Check the Add Domain Time Nodes discovered during audit checkbox to add any
new machines running Domain Time Server, Client, Windows Time Agent, or the domtimed daemon found on the network to the list of audited machines.
Check the Add NTP Nodes discovered during audit checkbox to add any
newly-discovered NTP daemons to the list of audited machines.
Check the Add machines discovered by receipt of startup Real-Time Alerts checkbox
(version 5.2.b.20150307 or later) to allow new machines not already in the Manager database to be added upon receipt of a Real-Time Alert upon service start.
For security purposes, Audit Server will not accept Real-Time Alerts from machines that are not already present in the Manager database (appearing in the Domains and Workgroups list) by default.
However, in some circumstances, such as adding new machines to the network that don't exist in Active Directory, this will prevent a machine
set to "Always audit this machine" on its Status Reports configuration page from being auto-added (since its Real-Time alerts are being rejected).
Enabling this checkbox can bypass this restriction. Use only if required.
If checked, and a previously-unknown machine sends a Real-Time Alert shortly after boot
or service restart, Audit Server will attempt to add the machine to the audit list. The sending machine must respond to Audit Server's
query before it can be added. Audit Server will only try unknown machines a few times before giving up.
Check the Add PTP masters discovered by PTP Monitor checkbox
(version 5.2.b.20170101 or later) to add any PTP master servers discovered by PTP Monitor to the audit list.
Check the Add PTP masters discovered by PTP Monitor checkbox
(version 5.2.b.20170101 or later) (version 5.2.b.20170101 or later) to add any PTP slaves discovered by PTP Monitor to the audit list.
Check the Add machines that have synchronized with Domain Time II Server checkbox to
add those systems to the list of audited machines.
When checked, Audit Server will automatically add systems to the Audit List by contacting Server(s) and retrieving a list of all
machines (ephemera) that have synchronized their time with that server using Domain Time II protocols.
Multiple servers may be contacted to obtain their machine lists, if desired.
This method is a reliable method for populating the Audit List, and it has the added advantage of adding machines that are not
currently online. However, it cannot discover any Domain Time II components that are not synchronizing with a Domain Time II Server.
Those machines must be discovered using Domain Time Manager list discovery and/or entered manually and added to the list.
The "Adding machines that have synchronized with Server" function requires Domain Time II Server version 3.1 and later.
Only systems that synchronize with Domain Time Server(s) using the DT2 protocol can be auto-discovered.
The Audit Server must use credentials with sufficient rights to connect to the administrative share on the remote Server(s).
See the Service Credentials... and IP Restrictions sections below for details on those settings.
Machines may also be manually added to the audit list using Domain Time II Manager, either one-at-a-time or in a batch. See the
Select machines to audit with Audit Server section
of the "How to Manage Domain Time Remotely" page of the Manager documentation.
Foreground - collection must finish before audit completes Background - collection finishes independent of scheduled audits Run background collection periodically, not just at audit time
These choices determine whether Audit Server will collect the server ephemera data in a separate thread from the audit run itself.
Collecting ephemera data records from each Server can take an extended amount of time, particularly if you have a large
number of synchronization events, since Audit Server must parse each event to determine whether or not it represents a new machine to be added.
Choosing Background allows collection of the basic audit data very quickly,
and then the collection of the ephemera logs can complete in the background. Running the collection in the background periodically can make
collection even more efficient.
Obtain records from this machine only Specify a list of servers
Collection of the list of machines that synchronize with Domain Time II Server is enabled by default only on the Domain Time II Server on which Audit
Server itself is installed. Other Domain Time II Servers will not keep a record of synchronizing machines until you enable data collection on them by entering
them in the Server List. You will see a confirmation dialog when the server is successfully added to the list.
Automatic Removal from the Audit List
Stop auditing machines that haven't responded in over days
will trim the audit list of any machines that have not been contacted in the specified period. Uncheck the box if you do not want to trim the list.
Reset last contact date and failure count when a machine is added manually sets the failure counters to defaults when manually adding machines.
Choose where Audit Server stores records, reports, and logs.
The file locations can be any valid file folder to which the Audit Server service account has sufficient rights to read and write files.
You should specify locations on physically-attached storage so that the background service may access them without interruption. If you change a location,
Audit Server will automatically move existing files to the new location for you.
If you must, you may indicate any valid UNC path to store the files on a remote machine, however, be aware that should the remote machine become unavailable for any reason, audit data collected during that period will be irretrievably lost.
Since files in these folders are used to create an audit trail, best practice requires that they must be as secure as possible, and we strongly recommended that the folder be located on a local drive using the NTFS filesystem to accomplish this.
Folder permissions should be set so that only the Audit Server service account (usually System) has Full Control. By default, everyone else should be denied access entirely. If you choose to grant exceptions (such as to export Daily Report files), you should take care to only grant Read-Only rights to the required user/group. You may also wish use operating system auditing to monitor the folders for unauthorized changes.
You may be interested in using the Greyware System Change Log utility for the task.
Audit Server needs administrative rights to be able to collect synchronization logs and ephemera discovery records from remote systems.
The settings on the Audit Server -> Advanced -> Credentials... dialog allow you to specify the account used by Audit Server for this purpose.
You have the choice of having the Audit Server service itself run under the LocalSystem account and supply the administrative access credentials only when performing an audit,
or having the service running with the administrative privileges at all times. In general, the first option is preferred.
In either case, account details are encrypted in the registry.
Audit Server can access other domains and workgroup members as long as the credentials supplied match an administrative account on the domain (or local machines in the workgroup).
If you select a workgroup or domain to which Audit Server does not have administrative access, the collection will fail and will be noted in the logs.