Dell SonicWALL Directory Services Connector 3.7
Administration Guide
12
About using non-admin accounts to access the DC security
logs for SSO
SSO Agent service users do not have to be domain administrators. You can also use a normal domain user with
some additional permissions granted, for access. For more information, refer to the Configuring a Non-Admin
Domain Account for SSO Agent to Read Domain Security Logs configuration guide, available at
https://support.software.dell.com
.
About LogWatcher
The Add LogWatcher Support option is available when a DC Security Log method is selected for Query Source.
LogWatcher is a Windows service that runs on each Domain Controller. Its fetches the security event log, parses
the log events, and sends user logon/logoff information to the SSO Agent and/or the Dell SonicWALL network
security appliance. LogWatcher is most suitable in a distributed DC environment where the DC logs are
replicated across multiple Domain Controllers.
LogWatcher Requirements
1 The Domain Controller must be running Windows Server 2003 or higher.
2 Microsoft Visual C++ 2010 Redistributable Package (x86) (for Windows Server 2008 and above) or
Microsoft Visual C++ 2008 Redistributable Package (x86) (for Windows Server 2003) must be installed on
the Domain Controller.
• Microsoft Visual C++ 2010 Redistributable Package (x86) (for Windows Server 2008 and above):
http://www.microsoft.com/en-us/download/details.aspx?id=8328
• Microsoft Visual C++ 2008 Redistributable Package (x86) (for Windows Server 2003):
http://www.microsoft.com/en-us/download/details.aspx?id=29
3 The Domain Controller must have Microsoft Core XML Services (MSXML) 6.0 (also known as Microsoft
MSXML Parser 6.0) installed:|
http://www.microsoft.com/en-us/download/details.aspx?id=3988
4 The Domain Controller must have audit logon enabled.
5 The LogWatcher Service only works with SSO Agent 3.6.02 and higher.
6 The SSO Agent must be configured for LogWatcher support.
About enabling audit logs in DC policy
The Domain Controller must have audit logon enabled for LogWatcher to work. Audit logon is disabled by
default in Windows Server. Steps to enable audit logon are provided in the following sections:
•
Setting a group policy to enable audit logon on Windows Server 2003
on page
44
•
Setting a group policy to enable audit logon on Windows Server 2008
on page
46
About NetBIOS mapping support
The Add NetBIOS mapping support option is available when a DC Security Log method is selected for Query
Source.
Windows Server 2000 and higher provide support for applications that use the NetBIOS networking APIs and the
flat NetBIOS names. This allows identification of Windows domains for computers that are running Windows
operating systems. A fully qualified domain name (FQDN), sometimes also referred to as an absolute domain
name, is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System
(DNS). It specifies all domain levels, including the top-level domain and the root zone.