Disable directaudit on Windows systems
05-15-2015 12:45 AM - last edited 12-20-2015 08:10 PM
Help me please:
1. As I understand directaudit turn on automatic on Windows systems when client installed on Windows systems. Is that so?
2. How to disable directaudit on Windows systems without removal directaudit agent?
3. How to disable directaudit agent on Windows systems without removal directaudit agent?
4. How to manage directaudit agent services (DirectAudit Agent service/wdad.exe) on Windows systems - start/stop services on windows systems?
5. Is it possible to switch off and on directaudit on Windows systems (temporarily disable directaudit on Windows systems)?
Solved! Go to Solution.
05-15-2015 05:47 AM
The Centrify DirectAudit service is secured by default which means that it cannot be stopped unless the solution is uninstalled. This is to stop someone with admin privileges on a system from simplying stopping the Service to disable auditing.
In a future version, Centrify will provide more granularity on whether or not to configure the Service to be secured. We've had customers that love this features and others that would like more control over the service.
In the meantime, there's a knock code you can run to stop the Service to stop it. Private message me and I will provide it to you.
VP of Enterprise Solutions
Found my response helpful? Click the Kudos button!
01-29-2018 06:39 AM
Felderi - I would like the code to disable the direct audit as well (we didn't install the product - it is from the client install) and is consuming way too much space. How do I go about private messaging you for the information?
01-29-2018 06:46 AM
Welcome to the Centrify community.
You are responding to a thread from 2015 and the product has changed significantly since the original question was asked.
If you are using a current version of the product, find the program called "Agent Configuration" and remove the "Auditing and Monitoring Service"
If the button for removal is greyed out, this means that the setting comes from group policy and it has to be disabled there first (or simply removed from the scope of the GP).
Please note that a group policy was introduced years ago that allows the definition of who can stop the auditing service. This can be found in the group policy guide.