Skip to content

Fix Logon Activity permissions doc for Auditor 10.8 #1021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pavelshabanov2025 wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Fix Logon Activity permissions doc for Auditor 10.8 #1021

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 3 additions & 9 deletions docs/auditor/10.8/configuration/logonactivity/permissions/permissions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,23 +12,18 @@ the domain account for data collection.
When selecting the domain account, consider the following:

- If network traffic compression is enabled, the account must belong to the Domain Admins group.
- If network traffic compression is disabled, the account can belong to the Domain Admins group or be a non-administrative account configured with minimum rights (see below).
- If network traffic compression is disabled, the account can belong to the Domain Admins group or be a non-administrative account configured with minimum rights (see [Configure Account to Collect Logon Activity](#configure-account-to-collect-logon-activity)).
- For the data collection account, use a different account than the one Auditor uses to access the database.
- If you use a group Managed Service Account (gMSA), the data collection account must be a member of the local Administrators group on the Netwrix Auditor host.

## Configure Account to Collect Logon Activity

This section explains how to configure an account to collect Logon Activity with
minimum rights assignment. The following instructions apply only if you plan to create a monitoring
plan with network traffic compression disabled and don't want to adjust audit settings
automatically.
minimum rights. These instructions apply only if you disable network traffic compression in the
monitoring plan and don't want to automatically adjust audit settings.

**NOTE:** If the account is a member of the Domain Admins group, you can skip these steps.

Before creating an account, grant the _Read_ permission on the SECURITY registry key
`(HKEY_LOCAL_MACHINE\SECURITY)` for an admin account under which you will make changes in Group
Policy.

**Step 1 –** Create a domain user with the following privileges:

- Back up files and directories. See the
Expand All @@ -42,7 +37,6 @@ Policy.

**Step 2 –** Grant the _Read_ permission on the following registry keys to this user:

- `HKEY_LOCAL_MACHINE\SECURITY\Policy\PolAdtEv`
- `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg`
- `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security`

Expand Down
Loading