Real-Time Change Auditing for Active Directory, Group Policy, Server File System and Server Authentication Events
CPTRAX for Windows provides real-time enterprise-wide alerting and auditing for your Windows and Active Directory environments.
Functionality is provided in four separate modules (you select those modules critical to your needs):
- Active Directory changes including schema changes
- Group Policy Objects (both those portions stored in Active Directory and Sysvol)
- Windows Server File System changes
(file, folder, permission changes plus share level activity)and who accessed files (when and from where)
- Windows Server Authentication tracking including login and failed login activity
- Sarbanes-Oxley (SOX)
- Gramm-Leach-Bliley Act (GLBA)
- Financial Services Authority (FSA)
- Payment Card Industry (PCI) Compliance
- Health Insurance Portability and Accountability Act (HIPAA)
Auditing for Active Directory | Group Policy | Server File System | Server Authentication
CPTRAX for Windows has four separate auditing and reporting modules that enable you to purchase only the modules that you need:
- Active Directory Real-Time Auditing and Alerting
- By object class for create, delete and modify
- By attribute for add value, remove value and modify value (includes before and after values plus rollback ability)
- By specific object or by wildcard including path
- By schema definition changes including new object classes and attributes created
- Group Policy Real-Time Auditing and Alerting
- By existing GPOs and newly created GPOs
- By gpLink and gpOptions attributes including changes to link priority
- By status changes (enabled, disabled including version number revisions)
- By actual granular level changes made including separate core and non-core files auditing
- By comparison to predetermined baseline GPO(s) or previous version compare
- Windows Server File System Real-Time Auditing and Alerting
- Server File and Folder changes, optionally including name of Share used
- Server File and Folder permission changes and ownership changes
- Server File access including open, create, rename (move) and delete
- Windows Server Authentication Real-Time Auditing and Alerting
- Server Authentication activity for Terminal Server and Citrix sessions, Kerberos, NTLM, NTLMSSP and FTP sessions
- Server Authentication Failures for Kerberos, NTLM, NTLMSSP and FTP sessions
- Reports include IP address where request originated and login name used and/or attempted (for failed authentications)
Auditing Questions CPTRAX for Windows will be able to answer:
"Who deleted an Active Directory Object or made the Schema Change or changed an Active Directory attribute?"
"Who deleted a file, when and were they were logged on to their workstation or via terminal services or from some unknown IP address?"
"Was access to the file granted through a private share such as C$ or via another share?"
"Who was using a particular IP address on a specified date/time?"Why choose CPTRAX for File System Auditing and Control? Why choose CPTRAX for Logon and Logout Auditing? CPTRAX Product Brochure
Purchasing CPTRAX for Windows
CPTRAX for Windows is licensed per server where it is installed for the File System Auditing and Logon/Logoff Auditing modules. The Active Directory Auditing module is licensed by total number of enable User Objects. The GPO Auditing module is licensed by the total number of Domain Controllers. To receive a custom quote for CPTRAX for Windows we will need to know the number of Windows Servers where you will be installing CPTRAX or the total number of enabled User Objects in your Active Directory.