Go Up
You are here: DeploymentConfigure Netwrix Auditor Service AccountsConfigure Data Collecting Account

Configure Data Collecting Account

This service account is used to collect audit data from the data source items; it is specified during the monitoring plan creation.

Netwrix recommends creating a special service account for that purpose. Depending on the data source your monitoring plan will process, the account must meet the corresponding requirements.

Data source Required rights and permissions:

Active Directory

For Active Directory Auditing

Active Directory Federation Services

For AD FS Auditing

Azure AD

For Azure AD Auditing


For Exchange Auditing

Exchange Online

For Exchange Online Auditing

Windows File Servers

For Windows File Server Auditing

EMC Isilon

For EMC Isilon Auditing


For EMC VNX/VNXe/Unity Auditing

For EMC VNX/VNXe/Unity Auditing


For NetApp Auditing

Nutanix Files

For Nutanix Files Auditing

Network Devices

For Network Devices Auditing

Oracle Database

For Oracle Database Auditing


For SharePoint Auditing

SharePoint Online (including OneDrive for Business)

For SharePoint Online Auditing

SQL Server

For SQL Server Auditing


For VMware Server Auditing

Windows Server (including DNS and DHCP)

For Windows Server Auditing

Event Log (including IIS)—collected with Event Log Manager

For Event Log Auditing

Group Policy

For Group Policy Auditing

Inactive Users in Active Directory—collected with Inactive User Tracker

Logon Activity

For Logon Activity Auditing

Password Expiration in Active Directory—collected with Password Expiration Notifier

User Activity

Go Up