CA Audit – How to add an audit node group

In CA Audit,  formerly eTrust Audit, you can group your audit nodes (or audit clients) into logical groups depending on the audit events that are to be monitored.

You can also group audit nodes based on geographical and physical location, workgroup or domain, and you can also group them based on the audit recorder (iRecorder) agent.

Some of the common iRecorder agents are the Windows NT Log iRecorder, Microsoft ISA iRecorder, and the Microsoft Exchange iRecorder.

The following steps show how to add an audit node group to CA Audit:

1. Open the CA Audit Policy Manager and click on “Audit Nodes”

slide6

2. To add a new group, right-click on “Targets” and select “New Group”.

slide4

3. Configure the group name. Key in the desired name for the Audit Node (AN) group. You can optionally add a short description for the AN group. Click “OK” to save and close. The newly created AN group will be added to the “Targets” list.

slide5

slide6

4. Associate an Audit Node (AN) Type to the newly created group.

slide7

slide8

How to configure Windows Active Directory logon scripts

There are instances when you need to run a script or program every time a user logs into your Windows network. One way to automate this is to configure and assign a Windows logon script to a particular user or group account.

Enabling Windows logon scripts is a two-stage process. The first stage is to create the script itself, and the second stage is to assign the logon script to a domain user (or group) account.

I. Where to save the logon script:

  1. Create your logon script and save it in the appropriate format (Example: logon.bat, logon.vbs).
  2. Go to your domain controller and copy the script into the %SystemRoot%SYSVOLSysvolDomainNameScripts local folder (Ex. C:WINDOWSsysvolsysvolENTIIS.COMSCRIPTS).

This folder corresponds to the domain controller’s NETLOGON network share folder.

This makes the script accessible over the network via the \ServerNameNetlogon network share folder.

screenshot-01

To summarize:
If your domain controller’s name “DC01”, and if you have a script named “logon.bat”, which is saved on DC01’s “C:WINDOWSsysvolsysvolENTIIS.COMSCRIPTS” folder, then you can access the script over the network by going to the “\DC01netlogon“ network share folder, or by simply running \DC01netlogonlogon.bat.

II. How to assign a logon script to a user or group:

1. First, open “Active Directory Users and Computers” on the domain controller.

Active Directory Users and Computers

2. Now right click on the user you want to have the logon script and select the properties menu.

A properties dialog like the one shown below will appear. Select the ‘Profile’ Tab

By default, if no exact network path is given, as shown in Figure 3, above, Active Directory will assume that the user profile logon script will be at the %SystemRoot%SYSVOLSysvolDomainNameScripts folder.

3. Click Apply.

4. Click OK.

Once configured, the logon script will run (on the local machine where the user logged in) every time the user logs into the network using the corresponding account.

Note: You have to check if the user account used to log into the local machine has the appropriate rights to run or execute programs.