Server Setup
BusinessLog uses system logs to capture log-access and the built-in remote log access system for remote scans.
To ensure proper operation, the following is required:
-
Enable User Access Logging Audits
-
Remote Registry Service Startup
-
RPC Locator (for legacy installations)
-
Windows Management Instrumentation (WMI)
-
Remote Procedure Call (RPC)
On all clients, it is recommended to enable a Group Policy that propagates the activation across all machines.
Additionally, the Group Policy for user access logging must be updated (if it is not already enabled).
Furthermore, to have complete control over the access-logs, it's also necessary to act in the "Advances Configuration".
These are the items identified as "default audit", however, additional policies may be added according to your system administrator’s recommendations.
Monitor Firewall changes
To monitor changes to Windows Firewall, you need to activate:
Enabling Firewall audits results in a significant production of logs on clients, caused by the numerous changes made by the installed software.
This type of audit is recommended only for servers.
Remote Registry
To automatically start the Remote Registry service on all machines:
The same operation must be repeated for the services:
-
Remote Procedure Call (RPC)
-
Remote Procedure Call (RPC) Locator
-
Windows Remote Management (WS-Management)
-
Windows Management Instrumentation
The Remote Registry service is essential for communication between the BusinessLog host machine and other machines detected on the network and being scanned.
If this service is disabled, remote scanning will NOT be possible, and a network error will be returned.
By default on some systems the REMOTE REGISTRY service will automatically stop if it's not being used for 10 minutes or more.
To disable this behaviour, set the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RemoteRegistry
by setting the “DisableIdleStop” DWORD value to 1.
