Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange Presenter: Danny Murphy Sr. Sales Engineer, Netwrix Corporation Danny.Murphy@netwrix.com +44 (0) 203 588 3023 ext 2202
Agenda Briefly about Netwrix Netwrix Auditor Introduction Netwrix Auditor Conceptual Model Netwrix Auditor Configuration Questions and Answers
About Netwrix Corporation Year of foundation: 2006 Headquarters location: Irvine, California Global customer base: 6000 Customer support: global 24/5 support with 97% customer satisfaction Recognition: Among the fastest growing software companies in the US with more than 70 industry awards from Redmond Magazine, SC Magazine, WindowsIT Pro and others
Netwrix Customers Financial Healthcare & Pharmaceutical Federal, State, Local, Government GA Industrial/Technology/Other
Award winning products All awards: www.netwrix.com/awards
About Netwrix Auditor Netwrix Auditor A visibility and governance platform that enables control over changes, configurations, and access in hybrid cloud IT environments by providing security analytics to detect anomalies in user behavior and investigate threat pattern before a data breach occurs.
Netwrix Auditor Applications Active Directory Exchange Office 365 Windows File Servers EMC NetApp Windows Server VMware SQL Server SharePoint
Netwrix Auditor Applications Scope Active Directory Active Directory changes; Group Policy changes; State-in-Time information on configurations; real-time alerts; logon auditing; AD change rollback; inactive user tracking and password expiration alerting NetApp Changes to files, folders, shares and permissions; successful and failed access attempts; data usage and data ownership Exchange Changes to Exchange server configuration, Exchange databases, mailboxes, mailbox delegation, permissions; non-owner mailbox access auditing Windows Server Changes to configuration of Windows-based servers; Event Logs, Syslog, Cisco, IIS, DNS; User activity video recording Office 365 Exchange Online administrative changes; changes to mailboxes, mail users, groups, permissions, policies, and management roles; non-owner mailbox access auditing VMware Changes made to vcenter and its servers, folders, clusters, resource pools and hardware configurations of virtual machines Windows File Servers Changes to files, folders, shares and permissions; successful and failed access attempts; file analysis reporting; state-intime information on configurations SQL Server Changes to SQL Server objects and permissions, server instances, roles, databases, tables, stored procedures, etc. EMC Changes to files, folders, shares and permissions; successful and failed data access attempts; data usage and data ownership SharePoint Changes to farm configuration, user content and security; permissions; group membership and security policies; read access auditing
Netwrix Auditor Conceptual Model Схема будет в понедельник!
Configure Domain for Auditing In the audited environment: Active Directory / Group Policy The ADSI Edit utility must be installed on any domain controller in the audited domain. The following policies must be set to "Success" for the effective domain controllers policy: Audit account management Audit directory service access The Audit logon events policy must be set to "Success" (or "Success" and " Failure") for the effective domain controllers policy. The Advanced audit policy settings can be configured instead of basic. The Maximum Security event log size must be set to 4GB. The retention method of the Security event log must be set to Overwrite events as needed. (Optional) The Object-level audit settings must be configured for the Domain, Configuration and Schema partitions.
Configure Domain for Auditing In the audited environment: Exchange Follow the same steps described for Active Directory + The Administrator Audit Logging settings must be configured (only required for Exchange 2010 and 2013). In order to audit mailbox access, the Logons logging level must be set to "Minimum«via the Exchange Management Shell. NOTE: This is only required if you disable Netwrix Auditor Mailbox Access Core Service when auditing mailbox access on Exchange 2007 and 2010. In order to audit mailbox access, native audit logging must be enabled for user, shared, equipment, linked, and room mailboxes. - Access types: administrator, delegate user - Actions: Update, Move, MoveToDeletedItems, SoftDelete, HardDelete, FolderBind, SendAs, SendOnBehalf, Create
Netwrix Auditor Demonstration
Next Steps Guide: Netwrix Auditor Installation and Configuration Guide netwrix.com/download/documents/netwrix_auditor_installation_configuration_guide.pdf Free Trial: setup in your own test environment netwrix.com/freetrial Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive Live One-to-One Demo: product tour with Netwrix expert netwrix.com/livedemo Contact Sales to obtain more information netwrix.com/contactsales Webinars: join our upcoming webinars or watch the recorded sessions netwrix.com/webinars netwrix.com/webinars#featured
Thank You!