AuditWizard - Getting Started - Pre-Installation
The AuditWizard application is typically only installed onto a single computer from where the program will be administered. You do not need to install AuditWizard onto the other computers in your network. The application is installed with an embedded SQL Compact 3.5 database. No SQL Server is required.
AuditWizard uses a network share to collect audit files produced by the Scanner and Agent. It uploads from this location.
It should have its own network share in the format \\SERVER\SHARE. It is not recommended to nest the share in an existing share, e.g. \\SERVER\SHARE1\SHARE2\SHARE, as this can create issues with inherited permissions. A good place to put the share folder is in C:\. The permissions are open but the data is to all intents and purposes non-confidential.
- Create a folder for sharing (e.g. C:\aw) and get Properties.
- Click the Sharing tab. Click the Share this folder radio button. Enter the share name (a short name containing only letters and numbers). Enter a comment to describe the share.
- Click the Permissions button. Everyone will be present. This is the only account you should specify—don't add any others. Click the Full Control, Allow checkbox, then the Apply and OK buttons.
- Click the Security tab. Click the Add… button. Enter Everyone and click the Check Names button, then OK.
- Select Everyone and check the Full Control checkbox in the Allow column. Click the Apply button.
- Click the Advanced button. Uncheck Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here. Click the Remove button in the confirmation dialog.
- Check Replace permission entries on all child objects with entries shown here that apply to child objects and click the Apply button. Confirm. Click the OK button.
- Here are the resulting security settings:
AuditWizard requires one domain-user account. It is used for the AuditWizard Service (the service that runs on the AuditWizard computer) and the Audit Agent Service (the service that runs on the target computer). It must have sufficient permissions to do the following operations:
For the AuditWizard Service:
- Must be able to write AuditAgent.exe and AuditAgent.xml to \\Computer\ADMIN$\System32\ (C:\WINDOWS\System32\) on the target computer
- Must be able to install AuditAgent.exe as a service on the target computer
- Must be able to start, stop and remove the AuditWizard Agent service on the target computer
- Must be able to delete AuditAgent.exe, AuditAgent.log and AuditAgent.xml from \\Computer\ADMIN$\System32\ on the target computer
- Must be able to read and write to the AuditWizard network share.
For the Audit Agent Service:
- Must be able to write to the local C:\WINDOWS\System32\ folder
- Must be able to write to the root of C: on the local computer.
- Must be able to write to the AuditWizard network share.
Commonly a domain-admin account should be capable of these operations but we have discovered that many domain-admin accounts cannot do all of the above. In this case, it is advised that a new account with the above permissions be created for use with AuditWizard.
An initial test can be done to determine whether an account will be suitable. Log into the AuditWizard computer using the account. Attempt to open the ADMIN$ share on a target computer (\\Computer\ADMIN$). If the account can't do this, then it is not suitable.
In summary, either use an account with the above permissions or create an account that has these. The account is entered into Administration > General > AuditWizard Service > Service Control.