ast-0074486 protecting unstructured data on file servers netapp emc and sharepoint

8/12/2019 AST-0074486 Protecting Unstructured Data on File Servers NetApp EMC and SharePoint

1/19

Protecting Unstructured Data on

File Servers, NetApp, EMC and SharePoint

Written By Randy Franklin Smith

President

Monterey Technology Group, Inc.


2/19

TECHNICAL BRIEF Protecting Unstructured Data on File Servers, NetApp, EMC and SharePoint

1

Contents

Abs tract .......... .............. ............ .............. .............. .............. .............. ............ .............. ............ .............. ............... . 2Introduct ion .......................................................................................................................................................... 3

The Unique Challenges of Protecting Unstructured Data ............... .............. ............ .............. ............ .............. ..... 3Understanding the Security Requirements of Unstructured Data ............. .............. ............ .............. ............ .......... 3Three Questions to Answer ................................................................................................................................. 4Three Places to Look........................................................................................................................................... 4

Problems with Using Native Logging to Audi t Documents .................................................................................. 5Introduction ......................................................................................................................................................... 5Windows File Servers .......................................................................................................................................... 5

Low-level Auditing Means Too Many Events ............. .............. ........... ............... ........... ............... .............. ........ 5Log Entries are Cryptic ..................................................................................................................................... 5Permission Changes Generate Even More Events ............... .............. ............ .............. ............ .............. ........... 6

File Sharing Appliances ....................................................................................................................................... 7All the Challenges of Windows File Servers .............. .............. ........... ............... ........... ............... .............. ........ 7Plus More Challenges ...................................................................................................................................... 7

SharePoint .......................................................................................................................................................... 8Advantages of SharePoint for Auditing Documents .............. .............. ............ .............. ............ .............. ........... 8Challenges of SharePoint for Auditing Documents ........................ ............ .............. .............. .............. .............. 8

The Soluti on: Quest ChangeAuditor .................................................................................................................... 9Solving the Problems of Native Auditing Tools...................................................................................................... 9ChangeAuditor Capabilities ............................................................................................................................... 10Quest ChangeAuditor for Windows File Servers ............. .............. ............ .............. ............ .............. .............. .... 10Quest ChangeAuditor for EMC and NetApp........................................................................................................ 12Quest ChangeAuditor for SharePoint ................................................................................................................. 13

Conclusion .......................................................................................................................................................... 15About t he Author .................. .............. ............... .............. ............ .............. ............ .............. .............. ............ ..... 16


3/19


2

AbstractUnstructured data is a critical security risk and compliance concern for organizations. Your companys emails,

documents and spreadsheets contain readily digestible, business-critical information, and your organization is

generating more much more of those documents every day. How are you protecting that data?

Unfortunately, as this technical brief explains, native auditing tools are cumbersome to use and limited in their

functionality. Fortunately, Quest ChangeAuditor offers a comprehensive, easy-to-use alternative that delivers the

tracking, auditing, alerting and reporting you need to ensure security and regulatory compliance.


4/19


3

IntroductionThe Unique Challenges of Protecting Unstructured Data

Unstructured data comes in many forms, including emails, documents and spreadsheets (hereafter referred to

collectively as documents). This unstructured data is a giant security risk and compliance concern for organizations

today for two reasons: the high information quality of these documents and the sheer amount of unstructured data.

High information quality Documents typically contain a much higher level of exploitable information than

the raw data found in databases and applications. For instance, a competitor would probably prefer to have an

analysis written by a market analyst, complete with her conclusions, rather than the several gigabytes of data

warehouse content that the analyst sifted through to produce the report. Moreover, important decisions and plans

and the background behind them may be found nowhere but in documents. Therefore, while documents may not

be the original record for many transactions and application records, they do contain an organizations most

sensitive information in a format that is most easily consumed by criminal entities, the public or foreign states,

which makes their security a critical business concern.

Sheer volume In addition, the amount of unstructured data that organizations must govern and protect today

is massive. In fact, according to Gartner Group, unstructured data accounts for 80% of business information at

todays organizations, and, moreover, it is growing 1050x faster than structured data, which easily translates to

growth of 800% over the next five years.1This means that sensitive data resides in highly exploitable formats all

over todays information systems.

Regulatory requirements and information security risk management apply equally to unstructured and structured

data. In the end, information is information, regardless of format, and it must be protected.

To protect information, you have to know what is happening to it. Therefore, organizations must establish an audit

trail of access, modification and access control changes. Such an audit trail is a fundamental requirement for

compliance regulations and commonly accepted information security practices.

Understanding the Security Requirements of Unstructured Data

Much attention has been focused on securing and protecting one type of unstructured data: email. Therefore, email

archival and security solutions are fairly mature and have seen wide adoption. It is easier to secure email content

than other documents because email is fairly centralized on email servers and in a handful (if not just one) email

client application.

Documents, on the other hand, reside in a variety of repositories and are accessed by a wide variety of client

applications. Almost all organizations use Word, Excel, PowerPoint and Acrobat PDF files. Depending on industry,

other file types are in play, such as AutoCAD documents.

Malicious entities are specifically looking for and stealing documents of these file types. In fact, the recent Flame

advanced persistent threat (APT) had a special module that scanned these file types and created catalogs with short

document summaries that were sent back to Flames command and control servers for analysis by Flames operators

and selection of desirable files for subsequent exfiltration.

1http://www.computerworld.com/s/article/352399/XP_Deadline_Haunts_IT?source=CTWNLE_nlt_msft_2010-10-25.
http://www.computerworld.com/s/article/352399/XP_Deadline_Haunts_IT?source=CTWNLE_nlt_msft_2010-10-25http://www.computerworld.com/s/article/352399/XP_Deadline_Haunts_IT?source=CTWNLE_nlt_msft_2010-10-25http://www.computerworld.com/s/article/352399/XP_Deadline_Haunts_IT?source=CTWNLE_nlt_msft_2010-10-25http://www.computerworld.com/s/article/352399/XP_Deadline_Haunts_IT?source=CTWNLE_nlt_msft_2010-10-25


5/19


6/19


5

Problems with Using Native Logging toAudit Documents

Introduction

To secure these repositories of unstructured data, organizations need to establish an audit trail of access,

modification and access control changes. Such an audit trail is a fundamental requirement for compliance

regulations and commonly accepted information security practices.

All three of the major technologies used to store unstructured document data Windows file servers, file sharing

appliances and SharePoint provide native audit capabilities, but it is impractical to rely on them for the critical audit

trail required by todays compliance requirements. Lets look at the specific limitations of each technology.

Windows File Servers

Low-level Auditing Means Too Many Events

Windows provides file system auditing through the Windows Security Log and the audit policy that determines which

events are logged. Windows audits file access at the point that an application attempts to open a file for some type of

operation (e.g., read, write or delete).

Many applications, like Microsoft Office, open and close files many times for operations that appear to the users to

be a single step. For instance, saving a Word document can easily create 12 (nearly identical) events in the Security

Log. In fact, the low-level, literal nature of file system auditing means that Windows generates massive amounts of

nearly identical events.

Log Entries Are Cryptic

In addition, the Windows Security Log is known for being cryptic and hard to understand. A key example is

permission changes. Below is a permission change event generated by Windows auditing for the document

Budget.doc:


7/19


6

As you can see, the event clearly identifies the file and the user who made the permission change. But what are the

old and new permissions? The information is there in the Original and New security descriptors, but it is unreadable

to human eyes because the permissions are expressed in SDDL (Security Descriptor Definition Language), which

requires significant mental activity and time to translate into readable English.

Permission Changes Generate Even More Events

Moreover, permission changes also generate massive amounts of events because of how permission inheritance

works in Windows. When you change permissions on a folder, that change is propagated down to all child objects

and a folder high in your file system hierarchy may have tens or even hundreds of thousands of files beneath it.

There is no way to disable auditing of inherited permissions, so a single permission change from the point of view of

the administrator may cause thousands of audit events as the permission change trickles down subfolders and files.

Per mi ssi ons on an obj ect were changed. Subj ect :

Secur i t y I D: WI N- R9H529RI O4Y\ Admi ni st r ator

Account Name: Admi ni st r ator

Account Domai n: WI N- R9H529RI O4Y

Logon I D: 0x1f d23Obj ect :

Obj ect Ser ver : Secur i t y

Obj ect Type: Fi l e

Obj ect Name: C: \ f i l esshar es\ f i nanci al \ budget . doc

Handl e I D: 0x564Process:

Process I D: 0x8c0

Process Name: C: \ Wi ndows\ expl orer. exePermi ss i ons Change:

Ori gi nal Securi t y Descr i pt or : D: PAI ( A; ; FA; ; ; LA) ( A; ; FA; ; ; SY)

( A; ; FA; ; ; BA)New Secur i t y Descri pt or : D: PARAI ( A; ; FA; ; ; SY) ( A; ; FA; ; ; BA)


8/19


7

File Sharing Appliances

Al l the Challenges of Windows Fil e Servers

Since file sharing appliances like those from EMC and NetApp are designed to replace and resemble a Windows fileserver and coexist in a Windows network, all of the issues just described apply to appliances as well. In other words,

auditing documents with file sharing appliances produces massive event logs full of cryptic data.

Plus More Challenges

But file sharing appliances introduce some additional challenges, both minor and major.

First, configuration of auditing and security log parameters can differ from Windows file servers, which creates

additional complexity for IT staff. For instance, NetApp appliances support configuration of some audit policy settings

by centralized group policy but other settings must be configured on the actual Filer appliance through cifs settings.

An even more serious problem is that much of the functionality in appliances is based on Windows 2000/2003

functionality, such as the event ID schema. Windows 2008 servers use a new four-digit event ID schema for all

Security Log events, while many appliances still generate the old three-digit event IDs of Windows 2003. Besides

different ID numbers, these events have a slightly different format, which means that any filtering, alerting or reporting

criteria must take into account both versions of each file access event.

Windows 2008 File Access Event Same Event from Windows 2003 and Many File

Sharing Appliances

An att empt was made t o access an obj ect .

Subj ect:

Secur i t y I D: ACME\ Admi ni st r ator

Account Name: Admi ni st r ator

Account Domai n: ACME

Logon I D: 0x1f 41e

Obj ect :



Obj ect Name:

C: \ sharedFi l es\ Mast erEncr ypt i onCode. t xt

Handl e I D: 0x40

Process I nf or mat i on:

Process I D: 0x1ac

Pr ocess Name:

C: \ Wi ndows\ Syst em32\ cmd. exe

Access Request I nf or mati on:

Accesses: DELETE

Access Mask: 0x10000

Obj ect Access At t empt:


Handl e I D: 144


Pr ocess I D: 3156

I mage Fi l e

Name: C: \ WI NDOWS\ syst em32\ notepad. exe

Accesses: Wr i t eData ( or AddFi l e)

AppendData (or AddSubdi r ect ory or Cr eat e-

Pi peI nst ance)

Access Mask: 0x6


9/19


8

SharePoint

Advantages of SharePoint for Audit ing Documents

SharePoint provides important advantages for unstructured data and document management, especially fordocument lifecycle and integrity.

For example, trying to establish an audit trail of modifications to documents stored on file servers or appliances is

impractical for many file formats most notably, Microsoft Office documents. Whenever a user simply opens a

document to read it, Windows and appliances log multiple modification events on that file for that user. This is

because Office always modifies some metadata (e.g., who currently has the file open) even if the user actually

makes no changes to the document. Therefore there is no way to distinguish between actual document changes

and simple metadata updates.

SharePoint offers a solution for this because Office and other applications use WebDAV for document I/O and is

much more conservative with its updates to the document. In addition, SharePoint document libraries support

versioning and check-in/check-out functionality. Because these operations are all trackable events, it is actually

possible to identify and track actual modifications.

Challenges of SharePoint f or Audi ting Documents

However, SharePoints native audit functionality has significant limitations:

The audit log is buried in the SharePoint content database. To ensure the integrity of audit trails, logs must

be moved from the system where they are generated to a separate and secure archive. However, in SharePoint,

the audit log isn't really a log it's a table in the SharePoint database. This makes it inaccessible for most log

management solutions. This inability to collect the SharePoint audit log into a separate, secure log archive

compromises its value as a high integrity audit trail.

SharePoint's audit log has no reporting. In Windows SharePoint Services, the log is totally inaccessible, and in

Office SharePoint Services, it's exposed only through a few rudimentary, impractical Excel reports. To illustrate,

the following is an event (the viewing of a document) from the SharePoint audit log as shown in Excel:

SharePoint Foundation (aka Windows SharePoint Services) provides no i nterface for enabling auditing

at all.The audit log is there, but without custom programming, there's no way to turn it on, much less access

the logs.

The built-in t rimming feature of SharePoint's audit log can delete audit events before they are exported.Some editions of SharePoint provide automatic log trimming of old events, but there is no way to ensure that

events have been archived first.

SharePoint provides no way to manage audit policy.In a SharePoint farm, each site collection has its ownaudit policy. Administrators have no way to enforce consistent audit policy across all site collections. When a newsite collection is created, administrators must remember to access the site collection's audit settings page andenable auditing or the site will be unmonitored. This is especially troublesome for farms with self-service sitecollection enabled because new sites can be created directly by users without administrator involvement.


10/19


9

The Solution: Quest ChangeAuditorSolving the Problems of Native Auditing Tools

Quest ChangeAuditor audits, alerts and reports on all changes and deletions made to Active Directory, Exchange,

SharePoint, VMware, EMC, NetApp, SQL Server and Windows file servers all in real time and without enabling

native auditing. A central console eliminates the need and complexity for multiple IT audit solutions.

ChangeAuditor includes modules for Windows File Servers, SharePoint, EMC and NetApp, so no matter where your

unstructured data resides, you have a consistent, unified window into whats happening to your documents. With

ChangeAuditor, you can answer all three of the questions required to protect the confidentiality and integrity of

documents:

Whos been viewing these files?

Whos been modifying these files?

What access control changes have occurred on these files?

ChangeAuditor fulfills the compliance and security requirement to audit unstructured data without the problems

associated with native audit logging discussed above:

Native Auditing Problem ChangeAudito r Solution

Windows generates massive amounts of nearly identical

events.

ChangeAuditor captures change information without the

need for native auditing, resulting in significant perfor-

mance improvements and storage optimization.

In addition, highly configurable audit policy allows

administrators to exclude high traffic or safe accounts

from being audited if desired, which keeps the audit

database from becoming overloaded with unnecessary

event information (noise).

The Windows Security Log is cryptic and hard to

understand.

ChangeAuditor events are easy to understand and

meaningful there is no SDDL or other cryptic content.

Windows 2008 servers and file sharing appliances use

different event ID schemas.

The same event format is used for all object change and

access events across all ChangeAuditor modules.

Logs and audit configuration are inaccessible external to

SharePoint without special log binding agents.

ChangeAuditor stores audit data in one centralized and

secure database. This provides the necessary separation

of duties (SoD) between SharePoint administrators and

security staff tasked with monitoring.

Different methods and arcane knowledge are required to

accurately configure auditing on each platform.

ChangeAuditors central console eliminates the need for

the complexity of multiple IT auditing solutions.


11/19


10

ChangeAuditor Capabilities

Quest ChangeAuditor for Windows File Servers

ChangeAuditor for Windows File Servers proactively tracks, audits, reports and alerts on vital changes in real time

without the overhead of native auditing. You will instantly know who made what change when, where and from which

workstation, and get the original and current values for fast troubleshooting. Then you can automatically generate

intelligent, in-depth forensics for auditors and management, reducing the risks associated with day-to-day modifica-

tions.

ChangeAuditor for Windows File Servers provides:

At-a-glance display User and administrator activity is tracked with detailed information including who, what,

when, where and from which workstation for change events, plus the original and current values for permission

and ownership changes.

Real-time and "smart" alerts An alert is sent immediately when critical items are changed or when patterns of

changes occur, enabling administrators to respond without delay.

ChangeAuditor Capabilities at a Glance

Audi ting & Compliance

ChangeAuditor can generate easy-to-understand and meaningful security and compliance reports onthe fly. Built-in compliance library reports that are easy to customize make it simple to prove compli-ance for standards such as SOX, HIPAA, Payment Card Industry Data Security Standards (PCI DSS),Federal Information Security Management Act (FISMA) and SAS 70.

AnalysisChangeAuditor analyzes critical configuration changes to your Windows environment, and thentranslates raw data into meaningful, intelligent data to help safeguard the security and compliance ofyour infrastructure.

Real-time AlertingChangeAuditor offers real-time alerts, Smart Alert technology, and in-depth reports on the activitiestaking place in your environment.

Change Management

ChangeAuditor helps tighten enterprise-wide change control policies by tracking user and administra-tor activity for account lockouts and access to critical settings. Guard your Windows environment fromexposure to suspicious behavior or unauthorized access, and maintain compliance with corporate andgovernment standards.

Performance Optimization

Native tools make it next to impossible to report and analyze what is happening on your network.Active Directory queries and native auditing put a strain on even the most efficient and best-architected networks, making it difficult to provide first-class service to your users, plan for migrationsor disaster recoveries, and perform directory consolidations. ChangeAuditor, on the other hand,reduces the performance drag on servers by collecting events without the use of native auditing tools.


12/19


11

Object protection Your most critical files and folders are protected from being modified or accidentally deleted.

Better performance and reduced storage requirement ChangeAuditor captures change information without

the need for native auditing, resulting in significant performance improvements and storage optimization.

Centralized auditing You can manage, monitor and audit all file server changes from a single, easy-to-useconsole, which streamlines the management of multiple servers and locations.

Configurable auditing Administrators can exclude high traffic or safe accounts from being audited, which

keeps the audit database from becoming overloaded with unnecessary event information.

Share auditing ChangeAuditor tracks all events related to shares, so access to shared files can be maintained.

Reporting ChangeAuditor includes a comprehensive library of built-in reports that can easily be customized.

Role-based access Auditors can run searches and reports without being allowed to make any configuration

changes to the application, and without requiring assistance from the administrator.

Figure 1. ChangeAuditor for Windows File Servers makes it easy to understand any change to your file servers.


13/19


12

Quest ChangeAuditor for EMC and NetApp

The ChangeAuditor agents for EMC and NetApp provide the same real-time tracking, auditing, reporting and alerting

as ChangeAuditor for Windows File Servers, also without the overhead of native auditing. Simply provision the

ChangeAuditor agent on a Windows server near the appliances to be monitored, and audit activity is rolled up to the

same ChangeAuditor Coordinator as all your other ChangeAuditor agents giving you a comprehensive view of allactivity affecting unstructured data across your network.

Figure 2. ChangeAuditor offers agents for EMC and NetApp, giving you a complete view of allchanges to unstructured documents in your environment.


14/19


13

Quest ChangeAuditor for SharePoint

ChangeAuditor for SharePoint enables you to audit SharePoint faster, easier and more securely than native tools. It

tracks, audits, reports on and alerts on changes to SharePoint farms, servers, sites, users, permissions and more in

real time. It also translates events into simple terms, stores data in one centralized and secure database, and

generates intelligent, in-depth reports to protect against policy violations, delivering the SharePoint tracking andgovernance organizations need today. With ChangeAuditor for SharePoint, youll have confidence that your organiza-

tion can pass its next audit.

ChangeAuditor for SharePoint provides:

Web-browser access You can run searches from anywhere using any Web browser, eliminating the need for

additional installations of ChangeAuditor consoles or configuration of user rights.

At-a-glance display ChangeAuditor tracks all user and administrator activity and provides detailed information,

including who, what, when, where and from which workstation, plus original and current values for all changes.

Server confi guration change auditing ChangeAuditor tracks changes to SharePoint server configuration and

security changes that involve SharePoint users, permissions, farms, servers, site collections, lists and documents,

which protects against system performance issues and security gaps.

Real-time and smart alerts Alerts are sent immediately to email and smartphones when critical items are

changed or when patterns of changes occur, which enables administrators to respond without delay whether in

the office or out.

Event filter Searches from multiple SharePoint farms, servers and sites can be narrowed by event type, data

range, user account, and objects, enabling administrators to quickly pinpoint the source of a problem by eliminat-

ing the noise from safe, routine events.

Centralized auditing ChangeAuditor stores audit data in one centralized and secure database, providing the

necessary separation of duties (SoD) between SharePoint administrators and security staff tasked with monitor-

ing.

Rapid reporting Preconfigured and customizable reports enable administrators to quickly satisfy auditor

requests and get back to their regular duties.

Dashboard reporting On the spot dashboard reporting on all or specific audited data enables upper man-

agement to gain swift insight to audited data without having to understand any architecture or administration.

Role-based access Role-based access enables auditors to run searches and reports but prevents them from

making any configuration changes to the application, so they can obtain the information they need without assis-

tance from an administrator.


15/19


14

Figure 3. ChangeAuditor for SharePoint tracks, audits, reports on and alerts on changes toSharePoint farms, servers, sites, users, permissions and more in real time.


16/19


15

ConclusionProtecting unstructured data is a security and compliance requirement that organizations cannot ignore. But docu-

ment auditing presents difficult challenges that cannot be addressed with native auditing.

In fact, event logging and change reporting for enterprise applications and services is cumbersome, time-consuming

and, in some cases, impossible using native IT auditing tools. Because theres no central console, youve got to

repeat the process for each server, and you end up with a huge volume of data and a myriad of reports. That means

proving compliance or reacting quickly to events is a constant challenge. Your data security is also at risk because

native event details are sparse and difficult to interpret. As a result, you may not find out about problems until it is too

late. And because native tools cannot prevent a privileged user from clearing an event log, you could lose log data

defeating the purpose of auditing in the first place.

Fortunately theres Quest ChangeAuditor. With this awarding-winning tool, you can easily install, deploy and manage

your environment from one central console. Tracking create, delete, modification and access attempts could not be

any easier, and understanding what happened is a breeze because each event is displayed in simple terms, giving

you the requisite six Ws: who, what, when, where, workstation and why, plus the previous and current settings. This

breadth of data enables you to take immediate action when issues arise. Whether you are trying to meet mounting

compliance demands or satisfy internal security policies, ChangeAuditor is the solution you can rely on. And you will

avoid the drain that is placed on your systems when native auditing is enabled.

Rely on ChangeAuditor to help you:

Achieve your complex compliance audit challenges with built-in reports for SOX, PCI DSS, HIPAA, FISMA, SAS

70 and more

Simplify IT governance to prevent internal and external security breaches

Increase performance across the enterprise with change management software that offers detailed before andafter analysis with strong controls

Provide auditing and protection over unstructured data wherever it resides on your network


17/19


16

About the AuthorRandy Franklin Smith is president of Monterey Technology Group, Inc. and creator of theUltimateWindowsSecuri-

ty.comWeb site and training course series. Randy specializes in Windows security and is aSystems Security

Certified Professional(SSCP), a MicrosoftMost Valued Professional(MVP), and a Certified Information SystemsAuditor (CISA).

Randy is also the award-winning author of almost 300 articles on Windows security issues for publications such as

Windows IT Pro, for which he is a contributing editor and the author of the popular Windows Security log series.

Randy can be reached [email protected].
http://www.ultimatewindowssecurity.com/http://www.ultimatewindowssecurity.com/http://www.ultimatewindowssecurity.com/http://www.ultimatewindowssecurity.com/http://www.isc2.org/cgi/content.cgi?category=20http://www.isc2.org/cgi/content.cgi?category=20http://www.isc2.org/cgi/content.cgi?category=20http://www.isc2.org/cgi/content.cgi?category=20http://mvp.support.microsoft.com/http://mvp.support.microsoft.com/http://mvp.support.microsoft.com/mailto:[email protected]:[email protected]:[email protected]:[email protected]://mvp.support.microsoft.com/http://www.isc2.org/cgi/content.cgi?category=20http://www.isc2.org/cgi/content.cgi?category=20http://www.ultimatewindowssecurity.com/http://www.ultimatewindowssecurity.com/


18/19


17

2012 Quest Software, Inc.

ALL RIGHTS RESERVED.

This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any

form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the written permission of

Quest Software, Inc. (Quest).

The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to

any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN

QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO

LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS

INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,

OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE,

SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS

INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST

HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the

accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product

descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.

If you have any questions regarding your potential use of this material, contact:

Quest Software World Headquarters

LEGAL Dept

5 Polaris Way

Aliso Viejo, CA 92656

www.quest.com

email:[email protected]

Refer to our Web site for regional and international office information.

Trademarks

Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix, AppAssure, Benchmark Factory, Big Brother,

BridgeAccess, BridgeAutoEscalate, BridgeSearch, BridgeTrak, BusinessInsight, ChangeAuditor, ChangeManager, Defender,

DeployDirector, Desktop Authority, DirectoryAnalyzer, DirectoryTroubleshooter, DS Analyzer, DS Expert, Foglight, GPOADmin, Help Desk

Authority, Imceda, IntelliProfile, InTrust, Invirtus, iToken, I/W atch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin,

MessageStats, Monosphere, MultSess, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Point,Click,Done!,

PowerGUI, Quest Central, Quest vToolkit, Quest vWorkSpace, ReportADmin, RestoreADmin, ScriptLogic, Security Lifecycle Map,

SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon,

Tag and Follow, Toad, T.O.A.D., Toad World, vAutomator, vControl, vConverter, vFoglight, vOptimizer, vRanger, Vintela, Virtual DBA,

VizionCore, Vizioncore vAutomation Suite, Vizioncore vBackup, Vizioncore vEssentials, Vizioncore vMigrator, Vizioncore vReplicator,

WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of

America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.

UpdatedSeptember 2012
http://www.quest.com/mailto:[email protected]:[email protected]://www.quest.com/


19/19


18

About Quest Sof tware, Inc.

Established in 1987, Quest Software (Nasdaq: QSFT) provides simple and innovative IT management solutions that enable more than

100,000 global customers to save time and money across physical and virtual environments. Quest products solve complex IT challenges

ranging from database management, data protection, identity and access management, monitoring, user workspace management toWindows management. For more information, visit www.quest.com.

Contacting Quest Software

PHONE 800.306.9329 (United States and Canada)

If you are located outside North America, you can find your local office information on our Web site.

EMAIL [email protected]

MAIL Quest Software, Inc.

World Headquarters

5 Polaris Way

Aliso Viejo, CA 92656USA

Contacting Quest Support

Quest Support is available to customers who have a t rial version of a Quest product or who have purchased a commercial version and have

a valid maintenance contract.

Quest Support provides around-the-clock coverage with SupportLink, our W eb self-service.

Visit SupportLink at https://support.quest.com.

SupportLink gives users of Quest Software products the ability to:

Search Quests online Knowledgebase

Download the latest releases, documentation and patches for Quest products

Log support cases

Manage existing support cases

View the Global Support Guide for a detailed explanation of support programs, online services, contact information and policies and

procedures.

TBV-ProUnstDataFileServNetAppEMCSharePoint-US-TG-20120829