Product Review: LepideAuditor Suite

by Brien Posey [Published on 18 Aug. 2015 / Last Updated on 18 Aug. 2015]

In this article the author reviews LepideAuditor Suite.

Product: LepideAuditor Suite

Product Homepage: click here

Free Trial: click here

Installation

The installation process was quick and easy. For the purposes of this review, I downloaded the free trial version of LepideAuditor Suite. The download consisted of an impressively small 117 MB zip file. The installation process consisted of opening the zip file, launching the executable, and working through a short and intuitive installation wizard.

Upon launching the software for the first time, I was asked to select the component that I wanted to configure. As you can see in Figure A, the software provides options for Active Directory, Exchange Server, and Group Policy, SQL Server, and SharePoint Server. I decided to get started by trying out the Active Directory, Exchange Server, and Group Policy option.

Image
Figure A: You must choose how you initially want to use the product.

After making a selection, you can opt to do an express configuration or an advanced configuration. I chose the Express Configuration option and was prompted to supply a set of Active Directory credentials. The wizard also asked me if I wanted to use agent-based or agentless auditing. For the purposes of the review, I chose to use an agent. Soon the software was up and running.

I left LepideAuditor Suite running all day and revisited my server that evening. Surprisingly, the software had not collected any data. After checking the server’s status, I found that the reason for the lack of data collection was a missing license file. Consequently, I had to generate a license request and send it to Lepide in order to receive the required license file. Once I received the necessary license file, I easily imported it and the software began collecting data immediately.

Active Directory

I decided to start out by taking a look at the product’s Active Directory auditing capabilities. Since I was testing the product in a sandboxed lab environment, I didn’t have the luxury of monitoring a production Active Directory. That being the case, I decided to perform some activities that would be similar to what administrators might typically do on a day to day basis. For example, I created and deleted user accounts, I reset passwords, I modified some attributes of Active Directory objects (including some relatively obscure attributes). I also delegated the ability to create, delete, and manage accounts to one of my users, and even raised the domain’s functional level.

After performing these and many other actions, I switched over to my server that was running LepideAuditor Suite. The management console was already open, but my administrative actions were not initially displayed. I clicked the console’s Refresh button and the console was instantly populated with data. I was impressed by how quickly the view was refreshed. You can see what my view of the Dashboard looked like in Figure B.

Image
Figure B: The Dashboard view is displayed by default.

As you look at the figure above, you will probably notice that the top ten modified object classes are prominently displayed. You will probably also notice that the columns on the right are cut off by the Live Updates section. Unfortunately, I was unable to change the width of the Live Updates column so that more dashboard data could be displayed. In case you are wondering, the screen capture was taken at a resolution of 1024 x 768. The screen formatting problem went away when I changed my resolution to 1280 x 800, as shown in Figure C.

Image
Figure C: Using a higher screen resolution fixed the display problem.

The default dashboard contains six different charts. These charts include:

  • Top 10 Modified Object Classes
  • Top 10 Modified Mailboxes
  • Top 10 Modified GPO
  • Top 10 Active Admins (Active Directory)
  • Top 10 Admins (Exchange Server)
  • Top 10 Active Admins (Group Policy)

I found it interesting that the software differentiates between Active Directory admins and Group Policy admins since Group Policy is a part of the Active Directory. Windows allows control over group policy management to be delegated, so it was smart for Lepide to differentiate between Group Policy admins and Active Directory admins.

LepideAuditor Suite is able to display much more than just the information that is displayed on the Default Dashboard. The Audit Reports tab contains dozens of reports related to Active Directory and Group Policy (there are also Exchange related reports). Some of these reports are extremely specialized, while others are probably more along the lines of what you might expect. For example, you would probably expect reports for object creation and failed logon, but you might not expect reports for container creation or OU modification. You can see some of the available reports shown in Figure D.

Image
Figure D: LepideAuditor Suite includes dozens of Active Directory and Group Policy reports.

It is possible to add some (but not all) of the reports to the Default Dashboard. You can also run reports on a scheduled basis, add a report to a list of favorite reports, or set alerts that are triggered by reported data.

One thing that I especially like is that LepideAuditor allows for the creation of custom reports. Custom reports have always been something of a pet peeve of mine because I hate being limited to the reports that come with a product. I think that LepideAuditor Suite probably has enough built in reports to make most people happy, but it’s really nice to be able to create custom reports if necessary.

Exchange Server

Although most of my review focused on evaluating LepideAuditor Suite’s ability to report on Active Directory and Group Policy, I did check out its Exchange Server reporting capabilities. I deployed Exchange Server 2013 and performed a few basic administrative tasks such as creating and modifying mailboxes. After doing so and refreshing the LepideAuditor Suite console, I found that the Exchange related items on the dashboard were updated to reflect my changes.

LepideAuditor Suite provides an overwhelming number of Exchange Server related reports. I tried a few of the reports and they work as expected. You can see some of the available reports shown in Figure E.

Image
Figure E: LepideAuditor Suite includes dozens of Exchange Server related reports.

SQL Server

I decided to wrap things up by taking a look at the software’s SQL Server auditing capabilities. SQL Server auditing isn’t enabled by default, but it is relatively painless to go to the Settings tab and add an SQL Server for monitoring. After doing so, the software must be restarted and SQL Server monitoring data is displayed on its own default dashboard. The SQL Server default dashboard includes the following charts:

  • Top 10 Active Databases
  • Top 10 Modified Server Objects
  • Top 10 Modified Database Objects
  • Top 10 Active Tables
  • Top 10 Operations
  • Top 10 Failed Logins

As expected, there are a huge number of SQL Server related reports built into the software.

Documentation

When I write a software review, I usually try to complete the review without referring to the documentation so that I can get a feel for how easy the software is to use. In this case, I found that although there was a slight learning curve, it didn’t take me long to learn my way around the console.

When my review was complete, I decided to look at the LepideAuditor Suite documentation. I found the documentation to be well written, easy to follow, and generally helpful.

Pricing

Like most enterprise software vendors, Lepide does not disclose pricing information on its Web site. The Lepide Web site does however, contain a link that you can click to get a price quote.

The Verdict

Whenever I write a review for this site, it has become customary to assign the product a numerical score ranging from 0 to 5, with 5 being the highest possible score. After careful consideration, I have decided to give LepideAuditor Suite a score of 4.7, which is a WindowSecurity.com Gold Award.

I really liked the LepideAuditor Suite. I found it to be easy to use and I was very impressed with how responsive the software was. I also liked that the software gave me the option to perform agent based or agentless monitoring.

In some ways, I almost feel as though this review doesn’t do the software justice. Because of space limitations, I didn’t get to talk about alerts, scheduling, or custom dashboards, all of which are good features. All in all, I think that LepideAuditor Suite is a solid product that will likely do a good job for anyone who wants to know what administrative actions are being taken in their organization.

WindowSecurity.com Rating: 4.7/5


More information about Lepide Auditor Suite or download a free trial

See Also


The Author — Brien Posey

Brien Posey is an award winning author who has written over 3,000 articles and written or contributed to 27 books. You can visit Brien’s personal Web site at www.brienposey.com