You can configure Windows Servers for monitoring in one of the following ways:
Automatically when creating a monitoring plan
This method is recommended for evaluation purposes in test environments.
For a full list of audit settings required for Netwrix Auditor to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.
NOTE: If you select to automatically configure audit in the target environment, your current audit settings will be checked on each data collection and adjusted if necessary.
This method can be used, for example, in small and medium-sized environment. Perform the following procedures:
- Enable Remote Registry and Windows Management Instrumentation Services
- Configure Windows Registry Audit Settings
- Configure Local Audit Policies or Configure Advanced Audit Policies
- Configure Event Log Size and Retention Settings
- Configure Windows Firewall Inbound Connection Rules
- Configure DHCP-Server Operational Log
- Configure Removable Storage Media for Monitoring
- Configure Enable Persistent Time Stamp Policy
- Using Group Policy Objects.
In particular, the following procedures can be performed using GPO:
NOTE: You can configure other settings manually, as described in the corresponding sections.
For Windows Server auditing, also remember to do the following:
- Configure Data Collecting Account, as described in Configure Data Collecting Account
- Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Windows Server