Question:
After doing a default install of the Centrify Agent for Windows, the DirectAudit service is visible in the Agent Configuration Panel. The documentation states that by default, auditing features are not installed. Why does the Direct Audit service appear in the Configuration Panel after a default installation?
Answer:
In Suite 2017.2, DirectAudit is included in the default installation. However, DirectAudit is NOT enabled and will not run as a service until it is configured. If the DirectAudit is seen in the Configuration Panel without being configured, it's possible that the service is being enabled through Group Policy.
Use the Group Policy Management Editor to check for the Group Policy that enables DirectAudit. The GP is in
Computer Configuration -> Policies -> Centrify Audit Settings -> Common Settings -> Installation
The registry can also be used to verify that DirectAudit is enabled. Using regedit.exe, check for the following registry key:
[HKEY_LOCAL_MACHINE\Software\Policies\Centrify\DirectAudit\Common\InstallionGuid]
To remove the DirectAudit service from the configuration panel, change the GPO that sets the DirectAudit Installation value to be either "Not configured" or "Disabled". Then run gpupdate on the machine. The DirectAudit service is removed from the Centirfy Agent Configuration Panel.
The documentation issue will be addressed in a future release.