Change Guardian |
Version 4.0.0 |
Release Notes |
Date Published: March 2013 |
|
The NetIQ Change Guardian product (Change Guardian) is a file integrity management solution that provides organizations with the ability to monitor for changes to critical system and corporate files. Change Guardian events allow you to see file changes, as well as who made the change, the time of the change, and the computer from which the user initiated the change. In many cases, Change Guardian provides the before and after values for the change so organizations have enough information to take needed action. Many improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Change Guardian forum on Qmunity, our community Web site that also includes product notifications, blogs, and product user groups. What's New?This version of Change Guardian provides a new user interface that allows you to easily create policies that monitor changes in your Windows, Group Policy, Active Directory, UNIX and Linux environments. System RequirementsYou must install the Change Guardian Policy Editor on a computer running one of the following operating systems:
NOTE: If you install the Policy Editor on a computer running Microsoft Windows XP (64-bit) or Windows 2003 (64-bit), you must install Microsoft Windows Hotfix 942589. For more information, see http://support.microsoft.com/kb/942589. The Policy Editor computer must include Microsoft .NET Framework 3.5 Service Pack 1 or later. NOTE: The Policy Editor does not support .NET Framework 4 Client Profile. If you install .NET Framework 4 Client Profile, you cannot connect to an event destination when configuring email. The Policy Editor does support .NET Framework 4 Extended. Agent Computer RequirementsChange Guardian communicates with monitored computers through agents you install on those computers. Agents receive policy information from the Policy Repository on the Change Guardian server, and send events back to the Change Guardian server. Each Change Guardian module supports specific operating systems.
Change Guardian for WindowsChange Guardian for Windows monitors computers with the following operating systems:
NOTE: Change Guardian for Windows does not support Registry and File Share events. Change Guardian for Active DirectoryChange Guardian for Active Directory monitors computers with the following operating systems:
Change Guardian for Group PolicyChange Guardian for Group Policy monitors computers with the following operating systems:
Change Guardian for UNIX and LinuxChange Guardian for UNIX and Linux monitors computers with the following operating systems:
Known IssuesNetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The issues associated with the following modules are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Change Guardian ServerThe Change Guardian Server Does Not Accept Some Special Characters in Passwords
Change Guardian Policy Editor
The Change Guardian for Windows Module Cannot Browse Some Windows XP Computers
The Policy Editor Cannot Connect to the Policy Repository Using an IPv6 Address
An Administrative Report Can Display Repeated Information
Browsing AD Groups or Users Loads the Previously Created Filter After Refreshing the User or Group Browser
Policy Set Names Cannot Include Some Special Characters
Rebooting the Change Guardian Server Can Cause the Policy Editor to Fail
Change Guardian for Windows
Modifying an Empty Registry Binary Value Generates a Registry Value was Created EventIf you modify an empty binary value of a monitored registry key, Change Guardian treats the change as a created binary value, rather than a modified binary value. Change Guardian correctly generates a modified binary value change event for subsequent changes to the binary value. (DOC312594) File Owner Filtering Does Not Work on Files on FAT32 PartitionsDo not use the File Owner Filtering feature when creating policies for files you want to monitor in the FAT32 partition. Files located in the FAT32 partition do not have owners, so the feature is ineffective. (DOC305580) Changes to File Share Entries on Windows 2008 Failover Clusters Do Not Generate EventsChange Guardian for Windows does not support monitoring changes to file share entries on Windows Server 2008 failover clusters. The best practice is to monitor for changes to specified file share entries located on the shared disks of the cluster node computers, rather than to monitor for changes to files share entries on the failover cluster itself. (DOC261632) The Registry Browser Can Display Nested Registry Keys as Recursive Registry KeysIf you monitor a nested registry key within the Wow6432Node registry with the same name as the Wow6432Node Registry key, the registry browser displays the key recursively. (DOC280520) Monitoring an Administrative Share Does Not Generate EventsEvery Windows computer supported by Change Guardian for Windows automatically creates an administrative share of every hard drive. In other words, the C:\ drive is shared as C$. Since administrative shares are special shares created by the operating system by default, and are not user initiated, Change Guardian cannot monitor them. To monitor file shares on C:\, you must create a new file share with a different name. Change Guardian for Active Directory
Some Events Contain Empty User or Domain InformationIn situations where Change Guardian for Active Directory generates a large number of events of various types, a small number of the events do not contain information for the user performing the change and from which domain the user performed the change. (DOC322255) Erroneous Success Event Generated for an Unsuccessful Contact Move to a Restricted Active Directory ContainerIf someone attempts to move a monitored contact to a restricted Active Directory container, an error displays, and the contact is not moved. Windows logs the operation as successful in the Windows event log. Change Guardian for Active Directory, in turn, interprets the action as a successful move and generates a "Success" event. (DOC321953) Changes By Managed Users in Trusted Domains Can Appear as Unmanaged ChangesActive Directory changes performed by managed users in trusted domains appear in the Change Guardian Web console as unmanaged changes. (ENG322995) Change Guardian for Group PolicySome Event Deltas Can Contain Incorrect Path InformationIf you make a change to a Windows Server 2003 Domain Controller (DC) from a Windows Server 2008 computer with GPMC, Change Guardian displays the path for the Windows Server 2008 computer, rather than for the Windows Server 2003 DC where the change took place. (DOC318950) Change Guardian for UNIX and Linux
Some Failed Attribute Changes Are Not Reported for AIXWhen monitoring directory attribute changes on AIX computers, Change Guardian does not always reports events when NOTE: Change Guardian only reports failed system call events if the system call does not complete as designed. If a user provides incorrect arguments, the system call does not succeed, but it works as designed, so Change Guardian does not attempt to report a failed event. (ENG320366) Time and Content Changes Not Reported for HP-UX 11iv3The HP-UX 11iv3 auditing subsystem does not provide information for the Failed Mount Attempted on HP-UX Are Reported as Successful MountsChange Guardian does not properly identify failed mount attempts on HP-UX computers, and interprets all mounts as successful. (DOC319906) Changes to Directory Contents Do Not Generate EventsWhen you monitor changes to the attributes of a directory, Change Guardian does not generate events when the contents of the directory change, for example, when a file is added, even though the directory's time attribute changes. (DOC319386) Read Events for Public Files Are Not Reported for SolarisBy default, the Solaris auditing subsystem does not report read operations for public files. Public files are files that are owned by root, readable by all users, but
not writable by all users. To get events about reads of public files, use the Question Marks Reported as User Name for HP-UX Trusted ComputersFor events from HP-UX trusted computers, Change Guardian reports question marks in place of user names. (ENG318593) Events Are Not Reported for Control+C Process Terminations for LinuxOn Linux computers, Change Guardian only reports events generated by a Wildcards Not Recognized in Subdirectories when Monitoring Mount and Unmount EventsWhen you are monitoring mount and unmount events, you can use a wildcard ( Delta Information for Mount Events on AIX Is Not ReportedFor mount and unmount events on AIX computers, Change Guardian does not report permission changes. (DOC325454) Changes to the Time Attribute Do Not Generate Events for HP-UXWhen you monitor changes to the attributes of a file on a HP-UX computer, Change Guardian does not generate events when the time attribute changes. (DOC320724) Incorrect Process File Path Reported for Unmount Events on Solaris 10For unmount events on Solaris 10 computers, Change Guardian reports incorrect process file path. (ENG322149) Contact InformationOur goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you. For detailed contact information, see the Support Contact Information Web site. For general corporate and product information, see the NetIQ Corporate Web site. For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups. Legal NoticeTHIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. © 2013 NetIQ Corporation and its affiliates. All Rights Reserved. For information about NetIQ trademarks, see http://www.netiq.com/company/legal/. | ||||||||||||||||||||||||||||||