How to Deploy Audit Collection Services (ACS)
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1
The following procedure provides the general steps needed for a successful deployment of the Operations Manager 2007 Audit Collection Services (ACS) components within your organization.
To uninstall Operations Manager 2007 from the management server that functions as your ACS Collector, you must first uninstall ACS.
See About Audit Collection Services (ACS) in Operations Manager 2007 for more information on minimum and recommended system requirements for ACS.
To deploy Audit Collection Services
Plan an audit policy for your organization. For more information on setting up an audit policy, see Windows Server 2003 Auditing at http://go.microsoft.com/fwlink/?LinkId=74154.
Plan your ACS server deployment. This includes deciding which server will act as the ACS database and which Operations Manager 2007 management server will act as the ACS collector. Ensure that the computers selected for these roles meet the minimum system requirements. See About Audit Collection Services (ACS) in Operations Manager 2007 for more information about the components of ACS and the system requirements for each.
Plan which Operations Manager agents will be ACS forwarders. All computers that you want to collect security events from must be ACS forwarders.
Install and configure prerequisites for ACS components.
(Optional) Separate administrator and auditor roles by doing the following:
Create a local group just for users who access and run reports on the data in the ACS database. For step-by-step instructions for creating a local group, see the To create a group account in Active Directory section of the "Creating user and group accounts" topic at http://go.microsoft.com/fwlink/?LinkId=74159.
Grant the newly created local group access to the SQL database by creating a new SQL Login for the group and assigning that login the db_datareader permission. For step-by-step instructions for creating a SQL Login, go to http://go.microsoft.com/fwlink/?LinkId=74160.
Add the user accounts of users who will act as auditors to the local group.
Deploy the ACS Database and ACS Collector(s). See How to Install an Audit Collection Services (ACS) Collector and Database.
Run the Enable Audit Collection task to start the ACS Forwarder service on the ACS forwarders. For more information, see How to Enable ACS Forwarders in Operations Manager 2007.
Implement your audit policy within your organization.