Configure Long-Term Archive Account

An account used to write data to the Long-Term Archive and upload report subscriptions to shared folders. By default, the LocalSystem account is used for the archive stored locally and the computer account is used for archive stored on a file share.

If you want to store the Long-Term Archive on a file share, you can specify custom account in Settings Long-Term Archive in Netwrix Auditor.

Starting with version 9.96, you can use Group Managed Service Account (gMSA) as the account for accessing Long-Term Archive.

The custom account must be granted the following rights and permissions:

  • Advanced permissions on the folder where the Long-Term Archive is stored:
    • List folder / read data
    • Read attributes
    • Read extended attributes
    • Create files / write data
    • Create folders / append data
    • Write attributes
    • Write extended attributes
    • Delete subfolders and files
    • Read permissions

  • On the file shares where report subscriptions are saved:

    • Change share permission
    • Create files / write data folder permission

    NOTE: Subscriptions created in the Netwrix Auditor client are uploaded to file servers under the Long-Term Archive service account as well.

NOTE: The procedure below applies to Windows Server 2012 R2 and above and may vary slightly depending on your OS.

  1. Navigate to a folder where the Long-Term Archive will be stored, right-click it and select Properties.

  2. In the <Folder_name> Properties dialog, select the Security tab and click Advanced.

  3. In the Advanced Security dialog, select the Permissions tab and click Add.

  4. In the Permission Entry for <Folder_Name> dialog, apply the following settings:

    • Specify an account as principal.
    • Set Type to "Allow".
    • Set Applies to to "This folder, subfolders and files".
    • Switch to the Advanced permissions section.
    • Check the following permissions:
      • List folder / read data
      • Read attributes
      • Read extended attributes
      • Create files / write data
      • Create folders / append data
      • Write attributes
      • Write extended attributes
      • Delete subfolders and files
      • Read permissions

NOTE: The procedure below applies to Windows Server 2012 R2 and above and may vary slightly depending on your OS.

  1. Navigate to a folder where report subscriptions will be stored, right-click it and select Properties.

  2. In the <Share_Name> Properties dialog, select the Sharing tab and click Advanced Sharing.

  3. In the Advanced Sharing dialog, click Permissions.
  4. In the Permissions for <Share_Name> dialog, select a principal or add a new, then check the Allow flag next to Change.
  5. Apply settings and return to the <Share_Name> Properties dialog.
  6. In the <Share_Name> Properties dialog, select the Security tab and click Advanced.
  7. In the Advanced Security Settings for <Share_Name> dialog, navigate to the Permissions tab, select a principal and click Edit, or click Add to add a new one.

  8. Apply the following settings to your Permission Entry.

    • Specify a Netwrix Auditor user as principal.
    • Set Type to "Allow".
    • Set Applies to to "This folder, subfolders and files".
    • Check Create files / write data in the Advanced permissions section.

    NOTE: The users who are going to access report subscriptions must be granted read access to these shares. Netwrix recommends you to create a dedicated folder and grant access to the entire Netwrix Auditor Client Users group or any other group assigned the Global reviewer role in Netwrix Auditor.