Server setup
BusinessLog uses system logs to capture log-access and the built-in remote log access system for remote scans,
so you need to:
​
Enable User Access Logging Audits
Remote Registry Service Startup
RPC Locator (for legacy installations)
Windows Management Instrumentation (WMI)
Remote Procedure Call (RPC)
On all clients, it is recommended to enable a Group Policy that propagates the activation across all machines.
Additionally, the Group Policy for user access logging must be updated (if it is not already enabled).
Furthermore, to have complete control over the access logs, it is also necessary to act in the
“Advanced Configuration”:
These are the items that we have identified as "default audit", obviously it will be possible to integrate other policies, according to the indications of your system administrator.
* Optional:
To monitor, if necessary, changes to Windows Firewall, you need to activate:
Enabling Firewall audits results in a significant production of logs on clients, caused by the numerous changes made by the installed software. An audit of this type is recommended only for servers.
​
To automatically start the Remote Registry service on all machines:
The same operation must be repeated for the services:
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Windows Remote Management (WS-Management)
Windows Management Instrumentation
The REMOTE REGISTRY service is essential for communication between the BusinessLog host machine and other machines detected on the network and being scanned. If this service is disabled, remote scanning will NOT be possible, and a network error will be returned.
On some systems, by default, the REMOTE REGISTRY service is automatically stopped if not used for 10 minutes.
To disable this behavior, you can try setting the "DisableIdleStop" (DWORD) value to 1 in this registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionRemoteRegistry.
