Data Collecting Account

This is a service account that Auditor uses to collect audit data from the monitored items (domains, OUs, servers, etc.). Netwrix recommends creating a dedicated service account for that purpose. Depending on the data source your monitoring plan will process, the account must meet the corresponding requirements (see the table below).

If you are going to enable integration with Netwrix Data Classification (NDC Provider), additional server roles must be assigned to the account. See Sensitive Data Discovery topic for additional information.

Starting with version 9.96, you can use group Managed Service Account (gMSA) as data collecting account. Currently, the following data sources are supported: Active Directory (also for Group Policy and Logon Activity), Windows Server, File Server (currently for Windows File Servers), SQL Server, SharePoint.

For more details about gMSA usage, see the Use Group Managed Service Account (gMSA)topic for additional information.

The gMSA should also meet the related requirements (see the table below).

Data source	Required rights and permissions:
Active Directory	Permissions for Active Directory Auditing
Active Directory Federation Services	Permissions for AD FS Auditing
Microsoft Entra ID (formerly Azure AD), Exchange Online, SharePoint Online, MS Teams	Permissions for Microsoft Entra ID Auditing Permissions for Exchange Online Auditing Permissions for SharePoint Online Auditing Permissions for Teams Auditing
Exchange	Permissions for Exchange Auditing
Windows File Servers	Permissions for Windows File Server Auditing
Dell Isilon	Permissions for Dell Isilon/PowerScale Auditing
Dell VNX/VNXe/Unity	Permissions for Dell Data Storage Auditing
NetApp	Permissions for NetApp Auditing
Nutanix Files	Permissions for Nutanix Files Auditing
Qumulo	Permissions for Qumulo Auditing
Synology	Permissions for Synology Auditing
Network Devices	Permissions for Network Devices Auditing
Oracle Database	Permissions for Oracle Database Auditing
SharePoint	Permissions for SharePoint Auditing
SQL Server	Permissions for SQL Server Auditing
VMware	Permissions for VMware Server Auditing
Windows Server (including DNS and DHCP)	Permissions for Windows Server Auditing
Event Log (including IIS)—collected with Event Log Manager	Permissions for Windows Server Auditing
Group Policy	Permissions for Group Policy Auditing
Logon Activity	Permissions for Logon Activity Auditing
Inactive Users in Active Directory—collected with Inactive User Tracker	In the target domain - A member of the Domain Admins group
Password Expiration in Active Directory—collected with Password Expiration Notifier	In the target domain - A member of the Domain Users group
User Activity	On the target server - A member of the local Administrators group
Sensitive Data Discovery	Sensitive Data Discovery

Update Credentials for Account

Once a Data Collecting Account has been configured, you can always update the password for this account in Netwrix Auditor.

Follow the steps to update credentials for the accounts used by Auditor:

Step 1 – On the Auditor home page, navigate to Settings.

Step 2 – Locate the General tab.

Step 3 – Click the Manage button under Accounts and Passwords.

Step 4 – Select an account you want to update the password for.

Step 5 – Review the account configuration scope and click Update password next to this account.

Step 6 – Save your edits.

See the General topic for additional information.