netwrix · jake-mahon-netwrix · Nov 12, 2025 · Nov 12, 2025
@@ -26,7 +26,7 @@ This article outlines the process for installing or updating a certificate to pr
 
   > **IMPORTANT:** The Certification Authority's post-deployment configuration must be completed after installing both prerequisite roles.
 
-  ![Certification Authority post-deployment configuration dialog with required options visible](./images/servlet_image_22726c8e5cb9.png)
+  ![Certification Authority post-deployment configuration dialog with required options visible](../../images/servlet_image_22726c8e5cb9.png)
 
 - The domain must have the **Enrollment Policy** set to enable automatic enrollment and renewal. The **Certificate Enrollment Policy** for user and computer certificates is configured in the **Group Policy** snap-in under **Default Domain Policy** (or another group policy applied to all systems that will access an NPS server on a group-by-group basis). To configure this:
 
@@ -40,28 +40,28 @@ This article outlines the process for installing or updating a certificate to pr
 > **NOTE:** If you already have a certificate to install, you can skip to the **Adding the Certificate to Each SbPAM Proxy Server** section below.
 
 1. Open **Certification Authority**, open your CA, right-click **Certificate Templates**, and click **Manage**.  
-   ![Certification Authority console with Certificate Templates context menu open](./images/servlet_image_ebb3b2e4c66a.png)
+   ![Certification Authority console with Certificate Templates context menu open](../../images/servlet_image_ebb3b2e4c66a.png)
 
 2. In the **Certificate Templates Console**, right-click **Workstation Authentication**, and click **Duplicate Template**.  
-   ![Certificate Templates Console with Duplicate Template option highlighted](./images/servlet_image_e3eecaa55357.png)
+   ![Certificate Templates Console with Duplicate Template option highlighted](../../images/servlet_image_e3eecaa55357.png)
 
 3. On the **General** tab, change the name to **Client-Server Authentication** and enable the **Publish certificate in Active Directory** checkbox.  
-   ![General tab of template properties with name and publish option highlighted](./images/servlet_image_35245db9daa9.png)
+   ![General tab of template properties with name and publish option highlighted](../../images/servlet_image_35245db9daa9.png)
 
 4. On the **Subject Name** tab, enable the **Supply in the request** radio button.  
-   ![Subject Name tab with Supply in the request option selected](./images/servlet_image_2b1a501d40fd.png)
+   ![Subject Name tab with Supply in the request option selected](../../images/servlet_image_2b1a501d40fd.png)
 
 5. On the **Extensions** tab, select **Application Policies** and click **Edit**. Click **Add**, then select **Server Authentication**. Click **OK** until you return to the **Properties of New Template** dialog.  
-   ![Extensions tab with Application Policies and Server Authentication highlighted](./images/servlet_image_9ccee298858e.png)
+   ![Extensions tab with Application Policies and Server Authentication highlighted](../../images/servlet_image_9ccee298858e.png)
 
 6. On the **Security** tab, select **Domain Computers** and enable the checkbox to allow **Autoenroll**. Click **OK** and then close the Certificate Templates Console.  
-   ![Security tab with Domain Computers and Autoenroll option checked](./images/servlet_image_d2bd2889a956.png)
+   ![Security tab with Domain Computers and Autoenroll option checked](../../images/servlet_image_d2bd2889a956.png)
 
 7. Back in **Certification Authority**, right-click **Certificate Templates**, hover over **New**, and click **Certificate Template to Issue**.  
-   ![Certification Authority with Certificate Template to Issue option highlighted](./images/servlet_image_4e7a38bb30d6.png)
+   ![Certification Authority with Certificate Template to Issue option highlighted](../../images/servlet_image_4e7a38bb30d6.png)
 
 8. Select **Client-Server Authentication** and click **OK**.  
-   ![Certificate Template selection dialog with Client-Server Authentication selected](./images/servlet_image_d8afec47d2b9.png)
+   ![Certificate Template selection dialog with Client-Server Authentication selected](../../images/servlet_image_d8afec47d2b9.png)
 
 9. On the desktop, create a text file named **request.inf** with the following content (replace the **red** text with your server certificate name):
 
@@ -96,44 +96,44 @@ This article outlines the process for installing or updating a certificate to pr
     certreq -new request.inf rdp.csr
     ```
 
-    ![Command Prompt showing certreq command execution](./images/servlet_image_117381e3f99f.png)
+    ![Command Prompt showing certreq command execution](../../images/servlet_image_117381e3f99f.png)
 
 11. To sign the certificate request, use your preferred signing mechanism. The following example uses Active Directory Certificate Services (`https://<servername>/certsrv`).  
-    ![Certificate Services web enrollment home page](./images/servlet_image_c706e5610294.png) ![Certificate Services advanced certificate request page](./images/servlet_image_0f3e849ec385.png)
+    ![Certificate Services web enrollment home page](../../images/servlet_image_c706e5610294.png) ![Certificate Services advanced certificate request page](../../images/servlet_image_0f3e849ec385.png)
 
     Click **Request a certificate**, then click **advanced certificate request**.
 
 12. Open the saved certificate signing request (**rdp.csr**) from the previous step in Notepad. Copy the certificate request into the **Saved Request** field. Select **Client-Server Authentication** from the **Certificate Template** dropdown. Click **Submit**.  
-    ![Certificate request submission form with fields filled](./images/servlet_image_21d63c042bef.png)
+    ![Certificate request submission form with fields filled](../../images/servlet_image_21d63c042bef.png)
 
     Leave other settings at default values, and click **Submit**.
 
 13. Select **DER encoded** and click **Download certificate**.  
-    ![Certificate download page with DER encoded option selected](./images/servlet_image_ff7ee6960cb2.png)
+    ![Certificate download page with DER encoded option selected](../../images/servlet_image_ff7ee6960cb2.png)
 
 14. Open the downloaded certificate and select **Install Certificate**. Proceed with all default values and complete the wizard.  
-    ![Certificate installation wizard with default options](./images/servlet_image_9751657fe7cd.png)
+    ![Certificate installation wizard with default options](../../images/servlet_image_9751657fe7cd.png)
 
 15. To export the certificate, view certificates for the current user by launching **certmgr.msc** using the Windows **Run** menu.  
-    ![Windows Run dialog with certmgr.msc entered](./images/servlet_image_f5c0eb62aa44.png)
+    ![Windows Run dialog with certmgr.msc entered](../../images/servlet_image_f5c0eb62aa44.png)
 
     Right-click the installed certificate (the certificate using the **Client-Server Authentication** template) and click **Export...**.  
-    ![Certificate export context menu](./images/servlet_image_4f237c8e6acb.png)
+    ![Certificate export context menu](../../images/servlet_image_4f237c8e6acb.png)
 
 16. In the **Certificate Export Wizard**, change the **Export Private Key** option to **Yes, export the private key**.  
-    ![Certificate Export Wizard with Export Private Key option selected](./images/servlet_image_9a7649f21943.png)
+    ![Certificate Export Wizard with Export Private Key option selected](../../images/servlet_image_9a7649f21943.png)
 
 17. For **Export File Format**, select **Personal Information Exchange - PKCS #12 (.PFX)**. Select the following checkboxes:
 
     - Include all certificates in the certification path if possible
     - Enable certificate privacy
 
-    ![Export File Format options with PKCS #12 and checkboxes selected](./images/servlet_image_491abdc2366b.png)
+    ![Export File Format options with PKCS #12 and checkboxes selected](../../images/servlet_image_491abdc2366b.png)
 
 18. For **Security**, enter a password of your choosing and select the AES256-SHA256 encryption option (3DES is no longer recommended by NIST).
 
     > **IMPORTANT:** For **File to Export**, the file name **must** be **rdp.pfx**. If it is named anything else, importing the .pfx file on each proxy server will not work.  
-    ![Export dialog with rdp.pfx file name entered](./images/servlet_image_808a1a23eec9.png)
+    ![Export dialog with rdp.pfx file name entered](../../images/servlet_image_808a1a23eec9.png)
 
 19. This certificate can now be imported to each SbPAM Proxy Server.
 
@@ -149,6 +149,7 @@ This article outlines the process for installing or updating a certificate to pr
    "C:\Program Files\Stealthbits\PAM\ProxyService\sbpam-proxy.exe" ca import -p [PATH]\rdp.pfx
    ```
 
-   ![Command Prompt showing sbpam-proxy.exe ca import command](./images/servlet_image_07c7409683d2.png)
+   ![Command Prompt showing sbpam-proxy.exe ca import command](../../images/servlet_image_07c7409683d2.png)
+
+3. The new certificate has now been imported to an SbPAM Proxy Server. Repeat this process for all SbPAM Proxy Servers if using more than one. (The default installation of SbPAM uses one proxy service on the SbPAM server itself; however, additional proxy services can be distributed.)
 
-3. The new certificate has now been imported to an SbPAM Proxy Server. Repeat this process for all SbPAM Proxy Servers if using more than one. (The default installation of SbPAM uses one proxy service on the SbPAM server itself; however, additional proxy services can be distributed.)
@@ -87,7 +87,7 @@ There are Group Policy settings used to filter the origin of WinRM requests via
 
 Learn more about the **Allow remote server management through WinRM** Group Policy setting in [Configure Remote Management in Server Manager − Enabling or Disabling Remote Management ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/windows-server/administration/server-manager/configure-remote-management-in-server-manager#enabling-or-disabling-remote-management).
 
-![Windows Group Policy: Allow remote server management through WinRM](./images/servlet_image_16fc9e2e2432.png)
+![Windows Group Policy: Allow remote server management through WinRM](../../images/servlet_image_16fc9e2e2432.png)
 
 ### Allow full control to Remote Management Users
 
@@ -132,4 +132,5 @@ The output indicates that the credentials used can run remote PowerShell command
 
 ## Related articles
 
-[Configure Remote Management in Server Manager − Enabling or Disabling Remote Management ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/windows-server/administration/server-manager/configure-remote-management-in-server-manager#enabling-or-disabling-remote-management)
+[Configure Remote Management in Server Manager − Enabling or Disabling Remote Management ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/windows-server/administration/server-manager/configure-remote-management-in-server-manager#enabling-or-disabling-remote-management)
+
@@ -24,10 +24,13 @@ knowledge_article_id: kA00g000000H9SmCAK
 
 This article contains references to the most popular Active Directory, Exchange, and Group Policy changes which may be reported as made by **System** by Netwrix Auditor:
 
-- [Alert Reported Change Made by System](/docs/kb/auditor/alert-reported-change-made-by-system.md).
+- [Alert Reported Change Made by System](/docs/kb/auditor/reports-alerts-and-notifications/report-generation/alert-reported-change-made-by-system.md).
 - [System Changed Object Path after Account Name Change](/docs/kb/auditor/system-changed-object-path-after-account-name-change.md).
 - [System Changed Client Operating System](/docs/kb/auditor/system-changed-client-operating-system.md).
 - [System Changed Directory Objects for Foreign Security Principals](/docs/kb/auditor/system-changed-directory-objects-for-foreign-security-principals.md).
 - [Workstation Field Reported as Unknown](/docs/kb/auditor/workstation-field-reported-as-unknown.md)
 - [Duplicate Configuration and Schema Changes for All Monitored Domains in Forest Made by System](/docs/kb/auditor/duplicate-configuration-and-schema-changes-for-all-monitored-domains-in-forest-made-by-system.md).
 - [System Changed Service Principle Name Attribute](/docs/kb/auditor/system-changed-service-principle-name-attribute.md).
+
+
+
@@ -38,10 +38,12 @@ The Netwrix Active Directory Object Restore tool recovers removed Active Directo
 
 The account used for recovery and restore is the same account used for data collection in your Netwrix Auditor Active Directory monitoring plan.
 
-<div>![Active](images/servlet_image_3823966b1661.png)</div>
+<div>![Active](../../../images/servlet_image_3823966b1661.png)</div>
 
 > **NOTE:** This tool should **NOT** be used to revert the changes caused by raising the forest functional level. For additional information, refer to the following article: Object Restore for Active Directory.
 
 ## Related Link
 
 - Object Restore for Active Directory
+
+
@@ -58,11 +58,11 @@ Refer to the following steps to exclude OUs and user objects from the monitoring
 2. Select the relevant AD monitoring plan and click **Edit**.
 3. Select the data source and click **Edit data source**.
 
-![Edit data source](./images/ka0Qk000000EIjS_0EMQk00000661ik.png)
+![Edit data source](../../../images/ka0Qk000000EIjS_0EMQk00000661ik.png)
 
 4. In the left pane, select the **Objects** tab. Select the **Exclude these objects** checkbox, then click **Add** to exclude objects from the monitoring scope. After adding the objects, click **Save & Close**.
 
-![Exclude these objects](./images/ka0Qk000000EIjS_0EMQk000005FPXt.png)
+![Exclude these objects](../../../images/ka0Qk000000EIjS_0EMQk000005FPXt.png)
 
 Refer to the following examples to learn about how the exclusion rules work for **Objects**. The same logic applies to the inclusion rules:
 
@@ -99,3 +99,5 @@ To exclude specific Entra ID users from the license count, populate the `omitUPN
 - [Determining the Number of Enabled Microsoft Entra ID Accounts](/docs/kb/auditor/determining-the-number-of-enabled-microsoft-entra-id-accounts.md)
 - [Active Directory Monitoring Scope](https://docs.netwrix.com/docs/auditor/10_8)
 - [Microsoft Entra ID Monitoring Scope](https://docs.netwrix.com/docs/auditor/10_8)
+
+
@@ -47,5 +47,8 @@ After that, the **Netwrix Auditor Application Deployment Service** appears on th
 
 ### Related Articles
 
-- [How to Investigate Compression Services Errors](/docs/kb/auditor/how-to-investigate-compression-services-errors.md)
+- [How to Investigate Compression Services Errors](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/how-to-investigate-compression-services-errors.md)
 - [Windows File Servers — Enable Remote Registry Service — v10.8.](https://docs.netwrix.com/docs/auditor/10_8/configuration/fileservers/windows/remoteregistryservice)
+
+
+
@@ -42,5 +42,8 @@ The licensing data was corrupted.
 ## Resolution
 
 - In case you've encountered the issue after a recent upgrade, wait for 24 hours to see if the issue is resolved on its own.
-- Reapply the license file. Refer to the following article for additional information: [How to Apply Netwrix Auditor License](/docs/kb/auditor/how-to-apply-netwrix-auditor-license.md).
+- Reapply the license file. Refer to the following article for additional information: [How to Apply Netwrix Auditor License](/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md).
 - In case reapplying the license did not help, contact [Netwrix Technical Support](https://www.netwrix.com/open_a_ticket.html).
+
+
+
@@ -59,4 +59,7 @@ If you are currently on a 10.5 version and build other than 10950, perform the p
 
 ## Related articles
 
-- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/how-to-upgrade-netwrix-auditor.md)
+- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md)
+
+
+
@@ -52,7 +52,7 @@ Enable all symbolic link types.
 
     Once executed, you'll see the settings for symbolic links (enabled or disabled).
 
-    ![SymlinkEvaluation output](images/servlet_image_3823966b1661.png)
+    ![SymlinkEvaluation output](../../../images/servlet_image_3823966b1661.png)
 
 2. To enable a symlink type, run the following command:
 
@@ -63,3 +63,5 @@ Enable all symbolic link types.
     The `R2L:1` stands for remote-to-local enabled. You can change `R` to `L` and vice versa to enable the disabled symlink.
 
 Learn more about fsutil syntax in the Microsoft documentation: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior (fsutil behavior ⸱ Microsoft)
+
+
@@ -32,8 +32,10 @@ The **Volume Shadow Copy Service** (hereafter **VSS**) can be enabled via **Netw
 1. Navigate to **Managed Objects -> your_File_Servers_Managed_Object_name -> File Servers.**
 2. Click **Configure** next to **Advanced Settings** and select the **Enable file versioning and rollback capabilities (based on Volume Shadow Copy).**
 
-![User-added image](images/ka04u000000HcNV_0EM700000007LkF.png)
+![User-added image](../../../images/ka04u000000HcNV_0EM700000007LkF.png)
 
 ## Where Shadow Copy data is stored
 
 The **Shadow Copy** data is stored on the audited file server. **VSS** is a built-in **Windows** service, and when you enable the VSS support, **Netwrix Auditor** just triggers creation of a snapshot. If you have not configured **VSS**, you may want to turn it off (especially if you do not have enough space on that server). To know precisely where the **Shadow Copy** data is stored, refer to the **Shadow Copy** information on the drive volume.
+
+
@@ -33,7 +33,7 @@ This attribute is based on the user’s logon ID within the current session. Bei
 
 Session IDs are used to identify changes made by users with unique logon ID's. Session IDs are a combination of both the logon ID itself and the current session associated with this logon ID, to help identifying who made the change. Thus, session ID can be changed due to the fact that Netwrix would count that as a separate activity record too.
 
-![User-added image](images/ka0Qk0000001OrV_0EMQk000002Tph8.png)
+![User-added image](../../../images/ka0Qk0000001OrV_0EMQk000002Tph8.png)
 
 In addition, Netwrix Auditor generates the following attribute besides Session ID, associated with the object and reserved for internal use:
 
@@ -44,3 +44,5 @@ Since the product associates Session IDs with the current session of the user, t
 ### Related Article
 
 - [How Does Merging Logon Activity Events Work?](/docs/kb/auditor/how-does-merging-logon-activity-events-work.md)
+
+
@@ -23,7 +23,7 @@ knowledge_article_id: kA00g000000H9YCCA0
 
 During installation of NetWrix Account Lockout Examiner on **Windows 2003**, a "Service 'NetWrix Account Lockout Examiner' (ALService) failed to start" message is received that the service cannot be started due to insufficient permissions. The account in use is a domain admin.
 
-![User-added image](images/ka04u000000HcRH_0EM700000004wmJ.png)
+![User-added image](../../../images/ka04u000000HcRH_0EM700000004wmJ.png)
 
 ## Cause
 
@@ -39,3 +39,5 @@ Also:
 1. Verify that the account specified during installation is a local admin.
 2. Check that there are no restrictive policies for this account to run services.
 3. Try entering another local admin or domain admin account during the installation.
+
+
@@ -38,7 +38,7 @@ You can manually delete the Service and its components. For that:
 
 1. Open the **Services** snap-in and open properties of the problematic service.
 2. Copy the full name of the service and the path to executable, for example, to a **Notepad** document.  
-   ![User-added image](images/ka0Qk0000001hxN_0EMQk000002u2KX.png)
+   ![User-added image](../../../images/ka0Qk0000001hxN_0EMQk000002u2KX.png)
 3. Run the command prompt as administrator and run the following command:
 
    ```bat
@@ -47,3 +47,5 @@ You can manually delete the Service and its components. For that:
 
    where the `<service_name>` is the full name of the service you copied on the step 2.
 4. After that, navigate to the file path you copied earlier and delete all the files.
+
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -59,4 +59,7 @@ If you are currently on a 10.5 version and build other than 10950, perform the p

		## Related articles

		- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/how-to-upgrade-netwrix-auditor.md)
		- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md)