Skip Headers
Oracle® Enterprise Manager Configuration Change Console Installation Guide
10g Version 10.2.0.5 for Windows or UNIX

E15311-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

9 Installing the Agent On Windows Platforms

This section documents installation instructions for all supported Windows platforms.

The agent must be installed or uninstalled by a user with Administrator permissions. Additionally, all files that are created by this Administrator must have NT Authority/SYSTEM change permissions. The agent will run as a service under the SYSTEM user account. This applies to all platforms in the Windows NT family. This includes Windows NT4.0, Windows 2000, and Windows 2003.

Note that by default, all NT Administrators are granted NT Authority/SYSTEM change permissions. If they have been modified, you must assign NT Authority/SYSTEM change permissions to the entire installation directory.

Special Instructions for Windows NT 4.0 or Missing WMI

This section discusses information about the Windows NT 4.0 agent installation. Follow the steps here before installing the agent as described later in this chapter. This section is also applicable if you are using a newer version of Windows but have removed the WMI (Windows Management Instrumentation) from the server.

Note:

This installation section is only applicable if you are installing an agent on Windows NT 4.0, or if WMI has been removed from the Windows installation.

How to Add NT Authority Change Permissions

After the agent installation is complete, you can add Change Permissions in one of the following two ways:

  • From the command prompt, execute the following command to set the permissions on the Configuration Change Console Agent Installation directory:

    cacls c:\oracle\ConfigurationChangeConsoleAgent /T /E /G SYSTEM:C

  • From Windows Explorer, do the following:

    1. Right-click on the Agent Installation directory.

    2. From the Security tab, confirm that SYSTEM is included in the list. If it is not included, you must add it.

Windows Management Instrumentation

Windows Management Instrumentation (WMI) enhances your ability to monitor and control system information and allows you to manage remote servers from a central location. For more information on WMI, refer to the WMI White Paper from the Microsoft Website.

Agents installed on Windows NT 4.0 platforms require WMI version 1.5 to be installed on the system in order for the agent to collect the full range of data available. Windows 2000 typically comes prepackaged with WMI version 1.5. If WMI is already installed on the system you must verify that it is version 1.5. It is recommended that you upgrade an existing WMI installation by following the steps in the WMI Versions and Upgrades section of this document.

The NT 4.0 agent installer detects whether WMI is installed, and if you select to install WMI, the agent installer will proceed to install WMI version 1.5 on your system. As part of the WMI installation, you must reboot the system after the agent installation completes.

If you choose not to install or upgrade WMI to version 1.5, the installer provides you the option of using the agent without the features provided by WMI 1.5. The alternative to using WMI is the NT 4.0 Lite version which must be used when WMI does not exist on the system or version 1.5 is not available.

Note:

There is a risk of data loss if WMI becomes unavailable or is disconnected.

Data Collection with WMI

The Configuration Change Console Agent works with WMI to collect the full set of data:

  • File creation, modification, renaming and deletions

  • File archiving

  • Process starts and stops

  • User logins and logoffs

  • System resource utilization by user, process, file and server

  • Current system resources and configurations

Data Collection with NT 4.0 Lite

The NT 4.0 Lite version, installed without WMI, will limit the data set collected by the agent; only the following set of data will be displayed:

  • System configurations

  • Creating, modifying, renaming and deleting files

  • File archiving

  • Device names associated with the file changes

Note that the following data will not be collected:

  • Process starts and stops

  • User logins and logoffs

  • Performance data such as Memory usage, CPU usage, and Disk usage

  • Does not provide Access Control

WMI Versions and Upgrades

The agent will not detect what version of WMI is installed on your system. If you have an older version of WMI, you must upgrade it before installing the agent.

Note:

Upgrading the WMI application may affect other applications on your system that are dependent or interface with the WMI application. Therefore, you should review the ramifications an upgrade to the WMI application may have on your IT infrastructure before proceeding.

To check which version of WMI is installed on your system, follow these steps:

  1. In Windows Explorer, go to C:\WINNT\system32\wbem\

  2. Right-click on the WinMgmt.exe file and select Properties

  3. From the Version tab, verify that the WMI file version indicates 1.5. If you have an older version of WMI, proceed to the next section for instructions on upgrading to WMI 1.5.

How to upgrade to WMI 1.5

Download and execute the wmint4.exe file from the Microsoft Download Center.

Refer to the Microsoft Download Center website for system requirements and detailed instructions for upgrading the WMI application on your system.

Windows XP, 2000, 2003 Agent Installation

The following sections describe the installation procedure for Windows 2000 Agent.

System Requirements

Before installing the agent, verify that you have at least the following installed on the device where the agent will be installed:

  • Latest Service Pack

  • For Windows 2000 only, Patch Q828020

You can obtain the patch from Microsoft's website. The Service Pack and the Patch are required to successfully monitor and log login/logout events for users.

Installing the Agent

To install the Agent on a Windows-based platform, follow these steps:

  1. From the Configuration Change Console Installation CD, run the agent-win.exe file. The installation screen appears. The first screen of the installer explains how to navigate through the installer screens.

    Click Next.

  2. Specify the directory where you would like to install the agent. The default directory, C:\oracle\ConfigurationChangeConsoleAgent is entered as the default path.

    Click Next to install to the specified location.

  3. A check happens to ensure the minimum version of WMI is installed. This may only be an issue if you are installing the agent on a Windows NT 4.0 server.

    Note:

    Upgrading the WMI application may affect other applications on your system that are dependent or interface with the WMI application. Therefore, you should review the ramifications an upgrade to the WMI application may have on your IT infrastructure before proceeding.
  4. The Configure Agent screen is displayed. Complete these steps:

    • Enter the Configuration Change Console server URL. The URL has the format t3s://hostname:port where hostname is the host the primary server is located at if using a non-clustered environment. If you are using a clustered environment, use t3s://hostname1:port1,hostname2:port2,hostname3:port3, for example, where you put host name and port for each Primary and Messaging Broker server. Click Next.

    • Select True or False depending on whether to automatically start the service after the install. If you select False, you must manually start the agent from the Windows Services control panel. The service name will be Oracle Configuration Change Console Agent.

    • Click Next

  5. You will be asked for an administrator username (the default is administrator) and password for the Configuration Change Console Server. This is used to verify that the person installing the agent is authorized to do so. This username/password combination are only used at agent install time and the user can either be disabled or have the password changed after agent install without any issues.

  6. The Summary screen will display. Verify that the install folder is correct, and click Install to proceed with the installation.

Click Done when the Installation Complete screen appears to exit the installer.

Starting and Stopping the Agent

The agent should start automatically if you selected that option during installation. If you selected False in Step 3, or in the event that the agent does not start automatically, follow these steps:

  1. Go to Start --> Control Panel --> Administrative Tools --> Services

  2. Right-click on the Oracle Configuration Change Console Agent service and click Start

To stop the agent, right-click on the Oracle Configuration Change Console Agent service and click Stop.

Enabling Complete Real-Time Monitoring for the Windows Agent

The real time Windows agent modules rely on various capabilities of the operating system to collect all of the information on events. One part of this is to capture the user that made changes from the Windows Event Log. If you do not configure Windows to capture users that make changes, the agent will not capture this information, however it will still capture that a change happened and when it happened.

To configure the event log to work with real time monitoring, perform the following steps:

  1. From the Explorer, select the directory that is being monitored, right-click and select Properties

  2. Go to the Security tab

  3. Click the Advanced button

  4. Select the Auditing tab

  5. Click the Add button. (In Microsoft XP, double click the Auditing Entries window)

  6. Select the Name Everyone and click OK. You can also choose specific users if you are only monitoring for changes by specific users in Configuration Change Console rules. The rules will filter the results by user as well, so even if you enable audit for everyone, only users that you want to monitor changes of in Configuration Change Console will be captured

  7. Select the following options (Successful and/or Failed) from the Access window:

    • Create Files/Write Data

    • Create Folders/Append Data

    • Delete Files Subfolders and Files

    • Delete

  8. Click OK to exit out of the screen

  9. Repeat steps 1 through 7 for all other monitored directories

  10. Go Start --> Settings --> Control Panel --> Administrative Tools --> Local Security Policy --> Local Policies --> Audit Policy. Double-click, and turn on the following policies (Success and/or Failure):

    • Audit account logon events

    • Audit logon events

    • Audit object access

  11. Close the Local Security Settings screen

  12. Go to Start --> Settings --> Control Panel -->Administrative Tools --> Event Viewer

  13. Select System Log, and click on Action from the menu bar and select Properties

  14. From the System Log Properties panel, on the General tab, set the Maximum log size to at least 5120 KB (5 megabytes) and select Overwrite Events as Needed. Note that the log size depends on the number of events generated in the system during a one-minute reporting interval. The log size must be large enough to accommodate those events. If you extend the monitoring time for file events because you expect the change rate to be lower, you need to ensure that the audit log in Windows is large enough to capture the events.

  15. Click Apply and OK to exit.

Verifying The Configuration

To verify that the device records login and logout events, follow these steps:

  1. Log out of the device and then log back into the device.

  2. Go to Start --> Settings --> Control Panel --> Administrative Tools --> Event Viewer

  3. Select Security Log and go to View --> Filter. Select Security for the Event Source and Logon/Logoff for the Category fields

  4. Click Ok

The Event Viewer should have the activity recorded as Event 528.

Windows NT 4.0 Agent Installation

The following sections describe the installation procedure for Windows NT 4.0 Agent.

System Requirements

The following are system requirements for installing the agent on a Windows NT 4.0 platform:

  • NTFS file system. Windows NT proprietary file system that supports file-level security, compression and auditing.

  • Service Pack 4. This Service Pack can be downloaded from the Microsoft website.

  • WMI 1.5. If WMI is not installed on your system, you will need to assign the agent the NT Lite agent schedule template through the Compliance Solution user interface. See the Agent Administration section of the Compliance Solutions Users Guide for more information.

Installing the Agent

To install the agent on a Windows NT 4.0 based platform, follow the same instructions as installing an agent on Windows 2000 as described in Installing the Agent.

During installation, the installer will verify that WMI has been installed. If you do not have WMI installed, you will either need to install WMI 1.5 or greater or use a lite version of the Windows agent.

Starting and Stopping the Agent

The agent should start automatically. If you selected "False" in Step 3 above, or in the event that the agent does not start automatically:

  1. Go to Start --> Control Panel --> Administrative Tools --> Services

  2. Right-click on the Oracle Configuration Change Console Agent service and click Start

  3. To stop the agent, right-click on the Oracle Configuration Change Console Agent service and click Stop

Enabling Complete Real-Time Monitoring for the Windows Agent

The real time Windows agent modules rely on various capabilities of the operating system to collect all of the information on events. One part of this is to capture the user that made changes from the Windows Event Log. If you do not configure Windows to capture users that make changes, the agent will not capture this information, however it will still capture that a change happened and when it happened.

To configure the event log to work with real time monitoring, perform the following steps:

  1. Go to Start --> Programs --> Administrative Tools --> User Manager for Domains

  2. From the User Manager screen, click Policies from the menu bar and select Audit Policy. The next screen appears

  3. From the Audit Policy screen, verify that the following options are selected:

    • Audit These Events

    • Login and Logoff

    • File and Object Access

  4. From Explorer, select the directory that is being monitored, right-click and select Properties.

  5. Go to the Security tab

  6. Click Auditing

  7. From the Directory Auditing screen, highlight Everyone and verify that Write and Delete are both selected under the Success column.

Log Files

The agent keeps logs of all failures or other application specific events to the Application Log. To view the logs:

Go to Start --> Settings --> Control Panel--> Administrative Tools --> Event Viewer

Click Application Log to view the logs. The product logs are located in the agent installation directory under the logs directory. For example, c:\oracle\ConfigurationChangeConsoleAgent\logs. Here is a list of some of the most common logs that you may need to refer to resolve issues:

Probe.log -- General product log for warnings or critical messages

Probe-err.log -- Only the errors that have caused a problem on the agent

Uninstalling the Agent

The agent must be uninstalled by a user with Administrator privileges.To manually uninstall the agent, go to Start --> Control Panel --> Add/Remove Programs and select Oracle Enterprise Manager Configuration Change Console Agent from the list to uninstall the agent.

Reauthorizing the Agent With the Server

If for some reason the authorization credentials that you supply at agent installation time are incorrect, you can manually force the authorization to run again. You may notice that authorization might have failed because the agent never registered with the server by looking at the Administration > Devices > Devices screen on the Server.

To force reauthorization, follow these steps:

  1. Open a DOS window

  2. Change your directory to {agent_install_dir}/bin

  3. Run the script: resetauth.bat

  4. Answer the prompts providing a user name and password for an administrator-role user in the Configuration Change Console Server

For security reasons, if authentication fails, no message is sent back to the agent indicating this failure.