Netwrix Auditor 
Netwrix Enterprise Auditor 
Netwrix Data Classification 
Netwrix GroupID 
Netwrix Privilege Secure 
Netwrix Endpoint Protector 
How-to Guides
SharePoint Online permissions are scattered across multiple menus and settings. Learn how to get a simple report on who can access what in your SharePoint Online environment.
Learn how to locate files on your file servers that contain sensitive data so you can ensure compliance and strengthen your security posture.
Learn how to enable SQL server login auditing using either native SQL Server capabilities or Netwrix Auditor.
Learn how to easily check SharePoint permissions for any account so you can ensure that each user has the proper permissions for their job.
While troubleshooting an account lockout or investigating an attack, you need to find out when a user last changed their password. Learn how to find the last password change date.
Having a lot of empty folders on your file shares makes navigation harder for users and complicates provisioning and auditing processes. Learn how to find empty folders so you can clean up your file shares.
Learn how you can get a list of AD group members in couple of clicks so you can streamline attestation of privileged groups to ensure that only authorized users have administrative rights.
Learn how to get a SharePoint permissions report in a few simple steps so you can ensure permissions are aligned with employees’ responsibilities.
Detect suspicious changes to databases in your SQL Server to prevent system unavailability or compromise of sensitive data.
Full access permissions should be continuously monitored to minimize the risk of security breaches.
Auditing of both failed and successful logon attempts is extremely important because it helps IT pros detect malicious activity before a data breach occurs. test
Learn a simple way to keep an eye on changes to SharePoint Online and MS Teams sharing settings to promptly spot risky or malicious actions.
Learn how to audit your SharePoint Online and Teams for privilege escalation and spot malicious activity before it causes real damage.
Learn how you can detect undesired applications in your Microsoft Entra ID logs, so you can take action before they cause real damage
Using native Office 365 auditing tools can be time-consuming. Learn how to speed investigations with Netwrix Auditor.
Learn how to read AD logs to keep track of changes to your baselines for critical systems of your infrastructure.
Learn how to create a PowerShell script to manually monitor a folder for new and updated files, and see how you can streamline the process with Netwrix Auditor.
Learn how you can monitor AD group membership changes with native auditing capabilities in Windows Server and with Netwrix Auditor.
Check SQL permission changes and determine who altered view permissions without running any queries and minimize the risk of data exposure.
Track and investigate changes to the login password in SQL Server to prevent account compromise and better secure your critical assets.
Enable file server permission change audit across your Windows servers to track changes to file, folder and share permissions.
This how-to shows how to determine who changed permissions to public folders in Exchange Online, so you can improve your sensitive information security.
Create a SQL Server audit trigger for INSERT or UPDATE events and gain visibility into activity across your tables to secure sensitive data.
Improper deletion of a GPO can greatly damage the security of your environment. Monitor GPO deletions to facilitate quick recovery and reduce risk of data exposure.
Constant monitoring of file and folder deletions is necessary to prevent business disruptions and data loss through quick restoration of data.
Suspicious changes to Startup Registry keys can be a sign of malware activity. Timely detection of these changes can prevent loss of sensitive data.
Constant monitoring of recently enabled accounts enables you to determine who is trying to get unauthorized access to your systems and quickly remediate the issue.
Learn how to audit Group Policy changes with Netwrix Auditor. Monitoring Group Policy logging information helps you prevent security incidents.
Detect suspicious changes to databases in your SQL Server to prevent system unavailability or compromise of sensitive data.
This how-to shows two ways of detecting who created a new scheduled task on your windows server.
Ongoing monitoring of deleted users in Microsoft Entra ID minimizes the risk of users losing access to systems they need, thus reducing the number of helpdesk requests.
Constantly reviewing which accounts were unlocked and by whom enables IT admins to spot suspicious account lockouts and respond quickly to protect systems and data.
Continuous monitoring of changes to security permissions to an OU enables IT admins to minimize the risk of unauthorized access to IT systems.
Carefully monitoring all user account deletions enables IT pros to minimize the risk of business disruption and system unavailability.
Continuous review of attempts to modify sensitive files helps you quickly spot suspicious activity to prevent a possible threat before a breach occurs.
Determining who deleted a file on your SharePoint site can help you investigate unsanctioned action and appropriately respond to it.
Ongoing tracking of SharePoint permission changes helps IT administrators detect unauthorized changes so they can quickly roll them back and minimize their consequences.
IT administrators need to monitor deletions of DHCP reservations to ensure no unauthorized changes took place, thus preventing system unavailability.
Continuous monitoring of DNS record deletions helps IT administrators detect abnormal actions in a timely manner and thereby avoid service unavailability.
Ongoing tracking of deleted computer accounts by IT administrators is important to avoid authentication errors and lost productivity.
Every change of a file owner should be tracked by IT admins to secure sensitive data against leaks and unauthorized access and modifications.
Full access permissions should be continuously monitored to minimize the risk of security breaches.
To prevent a data breach, it’s critical to ensure that only authorized users are added to the Domain Admins group and thereby get access to critical data.
Continuous monitoring of mailbox permissions in Exchange Online enables the timely detection of unauthorized changes, thereby mitigating the risk of security breaches.
Netwrix Auditor for Windows Server enables you to detect software installations and get detailed alerts.
Ongoing tracking of changes to Active Directory organizational units and groups can help you avoid system downtime, business disruption and loss of productivity.
IT pros need to timely detect suspicious file changes to quickly get actionable details for security investigations and spot malicious activity at early stages.
Timely detection of password change and password reset in Active Directory enables IT pros to investigate suspicious activity and avoid data leaks and system downtime.
The ability to quickly detect a disabled user in Active Directory and identify who disabled the account enables IT Pros to investigate the root cause of suspicious activity.
To thwart attackers, IT pros must be able to continuously audit changes in the environment and quickly determine who created AD user accounts.
Detecting AD user account changes using native auditing is time-consuming. Netwrix Auditor for Active Directory monitors these changes helping you quickly detect intruders.
Getting a comprehensive SharePoint Online external sharing report with native tools can be tricky. Learn how to get the necessary details with a couple of clicks.
Finding sign-ins from unusual locations in Microsoft Entra ID can be a challenging task, especially if you have people working from all over the place. Learn an easy way to audit sign-ins in your cloud.
Auditing access to data in your cloud is crucial to ensuring the security of your enterprise. Learn a simple way to get a report on who accessed what data.
Failed logons may indicate intrusion attempts. Learn how to detect potentially malicious activity in your VMware environment.
Learn how to enable SQL server login auditing using either native SQL Server capabilities or Netwrix Auditor.
See how you can find account lockout source and the underlying reason using a PowerShell script or Netwrix Auditor.
Get a report about Active Directory user login history with a PowerShell script or Netwrix Auditor. Review both remote and local logons with time and system details.
Create a logon trigger on SQL Server to secure your critical assets. Use the SQL Server logon trigger to audit access events and spot illicit activity faster.
Ongoing review of shared mailbox access events is needed to ensure that no critical business data is exposed or lost because of improper handling of emails.
Ongoing audit of each user’s last logon date in Active Directory helps IT pros detect inactive accounts that can be used as back doors by attackers.
Keeping track of failed Oracle Database logon attempts helps IT administrators detect database intrusion attempts.
Keeping an eye on who reads files on file servers enables IT pros to control access to sensitive data and minimize the risk of information security attacks.
IT pros need to continually monitor non-owner access to any shared mailbox in Office 365 to ensure data security and minimize risks of data leaks.
Auditing of both failed and successful logon attempts is extremely important because it helps IT pros detect malicious activity before a data breach occurs. test
Learn how to create a summary on all Exchange Online shared mailboxes and see permissions to them using PowerShell or Netwrix Auditor.
Although user roles are a common way of granting permissions, they can be confusing. Learn how to check user roles in SQL Server with a simple query.
Overcome the limitation of PowerShell scripts to get AD user group membership. Create a list of groups a specific user belongs to and export it to CSV.
Checking AD group membership with command line is the way to review permissions, but not the only way. Learn different ways to get the required info.
This how-to article explains how the Active Directory Recycle Bin’s object restore works, what limitations it has, and how Netwrix can help you overcome those limitations
Learn how to find inactive users in Active Directory using PowerShell or Netwrix Auditor to simplify your AD housekeeping and reduce security risks.
Learn how to check if AD user account is disabled with PowerShell or Netwrix Auditor.
Getting the SQL Server database size with T_SQL queries can be tricky without serious scripting skills. Learn how to get the required data with just a few clicks.
Checking AD group membership with is one method to review and refine access rights, but not the only way. Learn different ways to get the required information.
Learn an easy way to untangle branchy VMware account permissions without sifting through multiple objects and reports.
Getting User Permissions in SQL Server with T-SQL Query is complicated, but often required for audits. Learn simple way to get your data.
Learn an easy way to find your Microsoft SQL Server database file location for backup or maintenance purposes.
Checking SQL Server database properties regularly is critical to availability and performance, but native methods can be a real pain. Learn a simple way to get this data.
Knowing where your sensitive data is a cornerstone of a strong security posture. Learn how to identify sensitive data in your Microsoft 365 environment.
Learn how list Scheduled Tasks and Services on Windows machines an easier way using Netwrix Auditor
SharePoint Online permissions are scattered across multiple menus and settings. Learn how to get a simple report on who can access what in your SharePoint Online environment.
Collecting Exchange Online permissions can be complicated because different permission types are stored differently. Get a clear, complete report on Exchange Online non-owner permissions in just a few clicks.
Learn how to get a comprehensive report on users’ group membership.
Learn how to locate files on your file servers that contain sensitive data so you can ensure compliance and strengthen your security posture.
Enterprise growth can cause your AD group structure to get quite complex, which can lead to GPO and WSUS policy conflicts. To investigate them, you need to list all Active Directory groups that certain computer account belongs to.
Learn how to easily check SharePoint permissions for any account so you can ensure that each user has the proper permissions for their job.
While troubleshooting an account lockout or investigating an attack, you need to find out when a user last changed their password. Learn how to find the last password change date.
Having a lot of empty folders on your file shares makes navigation harder for users and complicates provisioning and auditing processes. Learn how to find empty folders so you can clean up your file shares.
Learn how you can get a list of AD group members in couple of clicks so you can streamline attestation of privileged groups to ensure that only authorized users have administrative rights.
Learn how to get a SharePoint permissions report in a few simple steps so you can ensure permissions are aligned with employees’ responsibilities.
Learn how to search for files owned by a certain user on your file server.
Learn how to list all local groups in Windows Server and export them to CSV format with or without PowerShell.
Conduct regular reviews of locked-out user accounts in your Active Directory to maintain good IT hygiene.
Discover how to get a list of expired user accounts in your Active Directory to reduce your attack surface area and maximize the security of your IT environment.
Keep track of inactive computer accounts in your Active Directory to reduce the attack surface area and strengthen the security of your IT environment.
Find out how to review all local administrators on your Windows machines in order to spot deviations from your baseline and maintain good IT hygiene.
Knowing about every disabled user account is crucial if you want to harden the security of your IT systems. Learn how to get a list of disabled users in your Active Directory and export it to a CSV file.
Regularly review the local users and groups on critical Windows machines in order to harden the security of your servers.
Locate duplicate documents on your file servers to free up storage space and control the spread of sensitive information.
Struggling to find sensitive files that are stored in insecure locations? Learn an easy way to find critical data on Windows file servers that might be at risk.
Learn how to count the number of files in a folder with PowerShell and how to automate this process with Netwrix Auditor. The PowerShell script on this page shows you how many files are stored in a specific directory.
Learn how to create and use PowerShell script to get ACL for a folder and export report on share permissions.
Learn how to get an NTFS permissions report in a few simple steps to ensure your files are secured properly.
Struggling to get a list of AD OU members? Learn how you can produce a list of all AD users in an OU, with and without PowerShell scripting.
Learn how you can use PowerShell to list all computers in an OU
Learn how to use PowerShell’s Get-ADUser to find users with Password Never Expires
Learn how you can export a list of computers from AD into various formats, including csv and Excel.
Export NTFS permissions to stay on top of who has what folder security permissions in your organization and how that access was granted
Get a list of users in local groups on Windows machines without using the CMD on each machine or scripting in PowerShell.
Collect system inventory without wasting your time on PowerShell scripting and get details such as OS installed on each server, OS version and antivirus status.
Spot unnecessary excessive rights and prevent privilege abuse by regularly viewing Active Directory OU Permissions report.
Regularly view shared folders reports to get a list of all file shares and identify non-default shares that can jeopardize your data security.
To mitigate the risk of privilege abuse and pass audits, you need to know how to check user permissions in Active Directory and get a detailed report.
Learn how to get a report on the membership of all local groups, including local administrator group membership, in CSV format.
This how-to shows two ways of detecting who has access to what data on Windows file server.
Group Policy settings export with native tools can be a real challenge. But the right software can simplify exporting of Group Policy settings into an easy-to-read report
Restore Active Directory objects to ensure system availability. Plus, quickly recover deleted AD user accounts and other objects to a previous state without any downtime.
By sending automatic notifications to users to change their passwords, IT administrators can ensure IT security and reduce helpdesk workload.
Because IT admins are often asked to export Active Directory to CSV files, having a solution that can quickly export Active Directory objects can save them time.
Exporting users from Active Directory with native tools requires time and effort. The right solution enables you to quickly export AD users to CSV
An Active Directory group membership report shows the members of a particular group. To have this data at hand in a readable format, simply export AD group members to CSV.
This tutorial will show you how to list Everyone group permissions to help prevent data exfiltration and reduce the insider threat.
Video recording of user screen activity enables IT administrators to gain visibility into IT systems and control privileged user activity before a security breach occurs.
Regular review of permissions helps IT administrators optimize access control and lock down overexposed data.