Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
NETWRIX AUDITOR FOR
INACTIVE USERS
QUICK-START GUIDE
Copyright © 2013 Netwrix Corporation. All Rights Reserved.
December 2013
Product Version: 5.0
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 2 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Legal Notice
The information in this publication is furnished for information use only, and does not constitute a
commitment from Netwrix Corporation of any features or functions discussed. Netwrix Corporation
assumes no responsibility or liability for the accuracy of the information presented, which is subject
to change without notice.
Netwrix is a registered trademark of Netwrix Corporation. The Netwrix logo and all other Netwrix
product or service names and slogans are registered trademarks or trademarks of Netwrix
Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and
registered trademarks are property of their respective owners.
Disclaimers
This document may contain information regarding the use and installation of non-Netwrix products.
Please note that this information is provided as a courtesy to assist you. While Netwrix tries to
ensure that this information accurately reflects the information provided by the supplier, please refer
to the materials provided with any non-Netwrix product and contact the supplier for confirmation.
Netwrix Corporation assumes no responsibility or liability for incorrect or incomplete information
provided about non-Netwrix products.
© 2013 Netwrix Corporation.
All rights reserved.
www.Netwrix.com
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 3 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Table of Contents
1. INTRODUCTION ............................................................................. 4
1.1. Overview ........................................................................... 4
1.2. How This Guide is Organized .................................................... 4
2. PRODUCT OVERVIEW ....................................................................... 5
2.1. Key Features and Benefits ....................................................... 5
2.2. Product Workflow ................................................................. 5
2.3. Licensing Information ............................................................ 5
3. INSTALLING NETWRIX AUDITOR FOR INACTIVE USERS ....................................... 6
3.1. Installation Prerequisites ........................................................ 6
3.1.1. . Hardware Requirements ................................................. 6
3.1.2. . Software Requirements .................................................. 6
3.1.3. . Required Rights and Permissions ....................................... 6
3.2. Installing Netwrix Auditor for Inactive Users ................................. 6
4. CREATING NEW MANAGED OBJECT ......................................................... 8
5. MONITORING YOUR MANAGED OBJECT .................................................... 14
5.1. Making Test Changes to Managed Object ..................................... 14
5.2. Running Data Collection and Receiving Report .............................. 14
A APPENDIX: RELATED DOCUMENTATION ..................................................... 16
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 4 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
1. INTRODUCTION
1.1. Overview This guide is intended for the first-time users of Netwrix Auditor for Inactive Users. It contains an
overview of the product functionality, instructions on how to install and setup the product, and
explains how to start using Netwrix Auditor for Inactive Users by providing step-by-step procedures
for some basic operations.
This guide can be used for evaluation purposes, therefore, it is recommended to read it sequentially,
and follow the instructions in the order they are provided.
After reading this guide, you will be able to:
Install Netwrix Auditor for Inactive Users;
Create and configure a Managed Object that will be monitored for changes;
Run data collection and see how changes are reported.
This guide only covers simple installation and configuration options. For advanced installation
scenarios and options, as well as for the information on various reporting possibilities, refer to Netwrix
Auditor for Inactive Users Administrator’s Guide.
1.2. How This Guide is Organized This section explains how this guide is organized and provides a brief overview of each chapter.
Chapter 1 Introduction: the current chapter. It explains the purpose of this
document, defines its audience and explains its structure.
Chapter 2 Product Overview: gives description of the product key features, benefits,
workflow, and provides license information.
Chapter 3 Installing Netwrix Auditor for Inactive Users: lists the system requirements
and contains step-by step instructions that will guide you through the installation
process of Netwrix Auditor for Inactive Users.
Chapter 4 Creating New Managed Object: provides detailed step-by-step
instructions on how to create and configure a computer collection that will be
monitored for changes.
Chapter 5 Monitoring Your Managed Object : explains how to test the Netwrix
Auditor for Inactive Users functionality and receive a report on these changes.
A Appendix: Related Documentation: contains a list of all documentation published
to support Netwrix Auditor for Inactive Users.
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 5 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
2. PRODUCT OVERVIEW
2.1. Key Features and Benefits Netwrix Auditor for Inactive Users is a tool for automated tracking of inactive user and computer
accounts. The product checks domains and organizational units, detects inactive accounts, and
performs predefined actions on these accounts. Netwrix Auditor for Inactive Users performs the
following tasks:
Checks domains and organizational units by inquiring all domain controllers and notifies
managers and administrators about accounts that have been inactive for a specified number
of days.
Automatically deactivates inactive accounts by setting a random password, disabling,
deleting or moving them to a specified organizational unit.
2.2. Product Workflow Netwrix Auditor for Inactive Users data collection and reporting workflow is as follows:
1. An administrator configures a Computer Collection Managed Object.
2. Netwrix Auditor for Inactive Users monitors a domain or OU and captures the
information on users’ activity.
3. The product emails reports containing a list of inactive users with details.
2.3. Licensing Information Netwrix Auditor for Inactive Users can be evaluated free of charge for 20 days.
Note: You are eligible for free technical support during the evaluation period. If
you encounter any problem or would like to get assistance with installation,
configuration or implementation of Netwrix Auditor for Inactive Users, please
contact our support specialists.
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 6 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
3. INSTALLING NETWRIX AUDITOR FOR INACTIVE USERS
3.1. Installation Prerequisites This section provides the hardware and software requirements necessary to use Netwrix Auditor for
Inactive Users, and recommendations on how to deploy this product.
3.1.1. Hardware Requirements
Before installing Netwrix Auditor for Inactive Users, make sure that your system meets the following
hardware requirements:
Table 1: The Netwrix Auditor for Inactive Users Hardware Requirements
Component Minimum Recommended
Processor Intel or AMD 32 bit, 2GHz Intel or AMD 64 bit, 3GHz
Memory 512MB RAM 2GB RAM
Disk 50MB physical disk space for the
installation
20 GB* (Approx. 2 GB per
2000 users)
3.1.2. Software Requirements
Before installing Netwrix Auditor for Inactive Users, make sure that your system meets the following
software requirements:
Table 2: The Netwrix Auditor for Inactive Users Software Requirements
Component Requirement
Operating System Windows XP SP3 or later
Framework .NET Framework 2.0, 3.0 or 3.5
3.1.3. Required Rights and Permissions
For data collection and reports generation, Netwrix Auditor for Inactive Users uses the account under
which the scheduled task is run. This account must be granted the following permissions:
Domain Admin;
“Log on as a batch job” policy defined for this account;
3.2. Installing Netwrix Auditor for Inactive Users
Procedure 1. To install Netwrix Auditor for Inactive Users
1. Download Netwrix Auditor for Inactive Users.
2. Run the setup package.
3. Follow the instructions of the wizard. When prompted, accept the license agreement
and specify the installation folder.
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 7 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
4. On the last step, click Finish to complete the installation.
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 8 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
4. CREATING NEW MANAGED OBJECT In Netwrix Auditor for Inactive Users, two Managed Objects are available:
Domain – Allows monitoring a whole Active Directory domain;
Organizational Unit – Allows monitoring a single OU from your domain.
Procedure 2. To create and configure new Managed Object
1. In Netwrix Auditor console, select the Managed Objects node in the left pane. The
Managed Objects page will be displayed on the right.
2. In the right pane, click Create New Managed Object. Alternatively, right-click on the
Managed Objects node on the left and select New Managed Object.
Figure 1: The New Managed Object Creation Option
3. The New Managed Object wizard will open. On the Select Managed Object Type
screen, select Domain or Organizational Unit as a new Managed Object type and click
Next.
Figure 2: Select Managed Object Type screen
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 9 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
4. On the Default Data Processing Account screen, click the Specify Account button to
set a default account (<domain name>\<account name>). This account will be used by
Netwrix Auditor for Inactive Users for data collection and reports generation.
Figure 3: The Default Data Processing Account screen
5. On the Configure SMTP Server Settings screen, specify the email settings that will be
used by the system to send reports:
Figure 4: Configure SMTP Server Settings screen
The following parameters must be specified:
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 10 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Table 3: Email Settings Parameters
Parameter Description
SMTP server name Enter your SMTP server name.
Port Specify your SMTP server port number.
Sender address
Enter the address that will appear in the ‘From’ field
in Reports and Change Summaries.
To check the email address, click Verify. The system
will send a test message to the specified address and
will inform you if any problems are detected.
Use SMTP authentication Select this checkbox if your mail server requires the
SMTP authentication.
User name Enter a user name for the SMTP authentication.
Password Enter a password for the SMTP authentication.
Confirm password Confirm the password.
Use Secure Sockets Layer
encrypted connection (SSL)
Select this checkbox if your SMTP server requires SSL
to be enabled.
Use Implicit SSL connection
mode
Select this checkbox if the implicit SSL mode is used,
which means that an SSL connection is established
before any meaningful data is sent.
6. On the next step:
If you have selected Domain as your Managed Object type, enter the name of the
domain that you want to monitor:
Figure 5: Specify Domain Name screen
If you have selected Organizational Unit as your managed object type, specify the
name of the organizational unit that you want to monitor:
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 11 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 6: Specify Organization Unit Name screen
7. On the Select Target Systems screen, check Inactive Users Tracking under Target
Systems.
8. On the Configure Inactive Users Tracker screen, check Enable Inactive User Tracker,
Process user account and enter your email address into Send report to field.
Figure 7: Configure Inactive Users Tracker
Review other options that can be selected when tracking user activity:
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 12 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Table 4: Inactive Users Tracker Parameters
Parameter Description
Consider user inactive after Specify account inactivity period, after which a user
is considered to be inactive.
Notify manager after Specify account inactivity period, after which the
manager of this account owner must be notified.
Set random password after Specify account inactivity period, after which a
random password will be set for this account.
Disable account after Specify account inactivity period, after which the
account will be disabled.
Move to a specific OU after
Specify account inactivity period, after which the
account will be moved to a specified organizational
unit.
Delete accounts after Specify account inactivity period, after which the
account will be deleted.
Process user accounts Select this check box to track user accounts activity.
Process computer accounts Select this check box to track computer accounts
activity.
Send report to
Enter the email addresses of daily report recipients.
Emails on errors during data collection will also be
delivered to these recipients.
NOTE: To check the correctness of the email
address, click Verify. The system will send a test
message to the specified address and will inform you
if any problems are detected.
Note: To check the correctness of the email address, click Verify. The system will
send a test message to the specified address and will inform you if any problems
are detected.
9. On the Completing the New Managed Object Wizard screen, check the details and
click Finish.
10. The Managed Object you have created will appear under the Managed Objects node in
the left pane of Netwrix Auditor console. The Managed Object details will be displayed
in the right pane.
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 13 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 8: Managed Object General Page
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 14 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
5. MONITORING YOUR MANAGED OBJECT
5.1. Making Test Changes to Managed Object You can proceed to data collection and report generation without making test changes.
In this case only those users that have already been inactive for 30 days will be listed in the report.
If no such users exist in your system the report will be empty.
Procedure 3. To make test changes
1. Create a new user in your monitored domain. Do not log in or perform any activity
under this user.
2. In Netwrix Auditor console in the left pane, navigate to Managed Objects
<your_Managed_Object> Inactive User Tracking.
3. In the right pane set Consider user inactive after field to 0.
In this case all users not currently logged in will be considered inactive. The user you have just created
will be listed in this list with “0 days of inactivity”.
Figure 9: Change “Consider User Inactive After” setting
5.2. Running Data Collection and Receiving Report By default, Netwrix Auditor for Inactive Users runs data collection (scans the monitored objects for
inactive users) at 3:00 AM every day, and generates reports on all detected inactive users.
To receive a report now, launch the data collection task manually.
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 15 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Procedure 4. To launch a data collection task
4. In Netwrix Auditor console, expand the Managed Objects node, and select your
Managed Object.
5. In the details pane, click Run.
Figure 10: Run Data Collection
A report with information on inactive users will be sent to your email address:
Figure 11: Inactive Users Tracker Report
For information on different reporting options, including the on-demand reports, refer to Netwrix
Auditor for Inactive Users Administrator’s Guide.
Netwrix Auditor for Inactive Users Quick-Start Guide
Page 16 of 16
Copyright © 2013 Netwrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
A APPENDIX: RELATED DOCUMENTATION To learn about functionality available with Netwrix Auditor for Inactive Users, please refer to the
following documentation:
Table 5: Related Documentation
Document Name Overview
Netwrix Auditor for Inactive Users
Administrator’s Guide
The guide provides detailed instructions on
how to configure and use Netwrix Auditor for
Inactive Users
Netwrix Auditor for Active Directory
Administrator’s Guide
Provides a detailed explanation of the Netwrix
Auditor for Active Directory features and step-
by-step instructions on how to configure and
use the product.