Review of LepideAuditor Suite
I hope there is no need to explain why we have to audit Active Directory and Group Policy Objects. While testing third-party auditing solutions from different auditors, I got a chance to get hands-on experience of a tremendous one-stop solution. I am talking about the flagship product of Lepide Software – LepideAuditor Suite.
It offers a Single Centralized Platform to audit any number of Active Directory, Group Policy Objects, Exchange Server (with Non-owner Mailbox Accesses), SharePoint Server, and SQL Servers. (Active Directory and Group Policy) Object State Backup & Restore; Health Monitoring of Active Directory, Exchange Server and SQL Server; Historical Permission Analysis of File Server; Web-based Reporting Console with Role-based Access; and Android/Apple App to get real-time notifications of critical configuration changes are some important highlights of this product to be named. Active Directory Cleanup and User Password Expiration Reminder alerts are the added advantages of this Lepide product.
The downloaded setup file was of 318 MB in ZIP format. The best part is its easy installation and configuration. The available documentation on their Website was of great help, as it notified me about the basic system requirements and prerequisites to audit Active Directory and Group Policy Objects. After extracting the downloaded file, I just ran “setup.exe” and followed a few onscreen instructions to install the software. Following was the first screen after the installation:
Figure 1: First Screen after installing LepideAuditor Suite
I had selected “This Account” and provided the login credentials of a Domain Administrator. Once logged in, the dialog box to add a component appears onscreen.
Figure 2: Select a component to add
As I had to audit Active Directory and Group Policy, so I had selected the first option and clicked “OK”. Now, “Add Domain” wizard appeared in front of me.
Figure 3: Wizard to add the domain’s Active Directory and Group Policy for Auditing
There are two options to Add Domain – Express Configuration and Advanced Configuration. The former offers only four steps to add the domain, whereas the latter gives you an option to customize the auditing and configure some advanced options. I started with “Advanced Configuration” and provided the domain details in the next step.
LepideAuditor Suite lets you add the domain with an agent, without an agent, or by both in hybrid mode. The preferred option is to add the domain with agents, still if you want, then you can go for agentless auditing. I had not observed any change in both auditing modes for my Windows Server.
Next, one needs to enable the auditing on the server. Well, this is good that the software is enabling the auditing at the domain automatically. I clicked “Yes, Software can make required changes” button and then I selected “Use Default Domain Controllers Policy” in the next dialog box. Once the auditing was enabled, the wizard took me to the next step of “Advanced Domain Configuration”. At this step, you can define what is to be audited and what not.
Figure 4: Advanced Domain Configuration
I selected the options to audit Active Directory and Group Policy Objects and to backup the state of their objects. In addition to enabling Health Monitoring, I had also enabled Active Directory Cleaner and User Password Expiration Reminder. They show different dialog boxes for their settings, which has to be configured properly for their usage.
IP Settings was the next step, where the software had identified the IP Address of my domain controller. Here was an option to select a preferred domain controller for general calls and backup. In my case, there was only one domain controller, which was already selected. Still, this option will be very useful for the organizations having multiple domain controllers.
Both Advanced Domain Configuration and IP Settings offer the filters to filter out the exact domain controllers, on which a user can enable/disable auditing or verify their IP Addresses.
The next step was to configure the Database Settings. I selected a SQL Server hosted at the same domain controller, which has Active Directory. There is a small icon to save the provided SQL Server Settings as the default. Backup Settings let you configure the folder, which will store the data of backup snapshots containing the state of Active Directory Objects and Group Policy Objects.
Once the database settings are configured, the next step displays the options to customize the auditing of Organizational Units.
Figure 5: Customize the auditing of Organizational Units
You can select the Organizational Units that are to be audited, whereas you can uncheck OUs that will not be audited.
The next step displays the options to select the Object Classes, which will be audited and which will not be audited.
Figure 6: Select Object Classes
In addition to selecting the object classes, there were two additional options at the bottom. You can check “Audit Failed Logon” to let LepideAuditor Suite audit the failed logon events. The second option lets you audit successful user logon/logoff events.
Once done, the next step was to archive the auditing logs. I enabled the archiving and once again provided the SQL Server details of a database, where the archived logs will be stored.
After these few steps, I clicked “Finish” to add the domain. It asked to restart the software. Upon restart, I noticed a tab with the name of my domain controller in the dashboard called “Radar”.
Figure 7: Domain Tab
There is another 360 View tab, which displays the graphical representation of the configuration changes in all added server components, including Active Directory, Group Policy Objects, Exchange Server, SharePoint Server, SQL Server, and File Server.
“Health Monitoring” Tab displays the CPU usage, server availability, and the status of crucial Windows Services.
Figure 8: Health Monitoring Tab
I switched to “Audit Reports” Tab. The software contains more than 270 audit reports, if you have added all server components. Here, I browsed to view “Object Modifications” report.
Figure 9: Object Modification Report
It was great to find Compliance Reports too in “Audit Reports” Tab. I browsed it and found that it contains different reports for PCI, GLBA, FISMA, SOX, HIPAA and SOX. At the bottom, there are two more buttons, which I liked, for “Permission Analysis” (for the file server) and “Restore” to restore the state of Active Directory and Group Policy Objects.
The best thing about the reports in Auditor Suite is that you can apply single or multiple column filter on a report. It also offers the filtration of each column for any keyword. Moreover, you can search in the report, sort the report and save the report in PDF, MHT and CSV formats. The process to schedule a report for its periodic delivery to few recipients through email was also easy.
You can apply real-time alerts on any configuration change for which an audit report or a Health Monitoring report is there. These alerts can be sent to the email inboxes of the intended recipients, your LepideAuditor App or LiveFeed updates being displayed in the Radar Tab of the domain. Whatever alert you receive in the email inbox or notification you receive through the App are truly real-time. They are sent as soon as a change was made in the Active Directory or Group Policy Object.
I really enjoyed the way LepideAuditor Suite performs to audit the Active Directory and Group Policy Objects. I will certainly recommend it to anyone who is looking for an easy-to-use third party auditor. The easy installation, configuration and working will actually make the crucial auditing process comfortable.
- Product page – http://www.lepide.com/lepideauditor/
- Download trial – http://www.lepide.com/lepideauditor/download.html