Netwrix Auditor 6.5 review

Netwrix Auditor sets a high standard for change auditing in the enterprise

Editor's Choice
  • Easy to deploy; Detailed reporting; Modular design; Central management console
  • Lengthy setup for file server module

There's no shortage of enterprise change auditing products on the market today but Netwrix Auditor is one of the most comprehensive and intuitive we've seen. Naturally, Active Directory (AD) auditing is at the top of its agenda but it can do so much more than this.

A feature we like is Auditor's modular design which allows you to purchase only the bits you need. Costing 8 per user, the AD module includes auditing for Group Policy plus inactive users and password expirations.

Optional modules are available for Exchange, SQL Server, SharePoint plus Windows Servers and Auditor 6.5 can now monitor and report on changes to Windows file shares. Network storage options include NetApp filers plus EMC storage devices while for virtualised environments, Netwrix can audit VMware vCenter, vSphere, ESX and ESXi systems. 

Auditor's console is well designed and provides easy access to every module and report

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Easy installation

We loaded Auditor on a Windows 7 desktop without any problems. This was a member of the lab's domain managed by a Windows Server 2012 R2 domain controller which included other Server 2012 R2 file servers plus Exchange 2013 and SQL Server 2014 systems.

Along with installing a SQL 2012 Express database for report storage, the wizard configured snapshots for State-in-Time reporting services and native auditing on all target systems. Auditor's lightweight agent can be automatically installed on audited systems where it gathers data and compresses it before sending it to the host.

Real time alerts for critical domain changes can be set up during this phase. We also chose the number of days after which users were considered inactive, applied actions such as forcing password changes or account deletion and sorted out alerting for password expirations.

The Enterprise Overview dashboard shows all the activity on audited systems

A slick console

Advertisement - Article continues below

It's been a couple of years since we last looked at Auditor and we were bowled over by the new console. Every module now snaps in seamlessly to the same console and its left pane provides swift access to them along with all reporting tools.

First time audits are easy to set up with a wizard taking us swiftly through the audit process for our AD domain, Group Policy and Exchange organisation. Some manual labour is required for Group Policy auditing as we had to load the Microsoft Group Policy Management Console (GPMC) on our host system but this is well covered in the manual.

Further managed objects are easily added as you choose from domain, VMware, OU, SharePoint Farm or computer collection and add the systems you want to group together. Our SQL Server 2014 system was declared in under a minute with a simple quick-step wizard that just required the database instance and alert recipients. 

The console opens with an Enterprise Overview of graphs and charts which can be filtered to suit. We could also swap to views showing just our Exchange organisation or SQL Servers but a minor complaint is the console doesn't rescale its contents when you change the window size.

The Active Directory module provides extremely detailed reports

Advertisement
Advertisement - Article continues below

Active Directory unveiled 

Advertisement - Article continues below

For detailed AD change auditing look no further as Auditor provides a wealth of information. The AD overview pane provides graphs showing all changes for the selected time period along with the most modified domain controllers, the users making all the changes and objects being changed the most.

Netwrix includes hundreds of predefined reports that provide complete insight into AD activity. We could view anything from object changes and the workstation they originated from to modified computer accounts plus organisational, schema and site changes the list is endless.

We could see what was changed, who changed it and precisely when it occurred. Data collections can be set for daily intervals and we used the subscription service to email regular reports to selected Exchange users.

Even better, Auditor uses its snapshots to provide a rollback and recovery service. Accessed from the same console, we could browse snapshots and use them to restore anything from a single user to a complete OU.

The File Server module is capable of providing a lot of valuable information about network share access

File server patience

Advertisement - Article continues below

The File Server module takes a while to configure especially for large numbers of monitored file shares. Creating a new audit object for Group Policy is the easy bit but then we had to configure the advanced security settings for each share we wanted to audit and create managed objects in Auditor for each one.

Our patience was rewarded, though, as Auditor provided detailed information about all share activity. The dashboard overview kept us appraised of all changes being made, the most active servers and users and the number of file reads and changes.

Reporting is extensive as we could view lists of all files that had been added, changed or deleted, see when each event occurred and which users were responsible. The same applied to our Exchange and SQL server systems as we could view all message management activities for the selected period and keep a close eye on changes to databases, schema, objects and tables. 

Advertisement
Advertisement - Article continues below

Overall

Netwrix Auditor 6.5 is a top-notch IT change auditing solution that's sure to satisfy any external auditor. We found it remarkably easy to use and the modular design means it can easily be customised to suit your requirements and budget.

Verdict

Excellent auditing software that works perfectly on so many levels. It’s easy to install and use, the modular design keeps costs down and its powerful reporting capabilities won’t be beaten.

Advertisement - Article continues below

Windows 7 or Server 2008 R2 upwards, 2GB RAM, 1TB hard disk space

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020