NetWrix Exchange Change Reporter

NetWrix Exchange Change Reporter Version 7 Administrator s Guide

Contents NetWrix Exchange Change Reporter Administrator s Guide 1. INTRODUCTION... 4 1.1 KEY FEATURES... 5 1.2 LICENSING... 6 1.3 HOW IT WORKS... 7 2. GETTING STARTED... 9 2.1 SYSTEM REQUIREMENTS... 9 2.2 CONFIGURING ACTIVE DIRECTORY CHANGES AUDITING... 11 2.2.1 Audit Object Security Settings... 11 2.2.2 Audit "Who/When" Information for AD Object Modifications... 11 2.2.3 Audit Active Directory Access... 11 2.2.4 Audit Changes to Configuration and Schema Containers... 12 2.3 UPGRADING FROM PREVIOUS VERSIONS... 15 2.4 INSTALLATION... 15 3. WORKING WITH THE ENTERPRISE EDITION... 16 3.1 CREATING A MANAGED OBJECT... 18 Step 1: Specify Object Type... 18 Step 2: Supply Default Data Processing Account... 19 Step 3: Specify SMTP Settings... 20 Step 4: Specify Domain Name... 21 Step 5: Enable Features... 22 Step 6: Configure Database... 23 Step 7: Configure Exchange Change Reports Recipients List... 25 Step 8: Reviewing and Modifying the Settings... 26 3.2 MODIFYING EXCHANGE CHANGE REPORTER SETTINGS... 28 3.3 SETTINGS... 30 3.3.1 Configuring Reporting Settings... 30 3.3.2 Configuring E-mail Settings... 32 3.3.3 Configuring Audit Archive Settings... 33 3.3.4 Modifying Task Schedule... 34 3.3.5 License Management... 35 3.4 DATA COLLECTION AND REPORTING... 36 3.4.1 Running a Data Collection Task... 36 3.4.2 Viewing Task Session Results... 37 3.4.3 Viewing Scheduled Reports... 38 3.4.4 Running an On-Demand Report... 39 3.5 USING THE ADVANCED REPORTING... 40 3.5.1 Initial Configuration of Default Advanced Reporting Settings... 40 3.5.2 Using the Advanced Reporting Configuration Wizard... 41 3.5.3 Web-based Reporting Settings... 47 3.5.4 Modifying Advanced Reporting Settings... 48 3.5.5 Advanced Reports Formats... 49 3.6 SUBSCRIBING TO THE ADVANCED REPORTS... 53 Step 1: Welcome... 54 Step 2: Report Specification... 54 Step 3: Subscription E-mail Recipients... 55 Step 4: Report Filter... 56 Step 5: Subscription Schedule... 57 Step 6: Subscription Summary... 59 4. ADDITIONAL CONFIGURATION... 62

4.1 INCLUDING AND EXCLUDING DATA TYPES FROM COLLECTION AND REPORTING... 62 4.2 GROUPING MANAGED OBJECTS IN FOLDERS... 63 4.3 AUDIT CONFIGURATION WIZARD... 64 4.4 IMPORTING CHANGES THAT OCCURRED BETWEEN TWO SNAPSHOTS INTO THE DATABASE... 66 4.5 PERMISSION ON REPORT SERVER (SRS USER RIGHTS ASSIGNMENT)... 67 5. ABOUT NETWRIX PRODUCTS... 68 6. ADDITIONAL SOFTWARE LINKS... 69 7. CONTACTING NETWRIX... 70 8. DISCLAIMER... 70 3

1. Introduction Without argument, Microsoft Exchange is the most important IT infrastructure component in many organizations. Even one hour of e-mail downtime can cost millions of dollars of lost revenue and credibility. Auditing changes to configuration settings in an Exchange environment is critical to ensure reliable e-mail operation, security and compliance. Exchange servers, mailboxes, information stores, permissions, and all other types of objects must be routinely monitored to detect any changes, both authorized and not, and the full audit trail must be maintained for compliance and security incident investigation purposes. NetWrix Exchange Change Reporter is a Microsoft Exchange auditing solution that tracks and reports all changes made to all Exchange Server configurations and permissions. The product generates reports that show all created, deleted, and modified objects and settings. Four basic questions are answered: What changed? How was it changed? Who did it? When and where was it changed? Powered by AuditAssurance technology, the Exchange Change Reporter tracks changes to configuration settings, creation and deletion of mailboxes, information stores, Exchange servers, connectors, protocol parameters, storage groups and many other types of objects and their permissions. The modification events indicate "before" and "after" values for all modified settings, for example, the previous name of a recently renamed mailbox or how the mailbox quotas looked like before they were changed. Features and benefits: Bird's eye view of day-to-day Exchange administrative activities to track security policy violations; Auditing and reporting of all changes to Exchange objects and permissions for security and compliance - Download report sample; Easy targeted change report delivery via the Subscriptions feature; Streamline creation of compliance reports for your SOX, GLBA and HIPAA auditors; Detection of unauthorized and unplanned changes caused by excessively delegated rights; Integration with System Center Operations Manager via SCOM Management Pack for Exchange Change Reporter that feeds the audit data to SCOM for customized processing (rules, alerts, etc.). NetWrix Exchange Change Reporter installation package contains the following products (all the products are installed by default): Active Directory Change Reporter; Group Policy Change Reporter; Exchange Change Reporter; Active Directory Object Restore Wizard. You will be able to configure which products to run later. 4

1.1 Key Features NetWrix Exchange Change Reporter helps you to carry out the following auditing and reporting tasks: Detect and report on changes made to Exchange Servers. Reports include information about what changes were made, who made the changes, where and when they were made. Report on previous and current values for every change. Generate on-demand Web-based reports. Create custom reports (can also be ordered from NetWrix). Store collected audit data and enable historical reporting for any period of time. Create e-mail subscriptions for certain report types. The feature is based on the Advanced Reporting functionality and enables automatic delivery of certain Advanced Report types to a customizable list of recipient e-mail addresses. Integration with SCOM. The product stores collected changes in an event log. This option allows cooperating with SCOM. 5

1.2 Licensing The Exchange Change Reporter comes in two Editions: Freeware and Enterprise. The table below outlines the differences between them. Feature Freeware Enterprise Edition Who, When and Where fields for every change No Yes Advanced Reports based on SQL Reporting Services, with filtering, grouping and sorting No Detailed Custom reports No Yes. Create manually or order from NetWrix Subscriptions (based on Advanced Reports) No Yes SCOM integration No Yes Enterprise-class scalability No Full Long-term archiving and reporting No Any period of time Technical support Support forum Phone, e-mail, Support forum Licensing Free of charge Per user; please request a quote A single installation handles numerous managed objects(domains, multiple domains) No Yes Integrated interface for all NetWrix products which provides centralized configuration and settings management No Yes Integrated advanced reporting with lots of predefined out-of-the-box reports for all the major platforms No Yes The Free Edition can be used by companies and individuals for an unlimited time, at no charge. The Enterprise Edition can be evaluated free of charge for 20 days. Please note that different parts of Active Directory Change Reporter: Active Directory Change Reporter, Group Policy Change Reporter and Exchange Change Reporter have to be bought separately. 6

1.3 How It Works Figure 1: Product Architecture and data flow 7

The Exchange Change Reporter data collection and reporting workflow is usually as follows: 1. A user launches the configuration utility and sets the parameters for the automated data collection and reporting, choosing whether to report on the following Exchange Servers changes: - Security policy violations; - Exchange objects and permissions changes; - Unauthorized and unplanned changes. 2. A dedicated scheduled task which is launched periodically (every 10 minutes by default; it can also be launched manually from the Enterprise Management Console when needed) collects Exchange audit data, and e-mails reports to the specified recipients once per 24 hours at 3:00 AM by default. The task name is NetWrix Management Console Active Directory Change Reporter - <your domain name> where <your domain name> is the actual name of your managed domain. 3. If the Advanced Reporting is enabled and configured, the task will also store information about the Exchange Server changes to the specified SQL server database (you can use the Database Importer to import data on demand, for more information, please refer to 4.4 Importing Changes that Occurred Between Two Snapshots into the Database). The Enterprise Management Console or a web browser can be used to view the compliance reports. 4. If the integration with System Center (SCOM) is enabled, the product will record all changes to the event log in a well-designed and familiar format. Active Directory SCOM Management Pack provides easily managed procedure of the product integration with SCOM. The integration allows you to review alerts, SRS reports via SCOM 5. Change reports and Advanced Reporting based subscriptions are sent by email; to generate and view the on-demand reports, the Enterprise Management Console can be used. 8

2. Getting Started 9 NetWrix Exchange Change Reporter Administrator s Guide This section describes the necessary prerequisites for the Exchange Change Reporter installation. 2.1 System Requirements Hardware Processor: Minimum: Intel or AMD 32 bit, 2GHz; Recommended: Intel or AMD 64 bit, 3GHz. Memory: Minimum: 512MB RAM; Recommended: 2GB RAM. Disk: Minimum: 50MB physical disk space for product installation. More space is required for the Audit Archive and SQL, depending on the number of AD objects and changes per day; Recommended: two physical drives with 50GB of free space total. Software The product can be installed on any computer running Windows XP SP2 or higher. The computer must belong to a managed or trusted domain. NOTE: on Exchange Change Reporter installation, the Group Policy Change Reporter part of this package is also installed automatically. In order for the Group Policy Change Reporter to monitor GP Preferences, the Exchange Change Reporter has to be installed on Windows Vista or above. Environment (both 32 and 64-bit): Windows 2000; Windows Server 2003, any forest mode (mixed, native, 2K3); Windows Server 2008 (including R2); Exchange Server 2003 or 2007. Additional software:.net Framework 2.0 or later; Windows Installer 3.1 or later; Microsoft Management Console 3.0 or higher; To use advanced reporting, SQL Server 2005 Express Edition or above with Advanced Services (can be installed automatically or obtained from Microsoft Download Center); Additional requirements: Disk space enough for temporary data storage (the configuration snapshots will be saved there). Required space depends on the number of users in your Active Directory. At least 10GB is recommended. SSRS Report Builder is required to create custom reports. To launch Report Builder,.NET Framework 2.0 must be installed on the client computer (used to connect to SSRS). Note that Report Builder is available in SQL Server Enterprise or Standard Edition; the Express Edition does not provide this functionality.

Required rights and permissions: The account under which the Exchange Change Reporter scheduled task will run requires the following: 1. Local administrator rights; 2. Sufficient permissions to query the Active Directory; 3. To collect and report on objects' security changes, this account must have Manage auditing and security log user right enabled (if the task is run under a Domain Administrator account, this right is be enabled by default). Adjust Domain Controller Security Policy accordingly; 4. Content Manager role for the Home folder on SSRS. The account you will use to view the reports in the Advanced Reports Manager should have the Browser role for the Home folder on SSRS and db_datareader role assigned to the account to extract data from the NetWrix database. If you plan to collect data using agents, consider that agent service will run on Domain Controllers under a Local System account. Also the account, under which the Exchange Change Reporter runs, must be a Domain Administrators group member. 10

2.2 Configuring Active Directory Changes Auditing Before you start the Exchange Server auditing, you must configure some audit settings for the Who and When report fields to be gathered properly. Use the Audit Configuration Wizard (see 4.3 Audit Configuration Wizard) or follow the recommendations provided in this section to manually setup the audit settings. 2.2.1 Audit Object Security Settings To audit object security changes, the user account of the scheduled task must have the Manage auditing and security log user right enabled (assigned to Domain Admins by default). Adjust Domain Controller Security Policy accordingly. 2.2.2 Audit "Who/When" Information for AD Object Modifications Object-level Active Directory auditing must be configured for ALL Active Directory objects (not only domain controller objects or users making changes) to audit Who/When information for all modifications (otherwise, "Who/When" information will not be reported). Open Active Directory Users and Computers snap-in located in the Administrative Tools subsection of the Control Panel and do the following: 1. From the main menu, select View, then select Advanced Features and make sure that the Advanced Features item is turned ON. 2. Right-click the root domain object, and go to its Properties, there select Security tab, click Advanced, and select Auditing tab. 3. Click Add and type Everyone, then click OK. 4. Set the Apply onto setting to This object and all child objects (default). WARNING: DO NOT click the checkbox named Apply these auditing entries to objects and/or containers within this container only. Also make sure that the Apply onto selection indicates This object and all child objects. 5. Select all Successful Audit items except for the following: Full Control, List Contents, Read Permissions, Read All Properties. 6. Click OK. 2.2.3 Audit Active Directory Access Auditing of the Directory Service Access Success and Audit Account Management Success categories must be turned ON for all domain controllers. On Windows 2003, open Default Domain Controller Policy from Start Administrative Tools. On Windows 2008, open Group Policy Management from Start Administrative Tools, navigate to ForestName Domains DomainName Group Policy Objects Default Domain Controller Policy, and right-click to Edit it. Then: Navigate to Computer Configuration Windows Settings Security Settings Local Policies Audit Policy; In the right pane, double-click Audit Directory Services Access and enable Success option; In the right pane, double-click Audit Account Management and enable Success option. 11

2.2.4 Audit Changes to Configuration and Schema Containers If you want to track changes to domain Configuration container, then you should enable object-level auditing for this container, using the following steps: Run ADSI Edit utility (a part of the Windows Support Tools package; for a download link, see the 6. Additional Software Links); Right-click the root node, select Connect to, and connect to the Configuration naming context of your domain (choose Select a well-known Naming Context to be able to do this, see the screenshot below): Figure 2: Connection Settings dialog window 12

Right-click the Configuration node for properties and go to the Security tab. Click Advanced and select the Auditing tab. Click Add and type Everyone, click OK. Figure 3: Configuration Security Settings dialog window Figure 4: Object Selection dialog window In the Apply onto list, select This object and all child objects. 13

Figure 5: Configuration Security Settings dialog window Select all Successful Audit items except for the following: Full Control, List Contents, Read Permissions, Read All Properties. IMPORTANT: do NOT click the checkbox named Apply these auditing to objects and/or containers within this container only. Click OK. NOTE: if you want to track changes to domain Schema container, then you should enable the object-level auditing for this container, using the similar procedure but connect to the Schema naming context instead of Configuration. To enable Schema audit please refer to 3.2.1 Edit Exchange Change Reporter Settings. 14

2.3 Upgrading from Previous Versions If you are upgrading from one of the previous version of the product, to the version 7, consider the following: Upgrading from the Freeware Edition of older versions to the Enterprise Edition of version 7 is not supported. Please remove the existing version of Exchange Change Reporter before installing the new one; Upgrading from the Standard or Enterprise Edition of older versions to the Enterprise Edition of version 7 is supported. If you are upgrading from Exchange Change Reporter version 7 please visit the following article prior to start the installation process: http://www.netwrix.com/kb_50170000000mlb5. 2.4 Installation To install the Exchange Change Reporter, run the setup program on any computer in the domain in the target forest. Follow the steps of the wizard. When prompted, accept the license agreement, then specify the installation folder, and click Next to proceed with the installation. On the last step of the installation wizard, the following dialog appears: Figure 6: Active Directory/Exchange Change Reporter Setup configuration utility selection dialog window Verify that the Start NetWrix Active Directory Change Reporter Enterprise Edition is checked to start NetWrix Enterprise Management Console right after you exit setup or uncheck it to skip this for now. Click Finish to complete the setup. 15

3. Working with the Enterprise Edition The Enterprise Management Console (implemented as an MMC snap-in) provides flexible configuration and management capabilities. With the Enterprise Management Console, you can: Enable and configure the long-term archiving; Enable and configure the Advanced Reporting (SQL SRS-based); View the Advanced Reports with the built-in browser using the Enterprise Management Console; Report on changes made to the MS Exchange Servers settings; Enable and configure the Advanced Reports Subscriptions a feature that allows delivering reports on certain changes to a list of recipients e-mail addresses; Review change alerts and SRS reports via SCOM thanks to its integration with the product; Define the management scope of domains for the Exchange Change Reporter; Enable management features for selected objects in bulk, for example, specify report generation frequency and recipients, and so on ; Handle numerous managed objects(domains) with a single installation; Manage all NetWrix products configuration and settings via the truly integrated interface; Use the Advanced Reporting with lots of predefined out-of-the-box reports for all the major platforms. 16

To start the Enterprise Management Console please go to NetWrix NetWrix Exchange Change Reporter Exchange Change Reporter (Enterprise Edition) from the Start menu. Figure 7: NetWrix Enterprise Management Console 17

3.1 Creating a Managed Object If you wish to create a new Managed Object, follow the steps below. Step 1: Specify Object Type 1. In the Enterprise Management Console main window, navigate to the Managed Objects tree node, right-click it and select New Managed Object. Alternatively, you can click Create New Managed Object in the Task pad on the right. Figure 8: New Managed Object Wizard Select Managed Object Type dialog window 2. The New Managed Object wizard starts. On the Select Managed Object Type step, select Domain to create a new domain object to be configured for data gathering and reporting. 18

Step 2: Supply Default Data Processing Account Next, you should select a user account that will be used by the Exchange Change Reporter tool as the default one for scheduled data processing and report generation. Figure 9: New Managed Object Wizard Data Processing Account setup dialog window Click Specify Account; when selecting the account, consider that it should be granted the necessary access rights (see 2.2 Configuring Active Directory Changes Auditing). NOTE: you will be presented with this step only in case if the Data Processing Account settings were not yet supplied via the Settings Schedule submenu of the Enterprise Management Console. 19

Step 3: Specify SMTP Settings Next, specify the settings of SMTP server that will be used to send the change reports via email. Supply SMTP server name, port, and the sender address. If your SMTP server requires authentication, please check Use SMTP authentication and enter the user name and the password. If your SMTP server requires SSL to be enabled, check Use Secure Sockets Layer encrypted connection (SSL). If implicit SSL mode is used, check Use Implicit SSL connection mode. Figure 10: New Managed Object Wizard Configure SMTP Server Settings dialog window NOTE: you will be presented with this step only in case if the SMTP settings were not yet supplied via Settings E- mail Settings submenu of the Enterprise Management Console. 20

Step 4: Specify Domain Name Then you have to enter the name of the domain (managed object) you are creating: Figure 11: New Managed Object Wizard Domain name setup dialog window Enter the domain name using the Fully Qualified Domain Name (FQDN), e.g. MyDomain.local. Also, if you want to use a specific account to process objects from this collection, enter the user name and password at this step. Alternatively, you can leave the Default account here (the one you supplied on Step 2 will be used). IMPORTANT: make sure the processing account is granted the necessary rights and permissions (see 2.1 System Requirements). 21

Step 5: Enable Features Then you should specify what management features will be applied to the collection, that is, what NetWrix products will be involved in processing data from these computers. Select the Exchange Change Reporter item from the list of Installed Features: Figure 12: New Managed Object Wizard Enable Features dialog window In this step, you can also download other features you wish. For that, select an item from Available Features list; then you can read the product description and click Download Feature this will start your Internet browser and open the selected product page on the NetWrix web site. There you can download the product you have chosen. You can click Update to receive a new list of available features from the web site to decide on installation later on. NOTE: before starting any new NetWrix product installation, please close the Enterprise Management Console. 22

Step 6: Configure Database Next, if the Advanced Reporting general settings are not yet configured, you are presented with the following window asking to specify the Advanced Reporting settings: The SQL Server where the product database (storing data for reporting purposes) resides; The URLs of SQL Server Reporting Services Report Server and Report Manager. Figure 13: New Managed Object Wizard Advanced Reporting SQL Settings dialog window Specify the following: SQL Server the name of the server and the instance you want to use for the Advanced Reporting. Windows Authentication turn the option on if the SQL Server is configured for using Windows Authentication so that the default account, configured during Step 2 is used. Otherwise, leave the box unchecked and fill in the User and Password fields. Report Server URL, Report Manager URL Supply the Reports Server and Report Manager URLs, click Verify. The URLs must be in the following format: http://<server_name>/<foldername>, where <server_name> is the name of your SQL server. You can find the correct folder names in the SQL Reporting Services Configuration Manager. To do this, first launch the SQL Reporting Services Configuration Manager (for MS SQL Express 2005 it will be Start All Programs Microsoft SQL Server 2005 Configuration Tools Reporting Services Configuration) where you can find the folder names under Report Server Virtual Directory and Report Manager Virtual Directory menu categories. The default values for these folder names are ReportServer$SQLExpress and Reports$SQLExpress respectively. 23

If you haven t installed an SQL Server yet, select Automatically install and configure a new instance of SQL Server Express Edition. The Advanced Reporting Configuration Wizard will run in order to install and automatically configure the Express edition. For the detailed instruction on how the wizard works please refer to the section 3.5.2 Using the Advanced Reporting Configuration Wizard. However, if the Advanced Reporting general settings are already configured, on this step you are only prompted with a question if you would like to enable the Advanced Reporting for the managed object being created: Figure 14: New Managed Object Wizard General Advanced Reporting settings application window Choose Enable Advanced Reporting if you want to enable the feature for the managed object. 24

Step 7: Configure Exchange Change Reports Recipients List The next setting to be configured is the Exchange change reports delivery e-mail addresses: Figure 15: New Managed Object Wizard Configure Exchange Change Reporter settings dialog window Enter the e-mail addresses of reports recipients. If the audit settings have not been properly configured you may receive the warning as shown below. Figure 16: New Managed Object Wizard audit settings warning The settings can be configured after the wizard finishes. Please refer to the 4.3 Audit Configuration Wizard of this document to review the information regarding the audit settings configuration. 25

Step 8: Reviewing and Modifying the Settings Then you can review the settings you have configured for the new managed object, and Finish the Wizard. When created, the new object is displayed in the Enterprise Management Console under the Managed Objects node: Figure 17: NetWrix Enterprise Management Console Managed Object window Here on the General tab you can click Add/Remove Features to specify the products you want to use for processing data from a selected object. You can Run the data collection task, or Stop the task execution. 26

To open up a managed object properties menu right-click on it and select Properties: Figure 18: Managed Object Properties dialog window The window allows specifying the account used to run the product tasks. The Default setting makes the managed object using the default management account, while the Specified setting lets choosing another account to be the management one. 27

3.2 Modifying Exchange Change Reporter Settings This section describes how to change the configuration settings of an existing managed object (domain). 3.2.1 Edit Exchange Change Reporter Settings To view or edit the Exchange Change Reporter audit settings for a certain domain, select the required Managed Object (domain) from the tree on the left, and expand the subjugated Exchange Change Reporter tree node. Figure 19: NetWrix Enterprise Management Console Exchange Change Reporter settings Then you can enable or disable the Exchange change reporting for this object and configure the delivery e-mail addresses list. In order to know how to change additional settings such as the data collection time, network traffic compression and amount of collections per period, right click on the managed object, select Add/Remove Features and add the Active Directory Change Reporter feature (please refer to NetWrix Active Directory Change Reporter Administrator s Guide for the detailed instructions on how to configure Active Directory Change Reporter). You can find the settings listed above on the Active Directory Change Reporter node. It is also possible to launch the Audit Configuration Wizard to automatically set up the auditing (see 4.3 Audit Configuration Wizard). 28

The Advanced button lets you modify the following settings for the Exchange Change Reporter: Figure 20: Exchange Change Reporter Advanced Options dialog window Integration with Microsoft System Center Operations Manager the Exchange Change Reporter stores change events an event log file in a particular format. The option enables you to take the following advantages of cooperation with the System Center Operations Manager 2007 (SCOM): Review alerts on change (*); Review SRS reports retrieved from SCOM Data Warehouse Database (*); Customize SRS report definitions using SCOM instruments (*). Enable integration with third party SIEM products the Exchange Change Reporter can be integrated with any SIEM product. The program stores events in its own event log in the format, which is designed to be simple and is documented. Thus NetWrix event log can be collected with any of the SIEM products (can be done using SIEM product support or the NetWrix Professional Services) what gives the benefits of the mutual Exchange Change Reporter and the SIEM product capabilities usage. (*) - Only available when NetWrix Change Reporting Management Pack imported to SCOM. For detailed instructions on how to perform the integration, please refer to How to Configure Microsoft System Operation Manager to Monitor Active Directory. 29

3.3 Settings IMPORTANT: these settings are general: they will be applied to all the enabled features that process data from all the managed objects. 3.3.1 Configuring Reporting Settings The Advanced Reporting is an SQL-powered feature that allows producing and viewing Advanced Reports. To configure the Advanced Reporting settings, go to Enterprise Management Console Settings Reporting: Figure 21: NetWrix Enterprise Management Console Settings Advanced Reporting Settings window To change your default SQL server settings click Configure. 30

If the general settings were not yet configured the Advanced Reporting Configuration Wizard starts (see 3.5.2 Using the Advanced Reporting Configuration Wizard), otherwise the following dialog window appears: Figure 22: Configure Advanced Reporting dialog window For detailed description of the options, please refer to Step 6 of the New Managed Object Wizard. Upon completing the Advanced Reporting configuration, click OK/Apply. The prompt will pop up, asking if you want to apply the Reporting configuration to all managed objects of all NetWrix products. Figure 23: Global Advanced Settings application prompt If you click Yes, databases are created and named in correspondence with the internal name of the product collecting audit data. So, a database named NetWrix_AD_Change_Reporter is created on the specified SQL Server, among the databases of other products, after you click OK. 31

3.3.2 Configuring E-mail Settings To enable the email reports delivery an effective SMTP server parameters must be configured first. To access the SMTP settings window please go to Enterprise Management Console Settings E-mail Settings: Figure 24: NetWrix Enterprise Management Console Settings E-mail Settings window Click Configure to open the Configure SMTP Settings dialog window: Figure 25: Configure SMTP Settings dialog window Fill in the fields with the effective settings for your network. If your SMTP server needs authentication then check Use SMTP authentication and enter the username and the password. Also if your SMTP server requires an SSLencrypted connection please check the corresponding option. It is also possible to enable the implicit SSL mode. 32

3.3.3 Configuring Audit Archive Settings Data collected by the product is saved in the file-based storage for the archiving purpose in accordance with the retention period you specify. To configure the Audit Archive settings, go to Enterprise Management Console Settings Audit Archive: Figure 26: NetWrix Enterprise Management Console Settings Audit Archive Settings dialog window Specify the Audit Archive path. Default is: For Windows XP and below: %ALLUSERSPROFILE%\Application Data\NetWrix\Management Console\Data; For Windows Vista and above: %ProgramData%\NetWrix\Management Console\Data. NOTE: please verify that none of NetWrix products are currently running on the computer as this may cause losing data and can lead to unpredictable errors. Stop and disable all the NetWrix scheduled tasks or wait until they finish before changing the archive location. To change data retention settings, select Enable long-term audit archiving for, and specify the required value (default is 24 months). By default the Windows tombstone lifetime setting is set to 60 days. In order to be able to restore deleted objects successfully with Active Directory Rollback Wizard, the setting must exactly match the period of data retention in the Audit Archive. Because of this, while changing the Audit Archive setting, a prompt asks whether you want to appropriately change the tombstone lifetime setting. You can also use Session retention field to specify for how long to keep data on the collection sessions (i.e., how long it will be available for review); default is 60 days. 33

3.3.4 Modifying Task Schedule To access the scheduling settings please go to Enterprise Management Console Settings Schedule: Figure 27: NetWrix Enterprise Management Console Settings Report Delivery Schedule settings window By default, data processing and report delivery is scheduled to run daily at 3:00 AM. To enter a new schedule (for all product tasks except for ones having their own triggers) click Change. If you want the task to run from a specified account, modify the Default Processing Account by clicking the corresponding Change button. The Exchange Change Reporter creates a trigger during scheduling. Changing scheduled task parameters (launch time, account) does not influence the Exchange Change Reporter task. By default, the Exchange Change Reporter task launches every 10 minutes and delivers summary reports once per 24 hours. The report delivery time can be configured on the Active Directory Change Reporter page (please refer to NetWrix Active Directory Change Reporter Administrator s Guide for the details) and is set to 3 AM by default. 34

3.3.5 License Management The Enterprise Management Console allows managing all NetWrix products licensing from a single specialized node. To access the feature go to Enterprise Management Console Settings License. Figure 28: NetWrix Enterprise Management Console License management node The table provides full information on all installed licenses. To add a new license or update an existing one, click Add/Update, the following form will appear: Figure 29: NetWrix Enterprise Management Console License Information dialog window Fill in the fields exactly as stated in the license e-mail. Codes for several products may be entered at once. Click OK to accept the information. The Enterprise Management Console must be restarted in order for the changes to take effect. 35

3.4 Data Collection and Reporting This section tells you how to perform data collection and reporting using the Enterprise Management Console. 3.4.1 Running a Data Collection Task To run data collection, select a managed object (from which you want to collect and report the changes) from the tree in the Enterprise Management Console, and then click Run in the right pane on the General tab: Figure 30: NetWrix Enterprise Management Console Running Data Collection Task window The Status and Description table columns reflect the current condition of each of the features listed in the Features column. After clicking Run, the task status changes to Running for the whole period of time that it takes the task to run. Any errors, if encountered, are printed in the Description field of the feature. Then Active Directory and Exchange audit data and snapshots are collected, and specified reports are e-mailed to the selected recipients. Task session information can be examined using the Enterprise Management Console, as described below. 36

3.4.2 Viewing Task Session Results All task operation information is shown in the Enterprise Management Console. Expand the node of the feature (product) you need, for example, Exchange Change Reporter, and select Sessions. Then select the data collection session you need to examine, and review the information shown in the right pane: Figure 31: NetWrix Enterprise Management Console Task Session Results window For each selected session, you can review the following information: Domain the name of the managed object (domain) processed during the session; Status session status that can be one of the following: Success, Warning, Error, or Fatal Error (meaning that data collection failed to start due to incorrect account, remote computer powered off, or other reason specified in the Error Text field below); Type the reporter that processed data during the selected session; Error Text information on occurred errors if any. To generate a report on data collected during the selected session, use the controls in the lower pane on the right: click Run to launch the report generation process and automatically show the result. To see the report generated earlier (i.e., history), click View report (if the report has no history, it will be first generated and then displayed). 37

3.4.3 Viewing Scheduled Reports At the first completion of the full data gathering, run automatically right after the managed object creation and at 3.00 AM every day by default, or manually from the Enterprise Management Console, the message notifies you of the initial analysis being completed. Next, you can make some changes to your Exchange server configuration to see the way they get reported. After that, you can launch the full data gathering again by going to the managed domain node and clicking Run. Then wait for the process to finish and check the mailbox for a new report. The changes should be reported like shown in the figure below; if so, consider the product installation and configuration is completed. Figure 32: Scheduled Reports email example If the Advanced Reporting is configured (as described in 3.5 Using Advanced Reporting), you can click the More reports link from this email report to view HTML reports in your web browser. 38

3.4.4 Running an On-Demand Report Under NetWrix Management Console Managed Objects <managed_object_name> Exchange Change Reporter Ad-hoc Reports node, select the range you need (by default, this filter shows the most recent date/time range). On the General tab on the right, click Run. This will generate a report in HTML format and open it in the web browser. NOTE: to cancel the report generation process, click Stop. Figure 33: NetWrix Enterprise Management Console On-Demand Report filtering settings window 39

3.5 Using the Advanced Reporting With SQL Server having Reporting Services deployed, you can also configure the Advanced Reporting (SSRS-based). In this case, you can use the advantages of the Advanced Reporting: Use the wide variety of reports to analyze the operation of your network environment; dozens of reports will help you to stay compliant with standards and regulations your organization is subject to (SOX, HIPAA, PCI, GLBA, SAS70, and others); Change the report filters to fine-tune the data view according to your needs; Use one of popular formats: PDF, XLS, etc. to save the report; Apply grouping and sorting to report data, and so on. 3.5.1 Initial Configuration of Default Advanced Reporting Settings In the Enterprise Management Console, under the Settings node, select Advanced Reporting. Then click Configure on the right pane. If general Advanced Reporting settings were not configured yet, the Advanced Reporting Configuration Wizard will be launched; follow its steps as described below. Figure 34: NetWrix Enterprise Management Console Advanced Reporting Settings window 40

3.5.2 Using the Advanced Reporting Configuration Wizard The Advanced Reporting Configuration Wizard helps you configure the Advanced Reporting settings that will be used as the default ones. Figure 35: Advanced Reporting Configuration Wizard Welcome screen 1. On the first step of the wizard, select whether you proceed with automatic installation and configuration of SQL Server 2005 Express, or use the SQL Server instance that currently exists in your environment. Figure 36: Advanced Reporting Configuration Wizard SQL instance choice screen 41

NOTE: if using an existing SQL Server, make sure that Reporting Services is installed and configured for that server. If the IIS (or any of its components required for the Microsoft SQL Server Reporting Services feature) is not installed and you have chosen to Install and configure SQL Express as shown on the Figure 36, you are prompted for IIS installation (see the figure below). Figure 37: Mode switching advice warning In case if Internet Information Services is running in 64-bit mode you will be prompted to switch IIS to 32- bit mode due to Microsoft SQL Server Reporting Services requirements (see the figure below). Figure 38: IIS Components absence warning In both cases it is recommended to follow the advice by clicking Yes. Otherwise the IIS is not likely to work as expected and the SQL server configuration may be considered as failed. 42

2. If you selected to install and configure SQL Express, in the next step wait for the automatic installation and configuration process to complete. Figure 39: Advanced Reporting Configuration Wizard MS SQL Express setup progress screen 3. If you selected to configure an existing SQL Server deployment for reporting, configure SQL Server database connection settings and URLs of Reporting Services, as shown below. Figure 40: Advanced Reporting Configuration Wizard SQL database and Reporting Services URLs configuration 43

Verify that the following parameters are configured correctly: Server name the name of the computer that hosts the SQL Server; Username, Password, Windows Authentication if your SQL Server requires authentication, enable the corresponding checkbox and type in your username and password; Report Server, Report Manager the URLs that point to your SQL Report Server and Report Manager. These values can be confirmed at the Reporting Services Configuration Manager tool available from the Start menu. NOTE: the database on the specified server will be created automatically and named in correspondence with the product name. 4. After you click Next, the configuration settings will be saved. Figure 41: Advanced Reporting Configuration Wizard final step screen 5. Finally, review the settings and click Finish. 44

6. To complete the configuration, navigate to Managed Objects <object_name> Exchange Change Reporter Advanced Reports node, and click on the Settings tab. Figure 42: NetWrix Enterprise Management Console Advanced Reporting Settings configuration window Here you can either use the default settings, or select the Customize option and enter specific reporting settings you need for the managed object and product you are working with (see the next section for details). Click Enable Advanced Reporting, and specify the necessary values, then click Apply. To test your Advanced Reporting configuration, try to make sample changes, Run the related data collection task (see above) and then navigate to the Advanced Reports node to start viewing reports. 45

On the screenshot below there is an example of a report that displays all changes made by all users to Exchange configuration during a specified time range. Figure 43: NetWrix Enterprise Management Console Advanced Report example 46

3.5.3 Web-based Reporting Settings The Advanced Reports node of the Exchange Change Reporter provides access to all available kinds of Advanced Reports and Web-based Reporting settings. Figure 44: NetWrix Enterprise Management Console Web-based Reporting configuration The two tabs available on this node are: Reports browse all kinds of available Active Directory reports. The following operations are available on this node: Upload the set of predefined report templates to the Report Server; Assign permissions for users to access these report templates; Launch a web browser to review reports; Create new reports using Reports Builder. Settings modify the Advanced Reporting settings. For details, see 3.5.4 Modifying Advanced Reporting Settings. 47

3.5.4 Modifying Advanced Reporting Settings To change the default Advanced Reporting settings, in the Enterprise Management Console, select Settings Advanced Reporting, and open the Settings tab. Select the Enable Advanced Reporting option. Figure 45: NetWrix Enterprise Management Console Advanced Reporting Settings configuration window To customize the existing values, select the Customize option, then specify the necessary field values: Enter SQL Server and product database names; IMPORTANT: if you have multiple NetWrix products deployed, consider that each of them must use a separate database. The databases can be located on the same SQL server. If you want to connect to a database using SQL Server authentication, supply access credentials; 48

NOTE: alternatively, you can use Windows Authentication to connect to the database if this option is selected, the account specified at Run As for the scheduled task will be used. Enter the Advanced Reports Server and Report Manager URLs and click Verify; You can also click Run Wizard and follow its steps (e.g., to install SQL Server Express) refer to 3.5.1 Initial Configuration of Default Reporting Settings for details. 3.5.5 Advanced Reports Formats The Advanced Reports come in two formats: Table-view a conveniently-organized table that contains all data on changes matching the report type filter. The contents can be ordered by any change parameter. To generate and view this kind of Advanced Report, expand the managed object node, go to Exchange Change Reporter Advanced Reports, choose the table-formatted Advanced Report that you want to see: Figure 46: NetWrix Enterprise Management Console table-view Advanced Report filter configuration window example Specify the report filters (the % character is an SQL wildcard that may be used to replace any amount of any characters) and click View Report. It is also possible to create a subscription for this specific Advanced Report type. For more details on Subscriptions, please refer to 3.6 Subscribing to Advanced Reports. 49

The Exchange Change Reporter table-view Advanced Report example: Figure 47: NetWrix Enterprise Management Console table-view Advanced Report example 50

Chart gives a good visual representation of changes dynamics on a certain domain. To generate and view this kind of Advanced Report, expand the managed object node, go to Exchange Change Reporter Advanced Reports, select the chart-formatted Advanced Report: Figure 48: NetWrix Enterprise Management Console chart Advanced Report filter configuration window example Specify the report filter and click View Chart to see the report. 51

The Exchange Change Reporter Advanced Report chart example: Figure 49: NetWrix Enterprise Management Console chart Advanced Report example 52

3.6 Subscribing to the Advanced Reports The Advanced Reporting Subscriptions provide a configurable facility for delivering Advanced Reports filtered by any parameters (e.g. the setting can be set to daily, monthly, weekly and so on). It is also now possible to specify the filters for data included in reports and to choose one of the report file formats supported by SQL Excel, PDF, etc. It is possible to subscribe to any available reports in the report tree. To create a subscription, open the Enterprise Management Console, choose a domain, expand the Exchange Change Reporter node and go to Subscriptions: Figure 50: NetWrix Enterprise Management Console Subscriptions configuration window Click New to create a new subscription or choose an existing one and click Edit to modify it. Existing subscriptions can be deleted using the Delete button. As an alternative, it is possible to expand the Advanced Reports node, find the desired report type, click on it and then click the Subscribe button on the right pane. In this case the Report Subscription Wizard will start with the chosen report name predefined and without the need to browse for it in the list. 53

When creating or editing a subscription, the Report Subscription Wizard will guide you through all necessary steps: Step 1: Welcome This is a welcoming step. Click Next to proceed to the next step. Step 2: Report Specification This step allows specifying subscription identity. Figure 51: Report Subscription Wizard Report Specification dialog window The following fields are present on this form: Subscription name enter the name of your subscription as you want it to appear under NetWrix Enterprise Management Console Managed Objects <domain_name> Exchange Change Reporter Subscriptions node. Description a short description of the subscription. Usually describes some general information about the subscriptions and/or serves as a memo for a quick reference. Report name choose among the available report names. The report name reflects the changes highlighted in the report. Report description the field displays an appropriate description for the chosen report name. When done specifying the parameters, click Next to continue. 54

Step 3: Subscription E-mail Recipients Specify the subscription recipients e-mail addresses. Figure 52: Report Subscription Wizard E-mail Recipients dialog window Modify the recipients list with the following controls: Add add a new recipient; Edit edit an existing recipient; Remove remove an existing recipient. 55

Step 4: Report Filter This step allows specifying general report parameters and data filters (the screenshot and description below is an example of subscription parameters set for the Mailbox Quota Changes report type. Other report types may have a different set of parameters). Figure 53: Report Subscription Wizard Report Parameters dialog window Available subscription parameters: Delivery file format choose the reports file format. The file formats supported by SQL are available; Send only non-empty reports this option will keep a recipients inbox clean of empty reports. Available data filters for the selected report type (the set of filters, individual for every report type, is retrieved from the Report Server. The filters described below belong to the Mailbox Quota Changes report type): Who changed the filter sifts changes by the initiator; What changed the filter sifts changes by subject; Sort by the basic changes sorting criterion. NOTE: the % symbol is used as a wildcard replacing any amount of any characters as to the SQL standard. 56

Step 5: Subscription Schedule This step allows defining the delivery schedule for the subscription. NOTE: the Advanced Reports contain a complete audit trail for changes made since last scheduled run (e. g. if report schedule is set to "Daily" and the report is configured to be sent every other day, it will include changes data for the last 24 hours). Also, while the reports designate the exact dates that determine the reported period, the schedule is defined by periodical setting. The internal subscription scheduler is used for translating the timing from periodical to absolute. The Generate report drop-down list allows choosing the temporal metrics for the generation schedule. Available timing options are daily, weekly and monthly. The following settings are available for each of the options: For the Daily option specify the amount of days required to pass between every report delivery. Setting it to 1 ensures everyday reports. The reports are sent at time, specified in 3.2.1 Edit Exchange Change Reporter Settings. Figure 54: Report Subscription Wizard Daily Subscription Schedule dialog window 57

For the Weekly option choose the weekdays to receive the reports on. Again, the reports are sent at time, specified in 3.2.1 Edit Exchange Change Reporter Settings. Figure 55: Report Subscription Wizard Weekly Subscription Schedule dialog window For the Monthly option choose the months and the day of month to receive the reports on. Again, the reports are sent at time, specified in 3.2.1 Edit Exchange Change Reporter Settings. Figure 56: Report Subscription Wizard Monthly Subscription Schedule dialog window 58

Step 6: Subscription Summary Review the summary information on the created subscription and click Finish to confirm the subscription creation or Previous to change the settings. Figure 57: Report Subscription Wizard Summary dialog window 59

An example of an HTML-report with the subscription in the PDF format being attached: Figure 58: Exchange Change Reporter subscription html report example 60

The PDF attachment example: Figure 59: Exchange Change Reporter subscription report PDF attachment example 61

4. Additional Configuration This section describes additional configuration options. Please note that some of them are not available in the Freeware Edition. NetWrix Exchange Change Reporter Administrator s Guide 4.1 Including and Excluding Data Types from Collection and Reporting It is possible to fine-tune data collection and reporting by changing the following configuration files located in the product installation folder: The omitserverlist_ecr.txt defines the MS Exchange servers you don't want to monitor; The omitobjlist_ecr.txt defines the object classes you don t want to monitor; The omitproplist_ecr.txt defines the object classes and attributes you don't want to monitor; The omitreporterrors_ecr.txt defines the errors you do not want to be displayed in the Exchange summary report; The omitstorelist_ecr.txt defines object classes and attributes you don't want to be stored in MS Exchange snapshot. For example, if you want to exclude the Calibri Exchange server object from monitoring put the following lines in the omitserverlist_ecr.txt file (the # character denotes a comment line): # Exclude the Calibri Exchange server from monitoring Calibri In some of those files you may use the * wildcard if necessary (refer to the examples in each of the files). 62

4.2 Grouping Managed Objects in Folders It is possible to logically group existing managed objects into custom folders for your comfort. Placing objects into folders doesn t change anything in terms of configuration options. To create a folder, right-click on the Managed Objects node of the Enterprise Management Console and select New Folder. Figure 60: NetWrix Enterprise Management Console Creating a new folder Newly created managed objects then can be placed in the folders to help you navigate the list. 63

4.3 Audit Configuration Wizard The Audit Configuration Wizard is a tool that allows you to automatically configure all the necessary audit settings on your managed units. To launch the tool please go to Start All Programs NetWrix Exchange Change Reporter Audit Configuration Wizard. Note that you must run the wizard under the domain admin account in order for it to work properly. On the first step of the wizard will appear. Here you must enter the domain name that you want to configure the audit settings for. Figure 61: Audit Configuration Wizard Domain choice step After clicking Next the following window appears, proposing to choose the effective policy that is currently applied to the domain controllers and is a subject for a change. Figure 62: Audit Configuration Wizard Effective Domain Controller Policy selection window 64

After the effective policy is selected the wizard proceeds to the Audit Policy Settings step. Select an account that was specified for data collection (the account will be checked for the correct audit privileges) and click Detect to determine if it needs tweaking. Figure 63: Audit Configuration Wizard Account Policy Settings step If the wizard detects some unfavorable audit rights values, click Adjust to automatically modify them. The wizard is pretty self-explanatory and same operations are performed on every step. 65

4.4 Importing Changes that Occurred Between Two Snapshots into the Database The Database Importer lets you import the Exchange changes occurred between two snapshots to an SQL server database for advanced analysis through Microsoft SQL Server Reporting Services. You can launch the Database Importer from the Start menu. NOTE: the scheduled task should execute at least 2 times for snapshots to become available. Figure 64: Active Directory/Exchange Change Reporter Database Importer dialog window Specify the Domain name whose changes will be imported; select the snapshots between dates of which you want the changes to be imported. Click Configure to specify where to import the data; to start the process, click Import. In most cases the use of the Database Importer is not required, because the data is imported according to the schedule and automatically stored in the specified database if the corresponding option is selected. However, you may need to manually import the data when, for example, the database fails, the Advanced Reporting feature is not configured, or any other error occurs. 66

4.5 Permission on Report Server (SRS User Rights Assignment) To assign read-only permissions for a specific user/group perform the following steps: 1. Navigate to the report manager and click on the Properties tab. 2. Click the Assign new role button. 3. Add the user/group name, check the Browser checkbox and click OK. 4. Open SQL Server Management Studio Express and connect to the server. 5. Navigate to Security, right click on Logins and select New Login... 6. On the General screen, select a user/group. 7. On the User Mappings screen, assign to all the tables that are related to NetWrix software (e.g. NetWrix_AD_Change_Reporter) the "db_datareader" role. To specify permissions for a certain report, please perform the following steps: 1. Navigate to the Report Manager. 2. Go to the specific report you want to specify permissions for. 3. Click the blue Properties tab. 4. Click the Security link on the left. 5. Click the Edit Item Security button to allow\deny a new user\group rights on viewing the report. 67

5. About NetWrix Products Solutions developed by NetWrix Corporation help organizations to meet compliance standards, simplify identity management, and reduce IT infrastructure costs. The product line includes solutions for change management, identity management, virtualization, and Active Directory troubleshooting. Enterprise Management Suite: NetWrix Enterprise Management Suite is a rich collection of all NetWrix products combined together into one integrated solution. The suite is well-maintained and regularly updated with new versions and completely new products that all customers are entitled to as long as their maintenance is up to date. Change Reporter Suite: The Change Reporter Suite is an integrated solution for automated tracking and reporting of all critical changes in the entire IT infrastructure, including Active Directory, file servers, Microsoft Exchange, filer appliances such as NetApp or EMC, virtual and physical infrastructure, SQL Server databases. Everything is centrally audited, consolidated, and presented in easy to understand reports with before and after values of all who, what, when and where modifications. Identity Management Suite: The NetWrix Identity Management Suite brings convenience, enhanced security, and brings sensible benefits to everyone within an organization. The solution resolves account lockouts, forgotten passwords and password expiration problems, while also providing user account de-provisioning and privileged password management. USB Blocker: USB Blocker enforces centralized access control to prevent unauthorized use of removable media that connects to computer USB ports memory sticks, removable hard disks, ipods, and more. File Server Change Reporter: File server and filer appliance auditing solution. Supports Windows servers, NetApp Filers, EMC appliances. SQL Server Change Reporter: Auditing and reporting solution to monitor changes to SQL servers, instances, database schema, logins and roles, etc. Privileged Account Manager: Shared access to privileged accounts with automatic password maintenance. Non-owner Mailbox Access Reporter: Track users who access other user s mailboxes and report unauthorized access to mailboxes of C and VP-level accounts. Password Manager: product gives end users the ability to securely manage their passwords and resolve account lockout incidents in a self-service fashion without involvement of help desk personnel. Account Lockout Examiner: detects, diagnoses, and resolves account lockouts in real time to reduce administrative costs associated with manual resolution of account lockouts. Full list of products: http://www.netwrix.com/products.html For more information, please visit www.netwrix.com or call our toll-free number: +1-888-638-9749. 68

6. Additional Software Links.Net Framework 2.0 is available at http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=0856eacb-4362-4b0d-8eddaab15c5e04f5 or for 64-bit systems at http://www.microsoft.com/downloads/details.aspx?familyid=b44a0000- ACF8-4FA1-AFFB-40E78D788B00&displaylang=en Windows Installer 3.1 is available at http://www.microsoft.com/downloads/details.aspx?familyid=889482fc-5f56-4a38-b838-de776fd4138c&displaylang=en Microsoft Management Console 3.0 for Windows XP (KB907265) at http://www.microsoft.com/downloads/details.aspx?familyid=61fc1c66-06f2-463c-82a2- cf20902ffae0&displaylang=en ADSI Edit utility is available at http://www.microsoft.com/downloads/details.aspx?familyid=6ec50b78-8be1-4e81- B3BE-4E7AC4F0912D&displaylang=en 69

7. Contacting NetWrix If you encounter any issues during your testing or use of the product, please first check the knowledge base: http://netwrix.com/knowledge_base.html If you can t find a solution for your issue in the Knowledge Base, then contact NetWrix technical support: www.netwrix.com/support 201-490-8840 x1 for technical support 8. Disclaimer The information in this publication is furnished for information use only, does not constitute a commitment from NetWrix Corporation of any features or functions discussed and is subject to change without notice. NetWrix Corporation assumes no responsibility or liability for any errors or inaccuracies that may appear in this publication. NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix product or service names and slogans are registered trademarks or trademarks of NetWrix Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarks are property of their respective owners. 2011 NetWrix Corporation. All rights reserved. www.netwrix.com 70