Go Up
You are here: AdministrationMonitoring PlansManage Data SourcesWindows Server

Windows Server

Complete the following fields:

Option Description

Monitor this data source and collect activity data

Enable monitoring of the selected data source and configure Netwrix Auditor to collect and store audit data.

Monitor changes to system components

Select the system components that you want to audit for changes. Review the following for additional information:
  • General computer settings—Enables auditing of general computer settings. For example, computer name or workgroup changes.
  • Hardware—Enables auditing of hardware devices configuration. For example, your network adapter configuration changes.
  • Add/Remove programs—Enables auditing of installed and removed programs. For example, Microsoft Office package has been removed from the audited Windows Server.
  • Services—Enables auditing of started/stopped services. For example, the Windows Firewall service stopped.
  • Audit policies—Enables auditing of local advanced audit policies configuration. For example, the Audit User Account Management advanced audit policy is set to "Failure".
  • DHCP configuration—Enables auditing of DHCP configuration changes.
  • Scheduled tasks—Enables auditing of enabled / disabled / modified scheduled tasks. For example, the GoogleUpdateTaskMachineUA scheduled task trigger changes.
  • Local users and groups—Enables auditing of local users and groups. For example, an unknown user was added to the Administrators group.
  • DNS configuration—Enables auditing of your DNS configuration changes. For example, your DNS security parameters' changes.
  • DNS resource records—Enables auditing of all types of DNS resource records. For example, A-type resource records (Address record) changes.
  • File shares—Enables auditing of created / removed / modified file shares and their properties. For example, a new file share was created on the audited Windows Server.
  • Removable media—Enables auditing of USB thumb drives insertion.

Specify data collection method

You can enable network traffic compression. If enabled, a Compression Service will be automatically launched on the audited computer, collecting and prefiltering data. This significantly improves data transfer and minimizes the impact on the target computer performance.

Configure audit settings

You can adjust audit settings automatically. Your current audit settings will be checked on each data collection and adjusted if necessary.

NOTE: This method is recommended for evaluation purposes in test environments. If any conflicts are detected with your current audit settings, automatic audit configuration will not be performed.

Do not select the checkbox if you want to configure audit settings manually. For a full list of audit settings required to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.

Review your data source settings and click Add to go back to your plan. The newly created data source will appear in the Data source list. As a next step, click Add item to specify an object for monitoring. See Add Items for Monitoring for more information.

Go Up