Delegating Administrative Permissions

You can facilitate the administration of a large installation by delegating tasks and, if needed, setting up additional Audit Manager consoles.

Whoever creates the installation is the first administrator in the system, with full control of the entire installation and the ability to delegate administration tasks to any Active Directory user or group. You can grant permissions to other users on the Security tab of the Properties page for each component.

Publishing Installation Information

Audit Manager publishes information about your installation to a service connection point (SCP) object in Active Directory so that audited computers and collectors can look up the information. If the published locations for multiple SCPs in the same installation are not in synch, or if agents cannot read from at least one of the published locations, the agents are unable to determine which audit store is the best match for the sites and subnets, and so they do not attempt to connect to an audit store.

Permission to Publish to Active Directory

Only administrators who have been delegated permission to modify various attributes of the installation can publish those attributes to Active Directory.

If you do not have Active Directory permission to modify the installation, the updates are kept in the audit management database, and a message is issued to notify you that the installation information could not by updated in Active Directory.

Synchronizing installation information

If you have an Active Directory account with permission to modify the installation, you can click Synchronize the Installation Properties page Publication tab to publish the information.

In a multi-forest or DMZ environment, this tab lists multiple Active Directory locations to which to publish.