Netwrix Auditor 6.5 review

Netwrix Auditor sets a high standard for change auditing in the enterprise

Editor's Choice
  • Easy to deploy; Detailed reporting; Modular design; Central management console
  • Lengthy setup for file server module

There's no shortage of enterprise change auditing products on the market today but Netwrix Auditor is one of the most comprehensive and intuitive we've seen. Naturally, Active Directory (AD) auditing is at the top of its agenda but it can do so much more than this.

A feature we like is Auditor's modular design which allows you to purchase only the bits you need. Costing 8 per user, the AD module includes auditing for Group Policy plus inactive users and password expirations.

Optional modules are available for Exchange, SQL Server, SharePoint plus Windows Servers and Auditor 6.5 can now monitor and report on changes to Windows file shares. Network storage options include NetApp filers plus EMC storage devices while for virtualised environments, Netwrix can audit VMware vCenter, vSphere, ESX and ESXi systems. 

Auditor's console is well designed and provides easy access to every module and report

Easy installation

We loaded Auditor on a Windows 7 desktop without any problems. This was a member of the lab's domain managed by a Windows Server 2012 R2 domain controller which included other Server 2012 R2 file servers plus Exchange 2013 and SQL Server 2014 systems.

Along with installing a SQL 2012 Express database for report storage, the wizard configured snapshots for State-in-Time reporting services and native auditing on all target systems. Auditor's lightweight agent can be automatically installed on audited systems where it gathers data and compresses it before sending it to the host.

Real time alerts for critical domain changes can be set up during this phase. We also chose the number of days after which users were considered inactive, applied actions such as forcing password changes or account deletion and sorted out alerting for password expirations.

The Enterprise Overview dashboard shows all the activity on audited systems

A slick console

It's been a couple of years since we last looked at Auditor and we were bowled over by the new console. Every module now snaps in seamlessly to the same console and its left pane provides swift access to them along with all reporting tools.

First time audits are easy to set up with a wizard taking us swiftly through the audit process for our AD domain, Group Policy and Exchange organisation. Some manual labour is required for Group Policy auditing as we had to load the Microsoft Group Policy Management Console (GPMC) on our host system but this is well covered in the manual.

Further managed objects are easily added as you choose from domain, VMware, OU, SharePoint Farm or computer collection and add the systems you want to group together. Our SQL Server 2014 system was declared in under a minute with a simple quick-step wizard that just required the database instance and alert recipients. 

The console opens with an Enterprise Overview of graphs and charts which can be filtered to suit. We could also swap to views showing just our Exchange organisation or SQL Servers but a minor complaint is the console doesn't rescale its contents when you change the window size.

The Active Directory module provides extremely detailed reports

Active Directory unveiled 

For detailed AD change auditing look no further as Auditor provides a wealth of information. The AD overview pane provides graphs showing all changes for the selected time period along with the most modified domain controllers, the users making all the changes and objects being changed the most.

Netwrix includes hundreds of predefined reports that provide complete insight into AD activity. We could view anything from object changes and the workstation they originated from to modified computer accounts plus organisational, schema and site changes the list is endless.

We could see what was changed, who changed it and precisely when it occurred. Data collections can be set for daily intervals and we used the subscription service to email regular reports to selected Exchange users.

Even better, Auditor uses its snapshots to provide a rollback and recovery service. Accessed from the same console, we could browse snapshots and use them to restore anything from a single user to a complete OU.

The File Server module is capable of providing a lot of valuable information about network share access

File server patience

The File Server module takes a while to configure especially for large numbers of monitored file shares. Creating a new audit object for Group Policy is the easy bit but then we had to configure the advanced security settings for each share we wanted to audit and create managed objects in Auditor for each one.

Our patience was rewarded, though, as Auditor provided detailed information about all share activity. The dashboard overview kept us appraised of all changes being made, the most active servers and users and the number of file reads and changes.

Reporting is extensive as we could view lists of all files that had been added, changed or deleted, see when each event occurred and which users were responsible. The same applied to our Exchange and SQL server systems as we could view all message management activities for the selected period and keep a close eye on changes to databases, schema, objects and tables. 


Netwrix Auditor 6.5 is a top-notch IT change auditing solution that's sure to satisfy any external auditor. We found it remarkably easy to use and the modular design means it can easily be customised to suit your requirements and budget.


Excellent auditing software that works perfectly on so many levels. It’s easy to install and use, the modular design keeps costs down and its powerful reporting capabilities won’t be beaten.

Windows 7 or Server 2008 R2 upwards, 2GB RAM, 1TB hard disk space

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The enemy of security is complexity

The enemy of security is complexity

9 Oct 2020
The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020