netwrix auditor for windows server quick start guide

Netwrix Auditorfor Windows ServerQuick-Start GuideVersion: 6.59/26/2014

Legal Notice

The information in this publication is furnished for information use only, and does not constitute acommitment from Netwrix Corporation of any features or functions, as this publication may describefeatures or functionality not applicable to the product release or version you are using. Netwrix makesno representations or warranties about the Software beyond what is provided in the License Agreement.Netwrix Corporation assumes no responsibility or liability for the accuracy of the information presented,which is subject to changewithout notice. If you believe there is an error in this publication, please reportit to us in writing.

Netwrix is a registered trademark of Netwrix Corporation. The Netwrix logo and all other Netwrixproduct or service names and slogans are registered trademarks or trademarks of Netwrix Corporation.Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarksare property of their respective owners.

Disclaimers

This document may contain information regarding the use and installation of non-Netwrix products.Please note that this information is provided as a courtesy to assist you. While Netwrix tries to ensurethat this information accurately reflects the information provided by the supplier, please refer to thematerials provided with any non-Netwrix product and contact the supplier for confirmation. NetwrixCorporation assumes no responsibility or liability for incorrect or incomplete information provided aboutnon-Netwrix products.

2014 Netwrix Corporation.

All rights reserved.

2/29

Table of Contents1. Introduction 4

1.1. Netwrix Auditor Overview 4

2. Netwrix Auditor SystemRequirements 6

2.1. Requirements for Audited System 6

2.2. Requirements to Install Netwrix Auditor 6

2.2.1. Hardware Requirements 6

2.2.2. Software Requirements 7

3. Install the Product 8

4. Configure Computers for Auditing Privileged User Session Activity 10

4.1. Configure Data Collection Settings 10

4.2. Configure Video Recordings Playback Settings 12

5. CreateManaged Object to Audit Windows Server and Privileged User Session Activity 16

6. Integrate Reports with Video 21

7. Launch Initial Data Collection 22

8. Make Test Changes 23

9. SeeHowChanges AreReported 24

9.1. Review a Change Summary 24

9.2. Review Changes with theWindows Server OverviewDashboard 26

9.3. Review the All Windows Server Changes by Date Report 27

10. Related Documentation 29

3/29

Netwrix Auditor for WindowsServer Quick-Start Guide

1. Introduction

1. IntroductionThis guide is intended for the first-time users of Netwrix Auditor for Windows Server. It can be used forevaluation purposes, therefore, it is recommended to read it sequentially, and follow the instructions inthe order they are provided. After reading this guide you will be able to:

l Install and configureNetwrix Auditor

l Create aManaged Object to start auditing aWindows-based server

l Launch data collection

l See how changes are reported

NOTE: This guide only covers the basic configuration and usage options for auditing Windows Server withNetwrix Auditor. For advanced installation scenarios and configuration options, as well as forinformation on various reporting possibilities and other product features, refer to Netwrix AuditorInstallation and Configuration Guide and Netwrix Auditor Administrator's Guide.

1.1. Netwrix Auditor OverviewNetwrix Auditor is a change and configuration auditing platform that streamlines compliance, strengthenssecurity and simplifies root cause analysis across the entire IT infrastructure. It enables complete visibilityby auditing changesmade to security, systems and data.

Netwrix Auditor provides complete visibility into IT infrastructure changes with:

l Change auditing: determinewho changedwhat,when andwhere.

l Configuration assessment: analyze current and past configurations with the stateintime reports.

l Predefined reports: pass audits withmore than 200 outofthebox reports.

Netwrix Auditor employs AuditAssurance, a patent pending technology that does not have thedisadvantages of native auditing or SIEM (Security Information and Event Management) solutions that relyon a single source of audit data. The Netwrix Auditor platform utilizes an efficient, enterprisegradearchitecture that consolidates audit data frommultiple independent sources with agentless or lightweight,nonintrusive agent based modes of operation and scalable two tiered storage (file based + SQLdatabase) holding consolidated audit data for 10 years ormore.

Powered by theNetwrix AuditAssurance technology, Netwrix Auditormakes change auditing an easy andstraightforward process, resulting in a complete and concise picture of all changes taking place in your ITinfrastructure.

Netwrix Auditor for Windows Server detects and reports on all changes made to Windowsbased servers'configuration, including hardware devices, drivers, software, services, applications, networking settings,registry settings, DNS, andmore. It also provides automatic consolidation and archiving of event logs data.

4/29


1. Introduction

Netwrix Auditor collects Windows event logs and syslog events from multiple computers across thenetwork, stores them centrally in a compressed format, and enables convenient analysis of event log data.In addition, Netwrix Auditor forWindows Server can be configured to capture a video of users' sessions onthe audited computers which helps analyze how changes to your ITinfrastructure were made. Videorecords can be integrated into change reports on different audited systems.

5/29


2.Netwrix Auditor System Requirements

2. Netwrix Auditor SystemRequirements

This section lists the requirements for the systems and applications that are going to be audited withNetwrix Auditor, and for the computer where the product is going to be installed.

2.1. Requirements for Audited SystemThe table below provides the requirements for the systems and applications that can be audited withNetwrix Auditor forWindows Server:

Audited System Supported Versions

Windows Server l Desktop OS: Windows XP SP3 (32 and 64-bit) and above

l Server OS: Windows Server 2003 SP2 (32 and 64-bit) and above

NOTE: Netwrix Auditor provides limited support for auditing serversrunningWindows Server 2012 R2.

2.2. Requirements to Install Netwrix AuditorThis section provides the requirements for the computer where Netwrix Auditor is going to be installed.Refer to the following sections for detailed information:

l Hardware Requirements

l Software Requirements

2.2.1. Hardware RequirementsBefore installing Netwrix Auditor, make sure that your hardwaremeets the following requirements:

HardwareComponent

Minimum Recommended

Processor Intel or AMD 32 bit, 2 GHz Intel Core 2 Duo 2x 64 bit, 3 GHz

RAM 2 GB 8 GB

6/29


2.Netwrix Auditor System Requirements

HardwareComponent

Minimum Recommended

Disk Space l 500 MB physical disk space for the product installation

l 1 GB for the Audit Archive

l 500 MB for SQL Server databases where audit data is going to be stored

NOTE: These are rough estimations, calculated for evaluation of Netwrix AuditorforWindows Server. Refer to Netwrix Auditor Installation andConfiguration Guide for complete information on theNetwrix Auditor diskspace requirements.

Screen resolution 1024 x 768 Screen resolution recommended by yourscreenmanufacturer.

2.2.2. Software RequirementsThe table below lists theminimum software requirements for theNetwrix Auditor installation:

Component Requirements

Operating system l Desktop OS: Windows 7 (32 and 64-bit) and above

l Server OS: Windows Server 2008 R2 and above

Framework l .Net Framework 3.5 SP1

AdditionalSoftware

l Internet Explorer 7 and above

l Windows Installer 3.1 and above

l WindowsMedia Player (only required to audit privileged user sessionactivity)

7/29


3. Install the Product

3. Install the ProductTo install Netwrix Auditor

1. Download Netwrix Auditor 6.5.

2. Unpack the installation package. The following windowwill be displayed on successful operationcompletion:

3. Click Install. Follow the instructions of the setup wizard. When prompted, accept the licenseagreement and specify the installation folder.

Netwrix Auditor shortcuts will be added to the Startmenu/screen and theNetwrix Auditor console willopen.

8/29


3. Install the Product

9/29


4. Configure Computers for Auditing Privileged User Session Activity

4. Configure Computers forAuditing Privileged User SessionActivity

Perform the following procedures to configure computers for auditing privileged user session activity:

l Configure Data Collection Settings

l Configure Video Recordings Playback Settings

4.1. Configure Data Collection SettingsTo successfully track privileged user session activity, make sure that the following settings are configuredon the audited computers and on the computer whereNetwrix Auditor is installed:

l TheWindows Management Instrumentation and theRemote Registry services are running andtheir Startup Type is set to "Automatic". See To check the status and startup type of Windowsservices formore information.

l The File and Printer Sharing and theWindows Management Instrumentation features areallowed to communicate throughWindows Firewall. See To allowWindows features to communicatethrough Firewall formore information.

l Local TCP Port 9002 is opened for inbound connections on the computer whereNetwrix Auditor isinstalled. See To open Local TCP Port 9002 for inbound connections formore information.

l Local TCP Port 9003 is opened for inbound connections on the audited computers. See To openLocal TCP Port 9003 for inbound connections formore information.

l Remote TCP Port 9002 is opened for outbound connections on the audited computers. See To openRemote TCP Port 9002 for outbound connections formore information.

To check the status and startup type of Windows services

1. Navigate to Start Run and type "services.msc".

2. In the Services snap-in, locate theRemote Registry service andmake sure that its status is "Started"(on pre-Windows Server 2012 versions) and "Running" (onWindows Server 2012 and above). If it isnot, right-click the service and select Start from the pop-upmenu.

3. Check that the Startup Type is set to "Automatic". If it is not, double-click the service. In theRemoteRegistry Properties dialog, in theGeneral tab, select "Automatic" from the drop-down list.

4. Perform the steps above for theWindows Management Instrumentation service.

10/29



To allowWindows features to communicate through Firewall

1. Navigate to Start Control Panel and selectWindows Firewall.

2. In the Help Protect your computer with Windows Firewall page, click Allow a program orfeature through Windows Firewall on the left.

3. In the Allow programs to communicate through Windows Firewall page that opens, locate theFile and Printer Sharing feature andmake sure that the corresponding checkbox is selected underDomain.

4. Repeat step 3 for theWindows Management Instrumentation (WMI) feature.

To open Local TCP Port 9002 for inbound connections

1. On the computer where Netwrix Auditor is installed, navigate to Start Control Panel and selectWindows Firewall.

2. In theHelp Protect your computer with Windows Firewall page, click Advanced settings on theleft.

3. In theWindows Firewall with Advanced Security dialog, select Inbound Rules on the left.

4. ClickNew Rule. In theNew Inbound Rule wizard, complete the steps as described below:

l On theRule Type step, select Program.

l On the Program step, specify the path: %Netwrix Auditor installation folder%/Netwrix/UserActivity Video Recorder/UAVRServer.exe.

l On theAction step, select theAllow the connection action.

l On the Profile step, make sure that the rule applies to Domain.

l On theName step, specify the rule's name, for exampleUAVR Server inbound rule.

5. Double-click the newly created rule and open the Protocols and Ports tab.

6. In the Protocols and Ports tab, complete the steps as described below:

l Set Protocol type to "TCP".

l Set Local port to "Specific Ports" and specify to "9002".

To open Local TCP Port 9003 for inbound connections

1. On a target computer navigate to Start Control Panel and selectWindows Firewall.



4. ClickNew Rule. In theNew Inbound Rule wizard, complete the steps as described below:

11/29




l On the Program step, specify the path to the agent: %SystemDrive%\Program Files (x86)\Netwrix\User Activity Video Recorder Agent.



l On theName step, specify the rule's name, for exampleUAVR Agent inbound rule.




l Set Local port to "Specific Ports" and specify to "9003".

To open Remote TCP Port 9002 for outbound connections

1. On a target computer, navigate to Start Control Panel and selectWindows Firewall.



4. ClickNew RuleIn theNew Inbound Rule wizard, complete the steps as described below:


l On the Program step, specify the path to the agent: %Netwrix%/User Activity Video RecorderAgent/UAVRAgent.exe.



l On theName step, specify the rule's name, for exampleUAVR Agent outbound rule.




l Set Remote port to "Specific Ports" and specify to "9002".

4.2. Configure Video Recordings Playback SettingsVideo recordings of users' activity can bewatched in theNetwrix Auditor console. They are also available aslinks in web-based reports and attachments in the emails with Activity Summaries and subscriptions. To beable to watch video files captured by Netwrix Auditor, the following settingsmust be configured:

12/29



l Microsoft Internet Explorer 7.0 and abovemust be installed and ActiveX must be enabled.

l Internet Explorer security settings must be configured properly. See To configure Internet Explorersecurity settings formore information.

l JavaScript must be enabled. See To enable JavaScript formore information.

l Internet Explorer Enhanced Security Configuration (IE ESC) must be disabled. See To disable InternetExplorer Enhanced Security Configuration (IE ESC) formore information.

l The usermust belong to the Netwrix User Activity Video Reporter Auditors group that has accessto theNetwrix_UAVR$ shared folder where video files are stored. Both the group and the folder arecreated automatically by Netwrix Auditor. See To add users to the Netwrix User Activity VideoReporter Auditors group formore information.

l A dedicated codecmust be installed. This codec is installed automatically on the computer whereNetwrix Auditor is deployed, and on themonitored computers. To install it on a different computer,download it fromhttp:/www.Netwrix.com/download/ScreenPressorNetwrix.zip.

To configure Internet Explorer security settings

1. In Internet Explorer, navigate to Tools Internet Options.

2. Switch to the Security tab and select Local Intranet. Click Custom Level.

3. In the Security Settings Local Intranet Zone dialog, scroll down to Downloads, andmake sureFile download is set to "Enable".

4. In the Internet Options dialog switch to theAdvanced tab.

5. Scroll down to Security andmake sureAllow active content to run in files on My Computer isselected.

13/29



To enable JavaScript

1. In Internet Explorer, navigate to Tools Internet Options.

2. Switch to the Security tab and select Internet. Click Custom Level.

3. In the Security Settings Internet Zone dialog, scroll down to Scripting andmake sureActivescripting is set to "Enable".

To disable Internet Explorer Enhanced Security Configuration (IE ESC)

1. Navigate to Start Administrative Tools Server Manager.

2. In the Security Information section, click theConfigure IE ESC link on the right and turn it off.

To add users to the Netwrix User Activity Video Reporter Auditors group

Depending on the computer type (workstation or domain controller) whereNetwrix Auditor is installed, doone of the following:

l If Netwrix Auditor is installed on aworkstation:

1. Navigate to Start Control Panel Administrative Tools Computer Management.

2. In the Computer Management dialog, in the left pane, navigate to System Tools LocalUsers and Groups Groups.

14/29



3. In the right pane, right-clickNetwrix User Activity Video Reporter Auditors, and selectProperties. Click Add and specify the users that you want to add to this group.

l If Netwrix Auditor is installed on a domain controller:

1. Navigate to Start Administrative Tools Active Directory Users and Computers.

2. Navigate to Users.

3. In the right pane, right-clickNetwrix User Activity Video Reporter Auditors, and selectProperties.

4. In the dialog that opens, select theMembers tab. Click Add and specify the users that you wantto add to this group.

15/29


5. CreateManaged Object to AuditWindowsServer and Privileged User Session Activity

5. Create Managed Object to AuditWindows Server and PrivilegedUser Session Activity

To start auditing your IT Infrastructure with Netwrix Auditor, you must create a Managed Object. AManaged Object is a container within Netwrix Auditor that stores information on the auditing scope, theData Processing Account used for data collection, the report delivery settings, etc.

To create a Managed Object to audit Windows Server and privileged user session activity

1. Select the Managed Objects node in the left pane and click Create New Managed Object in theright pane.

2. On the Select Managed Object Type step, select Computer Collection as aManaged Object type intheCreate New Managed Objectwizard.

3. On the Specify Default Data Processing Account step, click Specify Account.

Enter the default Data Processing Account (in theDOMAIN\user format) that will be used by NetwrixAuditor for data collection. For a full list of the rights and permissions required for the DataProcessing Account, and instructions on how to configure them, refer to Netwrix Auditor Installationand Configuration Guide.

4. On the Specify Email Settings step, specify the email settings that will be used for Reports delivery:

Setting Description

SMTP server Enter your SMTP server name.

Port Specify your SMTP server port number.

Sender address Enter the address that will appear in the "From" field.

NOTE: It is recommended to click Verify. The system will send atest message to the specified email address and inform youif any problems are detected.

SMTP Authentication Select this checkbox if yourmail server requires the SMTPauthentication.

User name Enter a user name for the SMTP authentication.

16/29



Setting Description

Password Enter a password for the SMTP authentication.

Confirm password Confirm the password.

Use Secure Sockets Layerencrypted connection (SSL)

Select this checkbox if your SMTP server requires SSL to be enabled.

Implicit SSL connectionmode

Select this checkbox if the implicit SSL mode is used, which meansthat an SSL connection is established before any meaningful data issent.

5. On the Specify Computer Collection Name step, enter the computer collection name.

6. On the Select Target Systems step, selectWindows Server andUser Activity as target systems.

7. On the Configure Reports Settings step, select Enable Reports . If the Reports functionality isenabled, a SQL databasewill be created automatically on wizard completion.

Select one of the following:

l Automatically install and configure a new instance of SQL Server Express Edition toautomatically install and configure SQL Server 2008 R2/2012 Express with Advanced Services.For detailed information on which SQLServer versions can be installed on your operatingsystem, refer to the Netwrix Knowledge base article: Which SQL Server versions can be installedautomatically with Netwrix Auditor.

l Use an existing SQL Server instance with SQL Server Reporting Services to use an alreadyinstalled SQL Server instance.

NOTE: Make sure the account used to create the Managed Object is granted the dbcreatorserver role on this SQL Server instance. Otherwise, Netwrix Auditor will fail to create adatabase to store your audit data.

Specify the following parameters:

Setting Description

SQL Server instance Specify the name of an existing SQLServer instance to storeaudit data.

Windows Authentication Select this option if you want to use the default Data ProcessingAccount to access the SQLdatabase. This account must begranted the database owner (db_owner) role. See Netwrix

17/29



Setting Description

Auditor Installation and Configuration Guide formoreinformation.

Clear this option if you want to use SQLServer Authentication.

User name Specify the account to be used for the SQLServerauthentication. This account must be granted the databaseowner (db_ owner) role and the dbcreator server role. SeeNetwrix Auditor Installation and Configuration Guide formoreinformation.

Password Enter a password for the SQL Server authentication.

Report Server URL Specify the Report Server URL. Click Verify to ensure that theresource is reachable.

Report Manager URL Specify the Report Manager URL. Click Verify to ensure that theresource is reachable.

NOTE: If the Data Processing Account specified earlier in this procedure is different from the accountused to create the Managed Object, you need to grant the Data Processing Account thedatabase owner (db_ owner) role for the newly created database. See Netwrix AuditorInstallation and Configuration Guide formore information.

8. On the Add Items to Computer Collection step, select items that you want to audit. You can addseveral items to collection. Click Add, select an item type and add / browse for a computer name.Review the following for additional information:

Option Description

Computer name Allows specifying a single computer by entering its FQDN, NETBIOSor IP address. You can click Browse to select a computer from thelist of computers in your network.

Active Directory container Allows specifying awhole AD domain, OU or container. ClickBrowse to select from the list of containers in your network. Youcan also:

l Select a particular computer type to be audited within thechosen AD container: Domain controllers, Servers(excluding domain controllers), orWorkstations.

l Click Exclude to specify AD domains, OUs, and containers you

18/29



Option Description

do not want to audit. In the Exclude Computers dialog, clickAdd and specify an object.

NOTE: The list of containers does not include child domains oftrusted domains. Use other options (Computer name, IPaddress range, or Import computer names from a file )to specify the target computers.

IP address range Allows specifying an IP range for the audited computers.

To exclude computers from within the specified range, clickExclude. Enter the IP range you want to exclude, and click Add.

Import computer namesfrom a file

Allows specifyingmultiple computer names by importing a list froma .txt file (one computer name/IP address per line is accepted). Youcan choosewhether to import the list once, or to update itautomatically.

If you select the Import on every data collection option, you canlater modify the list of your audited computers by editing the .txtfile. The audited computers list will be updated on the next datacollection.

9. On the Select Data Collection Method step, enable theUse Lightweight Agents option. If enabled,an agent will be installed automatically on the audited computers that will collect and pre-filter dataand return it in a highly compressed format. This significantly improves data transfer and minimizesthe impact on the target computers' performance.

10. On the Configure Audit in Target Environment step, select Automatically for the selectedaudited systems. Your current audit settings will be checked on each data collection and adjusted ifnecessary.

NOTE: If any conflicts are detected with your current audit settings, automatic audit configurationwill not be performed. For a full list of audit settings required for Netwrix Auditor to collectcomprehensive audit data and instructions on how to configure them, refer to NetwrixAuditor Installation and Configuration Guide.

11. On the Select Monitored Systems Components step, you can select the system components thatyou want to audit for changes.

12. On theConfigure Windows Server Change Summary Delivery Settings step, enter your email.

NOTE: It is recommended to click Verify. The systemwill send a test message to the specified emailaddress and inform you if any problems are detected.

19/29



13. On the Specify Users step, select the users whose activity should be recorded. You can select Allusers or create a list of Specific users. Certain users can also be added to Exceptions list.

14. On the User Activity Video Reporter Activity Summary Delivery step, set the delivery scheduleand enter your email.

NOTE: It is recommended to click Verify. The systemwill send a test message to the specified emailaddress and inform you if any problems are detected.

15. On the last step, review your Managed Object settings and click Finish to exit thewizard. The newlycreatedManaged Object will appear under theManaged Objects node.

20/29


6. Integrate Reportswith Video

6. Integrate Reports with VideoVideo records can be integrated into Windows Server change reports. By integrating privileged user sessionactivity tracking with Windows Server reports on the same server, you will get reports with links to videorecords. When you click a link, a video player will open and playback of the recorded user session will start,showing you how each particular changewasmade.

To integrate Windows Server reports with videos on user activity

1. Under yourManaged Object, navigate to theUser Activity node and click the Integrate videorecords link in the right pane.

2. In the dialog that opens, selectWindows Server and click Integrate. When the operation hascompleted successfully, the status of the selected audited systemwill change to "Integrated".

3. Restart theNetwrix Auditor console for the changes to take effect.

Once you have integrated reports with user activity video records, the Changes with Videosubfolder containing the All Changes with Video report will be added to the Reports folder undertheWindows Server audited system.

21/29


7. Launch Initial Data Collection

7. Launch Initial Data CollectionWhen a new Managed Object is created, Netwrix Auditor starts collecting data from the audited ITinfrastructure. The first data collection gathers information on the audited system's current configurationstate. Netwrix Auditor uses this information as a benchmark to collect data on changes. After the first datacollection has finished, an email notification is sent to your email stating that the analysis has completedsuccessfully. In order not to wait until a scheduled data collection, launch it manually.

To launch data collection manually

1. In theNetwrix Auditor console, navigate toManaged Objects your_Managed_Object_name.

2. In the right pane, click Run.

3. Check yourmailbox for an email notification andmake sure that the data collection has completedsuccessfully.

22/29


8.Make Test Changes

8. Make Test ChangesNow that the product has collected a snapshot of the audited system's current configuration state, youcanmake test changes to see how they will be reported by Netwrix Auditor.

For example, make the following test changes:

l Create a DNS Zone

NOTE: Before making any test changes to your environment, ensure that you have the sufficient rights,and that the changes conform to your security policy.

23/29


9. SeeHowChangesAreReported

9. See How Changes AreReportedAfter you have made test changes to the audited environment, you can see how these changes arereported by the product. This section explains how to review the test changes you have made in theNetwrix Auditor reports and Change Summary. Refer to the following sections for details:

l Review a Change Summary

l Review Changes with theWindows Server OverviewDashboard

l Review the All Windows Server Changes by Date Report

In order not to wait until a scheduled data collection and a Change Summary generation, launch datacollectionmanually. See Launch Initial Data Collection formore information.

9.1. Review a Change SummaryBy default, a Change Summary is generated daily at 3:00 AMand delivered to the specified recipients. AChange Summary lists all changes / events / recorded user sessions that occurred since the last ChangeSummary delivery. You can also launch data collection and a Change Summary generationmanually.

After the data collection has completed, check yourmailbox for a Change Summary and see how your testchanges are reported:

The example Change Summary provides the following information:

24/29



Parameter Description

Change Type Shows the type of action that was performed on the object.

Object Type Shows the type of theobject.

When Changed Shows the exact timewhen the change occurred.

Who Changed Shows the name of the account under which the changewasmade.

Server Shows the name of the server where the change occurred.

Resource Path Shows the full name of themodified/added/deleted object.

Details Shows the before and after values of the modified object, objectattributes, etc.

You will also receive an Activity Summary with information on the selected user's activity.

25/29



9.2. Review Changes with the Windows ServerOverview Dashboard

Dashboards provide a high-level overview of activity trends by date, user, server or audited system in yourIT infrastructure. The Enterprise Overview dashboard aggregates data on all Managed Objects and allaudited systems, while system-specific dashboards provide quick access to important statistics within oneaudited system.

After you have launched the initial data collection, made test changes to your environment and run datacollection again, you can take advantage of theWindows Server Overview dashboard.

To see how your changes are reported with the Windows Server Overview dashboard

1. In theNetwrix Auditor console, navigate to the Enterprise Overview node.

2. In the right pane, selectWindows Server Overview from the drop-down list next to Selectdashboard.

3. Review your changes.

4. Click on any chart to jump to a table report with the corresponding grouping and filtering of data.

26/29



9.3. Review the All Windows Server Changes by DateReport

Netwrix Auditor allows generating audit reports based onMicrosoft SQLServer Reporting Services (SSRS).The product provides a wide variety of predefined reports that aggregate data from the entire audited ITinfrastructure, an individual system, or aManaged Object.

Enterprise-wide reports can be found under the Enterprise Overview node, while reports under eachindividual Managed Object provide a narrower insight into what is going on in the audited infrastructureand help you stay compliant with various standards and regulations (GLBA, HIPAA, PCI, SOX, etc.).

After you have launched the initial data collection, made test changes to your environment and run datacollection again, you can take advantage of the Reports functionality.

To see how your changes are listed in the report

1. In theNetwrix Auditor console, navigate to Enterprise Overview Enterprise-Wide Reports Windows Server.

2. Select theAll Windows Server Changes by Date report.

3. Click View Report. The report will be generated and displayed in the right pane.

To see how your changes are listed in the report with video

1. In the Netwrix Auditor console, navigate to Managed Objects Windows Server Reports Changes with Video.

27/29



2. Select theAll Changes with Video report.

3. Click View Report. The report will be generated and displayed in the right pane.

4. Click on the video icon to watch a recorded user session.

28/29


10. Related Documentation

10. Related DocumentationThe table below lists all documents available to support Netwrix Auditor forWindows Server:

Document Description

Netwrix Auditor Installationand Configuration Guide

Provides detailed instructions on how to install Netwrix Auditor, andexplains how to configure your environment for auditing.

Netwrix AuditorAdministrator's Guide

Provides a detailed explanation of theNetwrix Auditor features andstep-by-step instructions on how to configure and use the product.

Netwrix Auditor ReleaseNotes

Contains a list of the known issues that customersmay experiencewithNetwrix Auditor 6.5, and suggests workarounds for these issues.

29/29

1. Introduction1.1. Netwrix Auditor Overview

2. Netwrix Auditor System Requirements2.1. Requirements for Audited System2.2. Requirements to Install Netwrix Auditor2.2.1. Hardware Requirements2.2.2. Software Requirements

3. Install the Product4. Configure Computers for Auditing Privileged User Session Activity4.1. Configure Data Collection Settings4.2. Configure Video Recordings Playback Settings

5. Create Managed Object to Audit Windows Server and Privileged User Session Activity6. Integrate Reports with Video7. Launch Initial Data Collection8. Make Test Changes9. See How Changes Are Reported9.1. Review a Change Summary9.2. Review Changes with the Windows Server Overview Dashboard9.3. Review the All Windows Server Changes by Date Report

10. Related DocumentationBookmarksHardwareSoftwareConfigurstartupallow_throughLocalInboundNALocalInboundRemoteOutboundConfigur2IE_securityJSIE_ESCAdd_to_groupRun

netwrix auditor for windows server quick start guide

Documents

netwrix logo

netwrix auditor overview

aboutnonnetwrix products

information use

windows server changes

incomplete information

audit windows server

review changes