NETWRIX CHANGE REPORTER SUITE

Similar documents
Netwrix Auditor for Active Directory

NETWRIX GROUP POLICY CHANGE REPORTER

NETWRIX ACTIVE DIRECTORY CHANGE REPORTER

NETWRIX WINDOWS SERVER CHANGE REPORTER

Netwrix Auditor for Active Directory

Netwrix Auditor for SQL Server

NETWRIX INACTIVE USER TRACKER

NetWrix VMware Change Reporter Version 3.0 Enterprise Edition Administrator s Guide

NETWRIX PASSWORD EXPIRATION NOTIFIER

NETWRIX BULK PASSWORD RESET

NetWrix VMware Change Reporter Version 3.0 Enterprise Edition Quick Start Guide

NETWRIX PASSWORD EXPIRATION NOTIFIER

Netwrix Auditor. Tips and Tricks: How To Create Custom Active Directory Alerts. Version: /22/2014

NetWrix Group Policy Change Reporter

HOW TO CONFIGURE REAL-TIME ALERTS FOR NETWRIX NON-OWNER MAILBOX ACCESS REPORTER FOR EXCHANGE

Netwrix Auditor. Administration Guide. Version: /31/2017

Netwrix Auditor. Event Log Export Add-on Quick-Start Guide. Version: 8.0 6/3/2016

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

Netwrix Auditor. Release Notes. Version: 9.6 6/15/2018

CONFIGURING TARGET ENVIRONMENT FOR AUDIT BY NETWRIX WINDOWS SERVER CHANGE REPORTER TECHNICAL ARTICLE

NetWrix SharePoint Change Reporter

Netwrix Auditor. Installation and Configuration Guide. Version: /1/2017

NetWrix Privileged Account Manager Version 4.1 User Guide

Netwrix Auditor Add-on for Solarwinds Log & Event Manager

Alerts Specification. NetWrix SCOM Management Pack for Active Directory Change Reporter Technical Article

Netwrix Auditor Add-on for Privileged User Monitoring

Netwrix Auditor. Intelligence Guide. Version: /30/2018

Netwrix Auditor Competitive Checklist

NetWrix Account Lockout Examiner Version 4.0 User Guide

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Netwrix Auditor Add-on for Nutanix Files

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Five critical features

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Netwrix Auditor. Release Notes. Version: /31/2017

LepideAuditor. Installation and Configuration Guide

LepideAuditor. Compliance Reports

Netwrix Auditor. Integration API Guide. Version: /4/2016

Netwrix Auditor for Oracle Database

Dell Change Auditor 6.5. Event Reference Guide

SQL Server Solutions GETTING STARTED WITH. SQL Secure

VMware Mirage Web Manager Guide

Veritas NetBackup for Enterprise Vault Agent Administrator's Guide

Quest Collaboration Services 3.6. Installation Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Netwrix Auditor. Release Notes. Version: 9.5 4/13/2018

User Manual. Active Directory Change Tracker

ChangeAuditor 5.6. What s New

Creating a FileShare Cluster using Storage Foundation 5.1 for Windows Service Pack 2 Jay Jameson

Dell Change Auditor for Active Directory 6.5. User Guide

NTP Software Defendex (formerly known as NTP Software File Auditor) for NetApp

Active Directory Change Notifier Quick Start Guide

Integrate Saint Security Suite. EventTracker v8.x and above

Dell Change Auditor for SharePoint 6.5. User Guide

One Identity Manager 8.0. Administration Guide for Connecting to a Universal Cloud Interface

Veritas Enterprise Vault Setting up SharePoint Server Archiving 12.2

Symantec Backup Exec Quick Installation Guide

x10data Application Platform v7.1 Installation Guide

SharePoint Farm Reporter Installation Guide

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

Secret Server Demo Outline

User Manual. ARK for SharePoint-2007

Integrate EMC Isilon. EventTracker v8.x and above

Veritas NetBackup OpsCenter Reporting Guide. Release 8.0

Integrate Microsoft Office 365. EventTracker v8.x and above

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Evaluation Guide. The purpose of this document is to help evaluating users install and configure GFI EventsManager.

DefendX Software QFS Installation Requirements

ForeScout Extended Module for Advanced Compliance

Netwrix Auditor. Integration API Guide. Version: 9.7 2/8/2019

Symantec ServiceDesk 7.1 SP1 Implementation Guide

Centrify Infrastructure Services

NTP Software File Auditor for Windows Edition

Integrate IIS SMTP server. EventTracker v8.x and above

Vyapin Office 365 Management Suite

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018

LepideAuditor for File Server. Installation and Configuration Guide

GDPR Controls and Netwrix Auditor Mapping

ManageEngine EventLog Analyzer. Installation of agent via Group Policy Objects (GPO)

Netwrix Auditor. Visibility Platform for User Behavior Analysis. and Risk Mitigation in Hybrid IT Environments.

StarWind Virtual SAN Installing and Configuring SQL Server 2017 Failover Cluster Instance on Windows Server 2016

Veritas Storage Foundation and High Availability Solutions Release Notes

Netwrix Auditor. Integration API Guide. Version: /4/2017

Configuration Guide for Exchange Reporter Plus

Introduction. How Does it Work with Autodesk Vault? What is Microsoft Data Protection Manager (DPM)? autodesk vault

PaperVision Message Manager. User Guide. PaperVision Message Manager Release 71

VERITAS StorageCentral 5.2

Connect Install Guide

StarWind Virtual SAN Installing and Configuring SQL Server 2019 (TP) Failover Cluster Instance on Windows Server 2016

Veritas System Recovery 18 Management Solution Administrator's Guide

StarWind Virtual SAN. Installing and Configuring SQL Server 2014 Failover Cluster Instance on Windows Server 2012 R2. One Stop Virtualization Shop

Envelope Journaling for Microsoft Exchange 2003 Version 1.0

Veritas Enterprise Vault PST Migration 12.2

SOX/COBIT Framework. and Netwrix Auditor Mapping. Toll-free:

GFI EventsManager 8 ReportPack. Manual. By GFI Software Ltd.

Veritas Desktop Agent for Mac Getting Started Guide

Veritas Storage Foundation and High Availability Solutions Quick Recovery and Microsoft Clustering Solutions Guide for Microsoft Exchange

Transcription:

NETWRIX CHANGE REPORTER SUITE QUICK-START GUIDE Product Version: 4.0 March 2013.

Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from NetWrix Corporation of any features or functions discussed. NetWrix Corporation assumes no responsibility or liability for the accuracy of the information presented, which is subject to change without notice. NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix product or service names and slogans are registered trademarks or trademarks of NetWrix Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarks are property of their respective owners. Disclaimers This document may contain information regarding the use and installation of non-netwrix products. Please note that this information is provided as a courtesy to assist you. While NetWrix tries to ensure that this information accurately reflects the information provided by the supplier, please refer to the materials provided with any non-netwrix product and contact the supplier for confirmation. NetWrix Corporation assumes no responsibility or liability for incorrect or incomplete information provided about non-netwrix products. 2013 NetWrix Corporation. All rights reserved. Page 2 of 20

Table of Contents 1. INTRODUCTION... 4 1.1. Overview... 4 1.2. How This Guide is Organized... 4 2. PRODUCT OVERVIEW... 5 2.1. Key Features and Benefits... 5 2.2. NetWrix Change Reporter Suite Modules... 6 2.3. Licensing Information... 6 3. INSTALLING NETWRIX CHANGE REPORTER SUITE... 7 3.1. System Requirements... 7 3.1.1.. Hardware Requirements... 7 3.1.2.. Software Requirements... 7 3.2. Installing NetWrix Change Reporter Suite... 7 4. CREATING A MANAGED OBJECT... 10 5. CONFIGURING AUDIT SETTINGS... 15 6. COLLECTING THE INITIAL SNAPSHOT... 17 7. MONITORING YOUR MANAGED OBJECT FOR CHANGES... 18 7.1. Making Test Changes to the Managed Object... 18 7.2. Running Data Collection and Receiving the Report... 18 A APPENDIX: SUPPORTING DATA... 20 A.1 Related Documentation... 20 Page 3 of 20

1. INTRODUCTION 1.1. Overview This guide is intended for first-time users of NetWrix Change Reporter Suite. It contains an overview of the product functionality, instructions on how to install and setup the product, and explains how to start using NetWrix Change Reporter Suite by providing step-by-step procedures for some basic operations. This guide can be used for evaluation purposes, therefore, it is recommended to read it sequentially, and follow the instructions in the order they are provided. After reading this guide, you will be able to: Install NetWrix Change Reporter Suite; Create and configure a Managed Object that will be monitored for changes; Run data collection and see how changes are reported using NetWrix Active Directory Change Reporter, which is one of the key modules of the Change Reporter Suite. Note: This guide only covers simple installation and configuration options. For advanced installation scenarios and configuration options, as well as for information on various reporting possibilities, please refer to documentation on NetWrix change reporting products included in the Change Reporter Suite (for documentation links, refer to Appendix A.1 Related Documentation). 1.2. How This Guide is Organized This section explains how this guide is organized and provides a brief overview of each chapter. Chapter 1 Introduction: the current chapter. It explains the purpose of this document, defines its audience and outlines its structure. Chapter 2 Product Overview provides an overview of the product features, and lists all modules included into NetWrix Change Reporter Suite 4.0. It also contains the information on licensing. Chapter 3 Installing NetWrix Change Reporter Suite: provides detailed instructions on how to install NetWrix Change Reporter Suite. Chapter 4 Creating a Managed Object: explains how to create and configure a Managed Object, i.e. the component of your IT infrastructure that you are going to monitor for changes. Chapter 5 Configuring Audit Settings: contains instructions on how to configure audit settings properly. Chapter 6 Collecting the Initial Snapshot: explains how to run a data collection task to receive an initial snapshot reflecting your system s current state. Chapter 7 Monitoring Your Managed Object for Changes: provides instructions on how to make test changes to your domain and see how these changes are reported. Appendix: Supporting Data: contains links to all documentation published to support NetWrix Change Reporter Suite modules. Page 4 of 20

2. PRODUCT OVERVIEW 2.1. Key Features and Benefits NetWrix Change Reporter Suite 4.0 is an integrated solution for automated auditing of an IT infrastructure. Its modules collect audit data and generate easy-to understand reports on all changes made to the following components of your environment: Active Directory Group Policy Windows file servers EMC VNX/VNXe/Celerra NetApp Filer Microsoft Exchange Windows servers configuration Microsoft SharePoint Microsoft SQL Server VMware infrastructure Unlike the traditional log management solutions (such as, for example Security Information and Event Management (SIEM) systems), NetWrix Change Reporter Suite makes it very easy to get relevant answers to the key questions: who changed what, when and where, including the before and after values for each change. The suite modules generate daily Change Summaries that are emailed to the specified recipients and contain a list of all changes that occurred in the last 24 hours. Detailed reports based on SQL Server Reporting Services (SSRS) with various filters and output formats can be viewed through a web-browser, or in NetWrix Management Console. NetWrix solutions included in the Change Reporter Suite help automate and secure the following tasks: See WHO changed WHAT, WHEN and WHERE: the suite modules detect all changes throughout an entire IT infrastructure and generate audit reports in a user-friendly format. Sustain compliance: all changes made to your IT infrastructure can be archived and stored for years, enabling you to generate reports for your auditors and providing a full audit trail. Dozens of report templates streamline compliance to HIPAA, SOX, PCI, GLBA, FISMA, and may other regulations. Revert unwanted changes: the suite includes the Active Directory Object Restore tool integrated with the Active Directory Change Reporter module, which enables attribute-level AD object restore without rebooting a domain controller and touching the rest of the AD structure, and goes beyond the standard tombstone capabilities. Get notified immediately on critical changes: you can configure Real-Time Alerts to warn you when changes are made to sensitive resources, and, thus, respond to critical events and protect enterprise-wide integrity from damage. Integrate with 3 rd -party SIEM systems: NetWrix change reporting products can be integrated with multiple SIEM systems (including SCOM) to let you manage audit data in your usual way, but with improved performance and increased reliability of collected audit data. Page 5 of 20

2.2. NetWrix Change Reporter Suite Modules NetWrix Change Reporter Suite contains the following modules: NetWrix Active Directory Change Reporter 7.2 NetWrix EMC Storage Change Reporter 3.3 NetWrix Event Log Manager 4.0 NetWrix Exchange Change Reporter 7.1 NetWrix File Server Change Reporter 3.3 NetWrix Group Policy Change Reporter 7.1 NetWrix NetApp Filer Change Reporter 3.3 NetWrix Non-owner Mailbox Access Reporter for Exchange 3.0 NetWrix Server Configuration Change Reporter 3.0 NetWrix SharePoint Change Reporter 1.5 NetWrix SQL Server Change Reporter 2.6 NetWrix User Activity Video Reporter 1.0 NetWrix Windows Server Change Reporter 4.0 NetWrix WMware Change Reporter 3.1 For detailed information on these modules, refer to the corresponding documentation (see Appendix A.1 Related Documentation for links). 2.3. Licensing Information When you install NetWrix Change Reporter Suite, the Enterprise Editions of all of its modules are installed. The Enterprise Editions of all NetWrix products can be evaluated for 20 days. For an unlimited use of the modules integrated in the Change Reporter Suite, you must request the corresponding licenses from NetWrix. Page 6 of 20

3. INSTALLING NETWRIX CHANGE REPORTER SUITE 3.1. System Requirements 3.1.1. Hardware Requirements Before installing NetWrix Change Reporter Suite, make sure that your system meets the following hardware requirements: Table 1: NetWrix Change Reporter Suite Hardware Requirements Minimum Recommended Processor Intel or AMD 32 bit, 2GHz Intel or AMD 64 bit, 3GHz, 4 Core Memory 512 M 4 G Hard Disk 50 M for each component NOTE: More space is required for Audit Archive, the local repository of audit data. 2 drives with 50 G of free space (in total) 3.1.2. Software Requirements The table below lists the minimum software requirements for NetWrix Change Reporter Suite components. Make sure that this software has been installed on the corresponding machines before proceeding with the installation. Note: These are the minimum requirements necessary to use the basic functionality of the Change Reporter Suite modules. For a full list of software required to use the advanced features, please refer to documentation on separate modules (see Appendix A.1 Related Documentation for documentation links). Table 2: NetWrix Change Reporter Suite Software Requirements NetWrix Product General Requirements NetWrix Exchange Change Reporter Required Software Windows XP SP3 or above.net Framework 3.5 Microsoft Management Console 3.0 or above Note: Microsoft Management Console is included in the Windows XP or above operating systems. Windows Installer 3.1 or above IIS 5.1 or above* (IIS 7.0 requires IIS 6 Management Compatibility all components) Note: Only required if you are going to use SQL Server 2005 to store audit data. Windows PowerShell 2.0 Note: Only required if your monitored domain has an Exchange organization running Microsoft Exchange Server 2010. NetWrix Group Policy Change Reporter Group Policy Management Console** 3.2. Installing NetWrix Change Reporter Suite To install the Change Reporter Suite, perform the following procedure: Page 7 of 20

Procedure 1. To install NetWrix Change Reporter Suite 1. Run the product installation package (NetWrix_Change_Reporter_Suite.exe). 2. When prompted, click Yes to unpack the installation package. The following page will be displayed: Figure 1: NetWrix Change Reporter Suite Setup: Main Page 3. Do one of the following : Click Install the entire Suite to install all modules, or Click Install next to a module name to install an individual module. Note: For evaluation purposes and for the procedures described in this document, it is recommended to install the Active Directory Change Reporter module. 4. When prompted, specify the account that will be used by the system for data collection and report generation. 5. Follow the instructions of the wizard to complete the installation. When the installation process has been completed, NetWrix Management Console will start: Page 8 of 20

Figure 2: NetWrix Management Console NetWrix Management Console is a convenient tool that allows configuring Managed Objects and their settings, and the reporting options. You can also view change reports in the Console. Page 9 of 20

4. CREATING A MANAGED OBJECT After you have installed NetWrix Change Reporter Suite, you must add a Managed Object that will be monitored for changes and configure its settings. To do this, perform the following procedure: Procedure 2. To create a managed object 1. Open NetWrix Management Console (Start All Programs NetWrix Enterprise Management Console). In the left pane, click on the Managed Objects node. The Managed Object page will be displayed: Figure 3: Managed Objects Page 2. Click on Create New Managed Object to start the New Managed Object Wizard. 3. On the first step, select Domain as the Managed Object type and click Next to continue: Note: If you have installed other NetWrix change reporting products before, the list of Managed Object types may contain several options. Page 10 of 20

Figure 4: New Managed Object Wizard: Selecting Managed Object Type 4. On the next step, specify the domain name and the management account (by default, this is the account you specified on installation). This account will be used for data collection and report generation. It must belong to the Domain Admins group. Click Next to proceed. 5. On the next step, make sure that the Active Directory Change Reporter feature is selected, deselect the other features and click Next: Figure 5: New Managed Object Wizard: Enabling Features 6. On the next step, deselect the Enable advanced reporting option and click Next: Page 11 of 20

Note: The Advanced Reporting feature allows generating reports based on SQL Server Reporting Services. This guide only covers basic configuration and reporting options. For advanced features, please refer to NetWrix Active Directory Change Reporter Administrator s Guide. Figure 6: New Managed Object Wizard: Advanced Reporting 7. Optionally, select the Enable network traffic compression option, and click Next to continue: Figure 7: New Managed Object Wizard: Network Traffic Compression 8. Disable the Enable snapshot reporting feature and click Next to continue: Page 12 of 20

Note: This feature must only be selected if Advanced Reporting has been enabled. Figure 8: New Managed Object Wizard: Snapshot Reporting 9. On the next step, specify thee-mail settings that will be used by the system to send reports: Figure 9: New Managed Object Wizard: E-mail Settings Click the Add button and enter your e-mail address. All ad-hoc reports will be sent to this address. Then click Next to continue. 10. On the next step, deselect all real-time alerts and click Next to continue: Page 13 of 20

Figure 10: New Managed Object Wizard: Configuring Real-Time Change Alerts Note: Real-time alerting is a feature that allows configuring email notifications triggered by certain events. There are some pre-defined alerts, or you can create custom alerts that fit your needs. For details on the Real-Time Alerting feature, please refer to NetWrix Active Directory Change Reporter Administrator s Guide. 11. Review your settings and click Finish to complete the wizard. The new Managed Object will appear under the Managed Objects node in the left pane. Page 14 of 20

5. CONFIGURING AUDIT SETTINGS For NetWrix Active Directory Change Reporter to function properly, audit settings must be configured for the managed domain. You can configure these settings automatically through the Audit Configuration Wizard, or manually. This document explains how to configure audit settings through the Audit Configuration Wizard. For instructions on how to perform a manual configuration procedure, please refer to Section 2.2 Configuring Active Directory Changes Auditing of NetWrix Active Directory Change Reporter Administrator s Guide. To configure audit settings, perform the following procedure: Procedure 3. To configure audit settings for the managed domain 1. Start the Audit Configuration wizard (Start All Programs NetWrix NetWrix Active Directory Change Reporter Audit Configuration Wizard): Figure 11: Audit Configuration Wizard 2. On the Welcome page, click Next. 3. In the dialog box that opens, ensure that the effective policy applied to the domain controllers is selected (by default, the Default Domain Controllers Policy), and click OK: Figure 12: Selecting a Policy Page 15 of 20

4. On the Audit Policy Settings page, click Detect. The wizard will analyze the current audit policy settings. If some settings do not conform to the Active Directory Change Reporter requirements, the Adjust button will be enabled. 5. If the Adjust button is enabled, click it to let the product adjust the audit settings, and then click Next. 6. Repeat the same operation for the Object-level Audit Settings and the Event Log Retention Settings. 7. On the last page, click Finish to complete the wizard. Page 16 of 20

6. COLLECTING THE INITIAL SNAPSHOT After you have added a managed domain and configured the audit settings, you must receive an initial snapshot of your managed domain s current state. NetWrix Active Directory Change Reporter uses this information as a benchmark to generate audit reports on changes made to your Active Directory environment. The initial snapshot is created when the first data collection task is run on a newly created Managed Object. You can either wait for the system to run it automatically, or launch it manually from NetWrix Management Console. To do this, perform the following procedure: Procedure 4. To run a data collection task 1. Open NetWrix Management Console. 2. In the console tree, expand the Managed Objects node, and select the managed domain you have added. 3. In the details pane, click Run. Figure 13: Starting the data collection task After the data collection task has been completed by the system, you will receive an email containing the initial snapshot of your managed domain(s) current state. Note: Creation of an initial snapshot may take some time. The current state of the operation is displayed in the Status column. Page 17 of 20

7. MONITORING YOUR MANAGED OBJECT FOR CHANGES 7.1. Making Test Changes to the Managed Object Now that you have a snapshot of your managed domains current state, you can make test changes to your Active Directory environment to see how these changes will be reported. For example, you can add a user, or change an account s permissions, etc. Note: Before making any test changes to the Active Directory, ensure that you have the domain administrator s rights, and that the changes conform to your security policy. 7.2. Running Data Collection and Receiving the Report After you have made test changes to your Active Directory Environment, you can see how these changes will be reported. By default, NetWrix Active Directory Change Reporter sends daily summary reports on changes that occurred in the last 24 hours at 3:AM. If you do not want to wait until a scheduled report delivery, you must launch the data collection task manually. To do this, open NetWrix Management Console and run a data collection task as described in Procedure 4 To run a data collection task. A report with information on your test changes will be sent to your email address. You can also view change reports in HTML format in a web browser. To do this, perform the following procedure: Procedure 5. To view a change report in a web browser 1. In the console tree, expand the Managed Objects/<your domain>/active Directory Change Reporter node, and click on Ad-hoc Reports: Figure 14: Generating reports in HTML format 2. Specify the date and time in the From and To fields, and click Run. The generated change report will be sent to the specified e-mail like in the example below: Page 18 of 20

Figure 15: Change Report E-mail This report reflects the following changes to the PersonalStaff OU: A user account has been disabled; An account s permissions have been modified; Managers group has been added to the PersonalStaff OU; A computer names SQL server has been added to the PersonalStaff OU. Page 19 of 20

A APPENDIX: SUPPORTING DATA A.1 Related Documentation This section provides links to documentation on all NetWrix products included in the Change Reporter Suite. Table 3: Change Report Suite Modules Documentation Links Module Name NetWrix Active Directory Change Reporter NetWrix EMC Storage Change Reporter NetWrix Event Log Manager NetWrix Exchange Change Reporter File Server Change Reporter Group Policy Change Reporter NetApp Filer Change Reporter Non-owner Mailbox Access Reporter for Exchange SharePoint Change Reporter SQL Server Change Reporter User Activity Video Reporter Windows Server Change Reporter VMware Change Reporter Documentation Link Page 20 of 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback