From 6f5d4576662e1096b4640e268c132d80797ccda3 Mon Sep 17 00:00:00 2001 From: jake-mahon Date: Thu, 2 Oct 2025 10:16:44 -0400 Subject: [PATCH] Add NAA upgrade workflow articles --- .../access-analyzer-upgrade-workflow-aic.md | 68 ++++++++ ...-analyzer-upgrade-workflow-post-upgrade.md | 48 ++++++ ...-analyzer-upgrade-workflow-preparations.md | 162 ++++++++++++++++++ ...ccess-analyzer-upgrade-workflow-upgrade.md | 62 +++++++ .../access-analyzer-upgrade-workflow.md | 28 +++ 5 files changed, 368 insertions(+) create mode 100644 docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-aic.md create mode 100644 docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-post-upgrade.md create mode 100644 docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-preparations.md create mode 100644 docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-upgrade.md create mode 100644 docs/kb/accessanalyzer/access-analyzer-upgrade-workflow.md diff --git a/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-aic.md b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-aic.md new file mode 100644 index 0000000000..54a0a6c98b --- /dev/null +++ b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-aic.md @@ -0,0 +1,68 @@ +--- +description: Step-by-step instructions for upgrading the Netwrix Access Information Center (AIC), including installation, SSL and SSO configuration, and post-upgrade validation. +keywords: + - Netwrix Access Analyzer + - Access Information Center + - AIC upgrade + - AIC configuration + - SSO + - SSL + - BindingUrl + - AuthAllowWindowsAuthentication + - installation +products: + - access-analyzer +sidebar_label: Upgrading Access Information Center (AIC) +title: Upgrading Access Information Center (AIC) +knowledge_article_id: ka0Qk000000GIqbIAG +--- + +# Upgrading Access Information Center (AIC) + +> **NOTE:** +> - Return to the main workflow page: [Access Analyzer Upgrade Workflow](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow.md). +> - Return to the previous section: [Access Analyzer Upgrade Workflow β€” Post-Upgrade](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-post-upgrade.md). + +## Overview + +This article lists the steps to perform the **Access Information Center (AIC)** upgrade. + +## Upgrade + +Follow these steps: + +1. Download the latest version of **Netwrix AIC** from the [My Products βΈ± Netwrix πŸ‘₯](https://www.netwrix.com/my_products_int.html). + + > **IMPORTANT:** Unblock the installer. In **Properties**, select the **Unblock** checkbox and save the changes. + +2. To upgrade the AIC application to a newer version, run the new `AccessInformationCenter.msi` installer. You do not need to uninstall the existing version. + See the [Install the Access Information Center](https://docs.netwrix.com/docs/accessinformationcenter/12_0/installation/install) topic for additional details. + +3. Hold **Shift**, right-click the latest AIC installer, and select **Copy as path**. In an elevated Command Prompt, paste the path and run it to start installation. +4. Complete the installation. + +## Post-Upgrade + +Follow these steps to complete the AIC upgrade: + +1. If SSL is implemented, update the `BindingUrl` node of the AIC configuration file to use HTTPS. Example: + + ```registry + + ``` + + - If SSO is implemented, update the `AuthAllowWindowsAuthentication` node of the configuration file. Example: + + ```registry + + ``` + + - Default configuration file path: + + ```registry + C:\Program Files\STEALTHbits\Access Information Center + ``` + +2. Have a user with the correct permissions log in to the AIC to confirm operability. +3. Verify the AIC configuration settings match those saved during the preparation phase. +4. Verify that the built-in admin account for the AIC is either disabled or that the password has been changed. diff --git a/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-post-upgrade.md b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-post-upgrade.md new file mode 100644 index 0000000000..19bd1602ed --- /dev/null +++ b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-post-upgrade.md @@ -0,0 +1,48 @@ +--- +description: Final steps for completing the Netwrix Access Analyzer upgrade, including schema updates, settings verification, and published reports validation. +keywords: + - Netwrix Access Analyzer + - Access Analyzer upgrade + - upgrade completion + - File System auditing + - schema update + - Active Directory Inventory + - published reports + - SQL database + - db_owner +products: + - access-analyzer +sidebar_label: Completing Access Analyzer Upgrade +title: Completing Access Analyzer Upgrade +knowledge_article_id: ka0Qk000000GIozIAG +--- + +# Completing Access Analyzer Upgrade + +> **NOTE:** +> - Return to the main workflow page: [Access Analyzer Upgrade Workflow](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow.md). +> - Return to the previous section: [Access Analyzer Upgrade Workflow β€” Upgrade](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-upgrade.md). +> - Proceed to the next section: [Access Analyzer Upgrade Workflow β€” Access Information Center](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-aic.md). + + + +## Overview + +This article lists the steps to complete the **Access Analyzer** upgrade procedure. + +## Instructions + +Follow these steps to finalize the Access Analyzer upgrade: + +1. After the **Netwrix Upgrade Wizard** finishes, open the **Access Analyzer Console**. +2. Verify the global settings match the initial settings. +3. If licensed for File System auditing, run the **File System\0-CreateSchema** job. This updates the schema for the tables, views, and functions used by the rest of the File System solution. +4. Run the **Active Directory Inventory** group from the **Schedules** node to confirm operability. +5. Verify that the published reports configuration matches the backed-up version. If necessary, migrate the `` node from the default configuration path: + + ```registry + %SAInstallDir%Web\WebServer.exe.config + ``` + +6. If you are using Windows authentication to connect to the SQL database, configure the **Netwrix Access Analyzer Web Server** service to log on as a service account with **db_owner** permissions for the Access Analyzer database. +7. Have a user with the appropriate permissions log in to the **Published Reports** site to confirm operability. diff --git a/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-preparations.md b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-preparations.md new file mode 100644 index 0000000000..939381739c --- /dev/null +++ b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-preparations.md @@ -0,0 +1,162 @@ +--- +description: Preparation steps for upgrading Netwrix Access Analyzer, including considerations, reference screenshots, and required file backups. +keywords: + - Netwrix Access Analyzer + - Access Analyzer upgrade + - upgrade preparation + - upgrade considerations + - Azure jobs + - Entra ID + - proxy service + - file backups + - Access Information Center + - SharePoint agent +products: + - access-analyzer +sidebar_label: Preparing for Access Analyzer Upgrade +title: Preparing for Access Analyzer Upgrade +knowledge_article_id: ka0Qk000000GIllIAG +--- + +# Preparing for Access Analyzer Upgrade + +> **NOTE:** Return to the main workflow page here: [Access Analyzer Upgrade Workflow](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow.md). +> Proceed to the next section: [Access Analyzer Upgrade Workflow β€” Upgrade](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-upgrade.md). + +## Overview + +This article lists the steps to prepare for the **Access Analyzer** upgrade procedure. + +## Upgrade Considerations + +Refer to the following points to learn more about the upgrade scope: + +- The **Access Information Center (AIC)** should be upgraded along with Access Analyzer. +- If you run SharePoint on-premises scans, update the **SharePoint agent** on the SharePoint server. +- When upgrading from v11.5 to v11.6, re-schedule all Azure jobs due to the **Entra ID** rebranding. +- When upgrading from v11.5 to v11.6, manually upgrade each proxy service instead of running the **FS_UpdateProxy** job. + +## Reference Screenshots + +Take the following reference screenshots before the upgrade: + +- Installed programs (**Programs and Features**) via Control Panel: + + ```registry + appwiz.cpl + ``` + +- **License** (**Help** > **About**) +- Each of the global **Settings** subnodes +- The **Schedules** node + + > **IMPORTANT:** When upgrading from Access Analyzer v11.5 to v11.6 or later, pay attention to any Azure-related tasks. Recreate these tasks under the new Entra ID naming after the upgrade. + +- The job tree structure with the contents of each module +- Query settings of the **Active Directory Inventory** > **1-AD_Scan** job, including the **Options** page and the **Custom Attributes** page +- Upload the **Active Directory Inventory** > **1-AD_Scan** > **Active Directory Summary** report to Salesforce (**Customer Account** > **Related** > **Notes & Attachments**) + + > **IMPORTANT:** Upload the screenshot to Salesforce β€” **Customer Account** > **Related** > **Notes & Attachments**. + +- Every page of the FSAA, FSAC, SEEK, SPAC, SPAA/SPSEEK scans query settings +- Every page of the AIC settings + +## File Backups + +Create a separate folder named `NEAUpgrade_%date%` to store backup files. Back up the following items: + +- Access Analyzer license file: + + ```registry + %SAInstallDir%StealthAUDIT.lic + ``` + +- Host list definitions: + + ```registry + %SAInstallDir%SADatabase\Views + ``` + +- All connection profiles: + + ```registry + %SAInstallDir%SecurityMap + ``` + +- Global Options/Settings: + + ```registry + %SAInstallDir%GlobalOptions.xml + ``` + +- Connection profiles: + + ```registry + %SAInstallDir%SPProfiles.xml + ``` + +- RBA configuration: + + ```registry + %SAInstallDir%rba.conf + ``` + +- Reporting RBA configuration: + + ```registry + %SAInstallDir%rba-reporting.conf + ``` + +- Published reports configuration: + + ```registry + %SAInstallDir%Web\WebServer.exe.config + ``` + +- Custom SDD criteria: + + ```registry + %SAInstallDir%DC\MyPatternsDef.xml + ``` + +- Configured SDD criteria: + + ```registry + %SAInstallDir%DC\PatternsDef.xml + ``` + +- Customized jobs: + + ```registry + %SAInstallDir%Jobs + ``` + +- Certificates on the server and the ports they are bound to: + + 1. Create an `ssl.txt` file in the `NEAUpgrade_%date%` folder. + 2. Hold **Shift**, right-click the text file, and select **Copy as path**. + 3. In an elevated PowerShell instance, run the following command to save the `netsh` output to the file: + + ```registry + netsh http show ssl > %ssl.txt_location% + ``` + + Example: + + ```registry + netsh http show ssl > "C:\Users\agradmin\Desktop\testfolder\ssl.txt" + ``` + +- AIC configuration: + + - In AIC v11.5: + + ```registry + C:\inetpub\wwwroot\StealthAUDIT Compliance\ + ``` + + - In AIC v11.6: + + ```registry + C:\Program Files\STEALTHbits\Access Information Center + ``` diff --git a/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-upgrade.md b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-upgrade.md new file mode 100644 index 0000000000..4871a5babd --- /dev/null +++ b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-upgrade.md @@ -0,0 +1,62 @@ +--- +description: Step-by-step instructions for upgrading Netwrix Access Analyzer, including the Console, Sensitive Data Discovery add-on, and File System Proxy service. +keywords: + - Netwrix Access Analyzer + - Access Analyzer upgrade + - upgrade console + - Sensitive Data Discovery + - SDD add-on + - File System Proxy + - FSAA Proxy + - upgrade wizard + - Netwrix Customer Portal +products: + - access-analyzer +sidebar_label: Upgrading Access Analyzer +title: Upgrading Access Analyzer +knowledge_article_id: ka0Qk000000GInNIAW +--- + +# Upgrading Access Analyzer + +> **NOTE:** +> - Return to the main workflow page: [Access Analyzer Upgrade Workflow](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow.md) +> - Return to the previous section: [Access Analyzer Upgrade Workflow β€” Preparations](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-preparations.md) +> - Proceed to the next section: [Access Analyzer Upgrade Workflow β€” Post-Upgrade](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-post-upgrade.md) + +## Overview + +This article lists the steps to perform the **Access Analyzer** upgrade. + +## Upgrading Access Analyzer Console + +Follow these steps to upgrade the Access Analyzer Console: + +1. Download the latest version of **Netwrix Access Analyzer Management Platform** from the [My Products βΈ± Netwrix πŸ‘₯](https://www.netwrix.com/my_products_int.html). + + > **IMPORTANT:** Unblock the installer. In **Properties**, select the **Unblock** checkbox and save the changes. + +2. Verify no Access Analyzer jobs are running. Check **Task Manager** > **Details**. +3. Uninstall the Access Analyzer Console either via **Control Panel** or **Apps & Features**. +4. Hold **Shift**, right-click the Console installer, and select **Copy as path**. In an elevated Command Prompt, paste the path and run it to start the installation. +5. Complete the installation and launch the Console instance. This should start the upgrade wizard. + + > **IMPORTANT:** If the upgrade wizard does not start, run the following commands in PowerShell: + ```registry + cd $Env:SAINSTALLDIR + .\StealthAUDIT.EXE /Upgrade + ``` + +6. Review upgrade conflicts. Click **View Conflicts** to review, then select an item in the **Changes** window and click **Undo**. +7. In the **Solution Set Files** tab, click **Advanced**. Verify that the Active Directory solution, File System solution, and any custom solution groups in the job tree are set to **Upgrade in Place**. +8. Proceed with the upgrade wizard to complete setup. + +## Upgrading Sensitive Data Discovery + +> **IMPORTANT:** If licensed and used in your environment, upgrade the SDD Add-on after upgrading the Access Analyzer Console. + +Follow these steps to upgrade the **Sensitive Data Discovery Add-on (SDD):** + +1. Download the latest SDD version from the [My Products βΈ± Netwrix πŸ‘₯](https://www.netwrix.com/my_products_int.html) and transfer the installer to the Access Analyzer Console server. + + > **IMPORTANT:** Unblock the installer. In **Properties**, select the **Un** diff --git a/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow.md b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow.md new file mode 100644 index 0000000000..c96acedfa6 --- /dev/null +++ b/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow.md @@ -0,0 +1,28 @@ +--- +description: Overview of the Netwrix Access Analyzer upgrade workflow with links to preparation, upgrade, post-upgrade, and information center articles. +keywords: + - Netwrix Access Analyzer + - Access Analyzer upgrade + - upgrade workflow + - preparations + - upgrade steps + - post-upgrade + - information center + - Access Analyzer documentation +products: + - access-analyzer +sidebar_label: Access Analyzer Upgrade Workflow Articles +title: Access Analyzer Upgrade Workflow Articles +knowledge_article_id: ka0Qk000000DYiDIAW +--- + +# Access Analyzer Upgrade Workflow Articles + +## Overview + +This article outlines the upgrade workflow for **Netwrix Access Analyzer**. Refer to the following articles for detailed steps: + +1. [Access Analyzer Upgrade Workflow β€” Preparations](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-preparations.md) +2. [Access Analyzer Upgrade Workflow β€” Upgrade](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-upgrade.md) +3. [Access Analyzer Upgrade Workflow β€” Post-Upgrade](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-post-upgrade.md) +4. [Access Analyzer Upgrade Workflow β€” Access Information Center](/docs/kb/accessanalyzer/access-analyzer-upgrade-workflow-aic.md)