Question: How do you audit all shell invocations including non-interactive logins, even when the agent is not installed on the machine where you are executing the commands?
Answer: The following parameter must be set in /etc/centrifyda/centrifyda.conf
Restart the Centrify Direct Audit service for the changes to take effect. Example on RHEL 7: service centrifyda restart
This parameter can also be set via Group Policy: Set Audit All Invocations
After the changes have been made and the service restarted. When any shell is invoked, including non-interactive logons, on the machine with the Centrify agent installed, a recording will be available in Audit Analyzer for review.