AD Container

Complete the following fields:

Option Description

Specify AD container

Specify a whole AD domain, OU or container. Click Browse to select from the list of containers in your network. You can also:

  • Select a particular computer type to be audited within the chosen AD container: Domain controllers, Servers (excluding domain controllers), or Workstations.

  • Click Exclude to specify AD domains, OUs, and containers you do not want to audit. In the Exclude Containers dialog, click Add and specify an object.

NOTE: The list of containers does not include child domains of trusted domains. Use other options (Computer, IP range to specify the target computers.

Specify the account for collecting data

Select the account that will be used to collect data for this item. If you want to use a specific account (other than the one you specified during monitoring plan creation), select Custom account and enter credentials. The credentials are case sensitive.

Starting with version 9.96, you can use group Managed Service Accounts (gMSA) as data collecting accounts.

NOTE: If using a group Managed Service Account, you can specify only the account name in the domain\account$ format. Password field can be empty.

NOTE: A custom account must be granted the same permissions and access rights as the default account used for data collection. See Data Collecting Account for more information.

Containers and Computers

Monitor hidden shares

By default, Netwrix Auditor will monitor all shares stored in the specified location, except for hidden shares (both default and user-defined). Select Monitor user-defined hidden shares if necessary.

IMPORTANT! Even when this option is selected, the product will not collect data from administrative hidden shares such as: default system root or Windows directory (ADMIN$), default drive shares (D$, E$, etc.), shares used by printers to enable remote administration (PRINT$), etc.

Specify monitoring restrictions

Specify restriction filters to narrow your monitoring scope (search results, reports and Activity Summaries). All filters are applied using AND logic.

Depending on the type of the object you want to exclude, select one of the following:

  • Add AD Container – browse for a container to be excluded from being audited. You can select a whole AD domain, OU or container.
  • Add Computer – Provide the name of the computer you want to exclude as shown in the "Where" column of reports and Activity Summaries. For example, backupsrv01.mydomain.local.

    NOTE: Wildcards (*) are not supported.

TIP: In addition to the restrictions for a monitoring plan, you can use the *.txt files to collect more granular audit data. Note that the new monitoring scope restrictions apply together with previous exclusion settings configured in the *.txt files. Review the following for more information: Exclude Objects from Monitoring Scope