1

IT SECURITY GURU

PRODUCT REVIEW

Netwrix Auditor 6.5

Supplier: Netwrix Corporation

Product: Netwrix Auditor 6.5

Website: www.netwrix.com

Price: Active Directory per user, £8 ex VAT

File Server per user, £4 ex VAT

Verdict: A sophisticated and affordable change and configuration auditing solution

capable of providing stunning levels of information about all your business critical

systems

Change auditing in today’s diverse IT infrastructures is a major challenge but

businesses have a clear duty to implement these systems for their own safety and to

comply with data protection regulations. A fundamental requirement is Active Directory

(AD) auditing but add in Exchange services, file servers and databases and you have an

administrative nightmare in the making.

Netwrix Auditor looks to have every base covered and the latest v6.5 on review goes

way beyond this basic remit. Not only can it audit AD and Group Policy but it keeps you

abreast of inactive accounts and provides complete visibility of Exchange, SQL Server,

Windows Server and SharePoint systems.

Scores

Performance

Features

Value for Money

Ease of Use

Support

Overall

2

Virtualised environments come under its umbrella as it can monitor VMware vCenter,

vSphere, ESX and ESXi systems. Along with Windows file servers, Netwrix Auditor also

supports NetApp filers plus EMC VNX, VNXe and Celerra storage devices.

Picture 1: NETWRIX 1.PNG – Netwrix Auditor’s dashboard provides a complete summary of all detected changes, where and when they occurred and who made them.

Modules and installation

We like the fact that Netwrix Auditor uses modules for each option so you only need to

purchase the ones you want. Host system requirements are reasonable as it can run on

any OS from Windows 7 or Server 2008 R2 upwards.

3

The installation process is well documented and easy to follow. Some manual

intervention is required for Group Policy auditing as Microsoft’s Group Policy

Management Console (GPMC) must be installed on the host system.

For testing we introduced Netwrix Auditor to the lab network which uses a Windows

Server 2012 R2 AD domain controller. We also had systems running Exchange 2013,

SQL Server 2014 and Windows Server 2012 R2 file servers.

Picture 2: NETWRIX 2.PNG – Netwrix Auditor provides a wealth of information about Active Directory changes and heaps of predefined reports.

4

Swift AD audit setup

Netwrix Auditor impresses from the outset as every component is integrated seamlessly

into a single console. Our first task was to create managed objects and a handy wizard

helped set up auditing for our AD domain, Group Policy and Exchange environments.

The process is very smooth and the wizard spotted that our domain had an Exchange

organisation and automatically enabled auditing for this.

During this process you can set data collection to use Netwrix Auditor’s lightweight

agent. Ideal for distributed networks, it gathers audit data on remote systems and

compresses it before transmission to the main console.

Along with auto-configuration of native log collections for AD, Group Policy and

Exchange, the wizard offers options for real-time alerts. These watch out for critical AD

modifications such as changes to the Admin group membership and domain

configuration and send email alerts to selected recipients.

5

NETWRIX 3.PNG – The File Server module showed us everything we needed to know about activity on

our network shares.

AD reporting

The Netwrix Auditor console opens with an Enterprise Overview showing what changes

have been detected over the selected time period. Using the drop-down menu, we could

quickly swap views for specific modules such as AD, Exchange, File Servers and SQL

Server.

AD reporting is incredibly detailed as Netwrix provides hundreds of predefined reports

covering everything from all AD changes by date and modified computer accounts to

user account or organisational changes. The bottom line is we could easily see what

was changed or added, when it happened and which user was responsible.

The same high level of detail was provided for Group Policy and Exchange and we

could schedule data collections for specific intervals each day. Using subscriptions, we

could set up regular report generation and have them emailed to selected individuals in

PDF, Word or Excel formats.

The rollback feature uses Netwrix Auditor’s snapshots to provide recovery and rollback

services allowing us to restore any AD object from a user to an entire Organisational

Unit. And if you need cast-iron proof that unauthorised changes had been made, the

video report service provides links to video recordings of activity on monitored systems.

6

NETWRIX 4.PNG – The Video Report Player gives you all the proof you need that

unauthorised changes have been made.

File Server module

We found the File Server module the lengthiest to set up. We needed to create a new

audit object for Group Policy, configure advanced security settings for every monitored

share and add Netwrix Auditor managed objects for each one. The manual does cover

all these steps in detail and we think it’s well worth the effort as the information provided

is extensive. The Enterprise Overview dashboard shows the most active file servers and

users along with logged read and changes.

As with all dashboard views, we could select a graph and drill down for more

information. Reports showed us which folders and files has been added, removed and

modified, which server this occurred on, when it happened and the users involved.

7

The best of the rest

For our Exchange 2013 system, we could keep a close eye on mailbox and recipient

management activities along with any modifications to servers, groups and stores.

Creating a managed object for our SQL Server 2014 system was swift and its object

change reports covered modifications ranging from application role, credential and

schema to columns, tables and users.

VMware reporting is impressive as well as Netwrix Auditor covers modifications of

datacenters and hosts to resource changes and snapshot activity. The VM sprawl report

is very useful as it shows VM creation trends over time.

Conclusion

Netwrix Auditor 6.5 impressed us during testing as the amount of information it provided

about our key systems was quite remarkable. Components such as the File Server

module can take a while to configure correctly but the single management console

means it’s all very accessible and the modular design makes it excellent value.