If you select auditing when you install the Windows agent, the agent starts capturing user session activity immediately after it is installed. Therefore, you should be sure that you have an installation, audit store database, and collector prepared and available before installing an agent. If the agent cannot connect to an installation, it stores the captured session data locally and can quickly overload the local computer’s resources.
To install the agent on Windows using the setup program:
- Log on to the computer and insert the CD or browse to the location where you have saved downloaded Centrify files.
If the Getting Started page is not displayed automatically, open the
On the Getting Started page, click Agent to start the setup program for the Windows agent.
At the Welcome page, click Next.
Review the terms of the license agreement, click I accept the terms in the License Agreement, then click Next.
Verify the location where files will be installed, then click Next.
If you want to install in a location other than the default location, click Browse, select a different location, then click Next.
Click Finish to complete the installation and start the agent configuration wizard.
In the Centrify Agent Configuration window, click Add Service.
In the dialog box that opens, select the Centrify Auditing and Monitoring Service option and click OK.
In the Enable session capture and replay window, select the auditing installation to which you want the agent on this computer to connect.
Click Next to continue.
The Centrify Auditing and Monitoring Service is now listed as an enabled service.
- Close the Agent configuration window and click Exit in the installer window.
The agent configuration wizard automatically configures several default settings in the agent registry. If you want to view or change the agent settings for auditing on a Windows computer after running the configuration wizard—or if you did not use the configuration wizard immediately after installation—you can use the Agent Configuration Wizard.
To configure the agent settings for auditing:
- Click Start > All Programs > > Centrify Agent for Windows Configuration > Agent Configuration.
- In the Centrify Agent Configuration window, locate the Centrify Auditing and Monitoring Service option, and click Settings.
The Centrify Auditing and Monitoring Service Settings window opens.
On the General tab, click Configure.
Select the maximum color quality for recorded sessions, then click Next.
If your audit installation has video capture auditing enabled, you can configure the color depth of the sessions to control the size of data that must be transferred over the network and stored in the database. A higher color depth increases the CPU overhead on audited computers but improves resolution when the session is played back. A lower color depth decreases network traffic and database storage requirements, but reduces the resolution of recorded sessions.
- Specify the offline data location and the maximum percentage of disk that the offline data file should be allowed to occupy, then click Next.
If the agent cannot connect to a collector, it saves session activity in the offline data location you specify until it can contact a collector.
The spool threshold defines the minimum percentage of disk space that should be available to continue auditing. It is intended to prevent audited computers from running out of disk space if the agent is sending data to its offline data storage location because no collectors are available.
For example, if you set this threshold to 10%, auditing will continue while spooling data to the offline file location as long as there's at least 10% disk space is available on the spool partition. When the disk space available reaches the threshold, auditing will stop until a collector is available.
The agent checks the spool disk space by periodically running a background process. By default, the background process runs every 15 seconds. Because of the delay between background checks, it is possible for the actual disk space available to fall below the threshold setting. If this were to occur, auditing would stop at the next interval. You can configure the interval for the background process to run by editing the HKLM\Software\Centrify\DirectAudit\Agent\DiskCheckInterval registry setting.
Select the installation that the agent belongs to, then click Next.
If the computer where you’re configuring an agent belongs to multiple audit stores in the auditing installation, choose which audit store this agent will connect to, then click Next.
In the Summary page, review your settings, then click Next.
The agent is now configured and enabled for auditing.
- Click Finish to close the agent configuration wizard, then click Close to exit the Centrify Auditing and Monitoring Service Settings window.