Go Up
  • All Files
You are here: DeploymentConfigure Netwrix Auditor Service AccountsLong-Term Archive Account

Configure Long-Term Archive Account

An account used to write data to the Long-Term Archive and upload report subscriptions to shared folders. By default, the LocalSystem account is used for the archive stored locally and the computer account is used for archive stored on a file share.

If you want to store the Long-Term Archive on a file share, you can specify custom account in Settings Long-Term Archive in Netwrix Auditor. The custom Long-Term Archive service account must be granted the following rights and permissions:

  • Advanced permissions on the folder where the Long-Term Archive is stored:
    • List folder / read data
    • Read attributes
    • Read extended attributes
    • Create files / write data
    • Create folders / append data
    • Write attributes
    • Write extended attributes
    • Delete subfolders and files
    • Read permissions

  • On the file shares where report subscriptions are saved:

    • Change share permission
    • Create files / write data folder permission

    NOTE: Subscriptions created in the Netwrix Auditor client are uploaded to file servers under the Long-Term Archive service account as well.

ClosedTo assign permissions on the Long-Term Archive folder

NOTE: The procedure below applies to Windows Server 2012 R2 and above and may vary slightly depending on your OS.

  1. Navigate to a folder where the Long-Term Archive will be stored, right-click it and select Properties.

  2. In the <Folder_name> Properties dialog, select the Security tab and click Advanced.

  3. In the Advanced Security dialog, select the Permissions tab and click Add.

  4. In the Permission Entry for <Folder_Name> dialog, apply the following settings:

    • Specify an account as principal.
    • Set Type to "Allow".
    • Set Applies to to "This folder, subfolders and files".
    • Switch to the Advanced permissions section.
    • Check the following permissions:
      • List folder / read data
      • Read attributes
      • Read extended attributes
      • Create files / write data
      • Create folders / append data
      • Write attributes
      • Write extended attributes
      • Delete subfolders and files
      • Read permissions
ClosedTo assign Change and Create Files/Write Data permissions to upload subscriptions to file shares

NOTE: The procedure below applies to Windows Server 2012 R2 and above and may vary slightly depending on your OS.

  1. Navigate to a folder where report subscriptions will be stored, right-click it and select Properties.

  2. In the <Share_Name> Properties dialog, select the Sharing tab and click Advanced Sharing.

  3. In the Advanced Sharing dialog, click Permissions.
  4. In the Permissions for <Share_Name> dialog, select a principal or add a new, then check the Allow flag next to Change.
  5. Apply settings and return to the <Share_Name> Properties dialog.
  6. In the <Share_Name> Properties dialog, select the Security tab and click Advanced.
  7. In the Advanced Security Settings for <Share_Name> dialog, navigate to the Permissions tab, select a principal and click Edit, or click Add to add a new one.

  8. Apply the following settings to your Permission Entry.

    • Specify a Netwrix Auditor user as principal.
    • Set Type to "Allow".
    • Set Applies to to "This folder, subfolders and files".
    • Check Create files / write data in the Advanced permissions section.

    NOTE: The users who are going to access report subscriptions must be granted read access to these shares. Netwrix recommends you to create a dedicated folder and grant access to the entire Netwrix Auditor Client Users group or any other group assigned the Global reviewer role in Netwrix Auditor.

© 2020 Netwrix Corporation

Corporate Headquarters: 300 Spectrum Center Drive, Suite 200 Irvine, CA 92618

Phone: 1-949-407-5125 | Toll-free: 888-638-9749

Go Up