Windows Server

Enable monitoring of the selected data source and configure Netwrix Auditor to collect and store audit data.

• General computer settings—Enables auditing of general computer settings. For example, computer name or workgroup changes.
• Hardware—Enables auditing of hardware devices configuration. For example, your network adapter configuration changes.
• Add/Remove programs—Enables auditing of installed and removed programs. For example, Microsoft Office package has been removed from the audited Windows Server.
• Services—Enables auditing of started/stopped services. For example, the Windows Firewall service stopped.
• Audit policies—Enables auditing of local advanced audit policies configuration. For example, the Audit User Account Management advanced audit policy is set to "Failure".
• DHCP configuration—Enables auditing of DHCP configuration changes.
• Scheduled tasks—Enables auditing of enabled / disabled / modified scheduled tasks. For example, the GoogleUpdateTaskMachineUA scheduled task trigger changes.
• Local users and groups—Enables auditing of local users and groups. For example, an unknown user was added to the Administrators group.
• DNS configuration—Enables auditing of your DNS configuration changes. For example, your DNS security parameters' changes.
• DNS resource records—Enables auditing of all types of DNS resource records. For example, A-type resource records (Address record) changes.
• File shares—Enables auditing of created / removed / modified file shares and their properties. For example, a new file share was created on the audited Windows Server.
• Removable media—Enables auditing of USB thumb drives insertion.

You can enable network traffic compression. If enabled, a Compression Service will be automatically launched on the audited computer, collecting and prefiltering data. This significantly improves data transfer and minimizes the impact on the target computer performance.

You can adjust audit settings automatically. Your current audit settings will be checked on each data collection and adjusted if necessary.

NOTE: This method is recommended for evaluation purposes in test environments. If any conflicts are detected with your current audit settings, automatic audit configuration will not be performed.

Do not select the checkbox if you want to configure audit settings manually. For a full list of audit settings required to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.

Configure Netwrix Auditor to store daily snapshots of your system configuration required for further state-in-time reports generation.See State–in–Time Reports for more information.

In the Manage historical snapshots section, you can click Manage and select the snapshots that you want to import to the Audit Database to generate a report on the data source's state at the specific moment in the past.

NOTE: You must be assigned the Global administrator or the Global reviewer role to import snapshots.

Move the selected snapshots to the Snapshots available for reporting list using the arrow button.

NOTE: The product updates the latest snapshot on the regular basis to keep users up to date on actual system state. Only the latest snapshot is available for reporting in Netwrix Auditor. If you want to generate reports based on different snapshots, you must import snapshots to the Audit Database.