Creating a new installation

Before you can begin auditing, you must create at least one audit installation and a management database. Creating the management database, however, requires SQL Server system administrator privileges on the computer that hosts the SQL Server instance. If possible, you should have a database administrator add your Active Directory domain account to the SQL Server system administrators role.

If you have not been added to the system administrators role, you should contact a database administrator to assist you. For more information about creating a new installation when you don’t have system administrator privileges, see How to create an installation without system administrator privileges.

To create a new installation and management database as a system administrator:

  1. Log on using an Active Directory account with permission to install software on the local computer and permissions listed in Creating a setup user account for installation.
  2. Open Audit Manager.

    Note:   If you haven’t configured an audit installation yet, the New Installation wizard opens automatically.

  3. If this isn’t your first audit installation: in Audit Manager, right-click Centrify Audit Manager and select New Installation to open the New Installation wizard.

  4. Enter a name for the new installation, then click Next.

    Tip:     Name the installation to reflect its administrative scope. For example, if you are using one installation for your entire organization, you might include the organization name and All or Global in the installation name, such as AcmeAll. If you plan to use separate installations for different regions or divisions, you might include that information in the name, for example AcmeBrazil for a regional installation or AcmeFinance for an installation that audits computers in the Finance department.

  5. Select the option to create a new management database and verify the SQL Server computer name, instance name, and database name are correct.

    If the server does not use the default TCP port (1433), you must provide the server and instance names separated by a backslash, then type a comma and the appropriate port number. For example, if the server name is ACME, the instance name is BOSTON, and the port number is 1234, the server name would be ACME\BOSTON,1234.

    If you're installing on a SQL cluster, enter the SQL cluster name in the SQL Server computer name field.

    If you’re connecting to a SQL Server availability group listener, click Options (next to the Server Name) and enter the following connection string parameters:

    MultiSubnetFailover=Yes

    Click Next to continue.

  6. Select Use the default NT AUTHORITY\SYSTEM account to use the internal account or select a specific SQL login account with sufficient privileges, then click Next.

    A SQL login account is required to run the stored procedures that read and write information to the management database. The account must a member of the system administrator (sa) fixed server role on the selected database server, as mentioned in Configuring SQL Server to prepare for auditing.

  7. Type the license key you received, then click Add or click Import to import the keys directly from a file, then click Next.
  8. Accept the default location or click Browse to select a different Active Directory location for publishing installation information, then click Next.

    You must have the Active Directory permission to Create serviceConnectionPoint objects on the container or organizational unit you select for publishing installation information.

  9. Select the installation-wide auditing options you want to enable, then click Next.
    • Select Enable video capture recording of user activity if you want to capture shell or desktop activity on computers when users are audited, then click Next.

      Selecting this option enables you to review everything displayed during an audited user session, but will increase the audit store database storage requirements for the installation. You can deselect this option if you are only interested in a summary of user activity in the form of audit trail events. Audit trail events are recorded when users log on, open applications, and select and use role assignments with elevated rights.

    • Select Do not allow any users to review their own sessions to prevent all users from updating the review status for their own sessions or adding comments to their own sessions.

    • Select Do not allow any users to delete their own sessions to prevent all users from deleting their own sessions.

    If you set either of the installation‑wide policies disallowing user activity, the policy takes precedence over any rights provided by a user’s audit role.

  10. Review details about the installation and management database, then click Next.

    If you have SQL Server system administrator (sa) privileges and can connect to the SQL Server instance, the wizard automatically creates the management database.

  11. Select the Launch Add Audit Store Wizard option if you want to start the Add Audit Store wizard, then click Finish

    If you want to create the first audit store database on a different SQL Server instance, you should deselect the Launch Add Audit Store Wizard option and click Finish.

For more information about adding the first audit store database, see Creating the first audit store.