Advanced Options

This page describes Audit Server's Advanced Options.

Note: If Domain Time Server on this machine is set as a Slave server, this page will not appear since Slaves inherit their timing settings from the Master server. See Domain Roles for more information on Master, Slave, and Independent Server roles.

Audit List Management...
Audit Server can add discovered machines to the Audit list and also remove non-responding systems from the list automatically.

Audit List Management   [Click for larger size]

Automatic Addition to the Audit List
Check the Add DTII machines discovered during audit checkbox to add any new machines running Domain Time Server, Client, Windows Time Agent, or the domtimed daemon found on the network to the list of audited machines.

Check the Add NTP Servers discovered during audit checkbox to add any newly-discovered NTP servers to the list of audited machines.

Check the Add machines that have synchronized with Domain Time II Server checkbox to add those systems to the list of audited machines.

When checked, Audit Server will automatically add systems to the Audit List by contacting Server(s) and retrieving a list of all machines (ephemera) that have synchronized their time with that server using Domain Time II protocols. Multiple servers may be contacted to obtain their machine lists, if desired.

This method is a reliable method for populating the Audit List, and it has the added advantage of adding machines that are not currently online. However, it cannot discover any Domain Time II components that are not synchronizing with a Domain Time II Server. Those machines must be discovered using Domain Time Manager list discovery and/or entered manually and added to the list.

Notes:

Adding machines that have synchronized with Server only works with Windows Domain Time II Server version 3.1 and later.

Only systems that synchronize with the Server(s) using the Domain Time II protocol can be auto-discovered.

The Audit Server must use credentials with sufficient rights to connect to the administrative share on the remote Server(s)

Foreground - collection must finish before audit completes
Background - collection finishes independent of scheduled audits
    Run background collection periodically, not just at audit time

These choices determine whether Audit Server will collect the server ephemera data in a separate thread from the audit run itself. Collecting ephemera data records from each Server can take an extended amount of time, particularly if you have a large number of synchronization events, since Audit Server must parse each event to determine whether or not it represents a new machine to be added.

Choosing Background allows collection of the basic audit data very quickly, and then the collection of the ephemera logs can complete in the background. Running the collection in the background periodically can make collection even more efficient.

Obtain records from this machine only
Specify a list of servers


Collection of the list of machines that synchronize with Domain Time II Server is enabled by default only on the Domain Time II Server on which Audit Server itself is installed. Other Domain Time II Servers will not keep a record of synchronizing machines until you enable data collection on them by entering them in the Server List. You will see a confirmation dialog when the server is successfully added to the list.
See the Service Credentials... and IP Restrictions sections below for details on those settings.

Automatic Removal from the Audit List

Stop auditing machines that haven't responded in over days will trim the audit list of any machines that have not been contacted in the specified period. Uncheck the box if you do not want to trim the list.

Data Folders...
Choose where Audit Server stores records, reports, and logs.

Folders  Audit Results   Daily Reports   Synchronization Logs

You must specify locations on physically-attached storage so that the background service may access them without interruption. If you change a location, Audit Server will automatically move existing files to the new location for you.

Service Credentials...
Audit Server needs administrative rights to be able to collect synchronization logs and ephemera discovery records from remote systems. The settings on the Audit Server -> Advanced -> Credentials... dialog allow you to specify the account used by Audit Server for this purpose.

Audit Server Credentials  Run the Audit Server service using a Domain Admin account Domain:  Username:  Password:  Run the Audit Server service using a Domain Admin account Domain:  Username:  Password:

You have the choice of having the Audit Server service itself run under the LocalSystem account and supply the administrative access credentials only when performing an audit, or having the service running with the administrative privileges at all times. In general, the first option is preferred. In either case, account details are encrypted in the registry.

Audit Server can access other domains and workgroup members as long as the credentials supplied match an administrative account on the domain (or local machines in the workgroup). If you select a workgroup or domain to which Audit Server does not have administrative access, the collection will fail and will be noted in the logs.

IP Restrictions...
The Audit Server -> Advanced -> IP Restrictions... menu item allows you restrict which systems are allowed to contact Audit Server.

IP Restrictions dialog   [Click for larger size]

The IP Restrictions dialog applies to machines sending Real-Time Alerts, which machines are available to be Auto-added to the Audit List, and which machines can provide synchronization logs.

You can both permit and deny access from IP ranges. To restrict a single IP address, enter the same IP address for both the First and Last range items.

 Proceed to the Logs page

 Back to the Data Collection page