Netwrix Auditor

Netwrix Auditor Reviews

Do you work for this company? Learn how we help vendors

(1-18 of 18)

Companies can't remove reviews or game the system. Here's why
Sam Livermore, MCP, iTIL | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Netwrix Auditor is a primary tool used for auditing the who, what, when and where a change was made to the infrastructure. This greatly reduces the time going through logs on different systems and increases productivity. We also employ User videos to get a real view into what was being don one our monitored systems.
  • Collecting logs
  • Providing alerts to email distribution list
  • Showing User videos
  • Collector service failures
  • Better GUI
  • best practice training
Netwrix [Auditor] is a great tool for any SysAdmin no matter the company size. Licensing is determined by users, not employee count, and that makes it a great product from a small business to an enterprise application. The time savings coupled with the increased productivity is a key factor is determining this tool over other products.
Robert Ross | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We wanted to automate and improve our manual processes for reporting on objects within our active directory environment. Our needs were for internal reporting and for providing reporting as part of our annual audit processes for compliance. The product allowed for us to leverage canned reporting as well as creating scheduled custom reports to provide the information that would have take hours or days to gather by hand without a tool such as this
  • Custom Reporting
  • Canned Reports
  • Customer Support
  • Extending to Other Aspects of Microsoft Environment
  • Custom Reporting Features
  • Stream line of the user interface
  • more depth on One Drive Reporting
Anyone who needs to report on actions taken within active directory or azure and you don't have PowerShell skills this is the product for you. I have used this product to produce reports that auditors have asked for and allow the data to be presented consistently and quickly We have also been able to provide real-time up to minute reports in the event of a security-related event that required to view access or changes to ad objects
Waqas Asghar Sipra | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We are using it in ICT department only and following features are being used:
  • Active Directory Auditor
  • File Server Auditor
  • Windows Servers Auditor
  • VMware Architecture Auditor
  • User Activity Auditor
Through all above we are basically auditing systems administrator and their work over the systems. And specially housekeeping of AD and all other servers to fit with compliance.
  • Full Domain Controller activity monitoring.
  • Video recording of system admins without and limit.
  • VMware user activity monitoring and auditing.
  • Audit user activity over network devices.
  • Windows File Server access monitoring and audit.
  • Cisco with IOS 16 and above is not supported under Network Devices.
  • System Up and Down Status.
  • Reporting.
Best Suited:
If you want audit your systems which are Windows then this tool is best and it also provide details on SQL and Oracle database and also provide good info for AD.

Not Suited:
If you want to audit Linux, Suse or ubuntu or any other operating system other than Windows then don't go for it. It only supports Microsoft Architecture.
January 22, 2021

Netwrix Necessity

Luke Kuhlow | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
Netwrix Auditor is being utilized for current compliance standards, it is a good product that allows for accurate reporting of our active directory events. We use the program to scan across our whole organization, which allows IT a greater look into trends and occurrences. This program has been instrumental in our monthly reporting and analysis of activity in our domain.
  • Great reporting.
  • Easy setup for scheduled deliveries.
  • Easily readable reports.
  • Better alerting for errors in system.
  • Better alerting for occurrences that flag attention.
  • Better consistency checks to ensure data is current.
Useful in medium to large sized businesses where activity should be monitored and cannot be managed through normal personnel operations.
Netwrix is not quite necessary for small businesses with few computers and/or managed service providers.
January 16, 2021

Netwrix Auditor

Joanna Murphy | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Netwrix Auditor is used to monitor our Active Directory in a number of ways:
  • It sends out emails when a user is required to change a password.
  • It monitors specific permission groups and sends out notifications to management when a user is added/removed.
  • We can audit certain actions that have been done in the past.
  • We can restore users that have been deleted in AD.
We also use it for PCIDSS compliance via monitoring of our network devices, we can audit any event that has happened at a layer 2/3 level if we have a breach in the organization.
  • Monitor specific AD groups when a user is added/removed.
  • Password change notification for users.
  • Review logs in network devices.
  • Tech support is very good.
  • The GUI is quite basic and a little difficult to master getting information out of.
  • Training and how to resources are not great.
  • Initial installation and setup can be difficult.
Monitoring an AD environment. If there is a group that gives access to data/permissions, it can be used to monitor who is being added, and if they should be added to these resources.

Not one I have used but looks like a great feature, if a contractor needs to access a network resource (e.g. server) it can record the session and this can be reviewed if an incident has happened, this can be automated to the user.
Kyle Michelli, CIA | TrustRadius Reviewer
Score 3 out of 10
Vetted Review
Verified User
Review Source
We used Netwrix primarily for my IT access rights audits, but my understanding is that our IT department also used it. It allowed me visibility into many different aspects of network access and use to prevent unauthorized activity and provide assurance to management. It allowed both a single deep dive and ongoing monitoring.
  • The website trial shows off the features of the software while also teaching how to perform a user access audit.
  • The user interface is very clean, user-friendly, intuitive, and snappy.
  • The software comes with a lot of explanations for the built-in reports to help users understand what the report is used for.
  • The software also makes it really easy to monitor the organization, with alerts for unacceptable actions or for unusual behavior above thresholds.
  • Our IT department spent a long time working on getting some of the features and reports working, with some success, but many reports and features were never fixed after a whole year of working with support. Apparently Netwrix support was responsive, but their fixes often failed to work.
  • My experience with customer support was very negative. I had several instances of emails going unanswered, sometimes but not always because my contact left the company and our account was never handed over appropriately.
  • Technical issues can be time-consuming to diagnose because it's hard to tell if a report is loading slowly, or failing. I don't think this problem is unique to Netwrix, though.
Netwrix is great in situations when the user isn't already strongly familiar with the systems being audited (Active Directory and File Server, in my case). Netwrix was very helpful in explaining the use cases of many reports.
Netwrix might not be helpful for organizations that don't have the spare resources to support it. Be prepared to plow IT staff time into supporting the back end, and also put user time into customizing the software for your particular risk profile and network usage.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Netwrix Auditor is used mainly by the Security department. However, we often pull information from Netwrix Auditor for other IT departments. It addresses problems relating to figuring out who made specific changes and security problems. Being able to view login failures, changes to users privileges, and so much more information helps us stay on top of things.
  • Provides accurate information
  • Easy to generate reports
  • Easy to filter, after initial learning curve
  • Challenging to learn filter options when first using the product
  • Not much video training provided online for the product
  • Could have better training available (additional guides, videos)
Netwrix Auditor is great for reviewing events that occurred and tracking down the root cause of who/what made specific changes. It also works well for audits revolving around security and user accounts. The only situation I need to use a secondary product for is when I need to track down a specific IP or system. But that is only because of the licenses we have, if we purchased more we could get additional information out of the product.
Customer support has always been fast and helpful when we run into any issues. The smaller issues are usually resolved within a day or two. It is great support and I feel like I am in good hands anytime an issue comes up. However, we don't run into many issues.
Score 9 out of 10
Vetted Review
Verified User
Review Source
It is used by two departments, the User Department where I belong and the Security Team along with our Manager and CIO. It addresses auditing who did a change and what changes accounts are privileged do and can review a session of a user who logged into a server at maybe odd hours which could be suspicious.
  • Who has done the changes on systems
  • Password lockouts where it will tell you exactly where a person is locking which can be frustrating if it occurs too many times for one user.
  • It can show you things we rarely look at in our environment e.g on Active Directory things like duplicate group policy settings, empty security groups, computers which have not logged in in a long time thus helping you with your computer inventory.
  • Being able to get the actual device a user is locking in from Exchange Server because if a user is found to be locking out from an Exchange Server we have to look at Exchange Server IIS logs and parse through them using other tools like Log Parser looking for wrong password report. We need to use one product and that is Netwrix Auditor.
  • The software could also show when a server was restarted or rebooted.
When there have been changes to server configuration (User Activity logs this too) you are able to tell who has done them and where the changes were made. It is less appropriate in situations where there is an email missing in one's mailbox and they claim mail has been deleted as this is not captured.
They are very responsive and they can assist you remotely when you are stuck!!
Score 10 out of 10
Vetted Review
Verified User
Review Source
Being in the cutting-edge technological industry - visibility into what is happening in the IT environment is a core component of a solid security strategy for any research/innovation-oriented organization. With the implementation of Netwrix Auditor throughout the organization, we keep our entire information data secure and confidential and maintain the accessibility of that data from our branches.
  • Detect security threats.
  • Prove compliance.
  • Bit finicky at times.
Netwrix Auditor is a fantastic product that audits all of the items we need to audit. It will audit file servers, database server, Active Directory Servers, SharePoint servers and a whole lot more. We use it for all of these items and the price did not go up because we added more machine types.
To deliver superior customer service experience to their clients they have clearly established workflow that ensures close cooperation of support representatives and software developers on all levels (Level 1-4 and Management Review). L1 is the primary point of contact that is assigned at the time the ticket is submitted or when calling for support. L2 Detailed investigation of issues. The person working at this level is usually a senior member of the R&D team of the Netwrix product associated with the ticket. L3 development is closely managed by a senior-level developer. The average response time for L3 is 3-4 business days, sometimes sooner. The job of L4 is to perform thorough testing of all hotfixes to make sure they fix what they are intended to fix, have seamless upgrade paths, and don't introduce any new problems affecting your Netwrix product and/or environment. Management Review that regularly performs reviews to ensure no delays occur and the ticket is handled according to their high standards of customer service.
Glenn Jones | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Netwrix Auditor is used by my company to audit all of the systems we use. These include file servers (both Windows and NetApp), SQL servers, web servers. SharePoint servers, Active Directory and many other types of servers. We use it to make certain that staff do not access files that they are not permitted to access, and that they are not attempting to log in into a server that they should not be logging into. This information has come in very useful in the past and will do so in the future. It is also often used by projects to find out what files users who are allowed to access certain files are actually accessing.
  • Netwrix Auditor performs the audit collection process in a method that does not burden the systems it is auditing. It usually just pulls the log and event logs data from the machine it is auditing and then performs the extraction of the information in these files on the Netwrix Auditor server. This reducing the audit processes to only pulling log data from the server but does not keep the server busy processing the data.
  • Once the log data has been pulled from a server being audited, Netwrix will store the log data in a compressed form in its Long Term Archive. This allows the database to be kept smaller than the all the data being kept in the Log Term Archive and therefore makes creating reports much faster since the database is not as big as it could be.
  • Since Netwrix Auditor uses standard Microsoft SQL Server and SQL Server Reporting Services (SSRS) to perform reporting, working with the results of the audit is much easier. Anyone who knows SQL Server and SSRS can work with the data and create their own reports.
  • The predefined reports that come with Netwrix Auditor cover most of the items required to properly report on the status of a system. They have many predefined reports for FedRamp, PCI, HIPPA, and other compliance regulations.
  • Netwrix Auditor needs to improve its loading of Long Term Archive (LTA) data back into the database. I have been trying to load one month of LTA data back into the database for a few months now, but it can take a few days to successfully load just a few weeks of data. I have now started to attempt to load only two weeks of data at a time in the hopes that it will not destroy the data already loaded. I'm still working on this attempt. Netwrix Support told me that the only designed the reloading of LTA to work on a few days worth of data, but I need to be able to possibly seven years of data in the future. They are currently working on a solution to allow me to perform this task.
  • Netwrix needs to simply their database structure so it is easier to create your own reports. If they can't make the database structure any easier, they need to document it much more. The database documentation is very sparse and doesn't really state how you can use the database. There are many items I can find in the database but some items I have just given up on since it can be quite a task to find the data in the database.
  • Netwrix needs to release some form of internal documentation so clients can see what is happening during the audit data collection. I have specialists in certain areas of our systems, such as NetApp file server, ask me how it performs some of the auditing, and all I can say is "I'm not sure, I can ask but they probably won't be able to tell me."
Netwrix Auditor is well suited to perform audit data collection on many types of servers that require audit data to be collected. It runs fairly quickly and usually informs you if something went wrong in the data collection. They do need to have better documentation and some form of internal documentation to help the users who understand what is happening in their system to help them through the process of figuring out when something went wrong.
Matt Rogers | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Since we are a small organization, my supervisor and I are responsible for all information technology needs. We both use Netwrix Auditor to monitor any suspicious activity and get reports on failed logins, expiring passwords, and Windows file server activity. This gives us great peace of mind knowing that if something goes wrong or someone gains unauthorized access to our systems, we'll be able to respond immediately.
  • Netwrix Auditor sends out warnings to users when their passwords are close to expiring. This saves us some headache, because if they have any problems with changing their password, we can help them before they get locked out.
  • The notifications for multiple failed logons is a lifesaver. Very useful for spotting suspicious activity!
  • I love the way that you can create your own custom notifications and reports through the "Search" function. You can pick the "What", "Where", and "When" for the event you want to monitor and set up email email reports for them.
  • There is a bit of a learning curve. The interface is fairly intuitive, but I think there is room for improvement.
  • There is a LOT of functionality which can be quite overwhelming at first, but in and of itself, not a bad thing.
  • I think this software would benefit from a "Simple" mode and "Advanced" mode. This would ease the learning curve a bit.
I think this software has something for any organization small or large. I think the best scenario to use this software would be if you wanted to keep an eye on suspicious activity. This software gives users the peace of mind that if someone were to gain access (assuming the software is configured correctly) to their systems, that they would be notified.
Kyle Reyes | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We currently use Netwrix Auditor in our Infrastructure department for a multitude of tasks. We utilize Netwrix Auditor for changes to files, updates to passwords, Databases changes, GPO changes, etc. One major use of Netwrix is for monitoring of access to ITAR files and giving us an amazing tool for reporting on all of the above mentioned uses.
  • The reporting features within Netwrix Auditor are by far the best feature, with a wide range of "pre-built" reports. The ability to create/generate your own reports makes it quite easy to look into the various items being monitored in the environment.
  • The set-up & ease of use of Netwrix is hard to match, not to mention the upgrades. To date, we've only had to contact support for one issue and it was an easy fix once we found the detailed information in their Knowledge Base.
  • Automation features within Netwrix help our daily tasks by ensuring we are not having to constantly monitor Netwrix, this is a huge time saver!
  • The only con I have is that sometimes technical support can be a bit delayed in getting back to us for issues, but it is only slightly so not a huge con by any means.
Netwrix Auditor is a great tool for monitoring a multitude of environments, settings, changes, etc. We currently use Netwrix Auditor for use to monitor Active Directory, File Servers, SQL Servers, and various other items. Netwrix however does not seem to fill any needs for monitoring our VMware environment that I have found to date.
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Netwrix Auditor for auditing of Active Directory and Group Policy changes. It is used by our IS Access and IS Server Support teams. We needed a tool to track changes for our auditors.
  • Notifications on changes to sensitive accounts.
  • Detailed record of Group Policy changes.
  • HTML email reports
Finding changes to security groups and group policy is quick and easy.
Barry Goldstrom | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
It was used on the law enforcement servers. It provided the information to prove chain of custody of any related files on the file server.
  • Ease of setup
  • Accurate reporting
  • Set and forget automated reporting
  • I can't honestly think of areas of improvement
This is well suited to audit files on a file server to keep track of who is doing what on the file servers. This is a feature that is lacking in a windows server environment.
July 25, 2018

Keeps me honest!

Jose Rodriguez | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Netwrix is used to by our organization to audit network accounts. It provides us visibility into who is making modifications to our internal AD.
  • Auditing account changes
  • Anomaly tracking
  • Easy setup
  • No areas at this point.
It's a perfect product for auditing and keeping the system admins honest. It's easy to use and reporting is incredible. The system to me is flawless because it keeps the admin honest by doing exactly as it's billed. The system performs well and the database integration makes reporting fast and provides all the mechanisms to support our organization.
December 01, 2017

Netwrix Saves Time

Jon Gabriel Bolland II | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Netwrix Auditor is being used across our whole company. Netwrix allows us to audit file use and access, changes to Active Directory, failed logins on SQL, AD, file servers, and email. It gives us visibility and accountability to what is going on in our infrastructure. It helps solve security and accountability problems.
  • It alerts us to account lockouts and helped discover a firewall issue on one of our servers. The alerts and single interface have been very helpful.
  • I get a report on expired passwords and accounts which help me keep my directory tidy.
  • We can get access reports on files and folders which let us know when users are trying to access items they are not authorized to.
  • They have a screen capture function that I have never been able to get to work properly. However, I have never called their support on this issue so it is not necessarily a big ding against them. I am only mildly interested in this feature. We have enough network monitoring so I already know what my users are doing I don't need a capture.
It would not be appropriate for a very small organization that has less than 25 Users. It is great for keeping an eye on larger environments, you can get fairly granular with the reporting and know exactly who changed files, AD accounts, mailboxes, and policies. It is great for visibility into your data and accountability. It is also a useful security tool.
Steven Hiersche, Jr. | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Netwrix Auditor is being used only by the IT department. The primary use was to track active directory changes but it is now also very useful for auditors. During yearly tech audits, we are able to hand over audit logs very easily.
  • The UI is very strong
  • Plenty of reports to generate
  • You can audit many applications including Active Directory, file server, SQL and Exchange/O365
  • We are very pleased with Netwrix
If you need to track who is making changes in your environment and/or provide audit logs to auditors, this is your program!
Score 4 out of 10
Vetted Review
Verified User
Review Source
Netwrix auditor is being used by our IS security team to monitor and manage changes to our AD security setup. It was chosen to simplify some of the tasks that they need to do, as well as automating alerts and increasing our level of understanding for change within the AD environment.
  • Automated alerts for changes to security within AD. It is able to sends alerts for just about any change within AD.
  • Tracing who changed what within AD. This can be found with AD, but Netwrix auditor makes it a lot more simple to find.
  • Enabling less technical people to have access to the auditing and security information that they need to manage the AD security model effectively. This product frees our technical teams from numerous minor requests for audit logs, tracking, investigations etc.
  • Stability is a concern. Despite running this for over one year, we have had issues with processor utilisation on several business critical servers including SQL servers that have meant that we have had to deinstall the product on those servers. No resolution, despite this being logged with the supplier for some 2 months.
  • Support from the US for UK clients is not up to standard, for the cost of the product and the cost of support we expected better. We are reconsidering our use of this product, despite its good level of reporting and automation of alerts.
Good for IT teams where you lack technical knowledge to properly manage the AD security environment. Poorer value for those teams that already have skilled technical tools and scripts or other tools that automated security alerts. This is the sort of tool that Microsoft should supply as part of AD. What it does, it foes quite well, buy with hindsight, it would have been better to automate using our own skills and other tools.

What is Netwrix Auditor?

Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems.

According to the vendor, Netwrix Auditor eliminates these blind spots by delivering complete visibility into all changes to system configurations, content and permissions across the IT infrastructure. Moreover, Netwrix Auditor alerts organizations to changes that violate corporate security policies, enabling users to proactively detect suspicious user activity and prevent breaches.

Netwrix Auditor Features

  • Supported: Change Auditing of IT Systems
  • Supported: Configuration Auditing
  • Supported: Access Auditing

Netwrix Auditor Screenshots

Full visibility into changes to critical IT systemsOut-of-the-box Compliance ReportsCustomized Reports On-Demand and Easy Data Search

Netwrix Auditor Video

Visit to watch Netwrix Auditor video.

Netwrix Auditor Downloadables

Netwrix Auditor Competitors

Netwrix Auditor Pricing

Netwrix Auditor Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo
Supported CountriesUSA, UK, Australia, France, Germany, Hong Kong, Italy, Netherlands, Spain, Sweden, Switzerland, India, Belguim, Russia
Supported LanguagesEnglish, German, French, Russian, Italian

Frequently Asked Questions

What is Netwrix Auditor's best feature?

Reviewers rate Support Rating highest, with a score of 9.

Who uses Netwrix Auditor?

The most common users of Netwrix Auditor are from Mid-size Companies and the Hospital & Health Care industry.