You can configure Windows Servers for monitoring in one of the following ways:
Automatically when creating a monitoring plan
This method is recommended for evaluation purposes in test environments.
For a full list of audit settings required for Netwrix Auditor to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.
NOTE: If you select to automatically configure audit in the target environment, your current audit settings will be checked on each data collection and adjusted if necessary.
This method can be used, for example, in small and medium-sized environment. Perform the following procedures:
- Enable Remote Registry and Windows Management Instrumentation Services
- Configure Windows Registry Audit Settings
- Configure Local Audit Policies or Configure Advanced Audit Policies
- Adjusting Event Log Size and Retention Settings
- Configure Windows Firewall Inbound Connection Rules
- Adjusting DHCP Server Operational Log Settings
- Configure Removable Storage Media for Monitoring
Configure Enable Persistent Time Stamp Policy—This policy should be configured manually since Netwrix Auditor does not enable it automatically.
- Using Group Policy Objects.
In particular, the following procedures can be performed using GPO:
NOTE: You can configure other settings manually, as described in the corresponding sections.
Whatever method you choose to configure Windows Server for auditing (manual or automated), also remember to do the following:
- Configure Data Collecting Account, as described in Data Collecting Account
- Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Windows Server