Skip to main content
Netwrix Auditor

Netwrix Auditor


What is Netwrix Auditor?

Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems. According to…

Read more
Recent Reviews

TrustRadius Insights

Netwrix Auditor has been widely used by various organizations to address a range of IT auditing and compliance needs. Many users have …
Continue reading
Read all reviews
Return to navigation


View all pricing

What is Netwrix Auditor?

Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems. According to the…

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit…


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

71 people also want pricing

Alternatives Pricing

What is Cyral?

Cyral is a cloud-native Security-as-Code solution to protect the modern data layer. It allows engineering teams to observe, secure, and manage data endpoints in a cloud via a sidecar.

What is IDERA SQL Compliance Manager?

SQL Compliance Manager helps database administrators to monitor, audit, and alert on Microsoft SQL Server user activity and data changes. The vendor states it provides quick configuration of audit settings, a broad list of regulatory guideline templates for audit settings and reports, before and…

Return to navigation

Product Demos

Netwrix Auditor for Windows Server - Overview


Netwrix Auditor for Active Directory - Overview

Return to navigation

Product Details

What is Netwrix Auditor?

Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems.

According to the vendor, Netwrix Auditor eliminates these blind spots by delivering complete visibility into all changes to system configurations, content and permissions across the IT infrastructure. Moreover, Netwrix Auditor alerts organizations to changes that violate corporate security policies, enabling users to proactively detect suspicious user activity and prevent breaches.

Netwrix Auditor Features

  • Supported: Change Auditing of IT Systems
  • Supported: Configuration Auditing
  • Supported: Access Auditing

Netwrix Auditor Screenshots

Screenshot of Full visibility into changes to critical IT systemsScreenshot of Out-of-the-box Compliance ReportsScreenshot of Customized Reports On-Demand and Easy Data Search

Netwrix Auditor Video

Visit to watch Netwrix Auditor video.

Netwrix Auditor Competitors

Netwrix Auditor Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo
Supported CountriesUSA, UK, Australia, France, Germany, Hong Kong, Italy, Netherlands, Spain, Sweden, Switzerland, India, Belguim, Russia
Supported LanguagesEnglish, German, French, Russian, Italian

Netwrix Auditor Downloadables

Frequently Asked Questions

ManageEngine ADManager Plus are common alternatives for Netwrix Auditor.

Reviewers rate Support Rating highest, with a score of 8.6.

The most common users of Netwrix Auditor are from Mid-sized Companies (51-1,000 employees).
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Netwrix Auditor has been widely used by various organizations to address a range of IT auditing and compliance needs. Many users have found it helpful in monitoring and identifying suspicious activity, generating comprehensive reports, and providing immediate response capabilities for incident management. For example, small organizations have benefited from Netwrix Auditor's ability to monitor failed logins, expiring passwords, and Windows file server activity, giving them peace of mind and enabling them to respond promptly to security threats. Additionally, companies have utilized the software to audit multiple systems including file servers, SQL servers, web servers, SharePoint servers, and Active Directory. This ensures access compliance and helps identify user file access patterns. The program is also being used by infrastructure departments to monitor changes to files, password updates, database changes, and GPO changes while accurately reporting on access to ITAR files. Furthermore, organizations have leveraged Netwrix Auditor for compliance reporting and analysis of activities in their domain, enabling greater insights into trends and occurrences across the entire organization. By utilizing this software solution, ICT departments can ensure compliance and housekeeping of servers by auditing system administrators' work. Likewise, IT departments have found value in conducting IT access rights audits with Netwrix Auditor as it provides visibility into network access while preventing unauthorized activity. The product is also employed by IS Access and IS Server Support teams to track changes for auditors, allowing visibility into modifications made to the internal AD. Moreover, organizations have utilized Netwrix Auditor to audit network accounts and gain visibility into AD modifications for compliance purposes and yearly tech audits. Beyond compliance needs, a law enforcement agency has used the software solution to prove the chain of custody of related files on file servers. Additionally, businesses have found Netwrix Auditor helpful in GDPR and ISO 27001 compliance analysis as it simplifies the detection and remediation of potential issues related to data protection regulations. For security departments within different organizations, Netwrix Auditor has been a valuable tool for tracking specific changes and addressing security problems, such as login failures and changes to user privileges. Research and innovation-focused organizations have also benefited from this product, as it ensures the security and confidentiality of information data while maintaining accessibility across branches. Furthermore, Netwrix Auditor has played a vital role in helping IS security teams monitor and manage changes to AD security setup, simplifying tasks, automating alerts, and increasing understanding of change within the AD environment. Lastly, users have leveraged the software to inspect technology environments comprehensively by generating alerts and daily reports on servers, network switches, locked accounts, file-level accesses, and more. Additionally, Netwrix Auditor logs user logins and sends email alerts for AD changes, providing users with timely notifications and ensuring transparency in the auditing process. With its robust features and capabilities, Netwrix Auditor has become an indispensable tool for organizations across various industries seeking to enhance their IT auditing practices. By offering comprehensive visibility into system activities, accurate reporting, and compliance monitoring, the software enables users to proactively address security threats, maintain regulatory compliance, and ensure the integrity of their IT infrastructure. Whether it's for small organizations looking for peace of mind or larger enterprises needing advanced auditing solutions, Netwrix Auditor proves to be a versatile and valuable asset in achieving effective IT governance.

Helpful Notifications: Several users have found Netwrix Auditor's ability to send warnings to users about expiring passwords and notifications for multiple failed logons to be helpful in preventing lockouts, spotting suspicious activity, and assisting with password changes.

Flexible Customization: Many reviewers appreciate the flexibility provided by Netwrix Auditor's 'Search' function, which allows them to create custom notifications and reports. This feature enables users to monitor specific events and set up email reports tailored to their needs.

Useful Alerts: Users highly value the alerts provided by Netwrix Auditor as they aid in identifying account lockouts, uncovering firewall issues, and offering insights into various aspects of the environment. The alerts are seen as a valuable tool for monitoring and maintaining system security effectively.

User Interface: Some users have expressed that the user interface of the Collector service could be improved to make it more intuitive and less overwhelming. They suggest that certain elements should be better organized and labeled clearly, as they currently find it confusing to navigate through the interface.

Technical Support: Several reviewers have mentioned experiencing slow response times from technical support when reporting issues with Netwrix Auditor. This has resulted in frustration and delays in problem resolution for these users. Prompt assistance is expected, especially for critical issues requiring immediate attention.

Documentation and Training: Users have raised concerns about the lack of comprehensive internal documentation and training materials provided by Netwrix. They feel that more detailed instructions, including videos and guides, would greatly help them learn how to effectively use Netwrix Auditor and maximize its potential within their organizations.

Based on user feedback, the following recommendations have been made for using Netwrix Auditor:

  • Use the virtual appliance option for quick deployment of Netwrix Auditor.
  • Get professional services to help set up Netwrix Auditor for data governance.
  • Plan and clean up Active Directory prior to implementing Netwrix Auditor for better system integration.
  • Understand how the audit trail works for Oracle databases before using Netwrix Auditor for Oracle DB auditing.
  • Install Netwrix on a dedicated server and configure reporting and alerts for maximum benefit.
  • Try out the free version of Netwrix first before purchasing.
  • Gain further insight and operate more efficiently with automated, canned, and customized reports in Netwrix Auditor.
  • Start with the trial version of Netwrix to ensure it meets all needs and supports the creation of custom reports.
  • Take advantage of the full featured trial license of Netwrix to learn about the product and its potential use case.
  • Implement Netwrix Auditor as an auditing tool, emphasizing its affordability.
  • Avoid using Netwrix Auditor if frequent server reboots are not desired and be aware that some users have found the GUI difficult to use.

Attribute Ratings


(1-19 of 19)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
  • Sends alerts via email.
  • Sends scheduled log reports.
  • Keeps track of changes in Active Directory.
  • So far, we haven't experienced any issues with Netwrix Auditor.
May 06, 2022

Netwrix Necessity

Luke Kuhlow | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
  • Great reporting.
  • Easy setup for scheduled deliveries.
  • Easily readable reports.
  • Better alerting for errors in system.
  • Better alerting for occurrences that flag attention.
  • Better consistency checks to ensure data is current.
Waqas Asghar Sipra | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
  • Full Domain Controller activity monitoring.
  • Video recording of system admins without and limit.
  • VMware user activity monitoring and auditing.
  • Audit user activity over network devices.
  • Windows File Server access monitoring and audit.
  • Cisco with IOS 16 and above is not supported under Network Devices.
  • System Up and Down Status.
  • Reporting.
Kyle Michelli, CIA | TrustRadius Reviewer
Score 3 out of 10
Vetted Review
Verified User
  • The website trial shows off the features of the software while also teaching how to perform a user access audit.
  • The user interface is very clean, user-friendly, intuitive, and snappy.
  • The software comes with a lot of explanations for the built-in reports to help users understand what the report is used for.
  • The software also makes it really easy to monitor the organization, with alerts for unacceptable actions or for unusual behavior above thresholds.
  • Our IT department spent a long time working on getting some of the features and reports working, with some success, but many reports and features were never fixed after a whole year of working with support. Apparently Netwrix support was responsive, but their fixes often failed to work.
  • My experience with customer support was very negative. I had several instances of emails going unanswered, sometimes but not always because my contact left the company and our account was never handed over appropriately.
  • Technical issues can be time-consuming to diagnose because it's hard to tell if a report is loading slowly, or failing. I don't think this problem is unique to Netwrix, though.
Score 8 out of 10
Vetted Review
Verified User
  • Provides accurate information
  • Easy to generate reports
  • Easy to filter, after initial learning curve
  • Challenging to learn filter options when first using the product
  • Not much video training provided online for the product
  • Could have better training available (additional guides, videos)
Score 9 out of 10
Vetted Review
Verified User
  • Who has done the changes on systems
  • Password lockouts where it will tell you exactly where a person is locking which can be frustrating if it occurs too many times for one user.
  • It can show you things we rarely look at in our environment e.g on Active Directory things like duplicate group policy settings, empty security groups, computers which have not logged in in a long time thus helping you with your computer inventory.
  • Being able to get the actual device a user is locking in from Exchange Server because if a user is found to be locking out from an Exchange Server we have to look at Exchange Server IIS logs and parse through them using other tools like Log Parser looking for wrong password report. We need to use one product and that is Netwrix Auditor.
  • The software could also show when a server was restarted or rebooted.
Glenn Jones | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
  • Netwrix Auditor performs the audit collection process in a method that does not burden the systems it is auditing. It usually just pulls the log and event logs data from the machine it is auditing and then performs the extraction of the information in these files on the Netwrix Auditor server. This reducing the audit processes to only pulling log data from the server but does not keep the server busy processing the data.
  • Once the log data has been pulled from a server being audited, Netwrix will store the log data in a compressed form in its Long Term Archive. This allows the database to be kept smaller than the all the data being kept in the Log Term Archive and therefore makes creating reports much faster since the database is not as big as it could be.
  • Since Netwrix Auditor uses standard Microsoft SQL Server and SQL Server Reporting Services (SSRS) to perform reporting, working with the results of the audit is much easier. Anyone who knows SQL Server and SSRS can work with the data and create their own reports.
  • The predefined reports that come with Netwrix Auditor cover most of the items required to properly report on the status of a system. They have many predefined reports for FedRamp, PCI, HIPPA, and other compliance regulations.
  • Netwrix Auditor needs to improve its loading of Long Term Archive (LTA) data back into the database. I have been trying to load one month of LTA data back into the database for a few months now, but it can take a few days to successfully load just a few weeks of data. I have now started to attempt to load only two weeks of data at a time in the hopes that it will not destroy the data already loaded. I'm still working on this attempt. Netwrix Support told me that the only designed the reloading of LTA to work on a few days worth of data, but I need to be able to possibly seven years of data in the future. They are currently working on a solution to allow me to perform this task.
  • Netwrix needs to simply their database structure so it is easier to create your own reports. If they can't make the database structure any easier, they need to document it much more. The database documentation is very sparse and doesn't really state how you can use the database. There are many items I can find in the database but some items I have just given up on since it can be quite a task to find the data in the database.
  • Netwrix needs to release some form of internal documentation so clients can see what is happening during the audit data collection. I have specialists in certain areas of our systems, such as NetApp file server, ask me how it performs some of the auditing, and all I can say is "I'm not sure, I can ask but they probably won't be able to tell me."
Matt Rogers | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
  • Netwrix Auditor sends out warnings to users when their passwords are close to expiring. This saves us some headache, because if they have any problems with changing their password, we can help them before they get locked out.
  • The notifications for multiple failed logons is a lifesaver. Very useful for spotting suspicious activity!
  • I love the way that you can create your own custom notifications and reports through the "Search" function. You can pick the "What", "Where", and "When" for the event you want to monitor and set up email email reports for them.
  • There is a bit of a learning curve. The interface is fairly intuitive, but I think there is room for improvement.
  • There is a LOT of functionality which can be quite overwhelming at first, but in and of itself, not a bad thing.
  • I think this software would benefit from a "Simple" mode and "Advanced" mode. This would ease the learning curve a bit.
Kyle Reyes | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
  • The reporting features within Netwrix Auditor are by far the best feature, with a wide range of "pre-built" reports. The ability to create/generate your own reports makes it quite easy to look into the various items being monitored in the environment.
  • The set-up & ease of use of Netwrix is hard to match, not to mention the upgrades. To date, we've only had to contact support for one issue and it was an easy fix once we found the detailed information in their Knowledge Base.
  • Automation features within Netwrix help our daily tasks by ensuring we are not having to constantly monitor Netwrix, this is a huge time saver!
  • The only con I have is that sometimes technical support can be a bit delayed in getting back to us for issues, but it is only slightly so not a huge con by any means.
December 01, 2017

Netwrix Saves Time

Jon Gabriel Bolland II | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
  • It alerts us to account lockouts and helped discover a firewall issue on one of our servers. The alerts and single interface have been very helpful.
  • I get a report on expired passwords and accounts which help me keep my directory tidy.
  • We can get access reports on files and folders which let us know when users are trying to access items they are not authorized to.
  • They have a screen capture function that I have never been able to get to work properly. However, I have never called their support on this issue so it is not necessarily a big ding against them. I am only mildly interested in this feature. We have enough network monitoring so I already know what my users are doing I don't need a capture.
Score 4 out of 10
Vetted Review
Verified User
  • Automated alerts for changes to security within AD. It is able to sends alerts for just about any change within AD.
  • Tracing who changed what within AD. This can be found with AD, but Netwrix auditor makes it a lot more simple to find.
  • Enabling less technical people to have access to the auditing and security information that they need to manage the AD security model effectively. This product frees our technical teams from numerous minor requests for audit logs, tracking, investigations etc.
  • Stability is a concern. Despite running this for over one year, we have had issues with processor utilisation on several business critical servers including SQL servers that have meant that we have had to deinstall the product on those servers. No resolution, despite this being logged with the supplier for some 2 months.
  • Support from the US for UK clients is not up to standard, for the cost of the product and the cost of support we expected better. We are reconsidering our use of this product, despite its good level of reporting and automation of alerts.
Return to navigation