Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
Additional Audit Details: How it Works
KB1609 | Last review: Jul 30, 2014 | Netwrix Auditor for Exchange, Netwrix Auditor for Active Directory | 5.0 - 6.5
|Netwrix Auditor provides reports on Active Directory, Exchange Server and Group Policy changes with extended audit data. When a new Managed Object is created, you are prompted to select whether you want to collect the following additional audit details from the monitored domain:
1. Reports With Originating Workstation
Netwrix Auditor contains a number of reports on Active Directory, Exchange Servers and Group Policy changes that, in addition to the standard WHO, WHAT, WHERE and WHEN fields, provide the information on the originating workstation, that is the name of the computer where the user was logged on when they made the change.
The following reports with the Workstation field are available for each audited system:
NOTE: For the product to be able to collect the information on the originating workstation, you must configure the Audit logon events policy. If automatic audit configuration is enabled, this setting is adjusted automatically. For instructions on how to configure it manually, refer to Netwrix Auditor Installation and Configuration Guide.
2. Reports With Data Filtering by Groups
If the Group membership option is enabled, the product will collect the information on the group membership of the users who make the changes. This information can be used to apply filters to the collected audit data and get the information on changes performed by members of specific groups only.
This functionality is available in the following reports for each audited system:
Was this information helpful?