directory, Group Policy and/or Exchange Server
  • Health monitoring of Active Directory and/or Exchange Server
  • Creation of backup snapshots of Active Directory and/or Group Policy It will delete the following items for that domain:
  • Audit reports
  • Custom reports
  • Real-time alerts
  • Health monitoring alerts
  • Scheduled reports
  • Component tab under Dashboard
  • Component tab under Health Monitoring
  • LiveFeed updates
  • Graph widgets
  • Licensing detail
  • Domain settings
  • Saved snapshots of Active Directory and Group Policy

Please note that without the above processes and items, monitoring the server using LepideAuditor will be somewhat restricted. Most of these items will not come back even when the domain is re-added.

Perform the following steps:

  • Verify the username, password, and domain name.
  • Make sure you are connected to the network. Try to ping the domain controller and try to open any of its shared folders.
  • Instead of the domain name, try to add the domain using the IP Address of its domain controller.

Uninstall the agent and then reinstall it. The software will reinstall the updated version of the agent.

By default, Health Monitoring is disabled when adding the domain for the first time using either Express Configuration or Advanced Configuration. Simply modify the domain’s listing, using its “Properties,” to enable Health Monitoring.

LepideAuditor does not support health monitoring of Exchange Server 2003 and Exchange Server 2007.

If you do not have the following pre-requisites in place, Group Policy reports will not be generated or displayed:

  1. Windows PowerShell 2.0 and .NET Framework 4.0 should be installed on the server to be audited.
  2. Windows PowerShell 2.0 and .NET Framework 4.0 should be installed on the computer where the software is installed.
  3. GPMC should be installed on the computer where the software is installed.

Yes, you can audit the domain by installing LepideAuditor on a Workgroup machine. However, in the case of agentless auditing, access to Group Policy Objects is required (not accessible from a Workgroup machine). So, in the case of agentless auditing, when installing LepideAuditor on a Workgroup system Group Policy Objects will not be audited.

You can add a local or remote SharePoint Server even if it is hosted online. However, you will first need to install Microsoft System CLR Types for SQL Server 2012 and Microsoft SQL Server 2012 Management Objects Setup on the server where SharePoint is installed. The setup files to install these two add-ons come preinstalled with the software. Perform the following steps:

  • Browse the folder where LepideAuditor is installed i.e. its installation folder.
  • Open the folder "Redist" which has different setup files.
  • "x64" folder has the setup files for 64-bit Windows Server, whereas "x86" contains the files for 32-bit Windows Server OS.
  • Open the required folder.
  • Copy the files "SQLSysClrTypes.msi" and "SharedManagementObjects.msi" to the server where SharePoint is installed.
  • Run the setup file "SQLSysClrTypes.msi" to install Microsoft System CLR Types for SQL Server 2012. Follow the onscreen instructions.
  • Run the file "SharedManagementObjects.msi" to install Microsoft SQL Server 2012 Management Objects Setup. Follow the onscreen instructions.

In addition to these installations, LepideAuditor should be able to connect to the SQL Server that is interlinked with SharePoint.

LepideAuditor installs the agent on the computer where SharePoint is installed and on SharePoint Server itself. Except for the agents, the software does not make any change in the server configuration.

Please note that removing a domain will disable change auditing for SharePoint Server. It will delete the following essential items created in the software:

  • Audit reports
  • Custom reports
  • Real-time alerts
  • Health monitoring alerts
  • Scheduled reports
  • Component tab under Dashboard
  • LiveFeed updates
  • Graph widgets
  • Licensing detail
  • Auditing settings

Please note that removing above items will prevent you from monitoring the server using LepideAuditor.

Perform the following steps.

  • Go to “Settings” tab → “Component Management”, select SharePoint Server and click “Modify”. This will display “Modify SharePoint Server” wizard.
  • Click “Site Collection” in the left panel to access the site settings. This will take a few seconds to refresh the listing of sites at the added SharePoint URL.
  • Once refreshed, you will notice the available sites and subsites.
  • The drop-down menu titled “Site Selection” will have following three choices.
    • All
    • Include
    • Exclude
  • The list of sites will be disabled for “All” option.
  • If you want to exclude some sites/sub-sites at the provided SharePoint URL, then please select “Exclude”.
  • This will enable the listing of sites
  • Check the boxes for the sites, which you do not want to audit or monitor.
  • Click “OK” once you are done. This will let the software start the process of updating the agent and disabling the auditing of selected sites.

Perform the following steps.

  • Go to “Settings” tab → “Component Management”, select SharePoint Server and click “Modify”. This will display “Modify SharePoint Server” wizard.
  • Click “Site Collection” in the left panel to access the site settings. This will take a few seconds to refresh the listing of sites at the added SharePoint URL.
  • Once refreshed, you will notice the available sites and subsites.
  • The drop-down menu titled “Site Selection” will have following three choices.
    • All
    • Include
    • Exclude
  • The last option selected by the user will be displayed.
  • You can select “All” to enable the auditing and monitoring of all sites/ sub-sites at the provided SharePoint URL.
  • Alternatively, you can select the option “Include”. This will display the list of sites.
  • You can check the boxes for those sites of which auditing you want to enable. This will let the software start the process of updating the agent and enable the auditing of selected sites.
  • Click “OK” to save the modifications.
  • The software will update the auditing agent.

Yes, LepideAuditor installs an agent on the server where the target SharePoint is installed. The software also installs an agent named “lepidespagent.wsp” on the SharePoint Server.

You can add an SQL Server for auditing using either of the following two methods:

  • Express Configuration – Use this method to add SQL Server with default settings in a two-step process quickly.
  • Advanced Configuration – Use this method to configure the advanced settings for SQL Server auditing.

Please note that removing a SQL Server from LepideAuditor will disable the change auditing, monitoring and tracking of activities for that server. It will delete the following necessary items:

  • Audit reports
  • Real-time alerts
  • Scheduled reports
  • Component tab under Dashboard
  • LiveFeed updates
  • Graph widgets
  • Licensing detail
  • Auditing settings

Please note that removing the above items will prevent you from monitoring the server using LepideAuditor. You will also be unable to retrieve most of these items if you decide to re-add the same SQL Server.

You can configure auditing settings while adding or modifying a domain. Perform the following steps to configure auditing of all or selected server objects in an installed SQL Server.

  • Go to “Settings” tab → “Component Management” and select SQL Server.
  • Click “Modify” to modify the listing and auditing settings of that SQL Server.
  • Click “Auditing Settings” on the left side.
  • Select the option “Audit Server” to audit only all server objects. This will disable the auditing of database objects and databases.
  • You can also select the option “Audit Server with selected databases” to audit all server objects with the selected databases only. Checking this option will enable the section to select the databases. You can check the databases you want to audit and uncheck others not to audit.
  • If you want to specify what server objects have to be audited, then click “Audit Object Settings”. Here, you can check only those server objects that you want to audit and uncheck others not to audit.
  • Click “OK” to save the modifications. The software will update the auditing agent.

Modify the SQL Server’s listing to re-enable auditing for all or some server objects. Perform the following steps:

  • Go to “Settings” tab → “Component Management” and select SQL Server.
  • Click “Modify” to modify its listing.
  • Click “Audit Object Settings” in the left side.
  • Check all server objects to enable their auditing.
  • Click “OK” to apply the settings.
  • The software will update the auditing agent.

By default, SQL Server health monitoring is not enabled. To enable it, modify the Properties of the SQL Server.

Please make sure that the system requirements are met for the target SQL/SharePoint Server that is to be audited. The prerequisites for auditing SQL Server or SharePoint are listed herein below.

  • Microsoft System CLR Types for SQL Server 2012
  • Microsoft SQL Server 2012 Management Objects Setup
  • .NET Framework 4.0 should be installed both on the server to be monitored and on the machine where the software is installed.
  • Service Pack 1 is required for SQL Server 2014 for Health Monitoring.

Yes, LepideAuditor will retain a folder of the same name corresponding to the name / IP address of the component (domain, SQL Server, and SharePoint Server) in its installation folder. The path of the default installation folder is “%ProgramFiles%\LepideAuditor” for 32-bit Windows OS and “%ProgramFiles(x86)%\LepideAuditor for 64-bit Windows OS. It is advised not to remove this folder unless you are sure you want to remove all traces of the component at the site where LepideAuditor was installed.

In addition, LepideAuditor will not remove the databases meant for storing and archiving the logs.

Yes, you can re-add the domain, SharePoint Server or SQL Server.

If you have not deleted the component storage folder from the installation directory and the SQL Server database(s) of auditing logs and/or archiving, then the following details will reappear upon adding the same component again (with the same name or IP Address provided earlier):

  • Component tab under Dashboard Tab
  • Graph widgets
  • LiveFeed updates
  • Audit Reports
  • Custom Reports
  • Licensing Details
  • Auditing Settings except the database and archive database settings

LepideAuditor collects the data in real-time. Any changes made are captured in real-time with comprehensive reporting details; such as the before-and-after value of any change made.

With agent-based auditing, LepideAuditor installs a small and lightweight agent on the added server components. These agents do not interfere with the server processes in any way. These agents collect auditing logs for every configuration change in your server environment and send it to the software.

With agentless auditing, LepideAuditor periodically scans the server for the latest configuration changes and collects the records itself. However, one agent is still required to collect logon/logoff events and another for Non-Owner Mailbox Access auditing.

After parsing the raw logs to intelligent records, LepideAuditor stores them in a connected SQL Server database. It then displays them in the audit reports, alerts, scheduled reports, customized reports, live updates and graph widgets.

While adding a domain, LepideAuditor asks you to connect to a locally hosted or networked SQL Server and lets you create a database in it. The collected auditing logs are stored here after parsing.

You can change the database while working. However, the auditing logs from the previous database will not be displayed until you import the logs from that database or use “Explore Backup” to browse its reports. Perform the following steps:

  1. Go to the “Settings” Tab → “Component Management”.
  2. Select the component of which database you want to change.
  3. Click “Properties”. This will display “Properties” wizard.
  4. Go to the “SQL Server Settings”. Provide the new name of the database.
  5. Click “OK” to save the changes.

Log archiving means moving the old logs from a particular period to a separate database. This helps to maintain the size and integrity of the database. This is done because some databases either do not function correctly, display a performance lag or crash after reaching a certain size limit.

Yes, LepideAuditor offers both automatic and manual archiving. It also provides an option to import the logs from an archived database.

Log archiving is recommended if you wish to have a small sized database. The sizing limit of databases varies with different versions of SQL Server. The database size will increase with the addition of every change collected by the software.

Keep a check on the increasing database size periodically and check whether the database is functioning well or not. Once the database reaches its limit or has any performance issues, then archive the data from the main database to another one.

The LiveFeed displays real-time updates for critical changes determined by the user. It lets you know the details of every change in Active Directory, Group Policy Objects, Exchange, SQL Server and SharePoint Server. These updates are not stored, they are simply displayed in sequential order. Each update is displayed with the exact date and time.

The Radar section contains separate component tabs for Domain (Active Directory + Group Policy + Exchange Server), SharePoint Server and SQL Server. Each tab has its own dedicated LiveFeed widget within its server component.

Each live update in LiveFeed widget will have a distinguishing label that designates a different component. The available labels for all live updates for all component tabs are listed below:

  • Domain Tab
    • Active Directory Modification Feed: shows a live update of a configuration change in Active Directory.
    • Group Policy Modification Feed: shows a live update of a configuration change in Group Policy.
    • Exchange Server Modification Feed: shows a live update of a configuration change in Exchange Server.
  • SharePoint Tab
    • SharePoint Server Modification Feed: shows a live update of a configuration change in SharePoint Server.
  • SQL Server Tab
    • SQL Server Modification Feed: shows a live update of a configuration change in SQL Server.

Perform the following steps:

  • Go to “Settings” Tab > “General Settings”. This will show the settings of backup, report, and display in the Right Panel.
  • In Display Settings, click the drop-down menu for “Date/Time Format” and select any of the following options:
    • [YYYY]-[MM]-[DD]
    • [MM]-[DD]-[YYYY]
    • [DD]-[MM]-[YYYY]
  • Click “Apply”. This will prompt you to restart the software.
  • Click “Yes” to restart the software.

Once the SQL Server settings are saved in “Default SQL Server Settings,” click the icon to load the already saved default SQL Settings while providing the settings for storing auditing logs or archiving logs.

  • Go to “Settings” tab → “Default SQL Settings”.
  • Scroll down to the bottom section. It contains the option to modify the timeout.
  • Enter the desired timeout value and click “Apply”.

It is required to configure Delivery Notification Settings only when you want LepideAuditor to send the real-time alerts to email, LiveFeed and LepideAuditor App, and to send the scheduled reports through. You have to add an email account to send emails and/or an app account to send notifications to mobile App.

  • Go to “Settings” → “Delivery Message Settings”.
  • Click button in the right panel and select “Add Email Account”. This will let you add, edit, or remove a sender’s email account. Click “Add” to add a new sender’s email account.
  • Provide the settings like Display Name, Logon Name, Password, SMTP Server/IP, or SMTP port.
  • Click “Send Test Email” to check whether it is working or not.
  • Click “OK” to save it.

Perform the following steps:

  • Go to “Settings” → “Delivery Message Settings”. This will display the list of already added senders’ email accounts.
  • Select an account and click icon to edit it.
  • Update the account and click “OK”. Please note that you cannot change the display name of the sender’s account.

No. Modifying an existing email account will not change its “Display Name,” therefore it will not affect the alerts and reports created with it.

Perform the following steps:

  • Go to “Settings” → “Delivery Message Settings”. This will display the list of already added senders’ email accounts.
  • Select an account and click icon.
  • The software will ask for confirmation. Click “Yes” to delete it.

Yes. The created alerts and scheduled reports will not be sent until you modify them and add/select a separate sender’s account.

Perform the following steps:

  • Go to “Settings” > “General Settings”. This will show the settings of backup, report, and display in the Right Panel.
  • In the “Display Settings” section, check the option “Do not send scheduled reports, if blank”. Keeping this option checked will stop the software sending blank reports to your email.
  • Click “Apply”. This will prompt you to restart the software.
  • Click “Yes” to restart the software.

Perform the following steps:

  • Go to the “Schedule Reports” Tab.
  • In the Left Tree Pane, select the domain of which scheduled reports you want to view.
  • It contains the following two nodes:
    • Delivered Reports – It displays the delivered emails.
    • Failed Reports – It displays the failed to deliver emails.
  • Select any of the above nodes to view the list of relevant emails that were attempted to be sent.

Perform the following steps:

  • Go to the “Schedule Report” Tab.
  • In the Left Tree Pane, select the domain of which reports you want to view.
  • Select “Delivered Reports” or “Failed Reports” to view the list of relevant emails sent to recipients.
  • Click any of the emails in the Right Description Pane to view its summary in the bottom part.
  • You can double click any email to open it in the default email client. After opening the email, you can open the attachments to view the report.

Perform the following steps:

  • Go to Schedule Reports Tab > Reports Settings, which is located at the bottom left corner.
  • Select any of the reports from the list.
  • Click the image icon that says “Properties”. This will display the properties of the scheduled report.

Perform the following steps:

  • Go to the “Schedule Reports” tab.
  • In the Left Tree Pane, select the domain of which reports you want to save.
  • Select any of these two nodes – “Delivered Reports” or “Failed Reports”. This will display the list of relevant emails that were sent/attempted to recipients.
  • Select the emails in the Right Description Pane.
  • Click the floppy save icon on the toolbar. This will show the dialog box to select the location where you want to save the file.
  • Select the folder on the disk
  • Click “OK” to save the emails at the selected location.
  • Open the emails and save their attachments to save the sent reports.

The software verifies whether an email containing an alert or report was delivered. However, it does not check whether the email was received. It is advised to look for a failed delivery email in your inbox, which will contain the exact reason why the recipient has not received an email sent from the software. It is also advised to check whether the recipient’s email address is correct.

LepideAuditor sends alerts only for selected operations. It does not send alerts for every activity unless this has been specified by the user. It is advised that you create alerts for all changes that you mark as being critical as soon as you install the software.

LepideAuditor sends one report per email. Therefore, the number of emails for a schedule report is equal to the number of reports selected while creating this schedule.

Backup Snapshots show the exact state of Active Directory at that particular. You can use these snapshots to restore the state of the Active Directory or its objects individually only if Active Directory or Server is in working condition.

Backup snapshots are stored in the folder in which you have installed the software. If you have installed the software in the default location, then its location will be “%ProgramFiles%\LepideAuditor” for 32-bit Windows OS and “%ProgramFiles(x86)% \LepideAuditor” for 64-bit Windows OS.

LepideAuditor collects backup snapshots automatically at user-selected intervals. You can also capture snapshots manually by performing the following steps:

  • Go to the “Settings” tab → “Component Management”.
  • Select the domain in the left panel.
  • Select the domain entry in the right section.
  • Click “Create Active Directory Backup” to collect a snapshot of Active Directory.
  • Click “Create Group Policy Backup” to capture a snapshot of Group Policy Objects.

Perform the following steps:

  • Go to “Settings” > “General Settings”. This will show the settings backup, report, and display in the Right Panel.
  • In Backup Settings, click the drop-down menu to select any of the following predefined values.
    • 6 hours
    • 12 hours
    • 24 hours
    • 48 hours
  • Click “Apply”. This will display a message to restart the software.
  • Click “Yes” to restart the software.

LepideAuditor allows you to reverse changes being denoted by the individual events in the reports. Perform the following steps:

  • Go to the “Reports” Tab, select the relevant report, and generate it.
  • Switch to the “Grid View” of the report.
  • Here, the events show the changes on the server.
  • Look for the entry highlighting the desired change, which you want to restore/reverse.
  • You can use the filter, data filters, search, or sorting to find out any event.
  • Right click on the event, which you want to restore.
  • Select the option “Restore Change”.
  • You will receive a warning message to confirm your action. Click “Yes”.
  • This will let the software reverse the change for that object using previous backup.
  • Once succeeded, you will receive the message “Restored successfully.”
  1. Auditing is not enabled at the domain.
  2. Auditing has been disabled automatically.
  3. Event Log is full.

Please make sure that auditing is enabled properly on the added domain. If auditing is not enabled, you have to enable it manually. Please refer to “Enable Auditing Manually” document to find out how.

Sometimes domain auditing is disabled automatically because of a particular group policy. If you have enabled auditing through the solution or manually, perform the following steps:

  1. Open Event Viewer on the server.
  2. Check "Security" logs.
  3. Please check whether the following event IDs are being generated or not.
    • If LepideAuditor up to 16.3 version is installed, please check Event ID 4662 is being generated or not for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
    • If LepideAuditor 16.4 version is installed, please check whether following Event IDs are being generated or not for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
      • Event ID 5137 for creating any object.
      • Event ID 5136 for modifying any object.
      • Event ID 5138 for undeleting any object.
      • Event ID 5139 for moving any object.
      • Event ID 5141 for deleting any object.
    • If LepideAuditor 16.3 is installed, please check Event ID 566 is being generated or not for Windows Server 2003 and Windows Server 2003 R2. LepideAuditor 16.4 does not support Windows Server 2003 / 2003 R2.
  4. If these events are not being generated, then it means auditing is not enabled or being disabled automatically after a frequent interval. This can be because of a Group Policy applied on the server.
  5. To rectify this issue, run "GPMC.msc" in Run or CMD prompt, to open Group Policy Management Console.

    Figure 1: Group Policy Objects in GPMC

  6. Browse to root node → Forest → Domains → www.domain.com → Group Policy Objects. It lists all Group Policy Objects for the domain.
  7. Now, you have to perform the following steps on all Group Policy Object nodes listed under “Group Policy Objects”.
    • Right click on a GPO.

      Figure 2: Right click on a GPO

    • Select "Edit" to open "Group Policy Management Editor."
    • Go to "Default Domain Controllers" → “Computer Configuration” → “Policies” → “Windows Settings” → “Security Settings” → “Local Policies”.
    • Select "Security Options" lists all its Group Policies in the right panel.
    • Double click "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" to access its properties.

      Figure 3: Properties of Group Policy

    • Please make sure that "Define this policy" check box should be unchecked and the options to "Enable" or "Disable" should be disabled.
    • If not, uncheck "Define this policy setting".

      Figure 4: Configuring policy to not defined

    • Click "Apply" and "OK" buttons to close the dialog box.
    • Close Group Policy Management Editor.
  8. Now, go to software and access “Component Management” in “Settings" tab. Right click on "Domain" node and click "Properties" to modify the domain's listing.

    Figure 5: Wizard to modify domain

  9. Click button to enable the auditing at domain level. If you face any error, then please refer to Guide to Enable Auditing Manually.

Please make sure that the event logs in Event Viewer are not full. Increase the size of event log storage and configure the option to set the storage options. You can also use LepideAuditor to set these Event Log Properties at the domain controllers. Perform the following steps:

  1. Access the domain properties in “Settings” Tab.
  2. Click button to access the following wizard.

    Figure 6: Wizard to set the Event Log Properties

  3. Select the domain controllers in the middle section, on which you want to apply this property.
  4. You have to select those domain controllers, which you want to audit. If this property is not applied, then the software faces issues in auditing the domain.
  5. Select the maximum size of event logs to be stored at the domain controller. The available options are listed herein below.
    • 512 MB
    • 1 GB
    • 2 GB
  6. In "When maximum event log size is reached" section, select any of the following options.
    • Overwrite event as need: Select this option to overwrite the old logs when the event log size is reached.
    • Archive the log when full, do not overwrite: Select this option to archive the log when full. It will save the event logs from being overwritten.
  7. Click "Next" once you have selected the options.
  8. It processes to apply the properties on the selected domain controllers. Once done, the successful message appears in the wizard.
  9. Click "Finish" to complete the process. It closes the wizard and takes you back to the domain properties.

The user/service account selected to run the LepideAuditor Service interacts with the user account selected to process the records by creating auditing databases. Both of these users need to meet the following requirements in order for the records to be stored and displayed correctly.

Account to run Service Authentication to create Database Will it work to process the records?
Local System User Account Windows Authentication The records are not processed if SQL Server is located on another computer where Local System Account does not have a SQL login
Local System User Account SQL Authentication The records will be processed
Domain User. Windows Authentication The records will only be processed when Domain User has a login at SQL Server with sysadmin privileges
Domain User SQL Authentication The records will be processed

If you have used “Windows Authentication” to connect to SQL Server, the current user with which you are logged on to the computer should have a login in SQL Server. The database will not be created if the login does not exist. Therefore, it is recommended to use “This user” option and provide the credentials of a SQL user.

There can be a number of domain controllers in the server desired for auditing. However, you can exclude domain controllers you do not want to audit either when adding the domain in the software or while modifying its listing. Follow the steps below to exclude unwanted domain controllers.

  1. Go to "Settings" tab → "Component Management". Select the domain that has to be modified.
  2. Click "Advanced Domain Configuration" link in "Actions" pane on right side.

    Figure 7: Showing the domain controllers

  3. All domain controllers are listed in the middle section between two headers "Active Directory and Exchange Servers" and "Group Policy Servers".
  4. Each domain controller has the following options. Some of these options appear dimmed, as they are unavailable.
    • Change Auditing: It shows the status for Change Auditing for added server's Active Directory, Exchange Server, and Group Policy.
    • Health Monitoring: It shows the status for Health Monitoring for added server's Active Directory and Exchange Server.
    • Non-Owner Mailbox Auditing: It shows the status for Non-owner Mailbox Access Auditing for added Exchange Server.
  5. Uncheck the change auditing, health monitoring and non-owner mailbox auditing options for those domain controllers, which you do not want to audit.

    Figure 8: Select the domain controllers

  6. The unchecked domain controllers will not be monitored.

    Now click "OK" to apply the modifications.

While adding a domain, LepideAuditor tries to resolve the IP Addresses of its domain controller(s). Sometimes the IP Addresses are not resolved automatically and you may receive the following error.

Figure 9: Warning if the software cannot resolve the IP Addresses

Follow the steps below to fix this issue.

  1. If you receive the error while adding domain, perform the following steps.

    Figure 9: Warning if the software cannot resolve the IP Addresses

    • Double click the IP Address fields for the domain controller(s), whose IP Address is being displayed incorrectly.
    • Enter the correct IP Address.
    • Click "Next" to proceed with wizard to add domain.
  • Perform the following steps to replace the incorrect IP Address of domain.
  • Right click on the domain under Component Management, of which IP Address is displaying wrong and select “Properties” to access its properties.
  • Click “IP Settings” link in the left panel.

    Figure 11: IP Settings while modifying the domain

  • Double-click “IP Address” cell for the domain controller, whose IP Address is wrong.
  • Enter the correct IP Address for the selected domain controller.
  • Click "OK" to apply this IP Address. It takes you back to "Component Management".
You have to uninstall the agent from the domain and then reinstall it. Please refer to Section 8.1.2.2 to Uninstall Agent from an added Domain at Page 143 and Section 8.1.2.4 to Reinstall Domain Agent of Installation and Configuration Guide of LepideAuditor.

You may receive the following error (or similar) when the software is not able to enable the auditing at the server because of any reason.

Figure 12: Error message for problem in enabling the auditing

In such cases, you have to enable the auditing settings manually at Windows Server.

You can download the guide titled “Enable Auditing Manually”. It illustrates the detailed steps to enable auditing at any Windows Server manually.

  1. Option to monitor logon and logoff events is not checked.
  2. Settings to monitor logon and logoff events are not configured.

Please make sure that the option to monitor logon and logoff events is checked. While adding or modifying domain, these settings appear on “Object Classes and Other Settings” page.


Figure 13: Object Class and Settings

Create a customized Group Policy to allow LepideAuditor to monitor the logon and logoff events. You can download the guide titled “Enable Logon/Logoff Monitoring for LepideAuditor”.

It contains detailed steps to enable the collection and auditing of logon and logoff events for any Windows Server by LepideAuditor.

While adding a domain, LepideAuditor gives the option to configure mailbox auditing for Exchange Server. You have to select this option to enable the auditing of the mailboxes. You can download the guide – “Configuring Mailbox Auditing in LepideAuditor” – from http://www.lepide.com/configurationguide/auditor-suite-configure-mailbox-auditing.pdf.

This problem occurs when LepideAuditor is using a particular database for storing audit logs and the SQL Server storing that database is closed unexpectedly. It may be possible that either local SQL Server is terminated or remote computer, where SQL Server is installed, reboots or crashes unexpectedly. In such cases, SQL Server turns the state of the currently being used databases to “(suspect)”. These databases cannot be used for storing and retrieving data. This is because LepideAuditor will not audit the server(s) of which data is stored in a suspect database.

Perform the following steps.

  1. Open SQL Server Management Studio of SQL Server, which stores the database(s).
  2. Establish the connection using Windows authentication or SQL Server authentication.
  3. Expand “Database” node and access the database that is connected with LepideAuditor for storing logs.
  4. Make sure it shows “(suspect)” as its status.

    Figure 14: New Query option for Suspected Database

  5. Click “New Query” button on the toolbar. Alternatively, you can right click on the database and select “New Query”. It displays the section for executing a query on the right side.
  6. Copy and paste the following query in this area. Replace “DATABASE_NAME” with the name of your database.

    EXEC sp_resetstatus “DATABASE_NAME”;
    ALTER DATABASE "DATABASE_NAME" SET EMERGENCY
    DBCC checkdb("DATABASE_NAME")
    ALTER DATABASE "DATABASE_NAME" SET SINGLE_USER WITH ROLLBACK IMMEDIATE
    DBCC CheckDB ("DATABASE_NAME", REPAIR_ALLOW_DATA_LOSS)
    ALTER DATABASE "DATABASE_NAME" SET MULTI_USER

    Figure 15: Executing Query

  7. Click “Execute” button on the toolbar. It executes the query and removes “suspect” status.
  8. Right click on the database and select “Refresh” to refresh its status.

Please check whether LepideAuditor is working now and auditing the domain properly.

Following are the prerequisites to add a SharePoint Server for auditing.

  • Connectivity and accessibility to the instance of SQL Server, which is interlinked with SharePoint Server.
  • Microsoft System CLR Types for SQL Server 2012.
  • Microsoft SQL Server 2012 Management Objects.
  • .NET Framework 4.0 should be installed both on server to be monitored and machine where solution is installed.

NOTE: You can add a SharePoint Server in LepideAuditor for auditing only when you have installed Microsoft System CLR Types for SQL Server 2012 and Microsoft SQL Server 2012 Management Objects at the server system where SharePoint is installed. The setup files to install these two add-ons comes with the compressed setup file of the solution.

Please provide a new IP Address to add a different server as the provided IP Address is already added in the software.

  1. There is no connectivity between the software and the agent.
  2. Either the user selected to add SharePoint in the software does not have sufficient rights or its rights have been revoked.
  3. Either the user selected to log on to the computer running SharePoint does not have sufficient rights or its rights have been revoked.
  4. Either the user selected to log on to SharePoint Site does not have sufficient rights or its rights have been revoked.
  5. Either the user selected to add SharePoint in the software is not added in the security right of "Log on as a service" in Local Security Policy or it has been removed.

Please make sure the computer containing the agent is started and logged on. In addition, it should be connected to the other computer where LepideAuditor is installed. Try to share the files between these computers for confirming their connectivity.

Please make sure that SharePoint is added in the software with the user who is a member of Domain Admins Group.

The user, with which you are logged on to the computer running SharePoint and Auditing Agent, should be a member of Domain Admins group.

If these rights are not assigned, then perform the following steps to add the selected user in Farm Administrator Group.

  1. Go to "Central Administration" → "Security".
  2. Click "Manage the farm administrators group" link under "Users".
  3. Check if the selected user is already added in the Farm Administrator Group or not.
  4. If the selected user is not listed here, click "New" link.
  5. In "Share 'Central Administration'" pop-up, type the username. Once typed, SharePoint Server will recognize the name and show a list.
  6. Select the username in the appeared list.
  7. Click "Share" to add the user in "Farm Administrator" group.

The selected user must have the administrative rights over each Site Collection to be audited. For this, the selected user should be the Site Collection Administrator or should have full control over the Web App.

  1. Perform the following steps to add the user in Site Collection Administrators.
    • Open the Site Collection in the Web Browser, for which you need to enable the auditing.
    • Click "settings" icon on the top right corner and click "Site Settings."
    • In Site Settings, click "Site Collection Administrators" under "Users and Permissions" tab.
    • Check whether the selected user is listed as Site Collection Administrator or not.
    • If it is not listed, add the user.

      NOTE: If you want to enable the auditing of new sites that will be created in future, add the selected user as Primary or Secondary Site Collection Administrator while creating a new site.

    • Perform the following steps to assign the Full Control over Web App.
      • Go to "Central Administration" → "Application Management" → "Manage Web Applications."
      • Select the required Web Application.
      • Click "User Policy" button on the ribbon.
      • Select "All Zones" and click "Next."
      • Select "Full Control - Has full control" and click "Next."
      • Click "Finish" to complete the process.
    • Once these rights are assigned, the user attains the administrative rights over each Site Collection in the Web App.

The selected user should be added in the security right of "Log on as a service" in Local Security Policy. If the user does not have this right, then perform the following steps on the Server computer, where SharePoint Server is installed, to assign the same.

  1. Go to "Administrative Tools" → "Local Security Policy".
  2. In the left panel, go to "Security Settings" → "Local Policies" → "User Rights Assignment". It displays the different policies in the right panel.
  3. Select "Log on as a service" and double click on it to access its properties.
  4. Make sure that the selected user is listed in "Local Security Setting" tab of "Properties" window.
  5. If the selected user is not added, then click "Add User or Group" button. It shows "Select Object" dialog box.
  6. Type the username and click "Check Names" button to validate the entry.
  7. Click "OK" to add the user. It takes you back to the policy properties.
  8. Click "Apply" and "OK".

The agent is not running on the target SharePoint Server. Try to uninstall and reinstall it. Please refer to “Uninstall Agent from SharePoint” page of the Help Manual for more information.

  1. Agent is not connected to SQL Server, which is interlinked with target SharePoint Server.
  2. Credentials of the user to login at SQL Server either are wrong or have been changed.
  3. There is no connectivity between SharePoint and its interlinked SQL Server.

Please perform the following steps one-by-one.

  1. Verify the user credentials in the agent to login at SQL Server.
  2. Are you able to logon with the same credentials on the SQL Server?
  3. Check connectivity between SharePoint Server and its linked SQL Server.
  4. If SharePoint Server, interlinked SQL Server, and LepideAuditor are on different computers, please check whether these computers could be connected with each other over the network.

A login of the selected SharePoint User with Windows Authentication with both “sysadmin” and “dbcreator” roles should exist in SQL Server for the SharePoint Content Database.

  1. If the user login does not exist already, then perform the following steps to create it.
    • Open "SQL Server Management Studio".
    • Select SQL or Windows Authentication.
    • Enter the name and password of an SQL Administrator in case of SQL Authentication.
    • Click "Connect".
    • In the left tree panel, go to "Security" → "Logins".
    • Right click on "Logins" and select "New Login".
    • "Login - New" wizard appears onscreen.
    • Enter the same login name as that of SharePoint user with which you are adding SharePoint Server for auditing.
    • Switch to "Server Roles".
    • Select "sysAdmin" and "dbcreator".
    • Click "OK".
  2. If the user exists, but no such rights are assigned, then follow these steps to assign the required rights.
    • Open "SQL Server Management Studio".
    • Select SQL or Windows Authentication.
    • Enter the name and password of an SQL Server Administrator in case of SQL Authentication.
    • Click "Connect".
    • In the left tree panel, go to "Security" → "Logins".
    • Expand "Logins" and select the required user.
    • Right click on the user and select "Properties".
    • Switch to "Server Roles".
    • Select "sysAdmin" and "dbcreator".
    • Click "OK".

Please check the connectivity between the computer running the solution and the one running the SQL Server database.

If there is no database connectivity between the software and SQL Server database, then the changes will not appear.

Problem

No report or LiveFeed is generated for an already added domain. Event Viewer for that server is displaying the Event ID 521 "Unable to log events to security log with Status code: 0xc0000008".

Causes

  1. Event Logs have consumed all available free disk space. There is no enough disk space to record new events.
  2. Security Event Log has been corrupted.
  3. AutoBackupLogFiles entities may be missing.

Solution 1

It is advised to perform the following solutions one by one and check the status of LepideAuditor after each step.

  1. Check the disk space.
  2. If disk space is full, then please archive or delete the old events. It is recommended to archive the old events to a separate drive.
  3. Backup security.evtx file stored in %SystemRoot%\System32\Winevt\Logs to a safe location. Remove it from the folder so that server can create a new “security.evtx” file.
  4. Please make sure to enable the option “Do not overwrite events (clear log manually)” in Event Viewer.
  5. Restart the server.

Some browsers like Mozilla Firefox do not open MHT files by default. You have to install UnMHT Extension in Mozilla Firefox to open MHT files.

You have to install IE Tab Add-on in Google Chrome to view the accurate formatting in MHT files. Once you have installed this extension, its shortcut appears with the address bar. After opening MHT file in Google Chrome, click its icon to view the MHT file with accurate formatting. IE Tab Add-on installs a small program when you click its icon for the very first time.

Only the active tab in Radar will update its records and generate the graphs accordingly. Other tabs will generate their reports only when they are active.

Group Policy auditing is disabled.

Before resolving this issue, please make sure that the following system requirements are met to audit Group Policy Objects.

  1. .NET Framework 2.0
  2. Windows PowerShell 2.0
  3. GPMC should be installed on the machine where solution is installed.
  4. Following are the prerequisites for agentless Group Policy Auditing.
    • The software should be installed on client machine.
    • Windows PowerShell 2.0 for client machine

Perform the following steps to check whether Group Policy Auditing is enabled or not.

  1. Go to “Settings” Tab.
  2. Right click on the domain and click “Properties.”
  3. Go to “Advanced Configuration” to check the auditing status.
  4. Please make sure that “Change Audit Group Policy” option is checked

    Figure 16: Advanced Domain Configuration

  5. Please make sure that Change Auditing for the selected domain controller is also enabled.

If “Group Policy Object Container Classes” is excluded from auditing, then changes in Group Policies will not be audited. Perform the following steps to check it.

  1. Go to “Settings” Tab.
  2. Right click on the domain and click “Properties.”
  3. Go to “Object Classes and Other Settings.”
  4. Please check “groupPolicyContainer” class is included in the auditing or not. This class should be checked and included in the auditing.

    Figure 17: Object Classes and Other Settings

Causes

  1. No connectivity between the auditing agent and server.
  2. The option of concurrent session is not configured correctly.

Solution 1

There may be a problem in establishing the connectivity to the agent, which is causing the data collection process to stick in a loop and the software to freeze. Please check the network connectivity of the computer running the software to the server running the auditing agent.

Solution 2

If the software is auditing multiple domain controllers, please make sure that maximum number of concurrent sessions is equal to the number of domain controllers. Perform the following steps.

  1. Go to “Settings” Tab and click “General Settings.”
  2. Enter the number of domain controllers in the text field of “Maximum number of concurrent session (Active Directory).”

    Figure 18: General Settings

  3. Click “Apply.”

Causes

  1. The configuration to add an email account is wrong.
  2. The selected Exchange Server is not accepting the communication from anonymous group.

Solution 1

Please check the settings provided to create an email account. If your Exchange Server does not need an authentication on SMTP, then please uncheck “Requires Authentication.”

Solution 2

Please make sure that the option to enable Anonymous users is enabled in the Hub Transport Settings of Exchange Server.

Perform the following steps to enable the same.

  1. Open “Exchange Management Console.”
  2. Go to “Server Configuration” → “Hub Transport.”
  3. In the right side panel, select the transport to show the receive connectors.
  4. Double click “Default ” connector to access its properties.
  5. Go to “Permission Groups” and check “Anonymous users” option.
  6. Please make sure that this option is checked always.
  7. Click “Apply” and “OK.”
  8. Close “Exchange Management Console.”

Now, configure the settings again to add a new email account and try to send the test email again.

The database to store Current Permission is created only after the first time scanning the Data set permissions.

Causes

  1. No user has permission to access the folders.
  2. The user selected to scan the permissions of the Data Set does not have sufficient rights.

Solution 1

Please make sure that the folders added in Data Set are accessible. The user selected to scan the permissions should also have access to the folder.

Solution 2

The user, using which File Server is added in the software, should have "Full Control" or at least "Read" rights to read the permissions of the shared folders and its content.

If the user does not have these rights, you have to provide the login credentials of a user with administrative privileges while creating or modifying a Data Set.

Figure 19: Enter Login Credentials

Current Permissions Reporting is only available for Windows File Server - not for NetApp Filers.

It is advised not to add the file servers of two different domains in a Data Set. You have to create the different Data Set for each domain.

Lepide® is a registered trademark of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All trademarks acknowledged.