Netwrix Auditor for Active Directory

Similar documents
Netwrix Auditor for Active Directory

Netwrix Auditor for SQL Server

NETWRIX GROUP POLICY CHANGE REPORTER

NETWRIX ACTIVE DIRECTORY CHANGE REPORTER

NETWRIX INACTIVE USER TRACKER

NETWRIX CHANGE REPORTER SUITE

NETWRIX WINDOWS SERVER CHANGE REPORTER

NETWRIX PASSWORD EXPIRATION NOTIFIER

Netwrix Auditor. Administration Guide. Version: /31/2017

NetWrix Group Policy Change Reporter

NetWrix VMware Change Reporter Version 3.0 Enterprise Edition Quick Start Guide

Netwrix Auditor. Tips and Tricks: How To Create Custom Active Directory Alerts. Version: /22/2014

NetWrix VMware Change Reporter Version 3.0 Enterprise Edition Administrator s Guide

NETWRIX BULK PASSWORD RESET

NETWRIX PASSWORD EXPIRATION NOTIFIER

Netwrix Auditor. Event Log Export Add-on Quick-Start Guide. Version: 8.0 6/3/2016

Netwrix Auditor. Release Notes. Version: 9.6 6/15/2018

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

HOW TO CONFIGURE REAL-TIME ALERTS FOR NETWRIX NON-OWNER MAILBOX ACCESS REPORTER FOR EXCHANGE

CONFIGURING TARGET ENVIRONMENT FOR AUDIT BY NETWRIX WINDOWS SERVER CHANGE REPORTER TECHNICAL ARTICLE

NetWrix SharePoint Change Reporter

Netwrix Auditor. Installation and Configuration Guide. Version: /1/2017

Netwrix Auditor for Oracle Database

NTP Software File Auditor for Windows Edition

DefendX Software Control-Audit for Hitachi Installation Guide

DefendX Software Control-QFS for Isilon Installation Guide

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Netwrix Auditor Add-on for Privileged User Monitoring

Active Directory Change Notifier Quick Start Guide

NTP Software Defendex (formerly known as NTP Software File Auditor) for NetApp

Enterprise Permission Reporter

Netwrix Auditor. Release Notes. Version: /31/2017

Netwrix Auditor Add-on for Solarwinds Log & Event Manager

NTP Software File Auditor for Hitachi

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Netwrix Auditor Competitive Checklist

User Manual. Active Directory Change Tracker

Centrify Infrastructure Services

LepideAuditor for File Server. Installation and Configuration Guide

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

INSTALLATION GUIDE Spring 2017

Symantec Backup Exec Quick Installation Guide

Netwrix Auditor Add-on for Nutanix Files

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

ChangeAuditor 5.6. What s New

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

Netwrix Auditor. Intelligence Guide. Version: /30/2018

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

SharePoint Farm Reporter Installation Guide

Veritas Desktop Agent for Mac Getting Started Guide

Management Console for SharePoint

NetWrix Account Lockout Examiner Version 4.0 User Guide

NetWrix Privileged Account Manager Version 4.1 User Guide

Netwrix Auditor. Integration API Guide. Version: /4/2016

NTP Software QFS for Isilon

Alerts Specification. NetWrix SCOM Management Pack for Active Directory Change Reporter Technical Article

Quest Collaboration Services 3.6. Installation Guide

Contents. Limitations. Prerequisites. Configuration

PaperVision Message Manager. User Guide. PaperVision Message Manager Release 71

x10data Application Platform v7.1 Installation Guide

Veritas Desktop and Laptop Option Mac Getting Started Guide

ALTIRIS CONNECTOR 6.0 FOR HP SYSTEMS INSIGHT MANAGER PRODUCT GUIDE

Veritas Enterprise Vault Setting up SharePoint Server Archiving 12.2

EMC SourceOne Management Pack for Microsoft System Center Operations Manager

Integrate Microsoft Office 365. EventTracker v8.x and above

Symantec Desktop and Laptop Option 8.0 SP2. Symantec Desktop Agent for Mac. Getting Started Guide

Netwrix Auditor. Release Notes. Version: 9.5 4/13/2018

WMI log collection using a non-admin domain user

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

One Identity Manager Administration Guide for Connecting to SharePoint

Veritas Enterprise Vault PST Migration 12.2

Integrate IIS SMTP server. EventTracker v8.x and above

One Identity Active Roles 7.2

SQL Server Solutions GETTING STARTED WITH. SQL Secure

LepideAuditor. Installation and Configuration Guide

NTP Software File Reporter Analysis Server

One Identity Manager 8.0. Administration Guide for Connecting to a Universal Cloud Interface

Veritas System Recovery 18 Management Solution Administrator's Guide

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

LT Auditor Installation Guide

Creating Domain Templates Using the Domain Template Builder 11g Release 1 (10.3.6)

VERITAS StorageCentral 5.2

User Manual. Dockit SharePoint Manager

One Identity Starling Identity Analytics & Risk Intelligence. User Guide

Acronis Backup & Recovery 11 Beta Advanced Editions

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems

Integrating LOGbinder SP EventTracker v7.x

Scribe Insight Installation Guide. Version August 10, 2011

VERITAS StorageCentral 5.2

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

Veritas NetBackup for Lotus Notes Administrator's Guide

Online Backup Manager v7 Office 365 Exchange Online Backup & Restore Guide for Windows

One Identity Manager Administration Guide for Connecting to SharePoint Online

NET SatisFAXtion TM Configuration Guide For use with AT&T s IP Flexible Reach Service And IP Toll Free Service

Get Started. Document Management 9.7.1

Metalogix ControlPoint 7.6

NTP Software File Reporter Data Collection Agent for Windows

Veritas System Recovery 16 Management Solution Readme

Transcription:

Netwrix Auditor for Active Directory Quick-Start Guide Version: 6.5 9/26/2014

Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from Netwrix Corporation of any features or functions, as this publication may describe features or functionality not applicable to the product release or version you are using. Netwrix makes no representations or warranties about the Software beyond what is provided in the License Agreement. Netwrix Corporation assumes no responsibility or liability for the accuracy of the information presented, which is subject to change without notice. If you believe there is an error in this publication, please report it to us in writing. Netwrix is a registered trademark of Netwrix Corporation. The Netwrix logo and all other Netwrix product or service names and slogans are registered trademarks or trademarks of Netwrix Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarks are property of their respective owners. Disclaimers This document may contain information regarding the use and installation of non-netwrix products. Please note that this information is provided as a courtesy to assist you. While Netwrix tries to ensure that this information accurately reflects the information provided by the supplier, please refer to the materials provided with any non-netwrix product and contact the supplier for confirmation. Netwrix Corporation assumes no responsibility or liability for incorrect or incomplete information provided about non-netwrix products. 2014 Netwrix Corporation. All rights reserved. 2/20

Table of Contents 1. Introduction 4 1.1. Netwrix Auditor Overview 4 2. Netwrix Auditor System Requirements 6 2.1. Requirements for Audited System 6 2.2. Requirements to Install Netwrix Auditor 6 2.2.1. Hardware Requirements 6 2.2.2. Software Requirements 7 3. Install the Product 8 4. Create Managed Object to Audit Active Directory 10 5. Launch Initial Data Collection 14 6. Make Test Changes 15 7. See How Changes Are Reported 16 7.1. Review a Change Summary 16 7.2. Review Changes with the Active Directory Overview Dashboard 17 7.3. Review the All Active Directory Changes by Date Report 18 8. Related Documentation 20 3/20

1. Introduction 1. Introduction This guide is intended for the first-time users of Netwrix Auditor for Active Directory. It can be used for evaluation purposes, therefore, it is recommended to read it sequentially, and follow the instructions in the order they are provided. After reading this guide you will be able to: Install and configure Netwrix Auditor Create a Managed Object to start auditing an Active Directory domain Launch data collection See how changes are reported NOTE: This guide only covers the basic configuration and usage options for auditing Active Directory with Netwrix Auditor. For advanced installation scenarios and configuration options, as well as for information on various reporting possibilities and other product features, refer to Netwrix Auditor Installation and Configuration Guide and Netwrix Auditor Administrator's Guide. 1.1. Netwrix Auditor Overview Netwrix Auditor is a change and configuration auditing platform that streamlines compliance, strengthens security and simplifies root cause analysis across the entire IT infrastructure. It enables complete visibility by auditing changes made to security, systems and data. Netwrix Auditor provides complete visibility into IT infrastructure changes with: Change auditing: determine who changed what, when and where. Configuration assessment: analyze current and past configurations with the state in time reports. Predefined reports: pass audits with more than 200 out of the box reports. Netwrix Auditor employs AuditAssurance, a patent pending technology that does not have the disadvantages of native auditing or SIEM (Security Information and Event Management) solutions that rely on a single source of audit data. The Netwrix Auditor platform utilizes an efficient, enterprise grade architecture that consolidates audit data from multiple independent sources with agentless or lightweight, non intrusive agent based modes of operation and scalable two tiered storage (file based + SQL database) holding consolidated audit data for 10 years or more. Powered by the Netwrix AuditAssurance technology, Netwrix Auditor makes change auditing an easy and straightforward process, resulting in a complete and concise picture of all changes taking place in your IT infrastructure. Netwrix Auditor for Active Directory detects and reports on all changes made to the managed Active Directory domain, including AD objects, Group Policy configuration, directory partitions, and more. It also makes daily snapshots of the managed domain's structure that can be used to assess its state at present 4/20

1. Introduction or at any moment in the past. In addition, Netwrix Auditor for Active Directory provides a built in Active Directory Object Restore tool that allows reverting unwanted changes to AD objects down to their attribute level. 5/20

2. Netwrix Auditor System Requirements 2. Netwrix Auditor System Requirements This section lists the requirements for the systems and applications that are going to be audited with Netwrix Auditor, and for the computer where the product is going to be installed. 2.1. Requirements for Audited System The table below provides the requirements for the systems and applications that can be audited with Netwrix Auditor for Active Directory: Audited System Active Directory Supported Versions Domain Controller OS versions: Windows Server 2003 (any forest mode: mixed/native/2003) Windows Server 2008/2008 R2 Windows Server 2012/2012 R2 2.2. Requirements to Install Netwrix Auditor This section provides the requirements for the computer where Netwrix Auditor is going to be installed. Refer to the following sections for detailed information: Hardware Requirements Software Requirements 2.2.1. Hardware Requirements Before installing Netwrix Auditor, make sure that your hardware meets the following requirements: Hardware Component Minimum Recommended Processor Intel or AMD 32 bit, 2 GHz Intel Core 2 Duo 2x 64 bit, 3 GHz RAM 2 GB 8 GB 6/20

2. Netwrix Auditor System Requirements Hardware Component Minimum Recommended Disk Space 500 MB physical disk space for the product installation 1 GB for the Audit Archive 500 MB for SQL Server databases where audit data is going to be stored NOTE: These are rough estimations, calculated for evaluation of Netwrix Auditor for Active Directory. Refer to Netwrix Auditor Installation and Configuration Guide for complete information on the Netwrix Auditor disk space requirements. Screen resolution 1024 x 768 Screen resolution recommended by your screen manufacturer. 2.2.2. Software Requirements The table below lists the minimum software requirements for the Netwrix Auditor installation: Component Requirements Operating system Desktop OS: Windows 7 (32 and 64-bit) and above Server OS: Windows Server 2008 R2 and above Framework.Net Framework 3.5 SP1 Additional Software Internet Explorer 7 and above Windows Installer 3.1 and above 7/20

3. Install the Product 3. Install the Product To install Netwrix Auditor 1. Download Netwrix Auditor 6.5. 2. Unpack the installation package. The following window will be displayed on successful operation completion: 3. Click Install. Follow the instructions of the setup wizard. When prompted, accept the license agreement and specify the installation folder. Netwrix Auditor shortcuts will be added to the Start menu/screen and the Netwrix Auditor console will open. 8/20

3. Install the Product 9/20

4. Create Managed Object to Audit Active Directory 4. Create Managed Object to Audit Active Directory To start auditing your IT Infrastructure with Netwrix Auditor, you must create a Managed Object. A Managed Object is a container within Netwrix Auditor that stores information on the auditing scope, the Data Processing Account used for data collection, the report delivery settings, etc. To create a Managed Object to audit Active Directory 1. On the main Netwrix Auditor console page, click the Active Directory tile to launch the New Managed Object wizard. 2. On the Select Managed Object Type step, select Domain as a Managed Object type. 3. On the Specify Default Data Processing Account step, click Specify Account. Enter the default Data Processing Account (in the DOMAIN\user format) that will be used by Netwrix Auditor for data collection. For a full list of the rights and permissions required for the Data Processing Account, and instructions on how to configure them, refer to Netwrix Auditor Installation and Configuration Guide. 4. On the Specify Email Settings step, specify the email settings that will be used for Reports delivery: Setting SMTP server Port Sender address Description Enter your SMTP server name. Specify your SMTP server port number. Enter the address that will appear in the "From" field. NOTE: It is recommended to click Verify. The system will send a test message to the specified email address and inform you if any problems are detected. SMTP Authentication User name Password Confirm password Select this checkbox if your mail server requires the SMTP authentication. Enter a user name for the SMTP authentication. Enter a password for the SMTP authentication. Confirm the password. 10/20

4. Create Managed Object to Audit Active Directory Setting Use Secure Sockets Layer encrypted connection (SSL) Implicit SSL connection mode Description Select this checkbox if your SMTP server requires SSL to be enabled. Select this checkbox if the implicit SSL mode is used, which means that an SSL connection is established before any meaningful data is sent. 5. On the Specify Domain Name step, specify the audited domain name in the FQDN format. 6. On the Configure Reports Settings step, select Enable Reports. If the Reports functionality is enabled, a SQL database will be created automatically on wizard completion. Select one of the following: Automatically install and configure a new instance of SQL Server Express Edition to automatically install and configure SQL Server 2008 R2/2012 Express with Advanced Services. For detailed information on which SQL Server versions can be installed on your operating system, refer to the Netwrix Knowledge base article: Which SQL Server versions can be installed automatically with Netwrix Auditor. Use an existing SQL Server instance with SQL Server Reporting Services to use an already installed SQL Server instance. NOTE: Make sure the account used to create the Managed Object is granted the dbcreator server role on this SQL Server instance. Otherwise, Netwrix Auditor will fail to create a database to store your audit data. Specify the following parameters: Setting SQL Server instance Windows Authentication Description Specify the name of an existing SQL Server instance to store audit data. Select this option if you want to use the default Data Processing Account to access the SQL database. This account must be granted the database owner (db_ owner) role. See Netwrix Auditor Installation and Configuration Guide for more information. Clear this option if you want to use SQL Server Authentication. User name Specify the account to be used for the SQL Server 11/20

4. Create Managed Object to Audit Active Directory Setting Description authentication. This account must be granted the database owner (db_ owner) role and the dbcreator server role. See Netwrix Auditor Installation and Configuration Guide for more information. Password Report Server URL Report Manager URL Enter a password for the SQL Server authentication. Specify the Report Server URL. Click Verify to ensure that the resource is reachable. Specify the Report Manager URL. Click Verify to ensure that the resource is reachable. NOTE: If the Data Processing Account specified earlier in this procedure is different from the account used to create the Managed Object, you need to grant the Data Processing Account the database owner (db_ owner) role for the newly created database. See Netwrix Auditor Installation and Configuration Guide for more information. 7. On the State-in-Time Reports step, you can enable or disable State-in-Time Reports. This feature allows generating reports on your system's configuration state at a specific moment of time in addition to change reports. If enabled, snapshots will be created daily and written to the audit database. This option is unavailable if the Reports feature is disabled. 8. On the Select Data Collection Method step, enable the Use Lightweight Agents option. If enabled, an agent will be installed automatically on the audited computers that will collect and pre-filter data and return it in a highly compressed format. This significantly improves data transfer and minimizes the impact on the target computers' performance. 9. On the Configure Audit in Target Environment step, select Automatically for the selected audited systems. Your current audit settings will be checked on each data collection and adjusted if necessary. NOTE: If any conflicts are detected with your current audit settings, automatic audit configuration will not be performed. For a full list of audit settings required for Netwrix Auditor to collect comprehensive audit data and instructions on how to configure them, refer to Netwrix Auditor Installation and Configuration Guide. 10. On the Specify Active Directory Change Summary Recipients step, enter your email. NOTE: It is recommended to click Verify. The system will send a test message to the specified email address and inform you if any problems are detected. 11. On the Configure Real-Time Alerts step, leave the default settings. 12. On the last step, review your Managed Object settings and click Finish to exit the wizard. The newly 12/20

4. Create Managed Object to Audit Active Directory created Managed Object will appear under the Managed Objects node. 13/20

5. Launch Initial Data Collection 5. Launch Initial Data Collection When a new Managed Object is created, Netwrix Auditor starts collecting data from the audited IT infrastructure. The first data collection gathers information on the audited system's current configuration state. Netwrix Auditor uses this information as a benchmark to collect data on changes. After the first data collection has finished, an email notification is sent to your email stating that the analysis has completed successfully. In order not to wait until a scheduled data collection, launch it manually. To launch data collection manually 1. In the Netwrix Auditor console, navigate to Managed Objects your_managed_object_name. 2. In the right pane, click Run. 3. Check your mailbox for an email notification and make sure that the data collection has completed successfully. 14/20

6. Make Test Changes 6. Make Test Changes Now that the product has collected a snapshot of the audited system's current configuration state, you can make test changes to see how they will be reported by Netwrix Auditor. For example, make the following test changes: Create a user using Active Directory Users and Computers Add this user to the Domain Admins group NOTE: Before making any test changes to your environment, ensure that you have the sufficient rights, and that the changes conform to your security policy. 15/20

7. See How Changes Are Reported 7. See How Changes Are Reported After you have made test changes to the audited environment, you can see how these changes are reported by the product. This section explains how to review the test changes you have made in the Netwrix Auditor reports and Change Summary. Refer to the following sections for details: Review a Change Summary Review Changes with the Active Directory Overview Dashboard Review the All Active Directory Changes by Date Report In order not to wait until a scheduled data collection and a Change Summary generation, launch data collection manually. See Launch Initial Data Collection for more information. 7.1. Review a Change Summary By default, a Change Summary is generated daily at 3:00 AM and delivered to the specified recipients. A Change Summary lists all changes that occurred since the last Change Summary delivery. You can also launch data collection and a Change Summary generation manually. After the data collection has completed, check your mailbox for a Change Summary and see how your test changes are reported: The example Change Summary provides the following information: Parameter Change Type Object Type Description Shows the type of action that was performed on the object. Shows the type of the object. 16/20

7. See How Changes Are Reported Parameter When Changed Who Changed Where Changed Workstation Object Name Details Description Shows the exact time when the change occurred. Shows the name of the account under which the change was made. Shows the name of the domain controller where the change was made. Shows the name of the computer where the user was logged on when the change was made. Shows the path to the modified AD object. Shows the before and after values of the modified object, object attributes, etc. 7.2. Review Changes with the Active Directory Overview Dashboard Dashboards provide a high-level overview of activity trends by date, user, server or audited system in your IT infrastructure. The Enterprise Overview dashboard aggregates data on all Managed Objects and all audited systems, while system-specific dashboards provide quick access to important statistics within one audited system. After you have launched the initial data collection, made test changes to your environment and run data collection again, you can take advantage of the Active Directory Overview dashboard. To see how your changes are reported with the Active Directory Overview dashboard 1. In the Netwrix Auditor console, navigate to the Enterprise Overview node. 2. In the right pane, select Active Directory Overview from the drop-down list next to Select dashboard. 3. Review your changes. 4. Click on any chart to jump to a table report with the corresponding grouping and filtering of data. 17/20

7. See How Changes Are Reported 7.3. Review the All Active Directory Changes by Date Report Netwrix Auditor allows generating audit reports based on Microsoft SQL Server Reporting Services (SSRS). The product provides a wide variety of predefined reports that aggregate data from the entire audited IT infrastructure, an individual system, or a Managed Object. Enterprise-wide reports can be found under the Enterprise Overview node, while reports under each individual Managed Object provide a narrower insight into what is going on in the audited infrastructure and help you stay compliant with various standards and regulations (GLBA, HIPAA, PCI, SOX, etc.). After you have launched the initial data collection, made test changes to your environment and run data collection again, you can take advantage of the Reports functionality. To see how your changes are listed in the report 1. In the Netwrix Auditor console, navigate to Enterprise Overview Enterprise-Wide Reports Active Directory. 2. Select the All Active Directory Changes by Date report. 3. Click View Report. The report will be generated and displayed in the right pane. 18/20

7. See How Changes Are Reported 19/20

8. Related Documentation 8. Related Documentation The table below lists all documents available to support Netwrix Auditor for Active Directory: Document Netwrix Auditor Installation and Configuration Guide Netwrix Auditor Administrator's Guide Netwrix Auditor Release Notes Description Provides detailed instructions on how to install Netwrix Auditor, and explains how to configure your environment for auditing. Provides a detailed explanation of the Netwrix Auditor features and step-by-step instructions on how to configure and use the product. Contains a list of the known issues that customers may experience with Netwrix Auditor 6.5, and suggests workarounds for these issues. 20/20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback