- 27 Sep 2023
- 3 Minutes to read
- Contributors
- DarkLight
- PDF
Audit Monitor Installation
- Updated on 27 Sep 2023
- 3 Minutes to read
- Contributors
- DarkLight
- PDF
Installation
As with all HealthCast software, please check to make certain that all pre-reqs are installed. All that are stated MUST be installed. There are some pieces of software that require both the x86 and the x64 versions of the pre-requisite to work properly. If the software, for example, the .Net software for the ExactAccess 4.14.* Follow all instructions to the letter.
The supported versions of Exact Access are 4.13.5, 4.14.0, and 4.14.1
Install the server certificate or verify that the certificate is present. (The certificate must have the FQDN - Fully Qualified Domain Name as the subject field.)
User and Admin Groups should be created on the AD and users added.
Use the setup.exe file for installation. See the next section for what to do when this installation executable has completed.
Post Installation
This must be run as an administrator.
The PowerShell script sets up the administration tools using the FQDN from the Certificate subject field.
It opens ports 5000 on the server firewall to allow access.
Execute the PowerShell script (C:\Program Files (x86)\HealthCast\SSO Audit Monitor\Config\SsoAuditMonitorSetup.ps1) on the server that will be hosting the SSO Audit Monitor application.
- Locate the Audit Database for your installation of ExactAccess on the SQL server and note the name:
Before executing the provided SQL script you will need to change the name of the database in the first line to the name of your Audit database, C:\Program Files (x86)\HealthCast\SSO Audit Monitor\Config\CreateDb.sql
The line you will be changing is “USE AUDIT” – change the word “AUDIT” to the name of your actual Audit Database, whatever you configured it to be.
Using the SQL Server Manager, grant permissions to the AD user account selected (ExactAccess Active Directory user account) or the account created for the Environment Prerequisites.
- Select the Security Folder right click>New>Login
- Fill in the Login Name. It will be the Active directory user requested in the Environment Prerequisites or the account created for the Environment Prerequisites.
- Select User Mapping. Select the Audit Database and the roles will be db_datareader db_datawriter. (If using Windows Authentication the db_owner permission should be set with the ExactACCESS configuration. The account will not require the additional permissions.)
Using File Explorer, browse to C:\Program Files (x86)\HealthCast\SSO Audit Monitor
- Locate the appsettings.json
- Open with a text editor.
- Change the Server=servername
- Change the Database=databasename
- Save the changes and close.
4. In Services, set the Log On As to the AD user who has permission to access the SQL database.
5. Start the service.
Configuration
Admin and User Groups
** *The Admin and User Groups refer to domain security groups, each having specific permissions within Audit Monitor. Only one domain security group may be defined for either the Users Group or the Admins Group. ** *
- Any member of the Users Group may log in and run reports.
- Any member of the Admins Group may log in and run reports, as well as access the Settings page.
The Settings Page
The Settings page allows you to configure Audit Monitor settings. currently, the only two settings that can be configured are the Users Group and the Admins Group.
When Audit Monitor is installed, it sets the default Users Group to Domain Users, and the default Admins Group to Domain Admins.
To change either the Admins Group or User Group:
- Log in to Audit Monitor as a user who is a member of the Admins Group Active Directory (AD) security group (e.g., Domain Admins)
- Click the Settings link.
- Change the Users Group to a different AD security group.
- Change the Admins Group to the desired AD security group.
- Click Save.
Alternative Method
After installation, if you need to change the Admins or Users group and you are not a member of Domain Admins (and therefore do not have access to the Settings page in Audit Monitor), you can still change the setting as long as you have access to the Audit SQL database.
1. Log in to the SQL Server that hosts the Audit database using a tool such as SQL Management Studio.
2. Select the "Settings" table.
3. Right-click the Settings table and select Edit Top 200 Rows.
4. This will open up a window that shows the two Audit Monitor Roles settings.
5. You may change the Value setting to the desired AD security group for either AdminRole or UserRole.
6. After making this change, the HCI SSO Audit Monitor Service must be restarted in order for the changes to take effect.