9/6/2023 0 Comments Ad audit plus agent![]() ![]() In that post I responded to the difference between Quest and Netwrix (with regards to agents) and this should give you an idea. Please check out this post that talks about agent-based and agentless approach: http:/ / / topic/ 360820-windows-file-share-auditing (see my reply from July 19) Is there any other software that is capable of auditing a file server that does not require the audit permission to be updated? Http:/ Opens a new window / products/ active-directory-audit Only downside is that this information that can be obtained is minimal. Minimal information can be obtained when using the global object access policy, which does not require the NTFS Audit permissions to be changed. This is because, it, like most other options obtains it's info based off the security logs. Only downside is that it requires me to change the Audit Permissions, which on a large file share, 15TB, is a headache. It seems to work well for what I need it for. ![]() I ended up trialing out a solution called AD Audit Plus. ![]() Also no reporting, alerting, no long term storage of data and several other limitations (full summary of limitations here)." If you use just native auditing (without Netwrix) then yes, you're going to have issues primarily with incompleteness of information in native audit trails, massive amounts of data generated (and lost because of log overwrites), and lack of "human friendliness" of the data (native event log entries are not always easy to interpret). ![]() More about this here: https:/ Opens a new window / auditassurance.html The technology we invented is called AuditAssurance and basically it's using all advantages of native auditing without inheriting any of it's disadvantages. Netwrix Auditor uses native auditing and several other sources of information, but gets that information using only well-documented APIs provided by Microsoft (or other systems we support) and in no way can cause any system instability. You can even google for something like "quest change auditor blue screen" and read it yourself. We don't do this because such OS intrusive injection techniques are known to cause severe system instabilities, crashes and even blue screens of death (BSoD). In short, Netwrix does take advantage of native auditing, Quest does not and completely replaces it with their own heavy-weight agents somehow injecting into the operating system. Someone asked they same question and I gave some details on this: I'll reference this interesting prior discussion about this topic: http:/ / / topic/ 360820-windows-file-share-auditing When considering File server auditing, Does Netwrix read the security logs? Does auditing have to be enabled with the NTFS security settings? by application name or user name) and replay of sessions.įeel free to ask any questions, always here to help you! And thanks mrbostn for recommending our product :) Even systems and apps not natively supported or those who don't have logs are covered, because we do user session activity auditing, which is essentially recording of everything done on servers and then easy search (e.g. Netwrix Auditor is not only about file auditing, it's auditing of pretty much everything that happens in your IT (AD, Exchange, servers, VMware, network devices etc). Netwrix can definitely help, will do all you need and no problem with large volumes of logs, because our Netwrix Auditor Opens a new window product collects them and converts into a indexed local copy so even if they get overwritten it's not a problem. Yes, the FSRM will not work well here for a number of reasons. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |