How to Install Audit Collection Services (ACS)

To install Audit Collection Services

1. Plan an audit policy for your organization. For more information on setting up an audit policy, see Advanced Security Audit Policy Step-by-Step Guide.

2. Plan your ACS server deployment. This includes deciding which server will act as the ACS database and which management server will act as the ACS collector. Ensure that the computers selected for these roles meet the minimum system requirements. See Collecting Security Events Using Audit Collection Services in Operations Manager in the Operations Guide for more information about ACS and the system requirements for each feature.

3. Plan which Operations Manager agents will be ACS forwarders. All computers that you want to collect security events from must be ACS forwarders.

4. Install and configure prerequisites for ACS features.

5. (Optional) Separate administrator and auditor roles by doing the following:

   1. Create a local group just for users who access and run reports on the data in the ACS database. For step-by-step instructions for creating a local group, see the “To create a group account in Active Directory” section of the "Creating user and group accounts" topic at https://go.microsoft.com/fwlink/?LinkId=74159.

   2. Grant the newly created local group access to the SQL database by creating a new SQL Login for the group and assigning that login the db_datareader permission. For step-by-step instructions for creating a SQL Login, go to Set up a user account on a SQL server.

   3. Add the user accounts of users who will act as auditors to the local group.

6. Deploy the ACS Database and ACS Collector(s). See How to Install an Audit Collection Services (ACS) Collector and Database.

7. Run the Enable Audit Collection task to start the ACS Forwarder service on the ACS forwarders. For more information, see How to Enable Audit Collection Services (ACS) Forwarders.

8. Implement your audit policy within your organization.