Checklist for auditing systems outside of Active Directory

Here is the overall process for auditing a computer that isn't joined to Active Directory, including links to documented procedures.

Step # Actions Details  
  Create the audit installation    

1

For the audit store that includes the collector that you will enroll to the Privileged Access Service, edit the audit store scope so that it includes the following:

  • The site or subnet that the collector is in
  • The IP address or subnet of the system to be audited (the one that isn't in Active Directory)

Creating a new installation

 

 

  Add the audit installation to the Admin Portal and enable auditing    

2

Install a connector on a Windows computer in the Active Directory domain

Note: For now, do not install a connector on the same computer as a collector.

How to install a Centrify Connector

 

3

In the Admin Portal, enable auditing for the audit installation.

Enabling auditing for remote sessions

 

4

Verify the connector status in the Admin Portal.

Note:   If your deployment is across multiple Active Directory forests or you have multiple DirectAudit installations, your deployment will include multiple cloud connectors. In this kind of deployment, you should configure each non-Active Directory system to use only the cloud connectors that are in the same Active Directory forest as the desired DirectAudit installation. You can configure which connectors should be used in the system's Connector settings in the Admin Portal. For details, see Selecting the connectors to use.

 

Reference content -- Connector configuration program

 

 

Configure the collector

 

 

5

On the computer where the collector is or will be, install the Centrify client and enroll the computer in the Privileged Access Service.

The collector needs to be joined to Active Directory and enrolled in the Privileged Access Service.

Installing and using the Centrify Client for Windows

 

6

Install a new collector or reconfigure an existing collector so that the collector receives audit data according to the cloud settings.

Configure the audit collector service

 

 

Configure the computer to be audited

 

 

7

In the Admin Portal, download the Centrify Client installers and get an enrollment code

Installing and using the Centrify Client for Windows

Enrolling and managing computers using Centrify Clients for Linux

Enrolling a computer

 

8

In the Admin Portal, make sure that the user account you'll use to run the installer has the permissions to enroll the system.

Admin Portal administrative rights

 

9

On the computer to be audited, make sure that its DNS setting are set so that it can contact and be contacted by the collector computer.

On the computer to be audited, make sure that its DNS settings are set so that it can contact the collector computer by its fully qualified domain name (FQDN).

 

10

Install the client and enroll the computer in the Privileged Access Service.

Installing and using the Centrify Client for Windows

Enrolling and managing computers using Centrify Clients for Linux

 

11

In the Admin Portal, verify the enrollment.

In the Admin Portal, go to Resources > Systems to verify the enrollment status.

 

12

Install the audit client package(s):

  • Windows: Install the Windows audit package.
  • Linux: First install the OpenSSL package, and then install the Linux audit package..

Downloading the audit packages for the Centrify Clients

 

13

In Audit Manager, verify that the computer is being audited.

Managing audited computers and agents