Chapter 2: IDA Installation

Home Prev	IDA Version 1.07.03 Administration Guide	Next

The latest IDA software release can be downloaded from the Clavister website. The installation file is a self-extracting Windows executable. When the IDA software is installed, it runs as a Windows service called IDA.exe.

IDA Installation Requirements

The following should be noted when installing the IDA:

When installing the IDA software, the user must have administrator privileges.

When the IDA software is installed on a server that is not an Active Directory Domain Controller, it must be started using an account that has the privileges to allow the reading of the Security Event Log of the Domain Controller.

It is recommended to run the IDA software at a lower priority than other processes.

The IDA software must have permissions to do the following:

Read from the event log. To do this a user must be a member of the Event Log Readers user group. This group can be found in the Builtin Active Directory container.
Query the Active Directory for users and groups.

	Note: Replacement of spaces in cOS Core group names
	A group name on the domain controller server can contain spaces. With cOS Core versions prior to 13.00.11, spaces in the name must be replaced by the underscore character "_". Starting with cOS Core version 13.00.11, space replacement is no longer required.

The IDA software can also run as the Local System account.

If the Remote Event Log Monitoring feature is required, an account for the computer where IDA is installed should be added to the Event Log Readers user group.

	Note: Troubleshooting installation issues
	If there are issues which occur during installation of the IDA and the problem is not immediately clear, it can be useful to open the Windows Event Viewer and examine recent entries.

Deployment in Medium to Large Infrastructure Environments

If an environment has two domain controllers, it is recommended to install the IDA software on each domain controller and set them up to monitor the local Windows Event Log.

In an environment with a larger infrastructure, there is no need to install the IDA software on every single domain controller. Instead, remote Windows Event Log monitoring should be enabled.

If there are multiple sites in different geographic locations, it is highly recommended to have the IDA software installed in each local network.

	Important: The Windows Server event IDs must be correct
The Clavister IDA software will only listen for certain event IDs so the Windows Server should be configured so that the correct IDs are generated. The IDs that the IDA listens for are the following: 103 - An RDP user has logged in and has been assigned a virtual IP. 104 - An RDP user has logged out and the user’s IP has been released. 4624 - An account was successfully logged on. 4728 - Member added to global group. 4729 - Member removed from global group. 4756 - Member added to universal group. 4757 - Member removed from universal group. 4732 - A user has been added to a local domain group. 4733 - A user has been removed from a local domain group. 4768 - A user has logged in.

Important: The Windows Server event IDs must be correct

The Clavister IDA software will only listen for certain event IDs so the Windows Server should be configured so that the correct IDs are generated. The IDs that the IDA listens for are the following:

103 - An RDP user has logged in and has been assigned a virtual IP.
104 - An RDP user has logged out and the user’s IP has been released.
4624 - An account was successfully logged on.
4728 - Member added to global group.
4729 - Member removed from global group.
4756 - Member added to universal group.
4757 - Member removed from universal group.
4732 - A user has been added to a local domain group.
4733 - A user has been removed from a local domain group.
4768 - A user has logged in.