NETWRIX CHANGE REPORTER SUITE QUICK-START GUIDE Product Version: 2.0 November/2011.
Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from NetWrix Corporation of any features or functions discussed. NetWrix Corporation assumes no responsibility or liability for the accuracy of the information presented, which is subject to change without notice. NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix product or service names and slogans are registered trademarks or trademarks of NetWrix Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarks are property of their respective owners. Disclaimers This document may contain information regarding the use and installation of non-netwrix products. Please note that this information is provided as a courtesy to assist you. While NetWrix tries to ensure that this information accurately reflects the information provided by the supplier, please refer to the materials provided with any non-netwrix product and contact the supplier for confirmation. NetWrix Corporation assumes no responsibility or liability for incorrect or incomplete information provided about non-netwrix products. 2011 NetWrix Corporation. All rights reserved. Page 2 of 20
Table of Contents 1. INTRODUCTION... 4 1.1. Overview... 4 1.2. How This Guide is Organized... 4 2. PRODUCT OVERVIEW... 5 2.1. Key Features and Benefits... 5 2.2. Change Reporter Suite Modules... 5 2.3. Licensing Information... 6 3. INSTALLING NETWRIX CHANGE REPORTER SUITE... 7 3.1. System Requirements... 7 3.1.1.Hardware Requirements... 7 3.1.2.Software Requirements... 7 3.2. Installing NetWrix Change Reporter Suite... 8 4. CREATING A MANAGED OBJECT... 10 5. CONFIGURING AUDIT SETTINGS... 15 6. COLLECTING THE INITIAL SNAPSHOT... 17 7. MONITORING YOUR MANAGED DOMAIN FOR CHANGES... 18 7.1. Making Changes to the Managed Domain... 18 7.2. Running Data Collection and Receiving the Report... 18 A APPENDIX: SUPPORTING DATA... 20 A.1 Related Documentation... 20 Page 3 of 20
1. INTRODUCTION 1.1. Overview This guide is intended for first-time users of NetWrix Change Reporter Suite. It contains an overview of the product functionality, instructions on how to install and setup the product, and explains how to start using NetWrix Change Reporter Suite by providing step-by-step procedures for some basic operations. This guide can be used for evaluation purposes, therefore, it is recommended to read it sequentially, and follow the instructions in the order they are provided. After reading this guide, you will be able to: Install NetWrix Change Reporter Suite; Create and configure a managed object that will be monitored for changes; Run data collection and receive change reports using NetWrix Active Directory Change Reporter, which is one of the key modules of the Change Reporter Suite. Note: This guide only covers simple installation and configuration options. For advanced installation scenarios and configuration options, as well as for information on various reporting possibilities, please refer to documentation on NetWrix change reporting products included in the Change Reporter Suite (for documentation links, please refer to Appendix A.1 Related Documentation). 1.2. How This Guide is Organized This section explains how this guide is organized and provides a brief overview of each chapter. Chapter 1 Introduction: the current chapter. It explains the purpose of this document, defines its audience and outlines its structure. Chapter 2 Product Overview: provides an overview of the product features, and lists the modules included into NetWrix Change Reporter Suite. It also contains information on licensing. Chapter 3 Installing NetWrix Change Reporter Suite: provides detailed instructions on how to install NetWrix Change Reporter Suite. Chapter 4 Creating a Managed Object: explains how to add and configure a managed domain. Chapter 5 Configuring Audit Settings: contains instructions on how to configure audit settings properly. Chapter 6 Collecting the Initial Snapshot: explains how to run a data collection task to receive an initial snapshot reflecting your system s current state. Chapter 7 Monitoring Your Managed Domain for Changes: provides instructions on how to make test changes to your domain and see how these changes are reported. Appendix: Supporting Data: contains links to all documentation published to support NetWrix Change Reporter Suite modules. Page 4 of 20
2. PRODUCT OVERVIEW 2.1. Key Features and Benefits NetWrix Change Reporter Suite is an integrated solution for automated auditing of an IT infrastructure. Its modules generate easy-to-understand reports on all changes made to the following components of your environment: Active Directory EMC Celerra File Server Group Policy Microsoft Exchange environment NetApp Filer Network Infrastructure Server Configuration SCVMM environments SharePoint SQL Server VMware Infrastructure Unlike the traditional log management solutions (such as, for example, Security Information and Event Management (SIEM) systems), NetWrix Change Reporter Suite makes it very easy to get relevant answers to the key questions: who changed what, when, and where, including the before and after values for each change. The system generates change reports that are e- mailed to the specified recipients, or can be viewed in a web-browser or in NetWrix Enterprise Management Console. 2.2. Change Reporter Suite Modules NetWrix Change Reporter Suite contains the following modules: NetWrix Active Directory Change Reporter NetWrix Active Directory Object Restore Wizard NetWrix Change Reporter for System Center Virtual Machine Manager NetWrix Exchange Change Reporter NetWrix EMC Celerra Change Reporter NetWrix File Server Change Reporter NetWrix Group Policy Change Reporter NetWrix NetApp Filer Change Reporter NetWrix Network Infrastructure Change Reporter NetWrix Logon Reporter NetWrix Non-owner Mailbox Access Reporter for Exchange NetWrix Server Configuration Change Reporter NetWrix SharePoint Change Reporter Page 5 of 20
NetWrix SQL Server Change Reporter NetWrix VMware Change Reporter For detailed information on these modules, please refer to the corresponding documentation (see Appendix A.1 Related Documentation for links). 2.3. Licensing Information When you install NetWrix Change Reporter Suite, the Enterprise Editions of all of its modules are installed. The Enterprise Editions of all NetWrix products can be evaluated for 20 days. For an unlimited use of modules integrated in the Change Reporter Suite, you must request the corresponding licenses from NetWrix. Page 6 of 20
3. INSTALLING NETWRIX CHANGE REPORTER SUITE 3.1. System Requirements 3.1.1. Hardware Requirements Before installing NetWrix Change Reporter Suite, make sure that your system meets the following hardware requirements: Table 1: NetWrix Change Reporter Suite Hardware Requirements Minimum Recommended Processor Intel or AMD 32 bit, 2GHz Intel or AMD 64 bit, 3GHz, 4 Core Memory 512 M 4 G Hard Disk 50 M for each component 2 drives with 50 G of free space (in total) 3.1.2. Software Requirements The table below lists the minimum software requirements for NetWrix Change Reporter Suite components. Make sure that this software has been installed on the corresponding machines before proceeding with the installation. Note: These are the minimum requirements necessary to use the basic functionality of the Change Reporter Suite modules. For a full list of software required to use the advanced features, please refer to documentation on separate modules (see Appendix A.1 Related Documentation for documentation links). Table 2: NetWrix Change Reporter Suite Software Requirements Minimum Operating System Windows XP SP3 or above Environment Active Directory (all domain and forest functional levels) Windows 2000 Server or later domain controllers Framework.NET 2.0, 3.0 or 3.5 Other Windows Installer 3.1 or higher The latest version of Microsoft Group Policy Management Console NOTE: Only required for the Group Policy Change Reporter. Microsoft Management Console 3.0 SQL Server 2005 Express with Advanced Services or above NOTE: Only required for the Advanced Reports functionality Page 7 of 20
3.2. Installing NetWrix Change Reporter Suite To install the Change Reporter Suite, perform the following procedure: Procedure 1. To install NetWrix Change Reporter Suite 1. Run the product installation package (NetWrix_Change_Reporter_Suite.exe). 2. When prompted, click Yes to unpack the installation package. The following page will be displayed: Figure 1: NetWrix Change Reporter Suite Setup: Main Page 3. Do one of the following : Click Install Now to install all modules, or Click Install next to a module name to install an individual module. Note: For evaluation purposes and for the procedures described in this document, it is recommended to install the Active Directory component. 4. When prompted, specify the account that will be used by the system for data collection and report generation. 5. Follow the instructions of the wizard to complete the installation. When the installation process has been completed, the Enterprise Management Console will start: Page 8 of 20
Figure 2: Enterprise Management Console NetWrix Enterprise Management Console is a convenient tool that allows configuring managed objects and their settings, and the reporting options. You can also view ad-hoc or advanced change reports in the Console. Page 9 of 20
4. CREATING A MANAGED OBJECT After you have installed NetWrix Change Reporter Suite, you must add a managed object that will be monitored for changes and configure its settings. To do this, perform the following procedure: Procedure 2. To create a managed object 1. Open NetWrix Enterprise Management Console (Start > All Programs > NetWrix > Enterprise Management Console). In the left pane, click on the Managed Objects node. The Managed Object page will be displayed: Figure 3: Managed Objects Page 2. Click on Create New Managed Object to start the New Managed Object Wizard. 3. On the first step, select Domain as the managed object type and click Next to continue: Note: If you installed other NetWrix change reporting products previously, the list of managed objects types may contain several options. Page 10 of 20
Figure 4: New Managed Object Wizard: Selecting Managed Object Type 4. On the next step, specify the domain name and the management account (by default, this is the account you specified on installation). This account will be used for data collection and report generation. It must belong to the Domain Admins group. Click Next to proceed. 5. On the next step, make sure that the Active Directory Change Reporter feature is selected, deselect the other features and click Next: Figure 5: New Managed Object Wizard: Enabling Features 6. On the next step, deselect the Enable advanced reporting option and click Next: Page 11 of 20
Note: The Advanced Reporting feature allows generating reports based on SQL Server Reporting Services. This guide only covers basic configuration and reporting options. For advanced features, please refer to NetWrix Active Directory Change Reporter Administrator s Guide. Figure 6: New Managed Object Wizard: Advanced Reporting 7. Optionally, select the Enable network traffic compression option, and click Next to continue: Figure 7: New Managed Object Wizard: Network Traffic Compression 8. Disable the Enable snapshot reporting feature and click Next to continue: Page 12 of 20
Note: This feature must only be selected if Advanced Reporting has been enabled. Figure 8: New Managed Object Wizard: Snapshot Reporting 9. On the next step, specify the e-mail settings that will be used by the system to send reports: Figure 9: New Managed Object Wizard: E-mail Settings Click the Add button and enter your e-mail address. All ad-hoc reports will be sent to this address. Then click Next to continue. 10. On the next step, deselect all real-time alerts and click Next to continue: Page 13 of 20
Figure 10: New Managed Object Wizard: Configuring Real-Time Change Alerts Note: Real-time alerting is a feature that allows configuring e-mail notifications triggered by certain events. There are some pre-defined alerts, or you can create custom alerts that fit your needs. For details on the Real-Time Alerting feature, please refer to NetWrix Active Directory Change Reporter Administrator s Guide. 11. Review your settings and click Finish to complete the wizard. The new managed object will appear under the Managed Objects node in the left pane. Page 14 of 20
5. CONFIGURING AUDIT SETTINGS For NetWrix Active Directory Change Reporter to function properly, audit settings must be configured for the managed domain. You can configure these settings automatically through the Audit Configuration Wizard, or manually. This document explains how to configure audit settings through the Audit Configuration Wizard. For instructions on how to perform a manual configuration procedure, please refer to Section 2.2 Configuring Active Directory Changes Auditing of NetWrix Active Directory Change Reporter Administrator s Guide. To configure audit settings, perform the following procedure: Procedure 3. To configure audit settings for the managed domain 1. Start the Audit Configuration wizard (Start > All Programs > NetWrix > NetWrix > Active Directory Change Reporter > Audit Configuration Wizard): Figure 11: Audit Configuration Wizard 2. On the Welcome page, click Next. 3. In the dialog box that opens, ensure that an effective policy applied to the domain controllers is selected (by default, the Default Domain Controllers Policy), and click OK: Figure 12: Selecting a Policy Page 15 of 20
4. On the Audit Policy Settings page, click Detect. The wizard will analyze the current audit policy settings. If some settings do not conform to the Active Directory Change Reporter requirements, the Adjust button will be enabled. 5. If the Adjust button is enabled, click it to let the product adjust the audit settings, and then click Next. 6. Repeat the same operation for the Object-level Audit Settings and the Event Log Retention Settings. 7. On the last page, click Finish to complete the wizard. Page 16 of 20
6. COLLECTING THE INITIAL SNAPSHOT After you have added a managed domain and configured the audit settings, you must receive an initial snapshot of your managed domain s current state. NetWrix Active Directory Change Reporter uses this information as a benchmark to generate audit reports on changes made to your Active Directory environment. By default, NetWrix Active Directory Change Reporter runs a data collection task every 10 minutes, and creates a snapshot daily. The initial snapshot is created when the first data collection task is run on a newly created managed object. You can either wait 10 minutes for the system to run it automatically, or launch it manually from NetWrix Enterprise Management Console. To do this, perform the following procedure: Procedure 4. To run a data collection task 1. Open NetWrix Enterprise Management Console. 2. In the console tree, expand the Managed Objects node, and select the managed domain you have added. 3. In the details pane, click Run. Figure 13: Starting the data collection task After the data collection task has been completed by the system, you will receive an e-mail containing the initial snapshot of your managed domain(s) current state. Note: Creation of an initial snapshot may take some time. The current state of the operation is displayed in the Status column. Page 17 of 20
7. MONITORING YOUR MANAGED DOMAIN FOR CHANGES 7.1. Making Changes to the Managed Domain Now that you have a snapshot of your managed domains current state, you can make test changes to your Active Directory environment to see how these changes will be reported. For example, you can add a user, or change an account s permissions, etc. Note: Before making any test changes to the Active Directory, ensure that you have the domain administrator s rights, and that the changes conform to your security policy. 7.2. Running Data Collection and Receiving the Report After you have made test changes to your Active Directory Environment, you can see how these changes will be reported. By default, NetWrix Active Directory Change Reporter scans the managed domains for changes every 10 minutes and daily sends reports on any changes that were detected. To see how your test changes are reported, you must launch the data collection task manually. To do this, open NetWrix Enterprise Management Console and run a data collection task as described in Procedure 4 To run a data collection task. A report with information on your test changes will be sent to your e-mail address. You can also view change reports in HTML format in a web browser. To do this, perform the following procedure: Procedure 5. To view a change report in a web browser 1. In the console tree, expand the Managed Objects/<your domain>/active Directory Change Reporter node, and click on Ad-hoc Reports: Figure 14: Generating reports in HTML format 2. Specify the date and time in the From and To fields, and click Run. The generated change report will be sent to the specified e-mail like in the example below: Page 18 of 20
Figure 15: Change Report E-mail This report reflects the following changes to the PersonalStaff OU: A user account has been disabled; An account s permissions have been modified; Managers group has been added to the PersonalStaff OU; A computer names SQL server has been added to the PersonalStaff OU. Page 19 of 20
A APPENDIX: SUPPORTING DATA A.1 Related Documentation This section provides links to documentation on all NetWrix products included in the Change Reporter Suite. Table 3: Change Report Suite Modules Documentation Links Module Name Active Directory Change Reporter Active Directory Object Restore Wizard Change Reporter for System Center Virtual Machine Manager Exchange Change Reporter EMC Celerra Change Reporter File Server Change Reporter Group Policy Change Reporter NetApp Filer Change Reporter Network Infrastructure Change Reporter Logon Reporter Non-owner Mailbox Access Reporter for Exchange Server Configuration Change Reporter SharePoint Change Reporter SQL Server Change Reporter VMware Change Reporter Documentation Link Page 20 of 20