diff --git a/docs/kb/1secure/configure_proxy_for_rdp_connections_(installupdate_certificate_to_prevent_rdp_certificate_warnings).md b/docs/kb/1secure/configure_proxy_for_rdp_connections_(installupdate_certificate_to_prevent_rdp_certificate_warnings).md index 2a2babe083..d3ab4953e0 100644 --- a/docs/kb/1secure/configure_proxy_for_rdp_connections_(installupdate_certificate_to_prevent_rdp_certificate_warnings).md +++ b/docs/kb/1secure/configure_proxy_for_rdp_connections_(installupdate_certificate_to_prevent_rdp_certificate_warnings).md @@ -25,7 +25,7 @@ This article outlines the process for installing or updating a certificate to pr > **IMPORTANT:** The Certification Authority's post-deployment configuration must be completed after installing both prerequisite roles. - ![Certification Authority post-deployment configuration dialog with required options visible](../../images/servlet_image_22726c8e5cb9.png) + ![Certification Authority post-deployment configuration dialog with required options visible](./images/servlet_image_22726c8e5cb9.png) - The domain must have the **Enrollment Policy** set to enable automatic enrollment and renewal. The **Certificate Enrollment Policy** for user and computer certificates is configured in the **Group Policy** snap-in under **Default Domain Policy** (or another group policy applied to all systems that will access an NPS server on a group-by-group basis). To configure this: @@ -39,28 +39,28 @@ This article outlines the process for installing or updating a certificate to pr > **NOTE:** If you already have a certificate to install, you can skip to the **Adding the Certificate to Each SbPAM Proxy Server** section below. 1. Open **Certification Authority**, open your CA, right-click **Certificate Templates**, and click **Manage**. - ![Certification Authority console with Certificate Templates context menu open](../../images/servlet_image_ebb3b2e4c66a.png) + ![Certification Authority console with Certificate Templates context menu open](./images/servlet_image_ebb3b2e4c66a.png) 2. In the **Certificate Templates Console**, right-click **Workstation Authentication**, and click **Duplicate Template**. - ![Certificate Templates Console with Duplicate Template option highlighted](../../images/servlet_image_e3eecaa55357.png) + ![Certificate Templates Console with Duplicate Template option highlighted](./images/servlet_image_e3eecaa55357.png) 3. On the **General** tab, change the name to **Client-Server Authentication** and enable the **Publish certificate in Active Directory** checkbox. - ![General tab of template properties with name and publish option highlighted](../../images/servlet_image_35245db9daa9.png) + ![General tab of template properties with name and publish option highlighted](./images/servlet_image_35245db9daa9.png) 4. On the **Subject Name** tab, enable the **Supply in the request** radio button. - ![Subject Name tab with Supply in the request option selected](../../images/servlet_image_2b1a501d40fd.png) + ![Subject Name tab with Supply in the request option selected](./images/servlet_image_2b1a501d40fd.png) 5. On the **Extensions** tab, select **Application Policies** and click **Edit**. Click **Add**, then select **Server Authentication**. Click **OK** until you return to the **Properties of New Template** dialog. - ![Extensions tab with Application Policies and Server Authentication highlighted](../../images/servlet_image_9ccee298858e.png) + ![Extensions tab with Application Policies and Server Authentication highlighted](./images/servlet_image_9ccee298858e.png) 6. On the **Security** tab, select **Domain Computers** and enable the checkbox to allow **Autoenroll**. Click **OK** and then close the Certificate Templates Console. - ![Security tab with Domain Computers and Autoenroll option checked](../../images/servlet_image_d2bd2889a956.png) + ![Security tab with Domain Computers and Autoenroll option checked](./images/servlet_image_d2bd2889a956.png) 7. Back in **Certification Authority**, right-click **Certificate Templates**, hover over **New**, and click **Certificate Template to Issue**. - ![Certification Authority with Certificate Template to Issue option highlighted](../../images/servlet_image_4e7a38bb30d6.png) + ![Certification Authority with Certificate Template to Issue option highlighted](./images/servlet_image_4e7a38bb30d6.png) 8. Select **Client-Server Authentication** and click **OK**. - ![Certificate Template selection dialog with Client-Server Authentication selected](../../images/servlet_image_d8afec47d2b9.png) + ![Certificate Template selection dialog with Client-Server Authentication selected](./images/servlet_image_d8afec47d2b9.png) 9. On the desktop, create a text file named **request.inf** with the following content (replace the **red** text with your server certificate name): @@ -95,44 +95,44 @@ This article outlines the process for installing or updating a certificate to pr certreq -new request.inf rdp.csr ``` - ![Command Prompt showing certreq command execution](../../images/servlet_image_117381e3f99f.png) + ![Command Prompt showing certreq command execution](./images/servlet_image_117381e3f99f.png) 11. To sign the certificate request, use your preferred signing mechanism. The following example uses Active Directory Certificate Services (`https:///certsrv`). - ![Certificate Services web enrollment home page](../../images/servlet_image_c706e5610294.png) ![Certificate Services advanced certificate request page](../../images/servlet_image_0f3e849ec385.png) + ![Certificate Services web enrollment home page](./images/servlet_image_c706e5610294.png) ![Certificate Services advanced certificate request page](./images/servlet_image_0f3e849ec385.png) Click **Request a certificate**, then click **advanced certificate request**. 12. Open the saved certificate signing request (**rdp.csr**) from the previous step in Notepad. Copy the certificate request into the **Saved Request** field. Select **Client-Server Authentication** from the **Certificate Template** dropdown. Click **Submit**. - ![Certificate request submission form with fields filled](../../images/servlet_image_21d63c042bef.png) + ![Certificate request submission form with fields filled](./images/servlet_image_21d63c042bef.png) Leave other settings at default values, and click **Submit**. 13. Select **DER encoded** and click **Download certificate**. - ![Certificate download page with DER encoded option selected](../../images/servlet_image_ff7ee6960cb2.png) + ![Certificate download page with DER encoded option selected](./images/servlet_image_ff7ee6960cb2.png) 14. Open the downloaded certificate and select **Install Certificate**. Proceed with all default values and complete the wizard. - ![Certificate installation wizard with default options](../../images/servlet_image_9751657fe7cd.png) + ![Certificate installation wizard with default options](./images/servlet_image_9751657fe7cd.png) 15. To export the certificate, view certificates for the current user by launching **certmgr.msc** using the Windows **Run** menu. - ![Windows Run dialog with certmgr.msc entered](../../images/servlet_image_f5c0eb62aa44.png) + ![Windows Run dialog with certmgr.msc entered](./images/servlet_image_f5c0eb62aa44.png) Right-click the installed certificate (the certificate using the **Client-Server Authentication** template) and click **Export...**. - ![Certificate export context menu](../../images/servlet_image_4f237c8e6acb.png) + ![Certificate export context menu](./images/servlet_image_4f237c8e6acb.png) 16. In the **Certificate Export Wizard**, change the **Export Private Key** option to **Yes, export the private key**. - ![Certificate Export Wizard with Export Private Key option selected](../../images/servlet_image_9a7649f21943.png) + ![Certificate Export Wizard with Export Private Key option selected](./images/servlet_image_9a7649f21943.png) 17. For **Export File Format**, select **Personal Information Exchange - PKCS #12 (.PFX)**. Select the following checkboxes: - Include all certificates in the certification path if possible - Enable certificate privacy - ![Export File Format options with PKCS #12 and checkboxes selected](../../images/servlet_image_491abdc2366b.png) + ![Export File Format options with PKCS #12 and checkboxes selected](./images/servlet_image_491abdc2366b.png) 18. For **Security**, enter a password of your choosing and select the AES256-SHA256 encryption option (3DES is no longer recommended by NIST). > **IMPORTANT:** For **File to Export**, the file name **must** be **rdp.pfx**. If it is named anything else, importing the .pfx file on each proxy server will not work. - ![Export dialog with rdp.pfx file name entered](../../images/servlet_image_808a1a23eec9.png) + ![Export dialog with rdp.pfx file name entered](./images/servlet_image_808a1a23eec9.png) 19. This certificate can now be imported to each SbPAM Proxy Server. @@ -148,7 +148,7 @@ This article outlines the process for installing or updating a certificate to pr "C:\Program Files\Stealthbits\PAM\ProxyService\sbpam-proxy.exe" ca import -p [PATH]\rdp.pfx ``` - ![Command Prompt showing sbpam-proxy.exe ca import command](../../images/servlet_image_07c7409683d2.png) + ![Command Prompt showing sbpam-proxy.exe ca import command](./images/servlet_image_07c7409683d2.png) 3. The new certificate has now been imported to an SbPAM Proxy Server. Repeat this process for all SbPAM Proxy Servers if using more than one. (The default installation of SbPAM uses one proxy service on the SbPAM server itself; however, additional proxy services can be distributed.) diff --git a/docs/kb/1secure/troubleshoot_failed_action_service_connections_to_windows_resources_(psremotingwinrm).md b/docs/kb/1secure/troubleshoot_failed_action_service_connections_to_windows_resources_(psremotingwinrm).md index 04517ada71..829792ed3b 100644 --- a/docs/kb/1secure/troubleshoot_failed_action_service_connections_to_windows_resources_(psremotingwinrm).md +++ b/docs/kb/1secure/troubleshoot_failed_action_service_connections_to_windows_resources_(psremotingwinrm).md @@ -86,7 +86,7 @@ There are Group Policy settings used to filter the origin of WinRM requests via Learn more about the **Allow remote server management through WinRM** Group Policy setting in [Configure Remote Management in Server Manager − Enabling or Disabling Remote Management ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/windows-server/administration/server-manager/configure-remote-management-in-server-manager#enabling-or-disabling-remote-management). -![Windows Group Policy: Allow remote server management through WinRM](../../images/servlet_image_16fc9e2e2432.png) +![Windows Group Policy: Allow remote server management through WinRM](./images/servlet_image_16fc9e2e2432.png) ### Allow full control to Remote Management Users diff --git a/docs/kb/accessanalyzer/access-information-center-not-reporting-attribute-changes.md b/docs/kb/accessanalyzer/access-information-center-not-reporting-attribute-changes.md index 691e363aa6..00541902bc 100644 --- a/docs/kb/accessanalyzer/access-information-center-not-reporting-attribute-changes.md +++ b/docs/kb/accessanalyzer/access-information-center-not-reporting-attribute-changes.md @@ -37,7 +37,7 @@ Ensure that differential scans for AD Inventory are enabled and running. This wi - To enable differential scanning of AD Inventory, enable the **Collect only updates since the last scan** option in the query configuration as shown below: - ![Collect only updates since the last scan](images/servlet_image_bd5be116677a.png) + ![Collect only updates since the last scan](./images/servlet_image_bd5be116677a.png) - For further information on customizing the `AD > 1-AD_Scan` job, please visit: https://docs.netwrix.com/docs/auditor/10_8 diff --git a/docs/kb/accessanalyzer/access-information-center-requiring-domain-prefix-to-log-in-to-web-page.md b/docs/kb/accessanalyzer/access-information-center-requiring-domain-prefix-to-log-in-to-web-page.md index e0adb904bb..1c31d4799e 100644 --- a/docs/kb/accessanalyzer/access-information-center-requiring-domain-prefix-to-log-in-to-web-page.md +++ b/docs/kb/accessanalyzer/access-information-center-requiring-domain-prefix-to-log-in-to-web-page.md @@ -26,12 +26,12 @@ knowledge_article_id: kA0Qk0000001jO5KAI ## Symptom You receive the following error when Domain Prefix is required for log-in: -![image (14).png](images/ka0Qk000000DXNx_00N0g000004CA0p_0EMQk00000AGwf1.png) +![image (14).png](./images/ka0Qk000000DXNx_00N0g000004CA0p_0EMQk00000AGwf1.png) ## Cause Due to the change from IIS to a new web server, subdomain users will now need to include their domain prefix before their username when logging in. -![Login prompt showing username field with domain prefix required.](images/ka0Qk000000DXNx_00N0g000004CA0p_0EMQk000009d2RO.png) +![Login prompt showing username field with domain prefix required.](./images/ka0Qk000000DXNx_00N0g000004CA0p_0EMQk000009d2RO.png) > **NOTE:** You can create a more uniform and consistent log-in experience across all domains connected to the AIC by leaving it as is and requiring the domain prefix. diff --git a/docs/kb/accessanalyzer/active-directory-permissions-analyzer-reports-are-outdated.md b/docs/kb/accessanalyzer/active-directory-permissions-analyzer-reports-are-outdated.md index b0a442f560..17c3073870 100644 --- a/docs/kb/accessanalyzer/active-directory-permissions-analyzer-reports-are-outdated.md +++ b/docs/kb/accessanalyzer/active-directory-permissions-analyzer-reports-are-outdated.md @@ -27,7 +27,7 @@ knowledge_article_id: kA04u000000HDhRCAW Old data in the Active Directory Permissions Analyzer **(ADPA)** reports from deprecated Domains. Example of the incorrect data: -![Chart Description automatically generated](images/ka04u000000HdDV_0EM4u0000084aiy.png) +![Chart Description automatically generated](./images/ka04u000000HdDV_0EM4u0000084aiy.png) ## Cause @@ -41,28 +41,28 @@ To do so you can follow the steps below. 1. Create a new Job in the Netwrix Auditor console: right click the **Jobs Node** in the left-hand window and select **Create Job**: - ![Graphical user interface, application Description automatically generated](images/ka04u000000HdDV_0EM4u0000084aiz.png) + ![Graphical user interface, application Description automatically generated](./images/ka04u000000HdDV_0EM4u0000084aiz.png) Select the **Local host** in the jobs host list: - ![Graphical user interface, application Description automatically generated](images/ka04u000000HdDV_0EM4u0000084aj0.png) + ![Graphical user interface, application Description automatically generated](./images/ka04u000000HdDV_0EM4u0000084aj0.png) 2. Click on the **Create Query**: - ![Graphical user interface, application, Word Description automatically generated](images/ka04u000000HdDV_0EM4u0000084aj1.png) + ![Graphical user interface, application, Word Description automatically generated](./images/ka04u000000HdDV_0EM4u0000084aj1.png) 3. Configure the jobs query Properties. Under the **Data Sources** tab, select the **ADPERMISSIONS** option from the dropdown menu then click on **Configure**. - ![Graphical user interface, application, Word Description automatically generated](images/ka04u000000HdDV_0EM4u0000084aj2.png) + ![Graphical user interface, application, Word Description automatically generated](./images/ka04u000000HdDV_0EM4u0000084aj2.png) Select **Remove Tables** and click **Next**: - ![Graphical user interface, text, application, email Description automatically generated](images/ka04u000000HdDV_0EM4u0000084aj3.png) + ![Graphical user interface, text, application, email Description automatically generated](./images/ka04u000000HdDV_0EM4u0000084aj3.png) Check the Results option: Click **Next** → **Finish** → **Ok**. - ![Graphical user interface, text, application Description automatically generated](images/ka04u000000HdDV_0EM4u0000084aj4.png) + ![Graphical user interface, text, application Description automatically generated](./images/ka04u000000HdDV_0EM4u0000084aj4.png) 4. Now run the new Job. diff --git a/docs/kb/accessanalyzer/collecting-ad-summary.md b/docs/kb/accessanalyzer/collecting-ad-summary.md index bf924c7e07..d113950c94 100644 --- a/docs/kb/accessanalyzer/collecting-ad-summary.md +++ b/docs/kb/accessanalyzer/collecting-ad-summary.md @@ -31,9 +31,9 @@ Licensing of Netwrix Access Analyzer is based on the quantity of enabled AD user To find this data: 1. Ensure **.Active Directory Inventory** has recently run or run now. Navigate to **Jobs** > **.Active Directory Inventory** > **1-AD_Scan** and click **Run Now** - ![Group_001.png](images/ka0Qk000000Dl4L_0EM4u000008M8wx.png) + ![Group_001.png](./images/ka0Qk000000Dl4L_0EM4u000008M8wx.png) 2. Navigate to **Jobs** > **.Active Directory Inventory** > **1-AD_Scan** > **Results** > **Active Directory Summary** 3. Take a screenshot or otherwise capture the values displayed in **Total Users** and **Disabled Users** - ![Group_002.png](images/ka0Qk000000Dl4L_0EM4u000008M8x2.png) + ![Group_002.png](./images/ka0Qk000000Dl4L_0EM4u000008M8x2.png) diff --git a/docs/kb/accessanalyzer/console-migration-workflow-step-3-rebuild-the-console.md b/docs/kb/accessanalyzer/console-migration-workflow-step-3-rebuild-the-console.md index d5e5346308..031b9795bd 100644 --- a/docs/kb/accessanalyzer/console-migration-workflow-step-3-rebuild-the-console.md +++ b/docs/kb/accessanalyzer/console-migration-workflow-step-3-rebuild-the-console.md @@ -97,7 +97,7 @@ Register-ScheduledTask -Xml (get-content $_.FullName | out-string) -TaskName $ta 4. Open `\NAA_Migration\NAA\Web\webserver.exe.config` and copy the content between `` and paste it in place of the `` block in `%SAInstallDir%Web\webserver.exe.config`. - ![webserver config image](images/ka0Qk000000FDY1_0EMQk00000CFkgO.png) + ![webserver config image](./images/ka0Qk000000FDY1_0EMQk00000CFkgO.png) NOTE: Open the destination `webserver.exe.config` as an administrator by following these steps: @@ -115,7 +115,7 @@ Register-ScheduledTask -Xml (get-content $_.FullName | out-string) -TaskName $ta 6. Open the Netwrix Access Analyzer application and follow through the Access Analyzer Configuration Wizard, selecting **Choose a StealthAUDIT root folder path to copy from** if prompted. - ![Configuration Wizard image](images/ka0Qk000000FDY1_0EMQk00000CFxaL.png) + ![Configuration Wizard image](./images/ka0Qk000000FDY1_0EMQk00000CFxaL.png) 1. See the following for more information on the Netwrix Access Analyzer Configuration Wizard: [Access Analyzer Initial Configuration](https://docs.netwrix.com/docs/accessanalyzer/12_0) @@ -123,7 +123,7 @@ Register-ScheduledTask -Xml (get-content $_.FullName | out-string) -TaskName $ta 8. In the Access Analyzer Console, navigate to **Settings** > **Reporting**, and set the **Website URL** to contain the new console server's name. - ![Reporting settings image](images/ka0Qk000000FDY1_0EMQk00000CFqfK.png) + ![Reporting settings image](./images/ka0Qk000000FDY1_0EMQk00000CFqfK.png) 9. If using Windows Authentication to connect Access Analyzer to its database (click **Settings** > **Storage**), open `services.msc` and set the **Netwrix Access Analyzer Web Server** service to log on as a **Windows** service account with appropriate permissions on the Access Analyzer database. diff --git a/docs/kb/accessanalyzer/deleted-ad-user-s-still-show-in-netwrix-access-analyzer-reports.md b/docs/kb/accessanalyzer/deleted-ad-user-s-still-show-in-netwrix-access-analyzer-reports.md index e4f98234f7..d4d78ac360 100644 --- a/docs/kb/accessanalyzer/deleted-ad-user-s-still-show-in-netwrix-access-analyzer-reports.md +++ b/docs/kb/accessanalyzer/deleted-ad-user-s-still-show-in-netwrix-access-analyzer-reports.md @@ -35,9 +35,9 @@ A failure on the ADI scan that could be caused by a myriad of reasons. Run a full **AD Inventory Scan** by disabling differential scanning for the **1-AD_Scan** job using the steps below: 1. Navigate to **Access Analyzer > Jobs > .Active Directory Inventory > 1-AD_Scan > Configure > Queries > Query Properties > Configure > Options**. - ![Image_2024-11-19_15-36-30.png](images/ka0Qk000000DYa9_0EMQk00000AdoIX.png) + ![Image_2024-11-19_15-36-30.png](./images/ka0Qk000000DYa9_0EMQk00000AdoIX.png) 2. Uncheck the box for **Collect only updates since the last scan**. - ![Image_2024-11-19_15-37-33.png](images/ka0Qk000000DYa9_0EMQk00000AdoSD.png) + ![Image_2024-11-19_15-37-33.png](./images/ka0Qk000000DYa9_0EMQk00000AdoSD.png) 3. Click **Next** through the end of the Active Directory Inventory DC Wizard. 4. Re-run the **1-AD_Scan** job. 5. Select the previously-unchecked box for **Collect only updates since the last scan**. diff --git a/docs/kb/accessanalyzer/disabling-the-server-header.md b/docs/kb/accessanalyzer/disabling-the-server-header.md index 4ed9c5f754..bb5a19c2b8 100644 --- a/docs/kb/accessanalyzer/disabling-the-server-header.md +++ b/docs/kb/accessanalyzer/disabling-the-server-header.md @@ -30,7 +30,7 @@ This article explains how to disable the server header in Netwrix Access Analyze > **NOTE:** Banner grabbing is the process of capturing banner information, such as application type and version, that is transmitted by a remote port when a connection is initiated. For more information, see Banner Grabbing ⸱ NIST 🔗 > https://csrc.nist.gov/glossary/term/banner_grabbing > -> ![Screenshot showing server information revealed through banner grabbing](images/ka0Qk000000E74r_0EMQk00000Brg4P.png) +> ![Screenshot showing server information revealed through banner grabbing](./images/ka0Qk000000E74r_0EMQk00000Brg4P.png) ## Instructions @@ -42,11 +42,11 @@ Follow these steps to disable the server header in Netwrix Access Analyzer: 3. Set the value to: `DWORD: 000002` - ![Registry editor showing disabled server header](images/ka0Qk000000E74r_0EMQk00000CHuq5.png) + ![Registry editor showing disabled server header](./images/ka0Qk000000E74r_0EMQk00000CHuq5.png) 4. Reboot the server to apply the changes. 5. After the reboot, the result should resemble the Edge example below, in which the Server node is no longer listed. -![Screenshot showing browser developer tools with no server header information displayed](images/ka0Qk000000E74r_0EMQk00000BrSj0.png) +![Screenshot showing browser developer tools with no server header information displayed](./images/ka0Qk000000E74r_0EMQk00000BrSj0.png) > **IMPORTANT:** Modifications to this registry setting may occur due to the following reasons: > - Netwrix Access Analyzer and Netwrix Access Information Center do not modify this setting during patching. diff --git a/docs/kb/accessanalyzer/display-new-names-of-renamed-files-in-access-information-center.md b/docs/kb/accessanalyzer/display-new-names-of-renamed-files-in-access-information-center.md index 7c56853f28..56bc89449d 100644 --- a/docs/kb/accessanalyzer/display-new-names-of-renamed-files-in-access-information-center.md +++ b/docs/kb/accessanalyzer/display-new-names-of-renamed-files-in-access-information-center.md @@ -31,4 +31,4 @@ How to establish the new name a file was renamed to in Netwrix Access Analyzer? 2. Right-click the header bar and select **Target Path**. 3. The **Target Path** will show the new name of the renamed file. -![Activity Details showing Target Path](images/ka04u000000wwHf_0EM4u000008pesA.png) +![Activity Details showing Target Path](./images/ka04u000000wwHf_0EM4u000008pesA.png) diff --git a/docs/kb/accessanalyzer/error-code-5-access-is-denied-when-opening-the-console.md b/docs/kb/accessanalyzer/error-code-5-access-is-denied-when-opening-the-console.md index a3acd00a87..2c57b6dd48 100644 --- a/docs/kb/accessanalyzer/error-code-5-access-is-denied-when-opening-the-console.md +++ b/docs/kb/accessanalyzer/error-code-5-access-is-denied-when-opening-the-console.md @@ -31,7 +31,7 @@ When opening the Netwrix Access Analyzer console, you receive the following erro System Error. Code: 5. Access is denied. ``` -![Error dialog image](images/ka0Qk000000EMFB_0EMQk00000CzhkH.png) +![Error dialog image](./images/ka0Qk000000EMFB_0EMQk00000CzhkH.png) ## Cause diff --git a/docs/kb/accessanalyzer/error-connection-attempt-failed-because-connected-party-did-not-properly-respond.md b/docs/kb/accessanalyzer/error-connection-attempt-failed-because-connected-party-did-not-properly-respond.md index 92c16ab7a6..b8be8545fd 100644 --- a/docs/kb/accessanalyzer/error-connection-attempt-failed-because-connected-party-did-not-properly-respond.md +++ b/docs/kb/accessanalyzer/error-connection-attempt-failed-because-connected-party-did-not-properly-respond.md @@ -50,7 +50,7 @@ Test-NetConnection -ComputerName $RPC_host -Port 8766 -InformationLevel Detailed Test-NetConnection -ComputerName $RPC_host -Port 8767 -InformationLevel Detailed ``` -![Test-NetConnection output image](images/ka0Qk000000E4gT_0EMQk000009AG1X.png) +![Test-NetConnection output image](./images/ka0Qk000000E4gT_0EMQk000009AG1X.png) 2. If the test connections are successful on both ports, then the error should not appear. diff --git a/docs/kb/accessanalyzer/error-refused-to-connect-in-web-console.md b/docs/kb/accessanalyzer/error-refused-to-connect-in-web-console.md index 9b9b351c0f..02958ee4de 100644 --- a/docs/kb/accessanalyzer/error-refused-to-connect-in-web-console.md +++ b/docs/kb/accessanalyzer/error-refused-to-connect-in-web-console.md @@ -61,7 +61,7 @@ Unbind the port from the application. Refer to the following steps: The `BindingURL` includes the port number and the protocol (HTTP or HTTPS). - ![Config file](images/ka0Qk0000005DxV_0EMQk0000075k4b.png) + ![Config file](./images/ka0Qk0000005DxV_0EMQk0000075k4b.png) 2. On your Netwrix Access Analyzer host, run the following line in an elevated Command Prompt instance to retrieve all reserved URLs: diff --git a/docs/kb/accessanalyzer/error-request-for-downloading-published-reports-failed.md b/docs/kb/accessanalyzer/error-request-for-downloading-published-reports-failed.md index 2d82214c3c..c4853c6b53 100644 --- a/docs/kb/accessanalyzer/error-request-for-downloading-published-reports-failed.md +++ b/docs/kb/accessanalyzer/error-request-for-downloading-published-reports-failed.md @@ -33,11 +33,11 @@ Either of the following symptoms is present in your environment: ! Request for downloading published reports failed: Internal Server Error ``` -![Error message indicating 'Request for downloading published reports failed: Internal Server Error'](images/ka0Qk000000EHKL_0EMQk00000C2keA.png) +![Error message indicating 'Request for downloading published reports failed: Internal Server Error'](./images/ka0Qk000000EHKL_0EMQk00000C2keA.png) - If the file is corrupted, the following error could appear when opening the Netwrix Access Analyzer console. -![Console pop-up showing the error message 'Hexadecimal value 0x00, is an invalid character.'](images/ka0Qk000000EHKL_0EMQk00000C2hzg.png) +![Console pop-up showing the error message 'Hexadecimal value 0x00, is an invalid character.'](./images/ka0Qk000000EHKL_0EMQk00000C2hzg.png) - Log entry example: @@ -62,18 +62,18 @@ To resolve these errors, follow the steps below. 3. To publish the report(s) again, right-click a needed Job Group (for example, **Jobs**), and select **Publish** to publish the reports from the selected job group or job without regenerating the report. -![Publishing from a job group in Access Analyzer](images/ka0Qk000000EHKL_0EMQk00000BzUfZ.png) +![Publishing from a job group in Access Analyzer](./images/ka0Qk000000EHKL_0EMQk00000BzUfZ.png) 4. Select **Publish Reports** and click **Next**. -![Navigation and publishing actions in Access Analyzer](images/ka0Qk000000EHKL_0EMQk00000BzScA.png) +![Navigation and publishing actions in Access Analyzer](./images/ka0Qk000000EHKL_0EMQk00000BzScA.png) 5. Select objects as needed. Then, click **Next** to run the report. -![Selecting objects to publish](images/ka0Qk000000EHKL_0EMQk00000BzbFd.png) +![Selecting objects to publish](./images/ka0Qk000000EHKL_0EMQk00000BzbFd.png) 6. Once the report has run successfully, click **Finish** to close out of the Reporting web page. -![Finish publishing reports](images/ka0Qk000000EHKL_0EMQk00000BzVN9.png) +![Finish publishing reports](./images/ka0Qk000000EHKL_0EMQk00000BzVN9.png) > **NOTE:** Additionally, reports will be rebuilt when the related job completes its next run. diff --git a/docs/kb/accessanalyzer/error-task-name-has-an-incorrect-format-incorrect-number-of-components.md b/docs/kb/accessanalyzer/error-task-name-has-an-incorrect-format-incorrect-number-of-components.md index 8e3f7ec12d..9833bafbe5 100644 --- a/docs/kb/accessanalyzer/error-task-name-has-an-incorrect-format-incorrect-number-of-components.md +++ b/docs/kb/accessanalyzer/error-task-name-has-an-incorrect-format-incorrect-number-of-components.md @@ -27,7 +27,7 @@ knowledge_article_id: kA0Qk0000002gRNKAY When selecting **Schedules** or any **Job**, the following pop-up task format error message appears: -![Pop-up error message](images/ka0Qk000000Ea0P_0EMQk00000DDGST.png) +![Pop-up error message](./images/ka0Qk000000Ea0P_0EMQk00000DDGST.png) ## Cause diff --git a/docs/kb/accessanalyzer/error-the-default-schema-name-is-incorrect.md b/docs/kb/accessanalyzer/error-the-default-schema-name-is-incorrect.md index 8e0cb9be84..1e2f1a28e8 100644 --- a/docs/kb/accessanalyzer/error-the-default-schema-name-is-incorrect.md +++ b/docs/kb/accessanalyzer/error-the-default-schema-name-is-incorrect.md @@ -42,7 +42,7 @@ Refer to the corresponding resolution: 1. Log in to Netwrix Access Analyzer (NEA) with a user account that has properly provisioned permissions to the SQL database. Hold **Shift** and right-click the **Netwrix Access Analyzer** icon. Select **Run as different user**. - ![Netwrix Access Analyzer Run as different user](images/ka0Qk0000006PDR_0EMQk000007SBir.png) + ![Netwrix Access Analyzer Run as different user](./images/ka0Qk0000006PDR_0EMQk000007SBir.png) 2. Grant the correct SQL DB permissions to the current user via the SQL Server Management Studio (SSMS) application. Refer to the following article for additional information on required permissions: Netwrix Access Analyzer Database — Database Creation & First Level of Security · v11.6. diff --git a/docs/kb/accessanalyzer/file-not-found-reports-error-unable-to-log-error-to-access-analyzer.md b/docs/kb/accessanalyzer/file-not-found-reports-error-unable-to-log-error-to-access-analyzer.md index 5ec4178042..8df0386a22 100644 --- a/docs/kb/accessanalyzer/file-not-found-reports-error-unable-to-log-error-to-access-analyzer.md +++ b/docs/kb/accessanalyzer/file-not-found-reports-error-unable-to-log-error-to-access-analyzer.md @@ -35,7 +35,7 @@ When the report grid settings are configured for a non-interactive grid on the A Unable to log error to Access Analyzer: Object doesn't support property or method 'LogJSMessage'. ``` -![Error image](images/ka0Qk000000CgOT_0EMQk00000B05RB.png) +![Error image](./images/ka0Qk000000CgOT_0EMQk00000B05RB.png) ## Cause @@ -46,19 +46,19 @@ This error message is caused by setting the report grid configuration to Non Int To resolve this error, refer to the following steps: 1. Click **Configure** to access the report settings. - ![Configure button image](images/ka0Qk000000CgOT_0EMQk00000Aq6Zr.png) + ![Configure button image](./images/ka0Qk000000CgOT_0EMQk00000Aq6Zr.png) 2. Navigate to the **Widgets** node and select **Configure** on the layout location of the report. - ![Widgets configure image](images/ka0Qk000000CgOT_0EMQk00000AqZFF.png) + ![Widgets configure image](./images/ka0Qk000000CgOT_0EMQk00000AqZFF.png) 3. After clicking **Configure**, select the **Interactive grid** option in the top-right corner under Table Properties. - ![Interactive grid option image](images/ka0Qk000000CgOT_0EMQk00000AqJtg.png) + ![Interactive grid option image](./images/ka0Qk000000CgOT_0EMQk00000AqJtg.png) 4. Ensure that you have the **Export table data as CSV** box checked. - ![Export table data as CSV image](images/ka0Qk000000CgOT_0EMQk00000BF2eH.png) + ![Export table data as CSV image](./images/ka0Qk000000CgOT_0EMQk00000BF2eH.png) 5. Confirm that the error has been resolved using either of the following methods: - Right-click the **Job** itself and select **Run Job**. - ![Run Job image](images/ka0Qk000000CgOT_0EMQk00000Aqj6X.png) + ![Run Job image](./images/ka0Qk000000CgOT_0EMQk00000Aqj6X.png) - In the Reports pane, click the **Kebab menu** (three vertical dots) next to **Configure** and select **Generate**. - ![Generate image](images/ka0Qk000000CgOT_0EMQk00000Aqj6Y.png) + ![Generate image](./images/ka0Qk000000CgOT_0EMQk00000Aqj6Y.png) diff --git a/docs/kb/accessanalyzer/how-to-add-site-collection-administrators-for-sharepoint-online.md b/docs/kb/accessanalyzer/how-to-add-site-collection-administrators-for-sharepoint-online.md index f4f183937f..f052e690f2 100644 --- a/docs/kb/accessanalyzer/how-to-add-site-collection-administrators-for-sharepoint-online.md +++ b/docs/kb/accessanalyzer/how-to-add-site-collection-administrators-for-sharepoint-online.md @@ -38,6 +38,6 @@ This article describes how to configure site collection permissions so you can r 5. Click **Owners** > **Manage Administrators**. 6. Add the account configured in the SPAA scan job to access sites to the **Site Collection Administrators** field. - ![Site Collection Administrators dialog](images/ka0Qk0000006P8b_0EMQk000007UAdp.png) + ![Site Collection Administrators dialog](./images/ka0Qk0000006P8b_0EMQk000007UAdp.png) 7. Click **OK** to save changes. diff --git a/docs/kb/accessanalyzer/how-to-add-the-jobs-for-a-newly-licensed-solution-to-an-existing-application-installation.md b/docs/kb/accessanalyzer/how-to-add-the-jobs-for-a-newly-licensed-solution-to-an-existing-application-installation.md index d43b09d5d0..c78ce6daa0 100644 --- a/docs/kb/accessanalyzer/how-to-add-the-jobs-for-a-newly-licensed-solution-to-an-existing-application-installation.md +++ b/docs/kb/accessanalyzer/how-to-add-the-jobs-for-a-newly-licensed-solution-to-an-existing-application-installation.md @@ -35,23 +35,23 @@ This article explains how to add jobs for a newly licensed solution to an existi ### Add Solution via Instant Solutions 1. Open the Netwrix Access Analyzer console, right-click the **Jobs** folder, and select **Add Instant Job**. - ![image](images/ka0Qk000000DDCL_0EMQk00000Bv4AE.png) + ![image](./images/ka0Qk000000DDCL_0EMQk00000Bv4AE.png) 2. In the Instant Job Wizard, expand **Library Name: Instant Solutions** by clicking the **+** icon. - ![Instant Solutions library with newly licensed module selected](images/ka0Qk000000DDCL_0EMQk00000BvBy5.png) + ![Instant Solutions library with newly licensed module selected](./images/ka0Qk000000DDCL_0EMQk00000BvBy5.png) 3. Select the newly licensed module (e.g., `.Active Directory Inventory`), then click **Next**. - ![image](images/ka0Qk000000DDCL_0EMQk00000BvEJF.png) + ![image](./images/ka0Qk000000DDCL_0EMQk00000BvEJF.png) 4. On the Summary page of the Instant Job Wizard, select **Save & Exit**. - ![Summary page of Instant Job Wizard with Save & Exit button highlighted](images/ka0Qk000000DDCL_0EMQk00000Bv76U.png) + ![Summary page of Instant Job Wizard with Save & Exit button highlighted](./images/ka0Qk000000DDCL_0EMQk00000Bv76U.png) 5. Your newly licensed module should now appear in the Netwrix Access Analyzer Job Tree. ### Add Solution via File Explorer 1. With the Netwrix Access Analyzer console closed, navigate to the **Instant Solutions** folder in Netwrix Access Analyzer's installation directory (`%SAInstallDir%InstantSolutions`). - ![Instant Solutions folder in installation directory](images/ka0Qk000000DDCL_0EMQk00000ArqFd.png) + ![Instant Solutions folder in installation directory](./images/ka0Qk000000DDCL_0EMQk00000ArqFd.png) 2. Locate the **GROUP_** folder for the new solution and copy it to the Jobs folder (`%SAInstallDir%Jobs`). diff --git a/docs/kb/accessanalyzer/how-to-drop-data-collected-from-sql-servers-using-the-databases-module.md b/docs/kb/accessanalyzer/how-to-drop-data-collected-from-sql-servers-using-the-databases-module.md index a1b2d61ad9..64d2a3cc7d 100644 --- a/docs/kb/accessanalyzer/how-to-drop-data-collected-from-sql-servers-using-the-databases-module.md +++ b/docs/kb/accessanalyzer/how-to-drop-data-collected-from-sql-servers-using-the-databases-module.md @@ -36,32 +36,32 @@ This article explains how to drop data collected from SQL Servers using the Data > **NOTE:** You can create a separate folder (e.g., Sandbox) for custom jobs. 1. Right-click the **custom** or **Jobs** folder and select **Create Job** `Ctrl+Alt+A`. - ![ ](images/ka0Qk000000DG6z_0EMQk00000BvYY7.png) + ![ ](./images/ka0Qk000000DG6z_0EMQk00000BvYY7.png) 2. Navigate to the **Configure** node of the NewJob and select the **Queries** node. - ![ ](images/ka0Qk000000DG6z_0EMQk00000BvhTJ.png) + ![ ](./images/ka0Qk000000DG6z_0EMQk00000BvhTJ.png) 3. Click the **Create Query** button. - ![ ](images/ka0Qk000000DG6z_0EMQk00000BvhZl.png) + ![ ](./images/ka0Qk000000DG6z_0EMQk00000BvhZl.png) 4. In the General tab, designate a clear **Name** and **Description** (e.g., `DropSQLHostData`). 5. In the Data Source tab, select **SQL** from the **Data Collector** dropdown menu. - ![ ](images/ka0Qk000000DG6z_0EMQk00000Bvheb.png) + ![ ](./images/ka0Qk000000DG6z_0EMQk00000Bvheb.png) 6. Click **Configure** to launch the SQL Data Collector Configuration Wizard. - ![ ](images/ka0Qk000000DG6z_0EMQk00000BvhgD.png) + ![ ](./images/ka0Qk000000DG6z_0EMQk00000BvhgD.png) 7. On the Wizard Category page, select the **Utilities > Remove Storage Tables** option under the appropriate database type and click **Next** to drop all collected SQL data for SQL Servers. - ![Category page with Utilities > Remove Storage Tables option highlighted](images/ka0Qk000000DG6z_0EMQk00000BvdWA.png) + ![Category page with Utilities > Remove Storage Tables option highlighted](./images/ka0Qk000000DG6z_0EMQk00000BvdWA.png) 8. To complete the query, ensure you have selected the desired Available Properties, click **Next**, and then **Finish**. Last, click **OK**. 9. To run the job, you can either select **Run now** from the job windowpane or right-click the job and select **Run Job**. - ![ ](images/ka0Qk000000DG6z_0EMQk00000Bvjzl.png) + ![ ](./images/ka0Qk000000DG6z_0EMQk00000Bvjzl.png) ### Drop Data for Specific Hosts/Instances for SQL Servers or Drop Specific Data for SQL Hosts/Instances 1. Follow steps 1–6 detailed above. 2. On the SQL Data Collector Configuration Wizard Category page, select the **Utilities > Remove Storage Data** option and click **Next**. - ![Category page with Utilities > Remove Storage Data option highlighted](images/ka0Qk000000DG6z_0EMQk00000Bvk6D.png) + ![Category page with Utilities > Remove Storage Data option highlighted](./images/ka0Qk000000DG6z_0EMQk00000Bvk6D.png) 3. On the Filters page, select the databases/instances via the **Filter Options** drop-down menu: - All database objects - Only select database objects - When using this option, select the database objects you want to delete in the **Available database objects** pane, then click **Add**. - ![Available database objects pane with Add highlighted](images/ka0Qk000000DG6z_0EMQk00000Bvbfg.png) + ![Available database objects pane with Add highlighted](./images/ka0Qk000000DG6z_0EMQk00000Bvbfg.png) 4. On the Settings page, select the type of data you would like to remove for your specified hosts: - Permissions - Audits diff --git a/docs/kb/accessanalyzer/how-to-enable-debug-logging-manually.md b/docs/kb/accessanalyzer/how-to-enable-debug-logging-manually.md index 491f741c78..4456b410e2 100644 --- a/docs/kb/accessanalyzer/how-to-enable-debug-logging-manually.md +++ b/docs/kb/accessanalyzer/how-to-enable-debug-logging-manually.md @@ -42,4 +42,4 @@ Refer to the following steps to manually enable the debug mode in Netwrix Access Refer to the example of the value in the configuration file that must be changed to `0`: -![Configuration example](images/ka0Qk00000056mL_0EMQk000006Clm6.png) +![Configuration example](./images/ka0Qk00000056mL_0EMQk000006Clm6.png) diff --git a/docs/kb/accessanalyzer/how-to-optimize-seek-system-scans-with-system-resources.md b/docs/kb/accessanalyzer/how-to-optimize-seek-system-scans-with-system-resources.md index c70cbbe7c4..1eb74a60a0 100644 --- a/docs/kb/accessanalyzer/how-to-optimize-seek-system-scans-with-system-resources.md +++ b/docs/kb/accessanalyzer/how-to-optimize-seek-system-scans-with-system-resources.md @@ -56,7 +56,7 @@ To comfortably scan 4 file systems using a dedicated proxy server, the optimized 2. Verify the number of SDD scan processes: - On the **Sensitive Data Settings** page of the FSAA Data Collector query settings, set the **Number of SDD Scan Processes** to reflect the available CPU threads on the scanning server. This number should not exceed `1-2x` the number of available CPU threads. By default, this is set to `2`. - ![Sensitive Data Settings page example](images/ka0Qk000000D59x_0EMQk00000BK3Rd.png) + ![Sensitive Data Settings page example](./images/ka0Qk000000D59x_0EMQk00000BK3Rd.png) > **NOTE:** If the scan server has other responsibilities (e.g., NEA Console server, busy file server, SQL server), take those into account when configuring how many CPU threads should be allocated for SDD scan processes. diff --git a/docs/kb/accessanalyzer/how-to-view-stored-sensitive-data-discovery-sdd-matches.md b/docs/kb/accessanalyzer/how-to-view-stored-sensitive-data-discovery-sdd-matches.md index a04f424447..e1087288bb 100644 --- a/docs/kb/accessanalyzer/how-to-view-stored-sensitive-data-discovery-sdd-matches.md +++ b/docs/kb/accessanalyzer/how-to-view-stored-sensitive-data-discovery-sdd-matches.md @@ -41,7 +41,7 @@ You can view stored SDD matches using one of the following methods. 1. Select the server. 2. In the right **Reports** pane, select **Sensitive Content Details**. -![rtaImage.png](images/ka0Qk0000009j17_00N0g000004CA0p_0EMQk000002m1YX.png) +![rtaImage.png](./images/ka0Qk0000009j17_00N0g000004CA0p_0EMQk000002m1YX.png) For additional information, refer to: Resource Audit Overview − Sensitive Content Reports · v11.6 https://docs.netwrix.com/docs/accessanalyzer/12_0) @@ -55,7 +55,7 @@ https://docs.netwrix.com/docs/accessanalyzer/12_0) > **IMPORTANT:** Check the **Reviewers are able to see the sensitive data match if available** checkbox for the review to contain sensitive data matches. -![rtaImage1.png](images/ka0Qk0000009j17_00N0g000004CA0p_0EMQk000002m1a9.png) +![rtaImage1.png](./images/ka0Qk0000009j17_00N0g000004CA0p_0EMQk000002m1a9.png) ### Netwrix Access Analyzer − Custom report diff --git a/docs/kb/accessanalyzer/manually-setting-up-entra-id-auditing-for-netwrix-access-analyzer.md b/docs/kb/accessanalyzer/manually-setting-up-entra-id-auditing-for-netwrix-access-analyzer.md index b862549ff6..a1e5629a8d 100644 --- a/docs/kb/accessanalyzer/manually-setting-up-entra-id-auditing-for-netwrix-access-analyzer.md +++ b/docs/kb/accessanalyzer/manually-setting-up-entra-id-auditing-for-netwrix-access-analyzer.md @@ -36,17 +36,17 @@ While it is always recommended to use the `AZ_RegisterAzureAppAuth` instant job 1. Open the Microsoft Entra admin center: https://entra.microsoft.com/#home. 2. Navigate to **Identity > Applications > App registrations** and select **+ New registration**. - ![Entra App Registration](images/ka0Qk000000DYVJ_0EMQk00000B6ziP.png) + ![Entra App Registration](./images/ka0Qk000000DYVJ_0EMQk00000B6ziP.png) 3. On the **Register an application** page, set the following: - **Name:** Something meaningful, e.g., `NEA_EntraID`. - **Support account types:** Accounts in this org. directory only. 4. From the **Application Overview** page, navigate to **Manage > API Permissions** and select **Add a permission**. - ![API Permissions](images/ka0Qk000000DYVJ_0EMQk00000B6i4s.png) + ![API Permissions](./images/ka0Qk000000DYVJ_0EMQk00000B6i4s.png) 5. From the **Request API permissions** page, select **Microsoft Graph**. - ![Request API permissions](images/ka0Qk000000DYVJ_0EMQk00000B6qwr.png) + ![Request API permissions](./images/ka0Qk000000DYVJ_0EMQk00000B6qwr.png) - Add the following **Delegated Permissions**: - `Group.Read.All` – Read all groups @@ -56,20 +56,20 @@ While it is always recommended to use the `AZ_RegisterAzureAppAuth` instant job - `Directory.Read.All` – Read directory data 6. After adding the aforementioned permissions, grant them admin consent by selecting **Grant admin consent for `\{TENANT NAME\}`**. - ![Grant admin consent](images/ka0Qk000000DYVJ_0EMQk00000B6f5O.png) + ![Grant admin consent](./images/ka0Qk000000DYVJ_0EMQk00000B6f5O.png) 7. Navigate to the Entra app registration and on the **Certificates & secrets** page, select **+ New client secret**. - ![Certificates & secrets](images/ka0Qk000000DYVJ_0EMQk00000B6fbf.png) + ![Certificates & secrets](./images/ka0Qk000000DYVJ_0EMQk00000B6fbf.png) 8. On the **Add a client secret** page, add the following: - **Description:** Something meaningful, e.g., `Access Analyzer Entra ID`. - **Expires:** Usually recommended to set this to the longest option OR per the organization’s internal certificate expiration timeframe. 9. After creating the client secret, copy the secret **Value** to a notepad. - ![Client secret value](images/ka0Qk000000DYVJ_0EMQk00000B6d20.png) + ![Client secret value](./images/ka0Qk000000DYVJ_0EMQk00000B6d20.png) 10. Next, navigate to the **Overview** tab and copy the **Application (client) ID** which is needed for the Netwrix Access Analyzer Connection Profile. - ![Application client ID](images/ka0Qk000000DYVJ_0EMQk00000B6kbK.png) + ![Application client ID](./images/ka0Qk000000DYVJ_0EMQk00000B6kbK.png) ## Netwrix Access Analyzer Connection Profile diff --git a/docs/kb/accessanalyzer/missing-icons-and-graphical-elements-in-access-analyzer-web-console.md b/docs/kb/accessanalyzer/missing-icons-and-graphical-elements-in-access-analyzer-web-console.md index 099711a399..a78754ba2c 100644 --- a/docs/kb/accessanalyzer/missing-icons-and-graphical-elements-in-access-analyzer-web-console.md +++ b/docs/kb/accessanalyzer/missing-icons-and-graphical-elements-in-access-analyzer-web-console.md @@ -49,7 +49,7 @@ You may see icons missing in the Netwrix Access Analyzer Web Console. 4. Right-click the `MitigationOptions` value and select **Modify**. Verify the **Value data** field states Hexadecimal `2000000000000`. Click **OK** to save changes. - ![Registry screenshot](images/ka0Qk000000DZ6P_0EM4u000008Ma1V.png) + ![Registry screenshot](./images/ka0Qk000000DZ6P_0EM4u000008Ma1V.png) ### Related articles diff --git a/docs/kb/accessanalyzer/netwrix-threat-prevention-agent-not-processing-events.md b/docs/kb/accessanalyzer/netwrix-threat-prevention-agent-not-processing-events.md index 51868ba049..c6d3614419 100644 --- a/docs/kb/accessanalyzer/netwrix-threat-prevention-agent-not-processing-events.md +++ b/docs/kb/accessanalyzer/netwrix-threat-prevention-agent-not-processing-events.md @@ -51,7 +51,7 @@ This issue may be caused by any one of the following: > > `C:\Program Files\Netwrix\Netwrix Threat Prevention\SIWindowsAgent` > -> ![Screenshot of logging ini file](images/ka0Qk000000Co13_0EMQk00000AJwk5.png) +> ![Screenshot of logging ini file](./images/ka0Qk000000Co13_0EMQk00000AJwk5.png) ## Resolution diff --git a/docs/kb/accessanalyzer/opening-a-ticket.md b/docs/kb/accessanalyzer/opening-a-ticket.md index 7d0bc9bd1f..36b3428fbd 100644 --- a/docs/kb/accessanalyzer/opening-a-ticket.md +++ b/docs/kb/accessanalyzer/opening-a-ticket.md @@ -65,7 +65,7 @@ Follow these steps to gather logs: - On the home page of the job, click **View Log**, and save the log file. - ![Job View Log screenshot](images/ka0Qk000000C8rR_0EMQk000007oXpZ.png) + ![Job View Log screenshot](./images/ka0Qk000000C8rR_0EMQk000007oXpZ.png) - Locate the **job logs** using the following path: @@ -81,7 +81,7 @@ Follow these steps to gather logs: - In the **Navigation Pane**, right-click the job and select **Export**. In the new window, specify the components to export and proceed with the export. - ![Export Job screenshot](images/ka0Qk000000C8rR_0EMQk000007oXrB.png) + ![Export Job screenshot](./images/ka0Qk000000C8rR_0EMQk000007oXrB.png) ## Messages Table diff --git a/docs/kb/accessanalyzer/reports-not-visible-or-name-truncated-after-publishing-in-custom-job-or-group.md b/docs/kb/accessanalyzer/reports-not-visible-or-name-truncated-after-publishing-in-custom-job-or-group.md index 2f1ef8b0fc..129ad6c7ae 100644 --- a/docs/kb/accessanalyzer/reports-not-visible-or-name-truncated-after-publishing-in-custom-job-or-group.md +++ b/docs/kb/accessanalyzer/reports-not-visible-or-name-truncated-after-publishing-in-custom-job-or-group.md @@ -27,10 +27,10 @@ knowledge_article_id: kA0Qk00000023ufKAA When creating a report for a custom job or group, the following issues are present in your environment: - The custom job or group name appears normally in the **Netwrix Access Analyzer** console. - ![](images/ka0Qk000000CW0v_0EMQk00000AxazR.png) + ![](./images/ka0Qk000000CW0v_0EMQk00000AxazR.png) - After publishing the report, it does not appear in the reporting web interface. - The custom job or group name is truncated in the reporting web interface. - ![](images/ka0Qk000000CW0v_0EMQk00000Axnrl.png) + ![](./images/ka0Qk000000CW0v_0EMQk00000Axnrl.png) ## Cause diff --git a/docs/kb/accessanalyzer/resetting-the-aic-administrator-password.md b/docs/kb/accessanalyzer/resetting-the-aic-administrator-password.md index 6f0dc59b47..bfe5ec85be 100644 --- a/docs/kb/accessanalyzer/resetting-the-aic-administrator-password.md +++ b/docs/kb/accessanalyzer/resetting-the-aic-administrator-password.md @@ -38,7 +38,7 @@ If you have access to another Administrator within the AIC, follow the steps bel 2. Navigate to **Configure Console**. 3. Modify the Built-In Administrator, as shown below: -![Modify Built-In Administrator](images/ka0Qk000000EatF_0EMQk000009FrLO.png) +![Modify Built-In Administrator](./images/ka0Qk000000EatF_0EMQk000009FrLO.png) ### Without Access to Another Administrator in AIC @@ -48,7 +48,7 @@ If you do not have access to another AIC Administrator account, perform the foll 1. Open the file as an administrator and remove the hash between " " for the **AuthBuiltinAdminPassword3 key**: - ![Remove hash for AuthBuiltinAdminPassword3](images/ka0Qk000000EatF_0EMQk000009FkN9.png) + ![Remove hash for AuthBuiltinAdminPassword3](./images/ka0Qk000000EatF_0EMQk000009FkN9.png) 2. Restart the Netwrix AIC service in `Services.msc`. diff --git a/docs/kb/accessanalyzer/resolving-insecure-permissions-for-service-executables.md b/docs/kb/accessanalyzer/resolving-insecure-permissions-for-service-executables.md index 7bf0829969..4133e1aaff 100644 --- a/docs/kb/accessanalyzer/resolving-insecure-permissions-for-service-executables.md +++ b/docs/kb/accessanalyzer/resolving-insecure-permissions-for-service-executables.md @@ -51,4 +51,4 @@ Follow the steps below to resolve this issue: > **NOTE:** This approach ensures secure operation and mitigates the risk of privilege escalation. -![Screenshot showing the Member Type configuration in Netwrix Access Analyzer settings](images/ka0Qk000000E7EX_0EMQk00000CHoHe.png) +![Screenshot showing the Member Type configuration in Netwrix Access Analyzer settings](./images/ka0Qk000000E7EX_0EMQk00000CHoHe.png) diff --git a/docs/kb/accessanalyzer/support-for-historical-data-retention-in-access-analyzer-jobs.md b/docs/kb/accessanalyzer/support-for-historical-data-retention-in-access-analyzer-jobs.md index af096042fa..380fffcab9 100644 --- a/docs/kb/accessanalyzer/support-for-historical-data-retention-in-access-analyzer-jobs.md +++ b/docs/kb/accessanalyzer/support-for-historical-data-retention-in-access-analyzer-jobs.md @@ -36,7 +36,7 @@ Depending on the needs, the historical data retention option can be set up in Ne The default History Retention setting is set to 6 months for both `EX_MetricsCollection` and `EX_MetricsDetail` Jobs. To adjust it, modify the **SET HISTORY RETENTION** analysis task for the corresponding job. This can be configured for months or days. - ![histRetention](images/ka0Qk000000DYzx_0EMQk000002q3VJ.png) + ![histRetention](./images/ka0Qk000000DYzx_0EMQk000002q3VJ.png) 2. **CAS Metrics Job Group** − **ActiveSync Job Group** − **EX_ActiveSync Job** diff --git a/docs/kb/accessanalyzer/the-autodiscover-service-couldn-t-be-located.md b/docs/kb/accessanalyzer/the-autodiscover-service-couldn-t-be-located.md index 7bae39cf71..7577195347 100644 --- a/docs/kb/accessanalyzer/the-autodiscover-service-couldn-t-be-located.md +++ b/docs/kb/accessanalyzer/the-autodiscover-service-couldn-t-be-located.md @@ -42,7 +42,7 @@ To resolve this error, follow the steps below: 1. Open the **Query Properties** for the EWSMailbox task. 2. Select **View XML**. -![View XML screenshot](images/ka0Qk000000CDO5_0EMQk000008w1gf.png) +![View XML screenshot](./images/ka0Qk000000CDO5_0EMQk000008w1gf.png) 3. Insert the following code that best matches your environment within the ` ` tags. This is located near the bottom of the XML. @@ -82,11 +82,11 @@ To resolve this error, follow the steps below: 4. On the **Query Properties** window, select **Configure**. -![Configure button screenshot](images/ka0Qk000000CDO5_0EMQk000008vjWt.png) +![Configure button screenshot](./images/ka0Qk000000CDO5_0EMQk000008vjWt.png) 5. On the **Scan options** window, uncheck the option for **Match job host against autodiscovered host**. -![Scan options screenshot](images/ka0Qk000000CDO5_0EMQk000008w3KH.png) +![Scan options screenshot](./images/ka0Qk000000CDO5_0EMQk000008w3KH.png) 6. Proceed through the wizard by selecting **Next** and complete the process by clicking **Finish** to close out the **EWSMailbox DC Wizard**. 7. Select **OK** to close the **Query Properties** window. diff --git a/docs/kb/auditor/access-is-denied-error-in-event-log-manager-health-log.md b/docs/kb/auditor/access-is-denied-error-in-event-log-manager-health-log.md index 1301d68f44..6764ec0dac 100644 --- a/docs/kb/auditor/access-is-denied-error-in-event-log-manager-health-log.md +++ b/docs/kb/auditor/access-is-denied-error-in-event-log-manager-health-log.md @@ -44,9 +44,9 @@ Error details: Access is denied. ## Resolution - Configure the permissions for the data collection account used in the Event Log Manager. For additional information, refer to the following article: Windows Server — Permissions for Windows Server Auditing. -- Configure the password for your data collection account in Event Log Manager. Refer to the following article for additional information: [Failed Logon Attempts after Recent Service Account Password Change](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-logon-attempts-after-recent-service-account-password-change.md). +- Configure the password for your data collection account in Event Log Manager. Refer to the following article for additional information: [Failed Logon Attempts after Recent Service Account Password Change](/docs/kb/auditor/failed-logon-attempts-after-recent-service-account-password-change). ## Related articles - Windows Server — Permissions for Windows Server Auditing — 10.6 -- [Failed Logon Attempts after Recent Service Account Password Change](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-logon-attempts-after-recent-service-account-password-change.md) +- [Failed Logon Attempts after Recent Service Account Password Change](/docs/kb/auditor/failed-logon-attempts-after-recent-service-account-password-change) diff --git a/docs/kb/auditor/account-and-password-expiration-mismatch-in-netwrix-auditor-password-expiration-notifier.md b/docs/kb/auditor/account-and-password-expiration-mismatch-in-netwrix-auditor-password-expiration-notifier.md index fb138c7f65..6c966d8a8a 100644 --- a/docs/kb/auditor/account-and-password-expiration-mismatch-in-netwrix-auditor-password-expiration-notifier.md +++ b/docs/kb/auditor/account-and-password-expiration-mismatch-in-netwrix-auditor-password-expiration-notifier.md @@ -35,7 +35,7 @@ Password Expiration Notifier may include data on expiring accounts, if enabled. 3. Select the **Advanced** tab, and either check or uncheck the **Include data on expiring accounts**. 4. The next report will be affected. -![Include data on expiring accounts](../../../images/ka04u00000117wO_0EM4u000008MQhR.png) +![Include data on expiring accounts](./images/ka04u00000117wO_0EM4u000008MQhR.png) To verify the account expiration date, refer to the following steps: @@ -43,7 +43,7 @@ To verify the account expiration date, refer to the following steps: 2. Right-click the user, and select **Properties**. 3. The account expiration date is provided in the **Account** tab > **Account expires**, and the **Attribute Editor** tab > `accountExpires` attribute. -![Account expires and accountExpires attribute](../../../images/ka04u00000117wO_0EM4u000008MQmb.png) +![Account expires and accountExpires attribute](./images/ka04u00000117wO_0EM4u000008MQmb.png) ### Related articles diff --git a/docs/kb/auditor/account-lockout-examiner-generates-excessive-traffic-in-the-network.md b/docs/kb/auditor/account-lockout-examiner-generates-excessive-traffic-in-the-network.md index 167ac98c6e..0202e77dc7 100644 --- a/docs/kb/auditor/account-lockout-examiner-generates-excessive-traffic-in-the-network.md +++ b/docs/kb/auditor/account-lockout-examiner-generates-excessive-traffic-in-the-network.md @@ -45,5 +45,5 @@ There is also an option to disable examination of workstations. In this case nam 3. Create a new DWORD value `PF_Enabled` and set its value to `0`. 4. Restart Netwrix Account Lockout Examiner Service via the **Services** snap-in. -![User-added image](../../../images/ka04u000000HcUv_0EM700000004wr4.png) +![User-added image](./images/ka04u000000HcUv_0EM700000004wr4.png) diff --git a/docs/kb/auditor/account-lockout-examiner-works-very-slowly.md b/docs/kb/auditor/account-lockout-examiner-works-very-slowly.md index 23a8e88def..d19b4f7fb4 100644 --- a/docs/kb/auditor/account-lockout-examiner-works-very-slowly.md +++ b/docs/kb/auditor/account-lockout-examiner-works-very-slowly.md @@ -35,5 +35,5 @@ To address the slow performance issue, perform the following steps: **NOTE**: This will remove info about all old lockouts from Account Lockout Examiner. Backup this files if you need them for the further access. 4. Start Netwrix Account Lockout Examiner Service -[![User-added image](../../../images/ka04u000000HcWK_0EM700000004wmE.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbJ&feoid=00N700000032Pj2&refid=0EM700000004wmE) +[![User-added image](./images/ka04u000000HcWK_0EM700000004wmE.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbJ&feoid=00N700000032Pj2&refid=0EM700000004wmE) diff --git a/docs/kb/auditor/account-lockouts-are-displayed-with-delay.md b/docs/kb/auditor/account-lockouts-are-displayed-with-delay.md index 9a7d751aa9..8605fa7f8b 100644 --- a/docs/kb/auditor/account-lockouts-are-displayed-with-delay.md +++ b/docs/kb/auditor/account-lockouts-are-displayed-with-delay.md @@ -46,7 +46,7 @@ To change to all DCs mode, perform the following steps: 2. Select your domain and click **Edit**. 3. Select **All DCs** radio button and click **OK** to save the changes. -![User-added image](../../../images/ka04u000000HcUw_0EM700000004wlz.png) +![User-added image](./images/ka04u000000HcUw_0EM700000004wlz.png) ### Change event processing method @@ -56,5 +56,5 @@ To change to all DCs mode, perform the following steps: 4. Create a new value called `UseWatcher`, set its type to `DWORD` and value to `1`. 5. Restart NetWrix Account Lockout Examiner Service via `services.msc`. -![User-added image](../../../images/ka04u000000HcUw_0EM700000004wm4.png) +![User-added image](./images/ka04u000000HcUw_0EM700000004wm4.png) diff --git a/docs/kb/auditor/active-directory-exchange-and-group-policy-changes-reported-as-made-by-system.md b/docs/kb/auditor/active-directory-exchange-and-group-policy-changes-reported-as-made-by-system.md index c373606f9e..5ed825ec75 100644 --- a/docs/kb/auditor/active-directory-exchange-and-group-policy-changes-reported-as-made-by-system.md +++ b/docs/kb/auditor/active-directory-exchange-and-group-policy-changes-reported-as-made-by-system.md @@ -24,13 +24,13 @@ knowledge_article_id: kA00g000000H9SmCAK This article contains references to the most popular Active Directory, Exchange, and Group Policy changes which may be reported as made by **System** by Netwrix Auditor: -- [Alert Reported Change Made by System](/docs/kb/auditor/reports-alerts-and-notifications/report-generation/alert-reported-change-made-by-system.md). -- [System Changed Object Path after Account Name Change](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/system-changed-object-path-after-account-name-change.md). -- [System Changed Client Operating System](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/system-changed-client-operating-system.md). -- [System Changed Directory Objects for Foreign Security Principals](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/system-changed-directory-objects-for-foreign-security-principals.md). -- [Workstation Field Reported as Unknown](/docs/kb/auditor/reports-alerts-and-notifications/report-generation/workstation-field-reported-as-unknown.md) -- [Duplicate Configuration and Schema Changes for All Monitored Domains in Forest Made by System](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/duplicate-configuration-and-schema-changes-for-all-monitored-domains-in-forest-made-by-system.md). -- [System Changed Service Principle Name Attribute](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/system-changed-service-principle-name-attribute.md). +- [Alert Reported Change Made by System](/docs/kb/auditor/alert-reported-change-made-by-system). +- [System Changed Object Path after Account Name Change](/docs/kb/auditor/system-changed-object-path-after-account-name-change). +- [System Changed Client Operating System](/docs/kb/auditor/system-changed-client-operating-system). +- [System Changed Directory Objects for Foreign Security Principals](/docs/kb/auditor/system-changed-directory-objects-for-foreign-security-principals). +- [Workstation Field Reported as Unknown](/docs/kb/auditor/workstation-field-reported-as-unknown) +- [Duplicate Configuration and Schema Changes for All Monitored Domains in Forest Made by System](/docs/kb/auditor/duplicate-configuration-and-schema-changes-for-all-monitored-domains-in-forest-made-by-system). +- [System Changed Service Principle Name Attribute](/docs/kb/auditor/system-changed-service-principle-name-attribute). diff --git a/docs/kb/auditor/active-directory-object-restore.md b/docs/kb/auditor/active-directory-object-restore.md index e6a76526aa..a77f4c3db5 100644 --- a/docs/kb/auditor/active-directory-object-restore.md +++ b/docs/kb/auditor/active-directory-object-restore.md @@ -38,7 +38,7 @@ The Netwrix Active Directory Object Restore tool recovers removed Active Directo The account used for recovery and restore is the same account used for data collection in your Netwrix Auditor Active Directory monitoring plan. -
![Active](../../images/servlet_image_3823966b1661.png)
+
![Active](./images/servlet_image_3823966b1661.png)
> **NOTE:** This tool should **NOT** be used to revert the changes caused by raising the forest functional level. For additional information, refer to the following article: Object Restore for Active Directory. diff --git a/docs/kb/auditor/ad-hoc-and-email-reports-shows-different-results-in-one-way-trust-forests-environment.md b/docs/kb/auditor/ad-hoc-and-email-reports-shows-different-results-in-one-way-trust-forests-environment.md index 1296e906de..94bfb2e81f 100644 --- a/docs/kb/auditor/ad-hoc-and-email-reports-shows-different-results-in-one-way-trust-forests-environment.md +++ b/docs/kb/auditor/ad-hoc-and-email-reports-shows-different-results-in-one-way-trust-forests-environment.md @@ -46,7 +46,7 @@ To check if the Data Processing Account has enough permissions please perform th If you do not see the `CN=Password Settings Container` under the `CN=System` node or cannot read the properties this indicates Data Processing Account does have read rights (see the screenshot below: the account does not have rights to access the Password Settings Container). -![User-added image](../../../images/ka04u000000HcS1_0EM700000007Jf8.png) +![User-added image](./images/ka04u000000HcS1_0EM700000007Jf8.png) ## To provide read permissions to the Data Processing Account 1. Run ADSI Edit as a domain Administrator. @@ -56,5 +56,5 @@ If you do not see the `CN=Password Settings Container` under the `CN=System` nod Once the read permission for the Data Processing Account is set, verify the access by opening the `CN=Password Settings Container` properties with the Data Processing Account. This time you should be able to see `CN=Password Settings Container` under the `CN=System` node and read its properties (see the screenshot below). -![User-added image](../../../images/ka04u000000HcS1_0EM700000007JfD.png) +![User-added image](./images/ka04u000000HcS1_0EM700000007JfD.png) diff --git a/docs/kb/auditor/ale-service-is-unable-to-start-during-installation.md b/docs/kb/auditor/ale-service-is-unable-to-start-during-installation.md index b70fabb54f..cde6545158 100644 --- a/docs/kb/auditor/ale-service-is-unable-to-start-during-installation.md +++ b/docs/kb/auditor/ale-service-is-unable-to-start-during-installation.md @@ -23,7 +23,7 @@ knowledge_article_id: kA00g000000H9YCCA0 During installation of NetWrix Account Lockout Examiner on **Windows 2003**, a "Service 'NetWrix Account Lockout Examiner' (ALService) failed to start" message is received that the service cannot be started due to insufficient permissions. The account in use is a domain admin. -![User-added image](../../images/ka04u000000HcRH_0EM700000004wmJ.png) +![User-added image](./images/ka04u000000HcRH_0EM700000004wmJ.png) ## Cause diff --git a/docs/kb/auditor/archive-service-is-busy-processing-activity-records.md b/docs/kb/auditor/archive-service-is-busy-processing-activity-records.md index 5455afec3a..016dab553f 100644 --- a/docs/kb/auditor/archive-service-is-busy-processing-activity-records.md +++ b/docs/kb/auditor/archive-service-is-busy-processing-activity-records.md @@ -53,7 +53,7 @@ Refer to the following steps to troubleshoot the SQL Server-based causes: 1. In the main Netwrix Auditor screen, select **Health Status** and click **View details** in the **Database Statistics** pane. 2. Review the database states. If a database state reads **Failed to store data**, review the database details. - > **IMPORTANT:** The SQL Server Express databases have a 10 GB size limit. In case the affected database states **Failed to store data** with the size limit of **10 GB**, refer to the following article: [SQL Server Express Database Size Reached 10GB](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/sql-server-express-database-size-reached-10gb.md) + > **IMPORTANT:** The SQL Server Express databases have a 10 GB size limit. In case the affected database states **Failed to store data** with the size limit of **10 GB**, refer to the following article: [SQL Server Express Database Size Reached 10GB](/docs/kb/auditor/sql-server-express-database-size-reached-10gb) 3. If multiple or all databases state **Failed to store data** with no size limits, refer to the following troubleshooting steps. 2. Verify that the SQL Server instance is available. 3. Verify the credentials of the SQL Server instance account: @@ -82,6 +82,6 @@ Verify that the Audit Database account has the correct permissions—refer to th ## Related Articles -- [SQL Server Express Database Size Reached 10GB](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/sql-server-express-database-size-reached-10gb.md) +- [SQL Server Express Database Size Reached 10GB](/docs/kb/auditor/sql-server-express-database-size-reached-10gb) - [Configure Audit Database Account](https://docs.netwrix.com/docs/auditor/10_8/requirements/sqlserver#configure-audit-database-account) - [Configure Long-Term Archive Account](https://docs.netwrix.com/docs/auditor/10_8/requirements/longtermarchive#configure-long-term-archive-account) diff --git a/docs/kb/auditor/audit-status-shows-logon-auditing-is-disabled.md b/docs/kb/auditor/audit-status-shows-logon-auditing-is-disabled.md index 73f4f59879..27ac5919d7 100644 --- a/docs/kb/auditor/audit-status-shows-logon-auditing-is-disabled.md +++ b/docs/kb/auditor/audit-status-shows-logon-auditing-is-disabled.md @@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9YbCAK Audit status of some Domain controllers in the list shows that some auditing is disabled, for example "Logon Auditing is disabled, some funcionality will be unavailable for this DC. Please turn on auditing of invalid logons in audit policy for this DC" -![User-added image](../../../images/ka04u000000HcRc_0EM700000004wxR.png) +![User-added image](./images/ka04u000000HcRc_0EM700000004wxR.png) --- @@ -49,7 +49,7 @@ To resolve the issue configure audit policies/ advanced audit policies. - **Audit account logon events: Failure** - **Audit logon events: Failure** - ![User-added image](../../../images/ka04u000000HcRc_0EM700000004wxC.png) + ![User-added image](./images/ka04u000000HcRc_0EM700000004wxC.png) 5. Update group policy an all monitored DCs (for example run `gpupdate /force`) @@ -60,7 +60,7 @@ To resolve the issue configure audit policies/ advanced audit policies. 3. Expand the **Computer Configuration** -> **Policies** -> **Windows Settings** -> **Security Settings** -> **Advanced Audit Policy Configuration** node. 4. Configure audit policies according to page 12, Section 4.2: Enabling Audit Policy, of the [Account Lockout Examiner Administrator Guide](https://www.netwrix.com/download/documents/NetWrix_Account_Lockout_Examiner_Administrator_Guide.pdf?_ga=2.126161166.2092059225.1569427026-1766003445.1557946744). -![User-added image](../../../images/ka04u000000HcRc_0EM7000000054jS.png) ![User-added image](../../../images/ka04u000000HcRc_0EM7000000054jX.png) ![User-added image](../../../images/ka04u000000HcRc_0EM700000004wxH.png) +![User-added image](./images/ka04u000000HcRc_0EM7000000054jS.png) ![User-added image](./images/ka04u000000HcRc_0EM7000000054jX.png) ![User-added image](./images/ka04u000000HcRc_0EM700000004wxH.png) 5. Update group policy an all monitored DCs (for example run `gpupdate /force`) @@ -77,5 +77,5 @@ In order to do this: 3. Change the value of **UseWMI_Audit** to `0`, 4. In the Account Lockout Examiner console go to **File - Settings** and click **OK** to apply registry changes. -![User-added image](../../../images/ka04u000000HcRc_0EM700000004wxM.png) +![User-added image](./images/ka04u000000HcRc_0EM700000004wxM.png) diff --git a/docs/kb/auditor/auditing-policies-are-not-being-enabled-on-all-or-several-domain-controllers-in-monitored-domain.md b/docs/kb/auditor/auditing-policies-are-not-being-enabled-on-all-or-several-domain-controllers-in-monitored-domain.md index b82adcab99..a2dc302363 100644 --- a/docs/kb/auditor/auditing-policies-are-not-being-enabled-on-all-or-several-domain-controllers-in-monitored-domain.md +++ b/docs/kb/auditor/auditing-policies-are-not-being-enabled-on-all-or-several-domain-controllers-in-monitored-domain.md @@ -38,11 +38,11 @@ The reasons why the auditing policies are not being enabled on domain controller - Run Resultant Set of Policy (RSoP): `Start > Run` > type `rsop.msc` and press Enter. - Expand Audit Policy as shown in the picture below and make sure you see the corresponding source GPO (the GPO which you enabled auditing policies in) for auditing policies and ensure there are no warnings or errors. In our case we see that Audit Account Management policy is set to Failure, while for successful auditing we need to have this policy set to Success. -![rsop](../../images/ka04u000000HcSR_0EM7000000053Be.png) +![rsop](./images/ka04u000000HcSR_0EM7000000053Be.png) - To fix this problem open **Group Policy Management Console** (**Start > Administrative Tools > Group Policy Management**), select the **Domain Controllers** node, open the **Group Policy Inheritance** tab and in the right pane review the order the GPOs are being applied to the Domain Controllers OU. In our case the Default Domain Policy is enforced and being applied first which causes a GPO conflict. Manage your GPO inheritance to exclude the necessary policy settings from being overridden. For more details regarding GPO inheritance please refer to the following Microsoft KB article: http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx -![gpmc](../../images/ka04u000000HcSR_0EM7000000053Bj.png) +![gpmc](./images/ka04u000000HcSR_0EM7000000053Bj.png) ## If GPO distribution is correct but auditing settings still not applied @@ -52,7 +52,7 @@ If you resolved the inheritance issue and corresponding GPOs are being distribut 2. Open Local Group Policy Editor: `Start > Run` > `secpol.msc`. 3. Expand Audit Policy as shown in the picture below and make sure that the necessary auditing policies are set to Success (for example, Audit Account Management, Audit Directory Service Access) and are equal to the ones you see in Resultant Set of Policy (RSoP). -![secpol](../../images/ka04u000000HcSR_0EM7000000053Bo.png) +![secpol](./images/ka04u000000HcSR_0EM7000000053Bo.png) - If the Local Group Policy Editor indicates different auditing settings (different from the ones you configured and see in Resultant Set of Policy (RSoP)), this may indicate an issue with GPO applying on that particular domain controller. To troubleshoot this issue please refer to the following Microsoft KB articles: diff --git a/docs/kb/auditor/backup-recommendations.md b/docs/kb/auditor/backup-recommendations.md index c6f02bac3d..ee0c22b2f2 100644 --- a/docs/kb/auditor/backup-recommendations.md +++ b/docs/kb/auditor/backup-recommendations.md @@ -46,9 +46,9 @@ configserverDbProcessor.exe export -target "C:\NA_Backups\naconfig.xml" 4. Once the components are backed up, you can store them in any location to use once needed. -For additional information on import, refer to the following article: [Migrating Auditor to New Server](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/migrating-auditor-to-new-server.md). +For additional information on import, refer to the following article: [Migrating Auditor to New Server](/docs/kb/auditor/migrating-auditor-to-new-server). ## Related articles -- [Migrating Auditor to New Server](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/migrating-auditor-to-new-server.md) -- [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md) +- [Migrating Auditor to New Server](/docs/kb/auditor/migrating-auditor-to-new-server) +- [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location) diff --git a/docs/kb/auditor/can-any-additional-attribites-be-displayed-in-the-modification-reports.md b/docs/kb/auditor/can-any-additional-attribites-be-displayed-in-the-modification-reports.md index 9688c4155a..ede18babea 100644 --- a/docs/kb/auditor/can-any-additional-attribites-be-displayed-in-the-modification-reports.md +++ b/docs/kb/auditor/can-any-additional-attribites-be-displayed-in-the-modification-reports.md @@ -49,7 +49,7 @@ objectType:Attribute: ``` Examples: -![Attr](../../../images/ka04u000000HcP8_0EM7000000051Zt.png) +![Attr](./images/ka04u000000HcP8_0EM7000000051Zt.png) **NOTE:** Each attribute should be put in a separate line. The pound key at the beginning of a line means exclusion of the line. diff --git a/docs/kb/auditor/cannot-access-roles-page.md b/docs/kb/auditor/cannot-access-roles-page.md index c5390da42c..bba1ea6b2d 100644 --- a/docs/kb/auditor/cannot-access-roles-page.md +++ b/docs/kb/auditor/cannot-access-roles-page.md @@ -30,7 +30,7 @@ All pages on Administrative portals work except the Roles. An error occurred on the server when processing the URL. Please contact the system administrator. If you are the system administrator please click here to find out more about this error. -![User-added](../../../images/servlet_image_3823966b1661.png) +![User-added](./images/servlet_image_3823966b1661.png) --- @@ -46,6 +46,6 @@ Follow these steps to fix the issue: 2. Locate the web-site that is hosting the `PM` virtual directory. 3. Navigate to the **admin** virtual directory. 4. Open **ASP** settings under the **IIS** section. - ![User-added](../../../images/servlet_image_3823966b1661.png) + ![User-added](./images/servlet_image_3823966b1661.png) 5. Make sure that **Enable Buffering** is set to `True`. diff --git a/docs/kb/auditor/cannot-access-the-help-desk-portal.md b/docs/kb/auditor/cannot-access-the-help-desk-portal.md index 736fbcbcb6..54e777e6ec 100644 --- a/docs/kb/auditor/cannot-access-the-help-desk-portal.md +++ b/docs/kb/auditor/cannot-access-the-help-desk-portal.md @@ -36,21 +36,21 @@ This error indicates your authentication settings need to be adjusted to comply c) In the **Properties** dialog, open the **Directory Security** tab, and select **Edit** for **Authentication and Access Control**. d) In the **Authentication Methods** dialog, select either the **Integrated Windows authentication** box or **Basic authentication** (password is sent in clear text), and clear all other authentication options for Authentication access. - ![User-added image](../../../images/ka04u000000HcNm_0EM700000004xES.png) + ![User-added image](./images/ka04u000000HcNm_0EM700000004xES.png) To ensure the required settings are enabled in **IIS7**, do the following: a) In the **IIS Manager** left pane, navigate to the **ALE** virtual directory (by default `\ -> Sites -> Default Web Site -> ALE`). b) In the Manager central pane, double-click the **Authentication** option. c) In the Authentication list, enable either the **Windows Authentication** option or **Basic Authentication**, and disable all other authentication options. - ![User-added image](../../../images/ka04u000000HcNm_0EM700000004xEN.png) + ![User-added image](./images/ka04u000000HcNm_0EM700000004xEN.png) 3. Your proxy server is disabled or bypassed. To check the proxy settings, do the following: a) Go to **Control panel -> Internet options**. b) In the **Internet Properties** dialog, open the **Connections** tab and click the **LAN settings** button. c) Make sure the **Use a proxy server for your LAN** option is not enabled. Otherwise, make sure the **Bypass proxy server for local addresses** option is enabled too; in this case the Help-Desk portal must be a member of the **Local intranet zone**, or specified as exception. - ![User-added image](../../../images/ka04u000000HcNm_0EM700000004xEI.png) + ![User-added image](./images/ka04u000000HcNm_0EM700000004xEI.png) 4. The account you are using has READ access to the physical directory of the Web-portal (by default `C:Program Files (x86)NetWrixAccount Lockout ExaminerWeb`) diff --git a/docs/kb/auditor/cannot-complete-login-due-to-an-incorrect-user-name-or-password.md b/docs/kb/auditor/cannot-complete-login-due-to-an-incorrect-user-name-or-password.md index d2d020ef06..b1288dde5c 100644 --- a/docs/kb/auditor/cannot-complete-login-due-to-an-incorrect-user-name-or-password.md +++ b/docs/kb/auditor/cannot-complete-login-due-to-an-incorrect-user-name-or-password.md @@ -29,5 +29,5 @@ knowledge_article_id: kA00g000000H9bPCAS Select the **Change** button to enter in the credentials for the Virtual Center or ESX(i) Server: -![User-added](../../../images/servlet_image_3823966b1661.png) +![User-added](./images/servlet_image_3823966b1661.png) diff --git a/docs/kb/auditor/cannot-establish-a-connection-to-a-windows-file-server-compression-service.md b/docs/kb/auditor/cannot-establish-a-connection-to-a-windows-file-server-compression-service.md index 7946d2fbd3..9f253f910f 100644 --- a/docs/kb/auditor/cannot-establish-a-connection-to-a-windows-file-server-compression-service.md +++ b/docs/kb/auditor/cannot-establish-a-connection-to-a-windows-file-server-compression-service.md @@ -47,7 +47,7 @@ After that, the **Netwrix Auditor Application Deployment Service** appears on th ### Related Articles -- [How to Investigate Compression Services Errors](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/how-to-investigate-compression-services-errors.md) +- [How to Investigate Compression Services Errors](/docs/kb/auditor/how-to-investigate-compression-services-errors) - [Windows File Servers — Enable Remote Registry Service — v10.8.](https://docs.netwrix.com/docs/auditor/10_8/configuration/fileservers/windows/remoteregistryservice) diff --git a/docs/kb/auditor/cannot-find-the-application-error-in-sharepoint-online-and-ms-teams-monitoring-plan.md b/docs/kb/auditor/cannot-find-the-application-error-in-sharepoint-online-and-ms-teams-monitoring-plan.md index fb407b8e83..d24050ae8a 100644 --- a/docs/kb/auditor/cannot-find-the-application-error-in-sharepoint-online-and-ms-teams-monitoring-plan.md +++ b/docs/kb/auditor/cannot-find-the-application-error-in-sharepoint-online-and-ms-teams-monitoring-plan.md @@ -50,7 +50,7 @@ Cannot find the application. - Review the Application ID provided. You can find the Application ID of your app in the **Overview** page once you select the app in the **App registrations** section. Refer to the following Netwrix Auditor article for additional information on the initial Azure app setup: Netwrix Auditor — Permissions for SharePoint Online Auditing − Creating and registering a new app in Microsoft Entra ID ⸱ v10.6. For additional information on creating an app for Teams auditing, refer to the following Netwrix Auditor article: Netwrix Auditor — Permissions for Teams Auditing − Create and Register a New App in Microsoft Entra ID ⸱ v10.6. -![SPOAppID](../../images/ka0Qk0000001L8r_0EM4u000008MV3l.png) +![SPOAppID](./images/ka0Qk0000001L8r_0EM4u000008MV3l.png) - Review the app API permissions granted. You can either specify API permissions manually or use a manifest. Refer to the following Netwrix Auditor article for additional information on granting permissions: Netwrix Auditor — Permissions for SharePoint Online Auditing − Granting required permissions ⸱ v10.6. For additional information on permissions for Teams auditing, refer to the following Netwrix Auditor article: Netwrix Auditor — Permissions for Teams Auditing − Grant Required Permissions ⸱ v10.6. diff --git a/docs/kb/auditor/cannot-generate-sspi-context-error-in-sql-server-monitoring-plan.md b/docs/kb/auditor/cannot-generate-sspi-context-error-in-sql-server-monitoring-plan.md index fa1e9c4a54..fbcb7856bb 100644 --- a/docs/kb/auditor/cannot-generate-sspi-context-error-in-sql-server-monitoring-plan.md +++ b/docs/kb/auditor/cannot-generate-sspi-context-error-in-sql-server-monitoring-plan.md @@ -98,19 +98,19 @@ If you are unable to resolve the issue with SPN registration, and if your scenar ### Cause #3 – Different TLS Protocol Versions -Allow the operating systems to select the protocol for incoming and outgoing communication on both your Netwrix Auditor and SQL servers. For more information, see Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm: [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm.md) +Allow the operating systems to select the protocol for incoming and outgoing communication on both your Netwrix Auditor and SQL servers. For more information, see Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm: [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm) ### Cause #4 – SQL and Netwrix Auditor Servers Time Difference -Synchronize the time on both SQL and Netwrix Auditor servers to eliminate clock skew. For more information, see Clock Skew Is Too Great: [Clock Skew Is Too Great](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/clock-skew-is-too-great.md) +Synchronize the time on both SQL and Netwrix Auditor servers to eliminate clock skew. For more information, see Clock Skew Is Too Great: [Clock Skew Is Too Great](/docs/kb/auditor/clock-skew-is-too-great) ## Related Articles - [SQL Server Ports](https://docs.netwrix.com/docs/auditor/10_8/configuration/sqlserver/ports) - Cannot Generate SSPI Context – Fix the Error with Kerberos Configuration Manager · Microsoft: https://learn.microsoft.com/en-US/troubleshoot/sql/database-engine/connect/cannot-generate-sspi-context-error#fix-the-error-with-kerberos-configuration-manager-recommended - Register Service Principal Name for Kerberos Connections – Automatic SPN Registration · Microsoft: https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-ver16#Auto -- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm.md) -- [Clock Skew Is Too Great](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/clock-skew-is-too-great.md) +- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm) +- [Clock Skew Is Too Great](/docs/kb/auditor/clock-skew-is-too-great) diff --git a/docs/kb/auditor/cannot-obtain-credential-information-for-mapped-drive.md b/docs/kb/auditor/cannot-obtain-credential-information-for-mapped-drive.md index 6dfe51f787..583264770a 100644 --- a/docs/kb/auditor/cannot-obtain-credential-information-for-mapped-drive.md +++ b/docs/kb/auditor/cannot-obtain-credential-information-for-mapped-drive.md @@ -26,7 +26,7 @@ The following error is returned on account lockout examination: `Cannot obtain credential information for drive <> mapped by <>` -![User-added image](../../../images/ka04u000000HcMw_0EM700000004wzm.png) +![User-added image](./images/ka04u000000HcMw_0EM700000004wzm.png) --- diff --git a/docs/kb/auditor/cannot-retrieve-audit-settings-in-audit-configuration-assistant.md b/docs/kb/auditor/cannot-retrieve-audit-settings-in-audit-configuration-assistant.md index c228f7c78a..ad479e0812 100644 --- a/docs/kb/auditor/cannot-retrieve-audit-settings-in-audit-configuration-assistant.md +++ b/docs/kb/auditor/cannot-retrieve-audit-settings-in-audit-configuration-assistant.md @@ -41,7 +41,7 @@ Cannot retrieve admin audit logging settings. Cannot execute the PowerShell comm The user %user% isn't assigned to any management roles. ``` -![Audit Configuration Assistant error screenshot](../../../images/ka04u00000117HQ_0EM4u000008M035.png) +![Audit Configuration Assistant error screenshot](./images/ka04u00000117HQ_0EM4u000008M035.png) ## Cause diff --git a/docs/kb/auditor/certificate-related-and-unauthorized-errors-occur-when-trying-to-review-netwrix-auditor-reports.md b/docs/kb/auditor/certificate-related-and-unauthorized-errors-occur-when-trying-to-review-netwrix-auditor-reports.md index d6aa54c602..a898caa296 100644 --- a/docs/kb/auditor/certificate-related-and-unauthorized-errors-occur-when-trying-to-review-netwrix-auditor-reports.md +++ b/docs/kb/auditor/certificate-related-and-unauthorized-errors-occur-when-trying-to-review-netwrix-auditor-reports.md @@ -31,7 +31,7 @@ An error occurred while enrolling for a certificate, the certificate request cou ``` 2. Symptom 2. Unauthorized error while accessing a report. - ![User-added image](../../../images/ka04u000001173i_0EM4u000008Liq9.png) + ![User-added image](./images/ka04u000001173i_0EM4u000008Liq9.png) ## Causes @@ -52,5 +52,5 @@ Here are possible options to resolve the issue: - Check that the account used for data collection is on the same domain as the Netwrix Auditor Server or another domain. - Check if those domains are trusted. If not, add the Netwrix Site to the trusted list. -![User-added image](../../../images/ka04u000001173i_0EM4u000008LirC.png) +![User-added image](./images/ka04u000001173i_0EM4u000008LirC.png) diff --git a/docs/kb/auditor/change-data-collecting-account-password-in-netwrix-auditor.md b/docs/kb/auditor/change-data-collecting-account-password-in-netwrix-auditor.md index c286b63273..96a5e79432 100644 --- a/docs/kb/auditor/change-data-collecting-account-password-in-netwrix-auditor.md +++ b/docs/kb/auditor/change-data-collecting-account-password-in-netwrix-auditor.md @@ -37,4 +37,4 @@ Refer to the following steps to update the password for your data-collection acc 5. Provide a new password, and click **OK** to save changes. 6. In some cases, you might need to restart Netwrix services for the changes to take effect. -> **NOTE:** A new password won't be applied to Netwrix Password Reset, Event Log Manager, or Inactive User Tracker data-collection accounts. Refer to the following article for additional information: [Failed Logon Attempts after Recent Service Account Password Change](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-logon-attempts-after-recent-service-account-password-change.md). +> **NOTE:** A new password won't be applied to Netwrix Password Reset, Event Log Manager, or Inactive User Tracker data-collection accounts. Refer to the following article for additional information: [Failed Logon Attempts after Recent Service Account Password Change](/docs/kb/auditor/failed-logon-attempts-after-recent-service-account-password-change). diff --git a/docs/kb/auditor/child-item-with-this-name-already-exists-in-file-server-monitoring-plan.md b/docs/kb/auditor/child-item-with-this-name-already-exists-in-file-server-monitoring-plan.md index 306435d3a3..874ecdf5e5 100644 --- a/docs/kb/auditor/child-item-with-this-name-already-exists-in-file-server-monitoring-plan.md +++ b/docs/kb/auditor/child-item-with-this-name-already-exists-in-file-server-monitoring-plan.md @@ -42,7 +42,7 @@ The licensing data was corrupted. ## Resolution - In case you've encountered the issue after a recent upgrade, wait for 24 hours to see if the issue is resolved on its own. -- Reapply the license file. Refer to the following article for additional information: [How to Apply Netwrix Auditor License](/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md). +- Reapply the license file. Refer to the following article for additional information: [How to Apply Netwrix Auditor License](/docs/kb/auditor/how-to-apply-netwrix-auditor-license). - In case reapplying the license did not help, contact [Netwrix Technical Support](https://www.netwrix.com/open_a_ticket.html). diff --git a/docs/kb/auditor/compression-service-does-not-appear-under-installed-programs-but-still-exists-in-the-services-overvi.md b/docs/kb/auditor/compression-service-does-not-appear-under-installed-programs-but-still-exists-in-the-services-overvi.md index b08b70cb4e..bf3dd4bc10 100644 --- a/docs/kb/auditor/compression-service-does-not-appear-under-installed-programs-but-still-exists-in-the-services-overvi.md +++ b/docs/kb/auditor/compression-service-does-not-appear-under-installed-programs-but-still-exists-in-the-services-overvi.md @@ -38,7 +38,7 @@ You can manually delete the Service and its components. For that: 1. Open the **Services** snap-in and open properties of the problematic service. 2. Copy the full name of the service and the path to executable, for example, to a **Notepad** document. - ![User-added image](../../images/ka0Qk0000001hxN_0EMQk000002u2KX.png) + ![User-added image](./images/ka0Qk0000001hxN_0EMQk000002u2KX.png) 3. Run the command prompt as administrator and run the following command: ```bat diff --git a/docs/kb/auditor/compression-service-encountered-an-internal-error-in-windows-server-monitoring-plan.md b/docs/kb/auditor/compression-service-encountered-an-internal-error-in-windows-server-monitoring-plan.md index 459f97443d..1ccf2507f4 100644 --- a/docs/kb/auditor/compression-service-encountered-an-internal-error-in-windows-server-monitoring-plan.md +++ b/docs/kb/auditor/compression-service-encountered-an-internal-error-in-windows-server-monitoring-plan.md @@ -107,5 +107,5 @@ The Windows Server Auditing host and compression service cannot operate due to d ## Related articles -- [Сonnection Issue when TLS 1.2 Is Required](/docs/kb/auditor/troubleshooting-and-errors/ssl-tls-certificate-issues/сonnection_issue_when_tls_1.2_is_required.md) -- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm.md) +- [Сonnection Issue when TLS 1.2 Is Required](/docs/kb/auditor/сonnection_issue_when_tls_1.2_is_required) +- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm) diff --git a/docs/kb/auditor/configure-microsoft-365-data-sources-to-use-proxy-server-settings.md b/docs/kb/auditor/configure-microsoft-365-data-sources-to-use-proxy-server-settings.md index 8eef8b00e5..e4923e0950 100644 --- a/docs/kb/auditor/configure-microsoft-365-data-sources-to-use-proxy-server-settings.md +++ b/docs/kb/auditor/configure-microsoft-365-data-sources-to-use-proxy-server-settings.md @@ -41,7 +41,7 @@ Exchange Online relies on PowerShell gathering proxy settings from the network a netsh winhttp show proxy ``` - ![netsh winhttp show proxy output](../../images/ka0Qk0000000ws1_0EM4u000008MMY1.png) + ![netsh winhttp show proxy output](./images/ka0Qk0000000ws1_0EM4u000008MMY1.png) 2. If the system prompts **Direct settings**, configure the network adapter to use the correct proxy settings: @@ -51,7 +51,7 @@ Exchange Online relies on PowerShell gathering proxy settings from the network a Replace the proxy server settings in the line with your actual settings. - ![netsh winhttp set proxy example](../../images/ka0Qk0000000ws1_0EM4u000008MMY6.png) + ![netsh winhttp set proxy example](./images/ka0Qk0000000ws1_0EM4u000008MMY6.png) ### Microsoft Entra ID (formerly Azure AD) @@ -84,11 +84,11 @@ After editing: Before editing image: -![Before editing configuration](../../images/ka0Qk0000000ws1_0EM4u000008MMXd.png) +![Before editing configuration](./images/ka0Qk0000000ws1_0EM4u000008MMXd.png) After editing image: -![After editing configuration](../../images/ka0Qk0000000ws1_0EM4u000008MMYB.png) +![After editing configuration](./images/ka0Qk0000000ws1_0EM4u000008MMYB.png) Replace `***.***.***.***:port` with your actual proxy settings. diff --git a/docs/kb/auditor/connection-string-is-not-valid-in-sql-server-monitoring-plan.md b/docs/kb/auditor/connection-string-is-not-valid-in-sql-server-monitoring-plan.md index da2c08c52b..ae72952be9 100644 --- a/docs/kb/auditor/connection-string-is-not-valid-in-sql-server-monitoring-plan.md +++ b/docs/kb/auditor/connection-string-is-not-valid-in-sql-server-monitoring-plan.md @@ -53,11 +53,11 @@ Review the affected item in your SQL Server monitoring plan: 4. Review the instance name specified: - For a default SQL instance name (`MSSQLSERVER`), only specify the server FQDN or NetBIOS name. See the example for a reference. - ![Default instance example](../../images/ka04u000000wvzg_0EM4u000008pVor.png) + ![Default instance example](./images/ka04u000000wvzg_0EM4u000008pVor.png) - For a named SQL instance, specify `FQDN\Instance_name`. - ![Named instance example](../../images/ka04u000000wvzg_0EM4u000008pVow.png) + ![Named instance example](./images/ka04u000000wvzg_0EM4u000008pVow.png) 5. Once the changes are introduced, click **Save & Close**. diff --git a/docs/kb/auditor/connection-to-microsoft-365-tenant-in-netwrix-auditor-completes-with-error-validating-your-account-s.md b/docs/kb/auditor/connection-to-microsoft-365-tenant-in-netwrix-auditor-completes-with-error-validating-your-account-s.md index 666c26d23a..08589dcf16 100644 --- a/docs/kb/auditor/connection-to-microsoft-365-tenant-in-netwrix-auditor-completes-with-error-validating-your-account-s.md +++ b/docs/kb/auditor/connection-to-microsoft-365-tenant-in-netwrix-auditor-completes-with-error-validating-your-account-s.md @@ -45,7 +45,7 @@ Make sure you provided the same parameters in a Netwrix Auditor monitoring plan 1. **Tenant name** in Netwrix should equal the `Directory (tenant) ID` in Microsoft Office 365 Admin center. 2. **Modern authentication application ID** should equal `Application (client) ID` in Microsoft Office 365 Admin center. -![00371273 O365 Tenant.PNG](../../images/ka04u00000117A1_0EM4u000008LuEC.png) +![00371273 O365 Tenant.PNG](./images/ka04u00000117A1_0EM4u000008LuEC.png) For additional information on configuring Office 365 tenant, refer to the following article: Microsoft 365. Select the data source you want to audit and review the corresponding section. diff --git a/docs/kb/auditor/could-not-allocate-space-for-object-objectname-in-database-databasename.md b/docs/kb/auditor/could-not-allocate-space-for-object-objectname-in-database-databasename.md index e150dc146b..27123af3f9 100644 --- a/docs/kb/auditor/could-not-allocate-space-for-object-objectname-in-database-databasename.md +++ b/docs/kb/auditor/could-not-allocate-space-for-object-objectname-in-database-databasename.md @@ -89,4 +89,4 @@ To recreate the database, follow these steps: - Considerations for the Autogrow and Autoshrink Settings in SQL Server: https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/database-file-operations/considerations-autogrow-autoshrink - [Hardware Requirements](https://docs.netwrix.com/docs/auditor/10_8/requirements/console) - [Netwrix Auditor Settings – Investigations (v10.6) feature](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/investigations) -- [SQL Server Express Database Size Reached 10GB](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/sql-server-express-database-size-reached-10gb.md) +- [SQL Server Express Database Size Reached 10GB](/docs/kb/auditor/sql-server-express-database-size-reached-10gb) diff --git a/docs/kb/auditor/could-not-find-stored-procedure-getallproperties.md b/docs/kb/auditor/could-not-find-stored-procedure-getallproperties.md index 6fd95aebd0..90ddf6647b 100644 --- a/docs/kb/auditor/could-not-find-stored-procedure-getallproperties.md +++ b/docs/kb/auditor/could-not-find-stored-procedure-getallproperties.md @@ -46,7 +46,7 @@ The ReportServer database is corrupted and has to be rebuilt. 1. Once you've opened SSMS, unfold the **Databases** folder in the **Object Explorer** pane on the left. 2. Right-click each (`ReportServer` and `ReportServerTemp`) database and select **Delete**. 3. Before confirming the deletion, make sure to check the **Close existing connections** checkbox. -3. Once the databases are deleted, regenerate the `ReportServer` database. Refer to the following article for additional information: [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +3. Once the databases are deleted, regenerate the `ReportServer` database. Refer to the following article for additional information: [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) 4. After you've configured the `ReportServer` database, grant the roles to the SSRS service account the roles required. Refer to the following article for additional information: [Configure SSRS Account](https://docs.netwrix.com/docs/auditor/10_8/requirements/sqlserverreportingservice#configure-ssrs-account) 5. Restart **Netwrix Auditor Archive Service** and **Netwrix Auditor Management Service** via **Services**. diff --git a/docs/kb/auditor/could_not_create_ssltls_secure_channel_error_in_windows_server_monitoring_plan.md b/docs/kb/auditor/could_not_create_ssltls_secure_channel_error_in_windows_server_monitoring_plan.md index 835f55f487..c9c0f5fdec 100644 --- a/docs/kb/auditor/could_not_create_ssltls_secure_channel_error_in_windows_server_monitoring_plan.md +++ b/docs/kb/auditor/could_not_create_ssltls_secure_channel_error_in_windows_server_monitoring_plan.md @@ -36,7 +36,7 @@ products: ## Resolutions - Enable TLS 1.2 in your environment − refer to the following article for additional information: Connection Issue when TLS 1.2 Is Required. -- In case TLS protocol versions are limited to specific versions in your environment, make sure to allow the operating system to select the protocol for incoming and outgoing communication. Refer to the following article for additional information: [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm.md). +- In case TLS protocol versions are limited to specific versions in your environment, make sure to allow the operating system to select the protocol for incoming and outgoing communication. Refer to the following article for additional information: [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm). - Review the certificate used for Windows Server auditing: 1. In the Netwrix Auditor server, either press **Win + R** or launch the **Run** command window. 2. In the **Run** command window, type `mmc` and press **OK**. Select **Yes** in the following prompt. @@ -52,4 +52,4 @@ products: ## Related Articles - Connection Issue when TLS 1.2 Is Required -- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm.md) \ No newline at end of file +- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm) \ No newline at end of file diff --git a/docs/kb/auditor/customize-notifications-and-reports-in-password-expiration-notifier.md b/docs/kb/auditor/customize-notifications-and-reports-in-password-expiration-notifier.md index b12864f101..67626267fa 100644 --- a/docs/kb/auditor/customize-notifications-and-reports-in-password-expiration-notifier.md +++ b/docs/kb/auditor/customize-notifications-and-reports-in-password-expiration-notifier.md @@ -117,9 +117,9 @@ You can edit and customize the notification and report templates in Netwrix Pass ### Edit email header and footer -You can disable header and footer in Netwrix Password Reset emails. Refer to the following article for additional information: [Hide and Disable Header and Footer in Netwrix Password Reset Emails](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md). +You can disable header and footer in Netwrix Password Reset emails. Refer to the following article for additional information: [Hide and Disable Header and Footer in Netwrix Password Reset Emails](/docs/kb/auditor/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails). ## Related articles -- [Hide and Disable Header and Footer in Netwrix Password Reset Emails](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md) +- [Hide and Disable Header and Footer in Netwrix Password Reset Emails](/docs/kb/auditor/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails) - [All attributes ⸱ Microsoft 🡺](https://learn.microsoft.com/en-us/windows/win32/adschema/attributes-all) diff --git a/docs/kb/auditor/database-contains-tables-not-compatible-with-the-product.md b/docs/kb/auditor/database-contains-tables-not-compatible-with-the-product.md index f0d40cb9f8..79ec9e5235 100644 --- a/docs/kb/auditor/database-contains-tables-not-compatible-with-the-product.md +++ b/docs/kb/auditor/database-contains-tables-not-compatible-with-the-product.md @@ -42,11 +42,11 @@ Using SQL Management Studio give the Data Processing Account `DB_Owner` rights t 1) Log into the instance which contains the product database using SQL Management Studio with a **sysadmin account**. 2) Expand **Security** and then **Logins**. - ![User-added image](../../../images/ka04u000000HcT5_0EM700000008DPW.png) + ![User-added image](./images/ka04u000000HcT5_0EM700000008DPW.png) 3) **Right click** the **Data Processing Account** and go to **Properties** (add the account if it doesn't exist). - ![User-added image](../../../images/ka04u000000HcT5_0EM700000008DPb.png) + ![User-added image](./images/ka04u000000HcT5_0EM700000008DPb.png) 4) Under **Server Roles** you can give **sysadmin** to this account OR alternatively you can go to **User Mapping** and select each Netwrix database individually and add **DB_Owner** permissions. - ![User-added image](../../../images/ka04u000000HcT5_0EM700000008DPg.png) + ![User-added image](./images/ka04u000000HcT5_0EM700000008DPg.png) diff --git a/docs/kb/auditor/deploying-the-report-server-database.md b/docs/kb/auditor/deploying-the-report-server-database.md index 75362426d4..33ca1ff1e6 100644 --- a/docs/kb/auditor/deploying-the-report-server-database.md +++ b/docs/kb/auditor/deploying-the-report-server-database.md @@ -68,7 +68,7 @@ Once the database has been successfully deployed, provide the Report Server URL 1. In the main Netwrix Auditor screen, click **Settings**. In the left pane, select the **Audit Database** tab and click **Modify** under the **Audit Database** section. - ![Audit Database Modify](../../../images/ka04u000000wvtY_0EM4u000008pRVW.png) + ![Audit Database Modify](./images/ka04u000000wvtY_0EM4u000008pRVW.png) 2. Input the credentials and click **Next**. diff --git a/docs/kb/auditor/disable-multi-factor-authentication-for-microsoft-365-service-accounts.md b/docs/kb/auditor/disable-multi-factor-authentication-for-microsoft-365-service-accounts.md index 189aa5bbc3..a55329db65 100644 --- a/docs/kb/auditor/disable-multi-factor-authentication-for-microsoft-365-service-accounts.md +++ b/docs/kb/auditor/disable-multi-factor-authentication-for-microsoft-365-service-accounts.md @@ -46,7 +46,7 @@ To disable MFA for your data-collecting account in any Microsoft 365 source, use 3. Select the service user to be used in the **Select excluded users and groups** window, and click **Select**. 4. To complete the setup, click **Save** in the bottom left corner. - ![Exclude user from MFA policy](../../images/ka0Qk0000001LLl_0EM4u000008MMJG.png) + ![Exclude user from MFA policy](./images/ka0Qk0000001LLl_0EM4u000008MMJG.png) - To exclude an app from the MFA policy: 1. Click the highlighted text under the **Target sources** section. @@ -54,7 +54,7 @@ To disable MFA for your data-collecting account in any Microsoft 365 source, use 3. Select the app to be used in the **Select excluded cloud apps** window, and click **Select**. 4. To complete the setup, click **Save** in the bottom left corner. - ![Exclude app from MFA policy](../../images/ka0Qk0000001LLl_0EM4u000008MMJL.png) + ![Exclude app from MFA policy](./images/ka0Qk0000001LLl_0EM4u000008MMJL.png) Refer to the following articles for additional information on data-collecting account setup for your Microsoft 365 sources: diff --git a/docs/kb/auditor/entitlement-reviews-event-id-6527.md b/docs/kb/auditor/entitlement-reviews-event-id-6527.md index 1e0e51e661..2b8efe852a 100644 --- a/docs/kb/auditor/entitlement-reviews-event-id-6527.md +++ b/docs/kb/auditor/entitlement-reviews-event-id-6527.md @@ -35,7 +35,7 @@ License name: Entitlement reviews. Your subscription plan for Netwrix Auditor has expired. ``` -![image001.png](../../../images/ka04u0000011688_0EM4u000008LCjZ.png) +![image001.png](./images/ka04u0000011688_0EM4u000008LCjZ.png) ## Cause diff --git a/docs/kb/auditor/error-0x80040605-connection-failed.md b/docs/kb/auditor/error-0x80040605-connection-failed.md index 797786be8e..f5d6a50735 100644 --- a/docs/kb/auditor/error-0x80040605-connection-failed.md +++ b/docs/kb/auditor/error-0x80040605-connection-failed.md @@ -50,8 +50,8 @@ One (or more) of the following services has stopped in the Netwrix Auditor serve Review the services running in the Netwrix Auditor server − make sure the services are running with their startup type set to **Automatic**. -> **IMPORTANT:** If the disk storing Long-Term Archive is running out of space, you'll corresponding events in Health Log. When the free disk space is below 3GB, the Netwrix services responsible for audit data collection will be stopped, preventing the data collection. For additional information on reducing disk space consumption, refer to the following article: [Netwrix Auditor Consumes Disk Space — Recommendations](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-consumes-disk-space-recommendations.md). +> **IMPORTANT:** If the disk storing Long-Term Archive is running out of space, you'll corresponding events in Health Log. When the free disk space is below 3GB, the Netwrix services responsible for audit data collection will be stopped, preventing the data collection. For additional information on reducing disk space consumption, refer to the following article: [Netwrix Auditor Consumes Disk Space — Recommendations](/docs/kb/auditor/netwrix-auditor-consumes-disk-space-recommendations). ## Related articles -- [Netwrix Auditor Consumes Disk Space — Recommendations](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-consumes-disk-space-recommendations.md) +- [Netwrix Auditor Consumes Disk Space — Recommendations](/docs/kb/auditor/netwrix-auditor-consumes-disk-space-recommendations) diff --git a/docs/kb/auditor/error-0x800706ba-rpc-server-is-unavailable.md b/docs/kb/auditor/error-0x800706ba-rpc-server-is-unavailable.md index fd45275143..a05aa1d3af 100644 --- a/docs/kb/auditor/error-0x800706ba-rpc-server-is-unavailable.md +++ b/docs/kb/auditor/error-0x800706ba-rpc-server-is-unavailable.md @@ -73,7 +73,7 @@ Failed to update the agent on the following server: %server% > **NOTE:** If you see the following error in the Event Viewer while checking **Event Viewer (Local)** connection to another computer, enable inbound rules (COM+ Network Access and all rules in the Remote Event Log Management group) on the target computer. Refer to the following article for additional information: Configuration − Logon Activity Ports: Configure Windows Firewall Inbound Connection Rules ⸱ v10.6. > - > ![COM+ Network Access screenshot](../../../images/ka04u000000wvy4_0EM4u000008LkB8.png) + > ![COM+ Network Access screenshot](./images/ka04u000000wvy4_0EM4u000008LkB8.png) > > Learn more in: 0x80004027 error when you try to remotely access COM+ object after you upgrade to Windows Server 2016 or later versions ⸱ Microsoft diff --git a/docs/kb/auditor/error-403.md b/docs/kb/auditor/error-403.md index 42e26e480a..d9f5ebbaa0 100644 --- a/docs/kb/auditor/error-403.md +++ b/docs/kb/auditor/error-403.md @@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9TwCAK When trying to browse to any portal, you get "Error 403 - Access is denied" -![User-added image](../../../images/ka04u000000HcNi_0EM700000004yKg.png) +![User-added image](./images/ka04u000000HcNi_0EM700000004yKg.png) The 403 error can be caused by several reasons. The most common reasons are: @@ -37,9 +37,9 @@ The 403 error can be caused by several reasons. The most common reasons are: 3. In the central pane double-click **SSL Settings** 4. Check settings, change if necessary - ![User-added image](../../../images/ka04u000000HcNi_0EM700000004yKq.png) + ![User-added image](./images/ka04u000000HcNi_0EM700000004yKq.png) - ![User-added image](../../../images/ka04u000000HcNi_0EM700000004yKv.png) + ![User-added image](./images/ka04u000000HcNi_0EM700000004yKv.png) 2. Default document IIS feature is not enabled. @@ -50,7 +50,7 @@ The 403 error can be caused by several reasons. The most common reasons are: 3. In the central pane double-click **Default Document** 4. In the right pane click **Enable** (if there is no Enable option there, but **Disable** is, it means that the feature is enabled) - ![User-added image](../../../images/ka04u000000HcNi_0EM700000004yL0.png) + ![User-added image](./images/ka04u000000HcNi_0EM700000004yL0.png) - ![User-added image](../../../images/ka04u000000HcNi_0EM700000004yL5.png) + ![User-added image](./images/ka04u000000HcNi_0EM700000004yL5.png) diff --git a/docs/kb/auditor/error-503-reports-and-subscriptions-not-working.md b/docs/kb/auditor/error-503-reports-and-subscriptions-not-working.md index b6c2a037d2..4b8b0002bf 100644 --- a/docs/kb/auditor/error-503-reports-and-subscriptions-not-working.md +++ b/docs/kb/auditor/error-503-reports-and-subscriptions-not-working.md @@ -56,10 +56,10 @@ HTTP Error 503. The service is unavailable. ## Resolutions -- Review Web Service and Web Portal URLs — refer to the following article for additional information: [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +- Review Web Service and Web Portal URLs — refer to the following article for additional information: [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) - Verify the `SQL Server Reporting Services` service on your SSRS server is running. You can also run **Report Server Configuration Manager** > the **Report Server Status** tab to verify the report server status. - IMPORTANT: Refer to the following article if you're unable to start the `SQL Server Reporting Services` service: [Error: Service Did Not Respond to Start or Control Request in SSRS](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-service-did-not-respond-to-start-or-control-request-in-ssrs.md) + IMPORTANT: Refer to the following article if you're unable to start the `SQL Server Reporting Services` service: [Error: Service Did Not Respond to Start or Control Request in SSRS](/docs/kb/auditor/error-service-did-not-respond-to-start-or-control-request-in-ssrs) - Remove the SSRS account from the Protected Users security group. Learn more about Protected Users in Protected Users Security Group ⸱ Microsoft. - https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group @@ -86,6 +86,6 @@ A license is now required. ## Related articles -- [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +- [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) -- [Error: Service Did Not Respond to Start or Control Request in SSRS](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-service-did-not-respond-to-start-or-control-request-in-ssrs.md) +- [Error: Service Did Not Respond to Start or Control Request in SSRS](/docs/kb/auditor/error-service-did-not-respond-to-start-or-control-request-in-ssrs) diff --git a/docs/kb/auditor/error-an-unknown-error-occurred-while-processing-the-request-on-the-server.md b/docs/kb/auditor/error-an-unknown-error-occurred-while-processing-the-request-on-the-server.md index d9bc179195..5370a714f0 100644 --- a/docs/kb/auditor/error-an-unknown-error-occurred-while-processing-the-request-on-the-server.md +++ b/docs/kb/auditor/error-an-unknown-error-occurred-while-processing-the-request-on-the-server.md @@ -45,5 +45,5 @@ Extend the report timeout on the on the Report Manager URL. For that: 2. Find the problematic report and open it. 3. Click the 3 dots in the Reports Manager for the report itself, then click **Manage**. 4. In the **Advanced** section, modify the report timeout settings. - ![User-added image](../../../images/ka0Qk0000001ZBp_0EMQk000002dUpt.png) + ![User-added image](./images/ka0Qk0000001ZBp_0EMQk000002dUpt.png) diff --git a/docs/kb/auditor/error-can-not-process-sql-commands-for-the-netwrix-auditor-self-audit-database.md b/docs/kb/auditor/error-can-not-process-sql-commands-for-the-netwrix-auditor-self-audit-database.md index 4811e7d8fe..7aff29f179 100644 --- a/docs/kb/auditor/error-can-not-process-sql-commands-for-the-netwrix-auditor-self-audit-database.md +++ b/docs/kb/auditor/error-can-not-process-sql-commands-for-the-netwrix-auditor-self-audit-database.md @@ -53,4 +53,4 @@ Follow the steps below to turn off the **Recovery** mode for the database: ### Related Article: -- [Recovery Mode Changes in SQL Databases](/docs/kb/auditor/system-administration/database-management/recovery-mode-changes-in-sql-databases.md) +- [Recovery Mode Changes in SQL Databases](/docs/kb/auditor/recovery-mode-changes-in-sql-databases) diff --git a/docs/kb/auditor/error-check-your-sql-server-settings-in-audit-database-settings.md b/docs/kb/auditor/error-check-your-sql-server-settings-in-audit-database-settings.md index 3958cd0841..d9a8e8d669 100644 --- a/docs/kb/auditor/error-check-your-sql-server-settings-in-audit-database-settings.md +++ b/docs/kb/auditor/error-check-your-sql-server-settings-in-audit-database-settings.md @@ -56,7 +56,7 @@ Refer to the list of possible causes for the error: 2. Configure your SQL Server instance to allow remote connections. Learn more in [Configure remote access (server configuration option) — Use SQL Server Management Studio ⸱ Microsoft 🧩](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-the-remote-access-server-configuration-option?view=sql-server-ver16#SSMSProcedure). 3. Enable the TCP/IP protocol in the SQL Server—refer to the following article for additional information: Enable TCP/IP Protocol in SQL Server. -> **NOTE:** Alternatively, review the TCP port used for SQL Server communication—learn more in [Configure SQL Server to listen on a specific TCP port — Assign a TCP/IP port number to the SQL Server Database Engine ⸱ Microsoft 🧩](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-server-to-listen-on-a-specific-tcp-port?view=sql-server-ver15#assign-a-tcpip-port-number-to-the-sql-server-database-engine). For additional information on setting a custom TCP port in Netwrix Auditor, refer to the following article: [Specify Custom SQL Server Port for Netwrix Auditor Audit Database](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md). +> **NOTE:** Alternatively, review the TCP port used for SQL Server communication—learn more in [Configure SQL Server to listen on a specific TCP port — Assign a TCP/IP port number to the SQL Server Database Engine ⸱ Microsoft 🧩](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-server-to-listen-on-a-specific-tcp-port?view=sql-server-ver15#assign-a-tcpip-port-number-to-the-sql-server-database-engine). For additional information on setting a custom TCP port in Netwrix Auditor, refer to the following article: [Specify Custom SQL Server Port for Netwrix Auditor Audit Database](/docs/kb/auditor/specify-custom-sql-server-port-for-netwrix-auditor-audit-database). ## Related Articles @@ -64,7 +64,7 @@ Refer to the list of possible causes for the error: - [Configure remote access (server configuration option) — Use SQL Server Management Studio ⸱ Microsoft 🧩](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-the-remote-access-server-configuration-option?view=sql-server-ver16#SSMSProcedure) - Enable TCP/IP Protocol in SQL Server - [Configure SQL Server to listen on a specific TCP port — Assign a TCP/IP port number to the SQL Server Database Engine ⸱ Microsoft 🧩](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-server-to-listen-on-a-specific-tcp-port?view=sql-server-ver15#assign-a-tcpip-port-number-to-the-sql-server-database-engine) -- [Specify Custom SQL Server Port for Netwrix Auditor Audit Database](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md) +- [Specify Custom SQL Server Port for Netwrix Auditor Audit Database](/docs/kb/auditor/specify-custom-sql-server-port-for-netwrix-auditor-audit-database) diff --git a/docs/kb/auditor/error-could-not-connect-to-server.md b/docs/kb/auditor/error-could-not-connect-to-server.md index ce156ebaf6..4c912a1c7a 100644 --- a/docs/kb/auditor/error-could-not-connect-to-server.md +++ b/docs/kb/auditor/error-could-not-connect-to-server.md @@ -52,14 +52,14 @@ Refer to the list of possible causes for the error: 1. Verify the SQL Server instance name specified in the Audit Database settings. Refer to the following article for additional information:[Specifying the SQL Server Instance Name](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/auditdatabase) 2. Configure your SQL Server instance to allow remote connections. Learn more in Microsoft's documentation: [Configure remote access (server configuration option) — Use SQL Server Management Studio ⸱ Microsoft](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-the-remote-access-server-configuration-option?view=sql-server-ver16#SSMSProcedure) -3. Enable the TCP/IP protocol in the SQL Server—refer to the following article for additional information: [Enable TCP/IP Protocol in SQL Server](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/enable_tcpip_protocol_in_sql_server.md) +3. Enable the TCP/IP protocol in the SQL Server—refer to the following article for additional information: [Enable TCP/IP Protocol in SQL Server](/docs/kb/auditor/enable_tcpip_protocol_in_sql_server) -> **NOTE:** Alternatively, review the TCP port used for SQL Server communication—learn more in Microsoft's documentation: [Configure SQL Server to listen on a specific TCP port — Assign a TCP/IP port number to the SQL Server Database Engine ⸱ Microsoft](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-server-to-listen-on-a-specific-tcp-port?view=sql-server-ver15#assign-a-tcpip-port-number-to-the-sql-server-database-engine). For additional information on setting a custom TCP port in Netwrix Auditor, refer to the following article: [Specify Custom SQL Server Port for Netwrix Auditor Audit Database](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md). +> **NOTE:** Alternatively, review the TCP port used for SQL Server communication—learn more in Microsoft's documentation: [Configure SQL Server to listen on a specific TCP port — Assign a TCP/IP port number to the SQL Server Database Engine ⸱ Microsoft](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-server-to-listen-on-a-specific-tcp-port?view=sql-server-ver15#assign-a-tcpip-port-number-to-the-sql-server-database-engine). For additional information on setting a custom TCP port in Netwrix Auditor, refer to the following article: [Specify Custom SQL Server Port for Netwrix Auditor Audit Database](/docs/kb/auditor/specify-custom-sql-server-port-for-netwrix-auditor-audit-database). ## Related Articles - [Specifying the SQL Server Instance Name](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/auditdatabase) - [Configure remote access (server configuration option) — Use SQL Server Management Studio ⸱ Microsoft](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-the-remote-access-server-configuration-option?view=sql-server-ver16#SSMSProcedure) -- [Enable TCP/IP Protocol in SQL Server](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/enable_tcpip_protocol_in_sql_server.md) +- [Enable TCP/IP Protocol in SQL Server](/docs/kb/auditor/enable_tcpip_protocol_in_sql_server) - [Configure SQL Server to listen on a specific TCP port — Assign a TCP/IP port number to the SQL Server Database Engine ⸱ Microsoft](https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-server-to-listen-on-a-specific-tcp-port?view=sql-server-ver15#assign-a-tcpip-port-number-to-the-sql-server-database-engine) -- [Specify Custom SQL Server Port for Netwrix Auditor Audit Database](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md) +- [Specify Custom SQL Server Port for Netwrix Auditor Audit Database](/docs/kb/auditor/specify-custom-sql-server-port-for-netwrix-auditor-audit-database) diff --git a/docs/kb/auditor/error-during-report-processing-rserrorimpersonatinguser-running-reports.md b/docs/kb/auditor/error-during-report-processing-rserrorimpersonatinguser-running-reports.md index 7fd6a84010..7839290a0b 100644 --- a/docs/kb/auditor/error-during-report-processing-rserrorimpersonatinguser-running-reports.md +++ b/docs/kb/auditor/error-during-report-processing-rserrorimpersonatinguser-running-reports.md @@ -49,7 +49,7 @@ SQL Server Reporting Services (SSRS) connection issues or insufficient permissio If you use a `gMSA` account for data collection, refer to the following article for additional information: [GMSA](https://docs.netwrix.com/docs/auditor/10_8/requirements/gmsa) -4. Check your Report Services configuration. [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +4. Check your Report Services configuration. [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) 5. Check the permissions for your SSRS Account. Refer to the following article:[Configure SSRS Account](https://docs.netwrix.com/docs/auditor/10_8/requirements/sqlserverreportingservice#configure-ssrs-account) @@ -67,5 +67,5 @@ SQL Server Reporting Services (SSRS) connection issues or insufficient permissio - [Configure Audit Database Account](https://docs.netwrix.com/docs/auditor/10_8/requirements/sqlserver#configure-audit-database-account) - [Data Collecting Accounts](https://docs.netwrix.com/docs/auditor/10_8/admin/monitoringplans/dataaccounts) - [Requirements – Use Group Managed Service Account (gMSA](https://docs.netwrix.com/docs/auditor/10_8/requirements/gmsa) -- [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +- [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) - [Configure SSRS Account](https://docs.netwrix.com/docs/auditor/10_8/requirements/sqlserverreportingservice#configure-ssrs-account) diff --git a/docs/kb/auditor/error-failed-to-load-registry-hive-file-is-used-by-another-process.md b/docs/kb/auditor/error-failed-to-load-registry-hive-file-is-used-by-another-process.md index 52f9d63661..6f42919d47 100644 --- a/docs/kb/auditor/error-failed-to-load-registry-hive-file-is-used-by-another-process.md +++ b/docs/kb/auditor/error-failed-to-load-registry-hive-file-is-used-by-another-process.md @@ -53,7 +53,7 @@ This issue may be caused by one or more of the following factors: Apply one or more of the following solutions to resolve this error: -- Configure antivirus exclusions in your Netwrix Auditor environment. For details, see the following article: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +- Configure antivirus exclusions in your Netwrix Auditor environment. For details, see the following article: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) - Follow these steps if excluding Auditor-related folders did not resolve the issue: @@ -89,4 +89,4 @@ Apply one or more of the following solutions to resolve this error: ## Related Article -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) diff --git a/docs/kb/auditor/error-generating-a-report-in-ssrs-http-error-401-unauthorized.md b/docs/kb/auditor/error-generating-a-report-in-ssrs-http-error-401-unauthorized.md index 50772c99fb..c2306c304a 100644 --- a/docs/kb/auditor/error-generating-a-report-in-ssrs-http-error-401-unauthorized.md +++ b/docs/kb/auditor/error-generating-a-report-in-ssrs-http-error-401-unauthorized.md @@ -57,12 +57,12 @@ HTTP Error 401 - Unauthorized. Provide another credentials or change security se 2. In the left pane, click **Local server**. 3. Click **On** to the right of **IE Enhanced Security Configuration**. - ![](../../../images/ka0Qk00000031Iv_0EM4u000008LafD.png) + ![](./images/ka0Qk00000031Iv_0EM4u000008LafD.png) 4. In the configuration window, switch both **Administrators** and **Users** categories to **Off**. 5. Click **OK** to save changes. - ![](../../../images/ka0Qk00000031Iv_0EM4u000008LafI.png) + ![](./images/ka0Qk00000031Iv_0EM4u000008LafI.png) - Review your SSRS account permissions. For additional information, refer to: SQL Server Reporting Services: Configure SSRS Account · v10.6 — https://docs.netwrix.com/docs/auditor/10_8/requirements/overview diff --git a/docs/kb/auditor/error-memory-limit-is-reached.md b/docs/kb/auditor/error-memory-limit-is-reached.md index dad2f28738..a9e715a5c0 100644 --- a/docs/kb/auditor/error-memory-limit-is-reached.md +++ b/docs/kb/auditor/error-memory-limit-is-reached.md @@ -42,8 +42,8 @@ The default memory limit has been reached for the process. Increase the resource pool on your Netwrix Auditor server. Refer to the following article for additional information on hardware requirements for different deployment scenarios: [Hardware Requirements](https://docs.netwrix.com/docs/auditor/10_8/requirements/console). -> **IMPORTANT:** Verify that the antivirus exclusions are in place on your Netwrix Auditor server. Review the following article for recommendations on antivirus exclusions in the Auditor environment: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md). +> **IMPORTANT:** Verify that the antivirus exclusions are in place on your Netwrix Auditor server. Review the following article for recommendations on antivirus exclusions in the Auditor environment: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor). ## Related Articles - [Hardware Requirements](https://docs.netwrix.com/docs/auditor/10_8/requirements/console) -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) diff --git a/docs/kb/auditor/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md b/docs/kb/auditor/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md index c3291d48c1..9eecd41259 100644 --- a/docs/kb/auditor/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md +++ b/docs/kb/auditor/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md @@ -59,7 +59,7 @@ If you are currently on a 10.5 version and build other than 10950, perform the p ## Related articles -- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md) +- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/how-to-upgrade-netwrix-auditor) diff --git a/docs/kb/auditor/error-no-more-threads.md b/docs/kb/auditor/error-no-more-threads.md index bff44f19b0..df0cf214cb 100644 --- a/docs/kb/auditor/error-no-more-threads.md +++ b/docs/kb/auditor/error-no-more-threads.md @@ -31,5 +31,5 @@ To fix the issue, restart the **WMI service** on the **target domain controller* 3. Locate the **Windows Management Instrumentation Service** in the list. 4. Right-click this service and select **Restart** from the popup menu. -![User-added image](../../../images/ka04u000000HcMv_0EM700000004wr9.png) +![User-added image](./images/ka04u000000HcMv_0EM700000004wr9.png) diff --git a/docs/kb/auditor/error-request-operation-timeout.md b/docs/kb/auditor/error-request-operation-timeout.md index 29d644774e..2eebeee43f 100644 --- a/docs/kb/auditor/error-request-operation-timeout.md +++ b/docs/kb/auditor/error-request-operation-timeout.md @@ -26,7 +26,7 @@ knowledge_article_id: kA00g000000H9bxCAC You receive the "request timeout" error message when you launch the Netwrix Account Lockout Examiner console or some time after. -![User-added image](../../../images/ka04u000000HcUi_0EM700000004xfn.png) +![User-added image](./images/ka04u000000HcUi_0EM700000004xfn.png) --- @@ -45,7 +45,7 @@ In order to resolve the issue perform the following steps on the Account Lockout f. Set `invLogonCleaningPeriod` to `10 decimal` g. Restart the NetWrix Account Lockout Examiner service - ![User-added image](../../../images/ka04u000000HcUi_0EM700000004xfx.png) + ![User-added image](./images/ka04u000000HcUi_0EM700000004xfx.png) 2. If the above does not help, disable searching of invalid logons on workstations. This will reduce the service load. a. Run Registry Editor (`Start - Run - regedit`) @@ -53,12 +53,12 @@ In order to resolve the issue perform the following steps on the Account Lockout c. Create a DWORD called `PF_Enabled` with the value of `0` d. Restart the NetWrix Account Lockout Examiner service - ![User-added image](../../../images/ka04u000000HcUi_0EM700000004xg2.png) + ![User-added image](./images/ka04u000000HcUi_0EM700000004xg2.png) 3. If all of the registry settings did not address the issue set Account Lockout Examiner to monitor the PDC only: a. In Netwrix Account Lockout Examiner navigate to **File > Settings > Managed Objects**. b. Select your domain and click **Edit**. c. Select the **Only PDC emulator** radio button and click **OK** to save the changes. - ![User-added image](../../../images/ka04u000000HcUi_0EM700000004xg7.png) + ![User-added image](./images/ka04u000000HcUi_0EM700000004xg7.png) diff --git a/docs/kb/auditor/error-snapshot-saving-process-was-interrupted.md b/docs/kb/auditor/error-snapshot-saving-process-was-interrupted.md index 095cbf03ad..4f29d232b0 100644 --- a/docs/kb/auditor/error-snapshot-saving-process-was-interrupted.md +++ b/docs/kb/auditor/error-snapshot-saving-process-was-interrupted.md @@ -41,8 +41,8 @@ An antivirus or EDR/XDR solution in your environment affects the operation of yo ## Resolution -Add antivirus exclusions to both your Netwrix Auditor monitoring plan and to targets by referring to the following article: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md). +Add antivirus exclusions to both your Netwrix Auditor monitoring plan and to targets by referring to the following article: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor). ## Related Articles -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) diff --git a/docs/kb/auditor/error-the-maximum-password-age-is-not-set.md b/docs/kb/auditor/error-the-maximum-password-age-is-not-set.md index 20e03d4883..113008dc7e 100644 --- a/docs/kb/auditor/error-the-maximum-password-age-is-not-set.md +++ b/docs/kb/auditor/error-the-maximum-password-age-is-not-set.md @@ -43,5 +43,5 @@ To set the Maximum Password Age policy for the domain: 4. In the right pane define the **Maximum password age** value 5. Update policies, for example run `gpupdate /force` -![User-added image](../../../images/ka04u000000HcU6_0EM7000000054Ba.png) +![User-added image](./images/ka04u000000HcU6_0EM7000000054Ba.png) diff --git a/docs/kb/auditor/error-the-pipe-endpoint-cannot-be-found.md b/docs/kb/auditor/error-the-pipe-endpoint-cannot-be-found.md index 9d021b020b..5ba24b5d5a 100644 --- a/docs/kb/auditor/error-the-pipe-endpoint-cannot-be-found.md +++ b/docs/kb/auditor/error-the-pipe-endpoint-cannot-be-found.md @@ -24,7 +24,7 @@ knowledge_article_id: kA00g000000H9c4CAC You get the "pipe endpoint cannot be found" error when you launch the console, or after some time after launching it. -![User-added image](../../../images/ka04u000000HcUp_0EM700000004xfs.png) +![User-added image](./images/ka04u000000HcUp_0EM700000004xfs.png) The issue occurs when the Account Lockout Examiner does not start or crashes. diff --git a/docs/kb/auditor/error-the-remote-procedure-call-failed.md b/docs/kb/auditor/error-the-remote-procedure-call-failed.md index 528df70bb7..2c9af34273 100644 --- a/docs/kb/auditor/error-the-remote-procedure-call-failed.md +++ b/docs/kb/auditor/error-the-remote-procedure-call-failed.md @@ -41,7 +41,7 @@ The "Remote procedure call failed" error can have a number of root causes such a Depending on the error cause, follow the resolution steps below: 1. Make sure you have all required ports opened. For additional information on configuring ports for Netwrix Auditor, refer to the following article: [Protocols and Ports Required](https://docs.netwrix.com/docs/auditor/10_8/requirements/ports) -2. Review your Antivirus exclusions. For additional information on required exclusions for your antivirus, refer to the following article: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +2. Review your Antivirus exclusions. For additional information on required exclusions for your antivirus, refer to the following article: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) 3. If the issue occurs during Logon Activity data collection, try to follow the steps in these articles: - - [System Cannot Find the Path Specified in Logon Activity Monitoring Plan](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/system-cannot-find-the-path-specified-in-logon-activity-monitoring-plan.md) - - [Error: Size of Collected Data Files Exceeded Limit in Logon Activity Monitoring Plan](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-size-of-collected-data-files-exceeded-limit-in-logon-activity-monitoring-plan.md) + - [System Cannot Find the Path Specified in Logon Activity Monitoring Plan](/docs/kb/auditor/system-cannot-find-the-path-specified-in-logon-activity-monitoring-plan) + - [Error: Size of Collected Data Files Exceeded Limit in Logon Activity Monitoring Plan](/docs/kb/auditor/error-size-of-collected-data-files-exceeded-limit-in-logon-activity-monitoring-plan) diff --git a/docs/kb/auditor/error-user-activity-core-service-has-been-already-launched.md b/docs/kb/auditor/error-user-activity-core-service-has-been-already-launched.md index fbf066b6c5..38c30bd0e2 100644 --- a/docs/kb/auditor/error-user-activity-core-service-has-been-already-launched.md +++ b/docs/kb/auditor/error-user-activity-core-service-has-been-already-launched.md @@ -38,7 +38,7 @@ The computer is included in this or another monitoring plan - The list of monitored computers in your User Activity monitoring plan states the **Duplicate** status for one or multiple servers. -![Duplicate status screenshot](../../../images/ka0Qk0000004pqL_0EM4u000008M4JN.png) +![Duplicate status screenshot](./images/ka0Qk0000004pqL_0EM4u000008M4JN.png) - No monitoring data is available for the **Duplicate** servers. @@ -70,7 +70,7 @@ Stop-Service -Name "NwUserActivitySvc" Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Netwrix\User Activity Video Reporter Agent ``` - ![Registry key screenshot](../../../images/ka0Qk0000004pqL_0EM4u000008M4JS.png) + ![Registry key screenshot](./images/ka0Qk0000004pqL_0EM4u000008M4JS.png) Locate the `UniqID` value. Copy the value data and refer to it in the future steps—right-click the key and select **Modify...**. Once you copy the value, delete the `UniqID` value. diff --git a/docs/kb/auditor/essential-netwrix-license-usage-data-and-url-resources.md b/docs/kb/auditor/essential-netwrix-license-usage-data-and-url-resources.md index 7449090902..41b8f197e2 100644 --- a/docs/kb/auditor/essential-netwrix-license-usage-data-and-url-resources.md +++ b/docs/kb/auditor/essential-netwrix-license-usage-data-and-url-resources.md @@ -31,7 +31,7 @@ Each data source that Netwrix Auditor audits is associated with a license. For e > **Note:** License usage data does not include any sensitive information. See the following screenshot for an example of what data Netwrix receives: -![User-added image](../../../images/ka04u00000116GR_0EM4u000002PWPR.png) +![User-added image](./images/ka04u00000116GR_0EM4u000002PWPR.png) If a Netwrix server in your environment has limited Internet access, whitelist the following URLs so Netwrix can collect license usage data: diff --git a/docs/kb/auditor/event-id-1000-application-errors-in-netwrix-auditor-server.md b/docs/kb/auditor/event-id-1000-application-errors-in-netwrix-auditor-server.md index b69700dbd4..c27e17efa1 100644 --- a/docs/kb/auditor/event-id-1000-application-errors-in-netwrix-auditor-server.md +++ b/docs/kb/auditor/event-id-1000-application-errors-in-netwrix-auditor-server.md @@ -54,7 +54,7 @@ The **Faulting module name** dynamic-link library file was corrupted. This could ## Resolutions -1. Set up antivirus exclusions to prevent both your antivirus solution and Netwrix Auditor from conflicting — refer to the following article for additional information: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +1. Set up antivirus exclusions to prevent both your antivirus solution and Netwrix Auditor from conflicting — refer to the following article for additional information: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) 2. Establish the scope of affected `.dll` files. In case the **Faulting module path** links the system folder (e.g., `C:\Windows\System32`), follow these steps: @@ -80,9 +80,9 @@ The **Faulting module name** dynamic-link library file was corrupted. This could 3. Once the commands are completed and components are restored, restart the server. -3. In case the **Faulting module path** links a Netwrix-related folder (e.g., `C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing`), repair your Netwrix Auditor installation. Refer to the following article for additional information: [How to Repair Netwrix Auditor Installation](/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-repair-netwrix-auditor-installation.md) +3. In case the **Faulting module path** links a Netwrix-related folder (e.g., `C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing`), repair your Netwrix Auditor installation. Refer to the following article for additional information: [How to Repair Netwrix Auditor Installation](/docs/kb/auditor/how-to-repair-netwrix-auditor-installation) ## Related articles -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) -- [How to Repair Netwrix Auditor Installation](/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-repair-netwrix-auditor-installation.md) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) +- [How to Repair Netwrix Auditor Installation](/docs/kb/auditor/how-to-repair-netwrix-auditor-installation) diff --git a/docs/kb/auditor/event-id-1024-in-health-log.md b/docs/kb/auditor/event-id-1024-in-health-log.md index 0a35236795..6f755ba562 100644 --- a/docs/kb/auditor/event-id-1024-in-health-log.md +++ b/docs/kb/auditor/event-id-1024-in-health-log.md @@ -58,9 +58,9 @@ Regenerate the Activity Summary: > wevtutil epl "Netwrix Auditor" %userprofile%\desktop\NASH.evtx > ``` > -> Refer to the following article for additional information for an option to manually save the Auditor event log: [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md). +> Refer to the following article for additional information for an option to manually save the Auditor event log: [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log). ## Related articles -- [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md) +- [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log) - [My Tickets · Netwrix](https://www.netwrix.com/tickets.html#/tickets/open) diff --git a/docs/kb/auditor/event-id-1208-in-health-log.md b/docs/kb/auditor/event-id-1208-in-health-log.md index b03451ef40..27bbaf6439 100644 --- a/docs/kb/auditor/event-id-1208-in-health-log.md +++ b/docs/kb/auditor/event-id-1208-in-health-log.md @@ -34,7 +34,7 @@ Refer to the entries below for possible causes and resolutions based on event de ### `Fatal error during installation` - Cause: The **Timeout expired** error is prompted after SharePoint Core Service installation has taken over 10 minutes. - **Resolution:** Refer to the following article for additional information: [Timeout Expired Error on SharePoint Core Service Deployment](/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/timeout-expired-error-on-sharepoint-core-service-deployment.md) + **Resolution:** Refer to the following article for additional information: [Timeout Expired Error on SharePoint Core Service Deployment](/docs/kb/auditor/timeout-expired-error-on-sharepoint-core-service-deployment) - Cause: An invalid SharePoint Central Administration URL was specified during monitoring plan creation. **Resolution:** @@ -114,7 +114,7 @@ Refer to the entries below for possible causes and resolutions based on event de ## Related articles -- [Timeout Expired Error on SharePoint Core Service Deployment](/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/timeout-expired-error-on-sharepoint-core-service-deployment.md) +- [Timeout Expired Error on SharePoint Core Service Deployment](/docs/kb/auditor/timeout-expired-error-on-sharepoint-core-service-deployment) - [Permissions for SharePoint Auditing](https://docs.netwrix.com/docs/auditor/10_8/configuration/sharepoint/permissions) - [SharePoint Ports](https://docs.netwrix.com/docs/auditor/10_8/configuration/sharepoint/ports) - [Install for SharePoint Core Service](https://docs.netwrix.com/docs/auditor/10_8/install/sharepointcoreservice) diff --git a/docs/kb/auditor/event-id-1225-in-health-log.md b/docs/kb/auditor/event-id-1225-in-health-log.md index 1fe7f05954..6461cee970 100644 --- a/docs/kb/auditor/event-id-1225-in-health-log.md +++ b/docs/kb/auditor/event-id-1225-in-health-log.md @@ -41,10 +41,10 @@ Netwrix Auditor is unable to collect farm configuration changes due to network c Refer to the corresponding article for additional information on resolution: -- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1204-in-health-log.md) -- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1205-in-health-log.md) +- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-1204-in-health-log) +- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-1205-in-health-log) ## Related articles -- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1204-in-health-log.md) -- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1205-in-health-log.md) +- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-1204-in-health-log) +- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-1205-in-health-log) diff --git a/docs/kb/auditor/event-id-1274-in-health-log.md b/docs/kb/auditor/event-id-1274-in-health-log.md index db8fe43067..7b79d1fcd0 100644 --- a/docs/kb/auditor/event-id-1274-in-health-log.md +++ b/docs/kb/auditor/event-id-1274-in-health-log.md @@ -43,11 +43,11 @@ because the product is unable to detect the forest where the audited SharePoint - Cause #1 − Verify the **SharePoint Central Administration** site is reachable by opening the URL in a browser. - Cause #2 − Refer to the following articles for additional information: - - [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1204-in-health-log.md) - - [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1205-in-health-log.md) + - [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-1204-in-health-log) + - [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-1205-in-health-log) - Cause #3 − Verify the global catalog domain controller is reachable. ## Related articles -- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1204-in-health-log.md) -- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1205-in-health-log.md) +- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-1204-in-health-log) +- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-1205-in-health-log) diff --git a/docs/kb/auditor/event-id-2002-the-term-get-help-is-not-recognized.md b/docs/kb/auditor/event-id-2002-the-term-get-help-is-not-recognized.md index 1499657052..731e27d91a 100644 --- a/docs/kb/auditor/event-id-2002-the-term-get-help-is-not-recognized.md +++ b/docs/kb/auditor/event-id-2002-the-term-get-help-is-not-recognized.md @@ -43,4 +43,4 @@ To resolve the issue, upgrade Netwrix Auditor to the version 10.6 build 12322 an ### Related article: -- [Administrator Audit Logging (AAL) configuration details](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/administrator-audit-logging-aal-configuration-details.md) +- [Administrator Audit Logging (AAL) configuration details](/docs/kb/auditor/administrator-audit-logging-aal-configuration-details) diff --git a/docs/kb/auditor/exporting-information-on-account-lockout-events.md b/docs/kb/auditor/exporting-information-on-account-lockout-events.md index 6f2c5862bc..2ef8c5ecaa 100644 --- a/docs/kb/auditor/exporting-information-on-account-lockout-events.md +++ b/docs/kb/auditor/exporting-information-on-account-lockout-events.md @@ -29,7 +29,7 @@ Can I export information on account lockout events for audit purposes? The Netwrix Account Lockout Examiner console does not have an export feature. However, all lockout information is stored in the `allinfo.xml` file located in the product installation directory. It can be easily parsed by a third-party tool or script to get the required information. However account names are not stored in the `allinfo.xml`; all accounts are referred to as SIDs. -![User-added image](../../../images/ka04u000000HcN3_0EM700000004wrO.png) +![User-added image](./images/ka04u000000HcN3_0EM700000004wrO.png) Netwrix also has another product called Netwrix Event Log Manager for this purpose. This product is able to collect event log entries from multiple computers across the network and centrally store all events in a central location in a compressed format. diff --git a/docs/kb/auditor/failed-logon-attempts-after-recent-service-account-password-change.md b/docs/kb/auditor/failed-logon-attempts-after-recent-service-account-password-change.md index f4810dd690..b4d845cf59 100644 --- a/docs/kb/auditor/failed-logon-attempts-after-recent-service-account-password-change.md +++ b/docs/kb/auditor/failed-logon-attempts-after-recent-service-account-password-change.md @@ -44,5 +44,5 @@ For Event Log Manager, Inactive User Tracker and Netwrix Password Reset: Refer to the following screenshots for reference on service accounts credentials to be changed in case you've reset a password in Netwrix Auditor: -![Service account credentials screenshot](../../../images/ka04u00000117Vm_0EM4u000008M8Pe.png) +![Service account credentials screenshot](./images/ka04u00000117Vm_0EM4u000008M8Pe.png) diff --git a/docs/kb/auditor/failed-to-open-log.md b/docs/kb/auditor/failed-to-open-log.md index cecde4cd3f..f3d89d3678 100644 --- a/docs/kb/auditor/failed-to-open-log.md +++ b/docs/kb/auditor/failed-to-open-log.md @@ -45,11 +45,11 @@ There are several possible reasons for this error to appear: 1. Make sure the problematic server is started and is accessible through the network. 2. Make sure the **Server** service is started and set to **Automatic** on the problematic server. -![Services snap-in: Server service](../../../images/ka04u000000HcUb_0EM7000000051QD.png) +![Services snap-in: Server service](./images/ka04u000000HcUb_0EM7000000051QD.png) 3. Make sure the **File and Printer Sharing for Microsoft Networks** component is enabled in the Local Area Connection properties. -![Local Area Connection Properties: File and Printer sharing](../../../images/ka04u000000HcUb_0EM7000000051QI.png) +![Local Area Connection Properties: File and Printer sharing](./images/ka04u000000HcUb_0EM7000000051QI.png) 4. Disable the **Windows Firewall** service on the problematic server: @@ -62,5 +62,5 @@ Or configure the Windows Firewall exception: - Expand nodes as follow: `Computer Configuration / Administrative Templates / Network / Network Connections / Windows Firewall`, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure. - Enable the **Allow inbound file and printer sharing exception** exception. -![Firewall Settings: Allow inbound file and printer sharing exception](../../../images/ka04u000000HcUb_0EM7000000051QN.png) +![Firewall Settings: Allow inbound file and printer sharing exception](./images/ka04u000000HcUb_0EM7000000051QN.png) diff --git "a/docs/kb/auditor/failed_to_load_registry_hive_\342\210\222_system_cannot_find_file_specified_configuration_registry_database_is_.md" "b/docs/kb/auditor/failed_to_load_registry_hive_\342\210\222_system_cannot_find_file_specified_configuration_registry_database_is_.md" index aa89741cdb..40d5e48d09 100644 --- "a/docs/kb/auditor/failed_to_load_registry_hive_\342\210\222_system_cannot_find_file_specified_configuration_registry_database_is_.md" +++ "b/docs/kb/auditor/failed_to_load_registry_hive_\342\210\222_system_cannot_find_file_specified_configuration_registry_database_is_.md" @@ -46,10 +46,10 @@ The error can be resolved by performing one of the following steps: 2. Add **ProfileImagePath** value (Expandable String Value) with an empty value to the profiles with the value missing. 3. Check the affected server for unknown user profiles by accessing **Control Panel** > **System** > **Advanced system settings** > **Advanced** tab > **Settings** button under the **User Profiles** section to delete them. 4. Ask the remaining users to log in to the system — a user affected by a faulty `NTUSER.DAT` won't be able to log in. -5. In case collection is not affected (e.g., the user does not appear in the registry), you can omit the error. Add the `%*,*,*Remove Software data provider failed to load the user *domain\user*%` line to the Windows Server Auditing **omiterror** list. Refer to the following article for additional information on omit lists: [How to Use Omit Lists](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-use-omit-lists.md). +5. In case collection is not affected (e.g., the user does not appear in the registry), you can omit the error. Add the `%*,*,*Remove Software data provider failed to load the user *domain\user*%` line to the Windows Server Auditing **omiterror** list. Refer to the following article for additional information on omit lists: [How to Use Omit Lists](/docs/kb/auditor/how-to-use-omit-lists). Once the changes are introduced, reboot the target server. ### Related Articles -[How to Use Omit Lists](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-use-omit-lists.md) \ No newline at end of file +[How to Use Omit Lists](/docs/kb/auditor/how-to-use-omit-lists) \ No newline at end of file diff --git a/docs/kb/auditor/fixing-reports-displaying-letters-instead-of-command-text-in-ssrs.md b/docs/kb/auditor/fixing-reports-displaying-letters-instead-of-command-text-in-ssrs.md index 93bb341dec..d0d8e40585 100644 --- a/docs/kb/auditor/fixing-reports-displaying-letters-instead-of-command-text-in-ssrs.md +++ b/docs/kb/auditor/fixing-reports-displaying-letters-instead-of-command-text-in-ssrs.md @@ -26,7 +26,7 @@ knowledge_article_id: kA04u000000Tt80CAC ## Scenario Upon opening reports, the command buttons have been replaced by text symbols and it looks similar to this: -![Screenshot_1.png](../../../images/ka04u000000HdFq_0EM4u0000052m0m.png) +![Screenshot_1.png](./images/ka04u000000HdFq_0EM4u0000052m0m.png) ## Solution The issue is with Internet Explorer's handling of permissions. To fix the issue you need to add the reporting server to the **Trusted Sites** and disable the **Protected Mode** for Admins on the Netwrix Server. diff --git a/docs/kb/auditor/group-policy-error-is-not-in-a-valid-format.md b/docs/kb/auditor/group-policy-error-is-not-in-a-valid-format.md index 3c697f5d55..f1c1bf1b3f 100644 --- a/docs/kb/auditor/group-policy-error-is-not-in-a-valid-format.md +++ b/docs/kb/auditor/group-policy-error-is-not-in-a-valid-format.md @@ -27,7 +27,7 @@ You may receive a Group Policy daily summary email with the error: "The file `DC --- The group policy is corrupted or it is not in a valid format. If you open the Group Policy Management Console (GPMC) > highlight the group policy in Summary and navigate to > **Settings** tab, most likely it will return you an error message. -![Settings](../../../images/ka04u000000HcUd_0EM7000000051OC.png) +![Settings](./images/ka04u000000HcUd_0EM7000000051OC.png) --- @@ -36,7 +36,7 @@ The group policy is corrupted or it is not in a valid format. If you open the Gr First of all you need to find out the affected policy. In the error message `"DC01.corp..com\sysvol\corp..com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol"` — `31B2F340-016D-11D2-945F-00C04FB984F9` is the GUID of the affected group policy. To find out the GUID of a group policy open GPMC > highlight a group policy and open **Details** tab > **Unique ID** is the GUID of a GPO. -![GUID GPO](../../../images/ka04u000000HcUd_0EM7000000051O7.png) +![GUID GPO](./images/ka04u000000HcUd_0EM7000000051O7.png) There are 3 possible solutions: diff --git a/docs/kb/auditor/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md b/docs/kb/auditor/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md index 49c8972509..9ad0a03da8 100644 --- a/docs/kb/auditor/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md +++ b/docs/kb/auditor/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md @@ -28,29 +28,29 @@ You'd like to remove the Netwrix header and footer from emails sent to users and ## Resolution -> **IMPORTANT:** In some cases both header and footer reset after your Netwrix Auditor instance has been upgraded to v10.6. For additional information, refer to the following article: [Netwrix Password Reset Email Header and Footer Reset After Upgrade](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/password-expiration-notifier-email-header-and-footer-reset-after-upgrade.md) +> **IMPORTANT:** In some cases both header and footer reset after your Netwrix Auditor instance has been upgraded to v10.6. For additional information, refer to the following article: [Netwrix Password Reset Email Header and Footer Reset After Upgrade](/docs/kb/auditor/password-expiration-notifier-email-header-and-footer-reset-after-upgrade) 1. Open Registry Editor on the Netwrix Auditor Server host. 2. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Netwrix Auditor\Password Expiration Notifier`. 3. Right-click the **Password Expiration Notifier** hive and click **New**. 4. Select **DWORD (32-bit) Value**. - ![New DWORD (32-bit) Value](../../../images/ka04u00000117kD_0EM4u000008MHts.png) + ![New DWORD (32-bit) Value](./images/ka04u00000117kD_0EM4u000008MHts.png) 5. Name the key `HideEmailAdditionalInfo`. 6. Right-click the key and select **Modify**. 7. Set the value data to `1` (Hexadecimal). - ![Modify DWORD value to 1](../../../images/ka04u00000117kD_0EM4u000008MHuC.png) + ![Modify DWORD value to 1](./images/ka04u00000117kD_0EM4u000008MHuC.png) 8. The next round of emails will be sent without the header and footer. > **NOTE:** If you'd like to re-enable the header and footer, simply change the value data to `0`. -To further customize Netwrix Password Reset emails, refer to the following article: [Customize Notifications and Reports in Netwrix Password Reset](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/customize-notifications-and-reports-in-password-expiration-notifier.md). +To further customize Netwrix Password Reset emails, refer to the following article: [Customize Notifications and Reports in Netwrix Password Reset](/docs/kb/auditor/customize-notifications-and-reports-in-password-expiration-notifier). ### Related articles -- [Customize Notifications and Reports in Netwrix Password Reset](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/customize-notifications-and-reports-in-password-expiration-notifier.md) -- [Netwrix Password Reset Email Header and Footer Reset After Upgrade](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/password-expiration-notifier-email-header-and-footer-reset-after-upgrade.md) +- [Customize Notifications and Reports in Netwrix Password Reset](/docs/kb/auditor/customize-notifications-and-reports-in-password-expiration-notifier) +- [Netwrix Password Reset Email Header and Footer Reset After Upgrade](/docs/kb/auditor/password-expiration-notifier-email-header-and-footer-reset-after-upgrade) diff --git a/docs/kb/auditor/high-cpu-load-and-memory-usage.md b/docs/kb/auditor/high-cpu-load-and-memory-usage.md index 35b49dda3b..880ff19a80 100644 --- a/docs/kb/auditor/high-cpu-load-and-memory-usage.md +++ b/docs/kb/auditor/high-cpu-load-and-memory-usage.md @@ -37,5 +37,5 @@ In order to reduce CPU load and memory usage, perform the following steps: If this does not help, set the `LockoutStatusRefreshPeriod` key value to `0`, but in this case the Account Lockout Examiner will not verify accounts status via Active Directory, so account lockouts will not be reported if a corresponding event is not found in the event log. -![User-added image](../../../images/ka04u000000HcN0_0EM700000004wxW.png) +![User-added image](./images/ka04u000000HcN0_0EM700000004wxW.png) diff --git a/docs/kb/auditor/high-cpu-usage-on-domain-controllers.md b/docs/kb/auditor/high-cpu-usage-on-domain-controllers.md index 5302623e65..e9535f1114 100644 --- a/docs/kb/auditor/high-cpu-usage-on-domain-controllers.md +++ b/docs/kb/auditor/high-cpu-usage-on-domain-controllers.md @@ -39,7 +39,7 @@ There are two options to fix the issue: 3. Create a DWORD called `UseWatcher` with value `1` 4. Restart the **Netwrix Account Lockout Examiner service** via **Services.msc** - ![User-added image](../../images/ka04u000000HcUT_0EM7000000052iw.png) + ![User-added image](./images/ka04u000000HcUT_0EM7000000052iw.png) 2. If the above does not help, disable usage of WMI to communicate with domain controllers. (A .Net-based mechanism will be used for it.) @@ -50,5 +50,5 @@ There are two options to fix the issue: 3. Change the `UseWMI` value to `0` 4. Restart the **Netwrix Account Lockout Examiner service** via **Services.msc** - ![User-added image](../../images/ka04u000000HcUT_0EM7000000052jG.png) + ![User-added image](./images/ka04u000000HcUT_0EM7000000052jG.png) diff --git a/docs/kb/auditor/high-cpu-usage-on-remote-desktop-servers.md b/docs/kb/auditor/high-cpu-usage-on-remote-desktop-servers.md index 2dcbae5c99..3142a65b3f 100644 --- a/docs/kb/auditor/high-cpu-usage-on-remote-desktop-servers.md +++ b/docs/kb/auditor/high-cpu-usage-on-remote-desktop-servers.md @@ -47,7 +47,7 @@ To change this on the machine where ALE is installed: 3. Change the `UseWMI_Workstations` value to `0`. 4. Restart the Netwrix Account Lockout Examiner service via `Services.msc`. -![User-added image](../../../images/ka04u000000HcUO_0EM7000000052ir.png) +![User-added image](./images/ka04u000000HcUO_0EM7000000052ir.png) ### Option 2 — Disable searching for detailed info about invalid logons @@ -60,5 +60,5 @@ To change this on the machine where ALE is installed: 3. Create a new DWORD called `PF_Enabled` and set its value to `0`. 4. Restart the Netwrix Account Lockout Examiner service via `Services.msc`. -![User-added image](../../../images/ka04u000000HcUO_0EM7000000052im.png) +![User-added image](./images/ka04u000000HcUO_0EM7000000052im.png) diff --git a/docs/kb/auditor/how-do-i-migrate-the-reporting-database-to-another-ms-sql-server-instance-lower-version.md b/docs/kb/auditor/how-do-i-migrate-the-reporting-database-to-another-ms-sql-server-instance-lower-version.md index 859277e0c9..39376f5bd1 100644 --- a/docs/kb/auditor/how-do-i-migrate-the-reporting-database-to-another-ms-sql-server-instance-lower-version.md +++ b/docs/kb/auditor/how-do-i-migrate-the-reporting-database-to-another-ms-sql-server-instance-lower-version.md @@ -34,49 +34,49 @@ There are a few options to downgrade the database from a higher version of SQL S 1.1 In Object Explorer connect to the SQL server, right-click the database, expand **Tasks** and choose **Generate Scripts**. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TB6.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TB6.png) 1.2 This launches the **Generate and Publish Scripts** wizard. Click **Next** to skip the Introduction screen and proceed to the Choose Objects page. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TBB.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TBB.png) 1.3 On the Choose Objects page, choose **Script entire database and all database objects**, and then click **Next** to proceed to the **Set Scripting Options** page. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TBG.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TBG.png) 1.4 On the **Set Scripting Options** page, specify the location where you want to save the script file, and then click the **Advanced** button. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TBL.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TBL.png) 1.5 In the **Advanced Scripting Options** dialog box, set `Script Triggers`, `Indexes` and `Primary Key` options to `True`, set `Script for Server Version` to ``<version of the destination SQL server instance>``, and set `Types of data to script` to `Schema and Data`. This last option is key because this is what generates the data per table. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TC4.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TC4.png) 1.6 Once done, click **OK** to close the **Advanced Scripting Options** dialog box and return to the **Set Scripting Options** page. In the **Set Scripting Options** page, click **Next** to continue to the Summary page. 1.7 After reviewing your selections on the Summary page, click **Next** to generate scripts. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TBV.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TBV.png) 1.8 Once scripts are generated successfully, choose the **Finish** button to close the **Generate and Publish Scripts** wizard. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TBa.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TBa.png) 2. Connect to the destination SQL Server instance, and then run the SQL scripts that were generated, to create the database schema and copy its data. 2.1 In Object Explorer connect to the destination SQL Server instance and then in SQL Server Management Studio open the SQL Server script you saved in Step 1. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TBf.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TBf.png) -![User-added image](../../images/ka04u000000HcOn_0EM700000005TBk.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TBk.png) -![User-added image](../../images/ka04u000000HcOn_0EM700000005TBp.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TBp.png) 2.2 Modify the script to specify the correct location for the database data and log files. Once done, run the script to create the database on the destination SQL Server instance. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TCE.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TCE.png) 2.3 Upon successful execution, refresh the Database folder in Object Explorer. -![User-added image](../../images/ka04u000000HcOn_0EM700000005TC9.png) +![User-added image](./images/ka04u000000HcOn_0EM700000005TC9.png) diff --git a/docs/kb/auditor/how-do-i-monitor-hidden-file-shares.md b/docs/kb/auditor/how-do-i-monitor-hidden-file-shares.md index ad966c1884..d4734bc9e3 100644 --- a/docs/kb/auditor/how-do-i-monitor-hidden-file-shares.md +++ b/docs/kb/auditor/how-do-i-monitor-hidden-file-shares.md @@ -26,7 +26,7 @@ If you specified **Computer** as an Item in the Netwrix Auditor Windows File Ser If you would like to audit all hidden shares on the server, check the corresponding option at the **Scope** tab of your **Computer** item: -![image.png](../../../images/ka04u000000HcNr_0EM4u000007qtQ1.png) +![image.png](./images/ka04u000000HcNr_0EM4u000007qtQ1.png) **NOTE:** It is not recommended to specify the system drive (`\server\c$`) as an Item. This will force Netwrix to audit local folders including the system ones that produce a lot of noise and degrade the product performance. diff --git a/docs/kb/auditor/how-does-netwrix-account-lockout-examiner-work.md b/docs/kb/auditor/how-does-netwrix-account-lockout-examiner-work.md index 960ab0d9ca..e194bd983f 100644 --- a/docs/kb/auditor/how-does-netwrix-account-lockout-examiner-work.md +++ b/docs/kb/auditor/how-does-netwrix-account-lockout-examiner-work.md @@ -38,5 +38,5 @@ To run an examination: 1. Click the **Examine** button at the bottom of the list in the **Summary** tab, or 2. Right-click an account and select **Examine**. -When you run an examination, it shows a list of invalid logons, specifies the names of the processes that used invalid credentials, and checks the most common reasons for lockouts: mapped drives, scheduled tasks, RDP sessions, and services running under the credentials of the account in question. Examination results look like this: [![User-added image](../../../images/ka0Qk00000045if_0EM700000004wzI.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbd&feoid=00N700000032Pj2&refid=0EM700000004wzI) +When you run an examination, it shows a list of invalid logons, specifies the names of the processes that used invalid credentials, and checks the most common reasons for lockouts: mapped drives, scheduled tasks, RDP sessions, and services running under the credentials of the account in question. Examination results look like this: [![User-added image](./images/ka0Qk00000045if_0EM700000004wzI.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbd&feoid=00N700000032Pj2&refid=0EM700000004wzI) diff --git a/docs/kb/auditor/how-to-add-additional-space-to-long-term-archive.md b/docs/kb/auditor/how-to-add-additional-space-to-long-term-archive.md index f38de89ac6..2b2c8d2d73 100644 --- a/docs/kb/auditor/how-to-add-additional-space-to-long-term-archive.md +++ b/docs/kb/auditor/how-to-add-additional-space-to-long-term-archive.md @@ -53,4 +53,4 @@ It is up to you to decide how long you want to keep historical data. If you know Learn more about Investigations in the following article: [Investigations](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/investigations) -Review additional recommendations for preventing Long-Term Archive overflow in the following article: [How to Prevent Long-Term Archive Overflow](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-prevent-long-term-archive-overflow.md) +Review additional recommendations for preventing Long-Term Archive overflow in the following article: [How to Prevent Long-Term Archive Overflow](/docs/kb/auditor/how-to-prevent-long-term-archive-overflow) diff --git a/docs/kb/auditor/how-to-apply-netwrix-auditor-license.md b/docs/kb/auditor/how-to-apply-netwrix-auditor-license.md index 06daef15c5..6a649bab01 100644 --- a/docs/kb/auditor/how-to-apply-netwrix-auditor-license.md +++ b/docs/kb/auditor/how-to-apply-netwrix-auditor-license.md @@ -33,7 +33,7 @@ You may have received an email from our licensing team — download the attached 1. In the main Netwrix Auditor screen, go to **Settings** > **Licenses** and click **Update**. - ![2.png](../../../images/ka04u00000116MV_0EM4u000007cekk.png) + ![2.png](./images/ka04u00000116MV_0EM4u000007cekk.png) 2. Navigate to your `*.lic` file and select the file. diff --git a/docs/kb/auditor/how-to-audit-another-domain-with-netwrix-auditor.md b/docs/kb/auditor/how-to-audit-another-domain-with-netwrix-auditor.md index 8ccebfa267..bb326c39a6 100644 --- a/docs/kb/auditor/how-to-audit-another-domain-with-netwrix-auditor.md +++ b/docs/kb/auditor/how-to-audit-another-domain-with-netwrix-auditor.md @@ -30,12 +30,12 @@ Can I audit another domain with Netwrix Auditor? With Netwrix Auditor you can audit domains different from the one where the Netwrix Auditor host resides. Refer to the following scenarios: - If there is a two-way trust set up between the audited domain and the domain where the Netwrix Auditor host is installed, no limitations apply. Learn more about trusts in [How trust relationships work for forests in Active Directory ⸱ Microsoft 🤝](https://learn.microsoft.com/en-us/azure/active-directory-domain-services/concepts-forest-trust). -- For audit of non-trusted domains, refer to the following article for additional information: [How to Audit a Non-Trusted Domain](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-audit-a-non-trusted-domain.md). +- For audit of non-trusted domains, refer to the following article for additional information: [How to Audit a Non-Trusted Domain](/docs/kb/auditor/how-to-audit-a-non-trusted-domain). > **NOTE:** The data collecting account should have required permissions in the monitored domain. Refer to the following article for additional information on Data Collecting Account and group Managed Service Account (gMSA) requirements: Monitoring Plans — Data Collecting Account ⸱ v10.6. ### Related articles - [How trust relationships work for forests in Active Directory ⸱ Microsoft 🤝](https://learn.microsoft.com/en-us/azure/active-directory-domain-services/concepts-forest-trust) -- [How to Audit a Non-Trusted Domain](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-audit-a-non-trusted-domain.md) +- [How to Audit a Non-Trusted Domain](/docs/kb/auditor/how-to-audit-a-non-trusted-domain) - Monitoring Plans — Data Collecting Account ⸱ v10.6 diff --git a/docs/kb/auditor/how-to-check-the-netwrix-auditor-health-status.md b/docs/kb/auditor/how-to-check-the-netwrix-auditor-health-status.md index acfd693700..dc410b6249 100644 --- a/docs/kb/auditor/how-to-check-the-netwrix-auditor-health-status.md +++ b/docs/kb/auditor/how-to-check-the-netwrix-auditor-health-status.md @@ -46,7 +46,7 @@ There is also the chance that the Health Log is relaying an error received from The Health Log also provides the option for filtering, allowing administrators to view messages from specific data sources/monitoring plans, as well as different types of messages (Information, warning, errors). -There may be times where Netwrix Auditor Technical Support requests a copy of your Health Log. To provide this file, please view the steps [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md). More details on the Health Log can be obtained here. +There may be times where Netwrix Auditor Technical Support requests a copy of your Health Log. To provide this file, please view the steps [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log). More details on the Health Log can be obtained here. ### Database Statistics @@ -62,4 +62,4 @@ This simple, yet effective, tile gives administrators insight on Long Term Archi ### Working Folder -The Working Folder is a structure of files that plays an integral part in event processing. Similar to the LTA tile, this tile will provide visibility on Working Folder growth. Expect this directory to grow and shrink periodically as it receives data, processes, and then sends it off for storage in SQL and the LTA. This directory can also be migrated to a drive independent to the system drive. The steps to migrate the Working Folder can be viewed [How to Migrate Netwrix Auditor Working Folder to a New Location](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md). +The Working Folder is a structure of files that plays an integral part in event processing. Similar to the LTA tile, this tile will provide visibility on Working Folder growth. Expect this directory to grow and shrink periodically as it receives data, processes, and then sends it off for storage in SQL and the LTA. This directory can also be migrated to a drive independent to the system drive. The steps to migrate the Working Folder can be viewed [How to Migrate Netwrix Auditor Working Folder to a New Location](/docs/kb/auditor/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location). diff --git a/docs/kb/auditor/how-to-configure-monitoring-of-local-accounts.md b/docs/kb/auditor/how-to-configure-monitoring-of-local-accounts.md index b0837352c9..c5e5c873cb 100644 --- a/docs/kb/auditor/how-to-configure-monitoring-of-local-accounts.md +++ b/docs/kb/auditor/how-to-configure-monitoring-of-local-accounts.md @@ -29,7 +29,7 @@ Netwrix Account Lockout Examiner can be set to monitor local machine event logs 5. In the next dialog box, select the **Domain Controller** radio button and enter the the name of workstation local events of which you want to monitor 6. Press the **OK** button. Press the **OK** button again. -[![User-added image](../../images/ka04u000000HcWP_0EM700000004wxl.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbY&feoid=00N700000032Pj2&refid=0EM700000004wxl) +[![User-added image](./images/ka04u000000HcWP_0EM700000004wxl.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbY&feoid=00N700000032Pj2&refid=0EM700000004wxl) **Note:** Make sure that the account used to run the Account Lockout Examiner service has administrative access to the machine you are adding. diff --git a/docs/kb/auditor/how-to-configure-netwrix-auditor-in-failover-mode.md b/docs/kb/auditor/how-to-configure-netwrix-auditor-in-failover-mode.md index e14e21ad7f..8fd1bbe7de 100644 --- a/docs/kb/auditor/how-to-configure-netwrix-auditor-in-failover-mode.md +++ b/docs/kb/auditor/how-to-configure-netwrix-auditor-in-failover-mode.md @@ -36,7 +36,7 @@ Refer to the following steps to configure Netwrix Auditor in failover mode: > **NOTE:** If Netwrix Auditor is already installed on a physical machine, consider migrating it to a virtual box. Some vendors support "physical to VM" migration." -2. Configure the Long-Term Archive (LTA) to be stored on a remote location, such as a shared iSCSI volume. Refer to the following Netwrix knowledge base article for instructions on how to move LTA to a new location: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md) +2. Configure the Long-Term Archive (LTA) to be stored on a remote location, such as a shared iSCSI volume. Refer to the following Netwrix knowledge base article for instructions on how to move LTA to a new location: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location) 3. For setting up backup and failover, ensure that the volume under LTA and Working Folder is redundant enough to survive failure. @@ -60,7 +60,7 @@ For alternative backup and failover options, refer to the steps below. ## Related Articles -- How to Move Long-Term Archive to a New Location: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md) +- How to Move Long-Term Archive to a New Location: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location) diff --git a/docs/kb/auditor/how-to-control-the-size-of-netwrixsqlcraudit-databases-on-sql-instances-and-what-it-is-needed-for.md b/docs/kb/auditor/how-to-control-the-size-of-netwrixsqlcraudit-databases-on-sql-instances-and-what-it-is-needed-for.md index 60b77f3fc5..72ac19f3c5 100644 --- a/docs/kb/auditor/how-to-control-the-size-of-netwrixsqlcraudit-databases-on-sql-instances-and-what-it-is-needed-for.md +++ b/docs/kb/auditor/how-to-control-the-size-of-netwrixsqlcraudit-databases-on-sql-instances-and-what-it-is-needed-for.md @@ -31,4 +31,4 @@ If you enable the **Audit data changes** option as part of SQL Server audit, Net 1. Disable the **Audit data changes** option if you are not interested in content changes, and delete the `NetwrixSQLCRAudit` database(s) from the SQL Server(s). 2. Shrink the `NetwrixSQLCRAudit` database(s) via MSSQL Management Studio. -For additional information about how Netwrix Auditor for SQL Server works, please refer to the following KB: [How Netwrix Auditor for SQL Server Collects Data](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-netwrix-auditor-for-sql-server-collects-data.md) +For additional information about how Netwrix Auditor for SQL Server works, please refer to the following KB: [How Netwrix Auditor for SQL Server Collects Data](/docs/kb/auditor/how-netwrix-auditor-for-sql-server-collects-data) diff --git a/docs/kb/auditor/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md b/docs/kb/auditor/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md index a5b39f20fd..febd9975d8 100644 --- a/docs/kb/auditor/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md +++ b/docs/kb/auditor/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md @@ -44,7 +44,7 @@ To determine the actual number of licenses you need to purchase from Netwrix, do 3. Enter your Office 365 account credentials when prompted and click **OK**. 4. When the script completes, you will see the number of mailbox accounts for which you need to purchase licenses: -![User-added image](../../images/ka04u000000HcMr_0EM0g000000hNsh.png) +![User-added image](./images/ka04u000000HcMr_0EM0g000000hNsh.png) ## For MFA-enabled account diff --git a/docs/kb/auditor/how-to-count-the-number-of-your-network-devices-in-your-configuration.md b/docs/kb/auditor/how-to-count-the-number-of-your-network-devices-in-your-configuration.md index 95c3df34bc..788ed25788 100644 --- a/docs/kb/auditor/how-to-count-the-number-of-your-network-devices-in-your-configuration.md +++ b/docs/kb/auditor/how-to-count-the-number-of-your-network-devices-in-your-configuration.md @@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9SnCAK The licensing **does not depend** on your Syslog forwarding configuration. In the example below, Netwrix Auditor collects audit data from five devices, one of them (6) also serving as a relay: -![User-added](../../../images/servlet_image_3823966b1661.png) +![User-added](./images/servlet_image_3823966b1661.png) The computer (5) does not send any data, so it does not count for a licensed object. Therefore, for this example configuration, purchase Netwrix Auditor license for five network devices.   Original KB Article 2122 diff --git a/docs/kb/auditor/how-to-create-the-full-dump-of-a-process.md b/docs/kb/auditor/how-to-create-the-full-dump-of-a-process.md index dd958ab142..f658811bb3 100644 --- a/docs/kb/auditor/how-to-create-the-full-dump-of-a-process.md +++ b/docs/kb/auditor/how-to-create-the-full-dump-of-a-process.md @@ -31,7 +31,7 @@ Netwrix technical support may ask you to create a dump of a particular process ( 5. Specify location to save the dump file. 6. Provide the dump file to the technical support. -![User-added image](../../../images/ka0Qk000000DRwr_0EM7000000051zm.png) +![User-added image](./images/ka0Qk000000DRwr_0EM7000000051zm.png) **NOTE:** If you receive Access Denied error during the process, please check the ["Debug Programs" Computer Policy](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/debug-programs). Consider adding the account that you use to the list of allowed users or use an Account which has this permission (e.g. local administrator account)" diff --git a/docs/kb/auditor/how-to-customize-email-notification-template.md b/docs/kb/auditor/how-to-customize-email-notification-template.md index 10d9bbe129..82aaf5f93a 100644 --- a/docs/kb/auditor/how-to-customize-email-notification-template.md +++ b/docs/kb/auditor/how-to-customize-email-notification-template.md @@ -52,5 +52,5 @@ You can modify the template in the following ways: - ` %Link%` - shows the link to the web portal. ## Example -[![User-added image](../../../images/ka04u000000HcWM_0EM700000004wyA.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAdA&feoid=00N700000032Pj2&refid=0EM700000004wyA) +[![User-added image](./images/ka04u000000HcWM_0EM700000004wyA.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAdA&feoid=00N700000032Pj2&refid=0EM700000004wyA) diff --git a/docs/kb/auditor/how-to-delete-old-entries-from-the-account-list.md b/docs/kb/auditor/how-to-delete-old-entries-from-the-account-list.md index 1fe5183596..d48cc58882 100644 --- a/docs/kb/auditor/how-to-delete-old-entries-from-the-account-list.md +++ b/docs/kb/auditor/how-to-delete-old-entries-from-the-account-list.md @@ -31,5 +31,5 @@ The account list is stored in the `alinfo.xml` file and you can manually delete 4. Save the `alinfo.xml` file. 5. Start the Netwrix Auditor service. -![User-added image](../../../images/ka04u000000HcNX_0EM700000004wxg.png) +![User-added image](./images/ka04u000000HcNX_0EM700000004wxg.png) diff --git a/docs/kb/auditor/how-to-enable-ocr-for-non-english-images.md b/docs/kb/auditor/how-to-enable-ocr-for-non-english-images.md index abc6bc534e..eb6e269694 100644 --- a/docs/kb/auditor/how-to-enable-ocr-for-non-english-images.md +++ b/docs/kb/auditor/how-to-enable-ocr-for-non-english-images.md @@ -30,7 +30,7 @@ How can I enable OCR for non-English images? ## Answer -The steps below explain how to deploy additional **OCR language pack(s)** and how to identify which **files** should be processed via the installed **pack(s)**. This assumes that you have enabled **OCR** correctly. More details can be found in the following KB article: [Process Document Images results in no extracted text or invalid text](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/process-document-images-results-in-no-extracted-text-or-invalid-text.md). +The steps below explain how to deploy additional **OCR language pack(s)** and how to identify which **files** should be processed via the installed **pack(s)**. This assumes that you have enabled **OCR** correctly. More details can be found in the following KB article: [Process Document Images results in no extracted text or invalid text](/docs/kb/auditor/process-document-images-results-in-no-extracted-text-or-invalid-text). Select the language you wish to use from the list below to download the corresponding language pack: diff --git a/docs/kb/auditor/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md b/docs/kb/auditor/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md index fdfe3e1667..f2152a9437 100644 --- a/docs/kb/auditor/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md +++ b/docs/kb/auditor/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md @@ -51,7 +51,7 @@ To exclude domain controllers from monitoring, refer to the following steps: MYDC.MYDOMAIN.LOCAL ``` - ![User-added image](../../images/ka0Qk0000003W1l_0EMQk000003oywv.png) + ![User-added image](./images/ka0Qk0000003W1l_0EMQk000003oywv.png) 3. Save the changes. Inactive User Tracker will exclude this domain controller. diff --git a/docs/kb/auditor/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md b/docs/kb/auditor/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md index ce008f8ae0..f96f50276e 100644 --- a/docs/kb/auditor/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md +++ b/docs/kb/auditor/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md @@ -39,13 +39,13 @@ You can exclude specific users and objects from your monitoring scope using the 2. Select the relevant monitoring plan, select the data source and click **Edit**. 3. Select the data source and click **Edit data source**. - ![bM2zhsogPP.png](../../../images/ka04u000000Qmg4_0EM4u000007cgGr.png) + ![bM2zhsogPP.png](./images/ka04u000000Qmg4_0EM4u000007cgGr.png) 4. In the left pane, select **Users**. Check the **Exclude these users:** checkbox and click **Add** to add users to be excluded from the monitoring plan. Once all the users are added, click **Save & Close** in the bottom left corner. - ![UwJqLVpUZx.png](../../../images/ka04u000000Qmg4_0EM4u000007cgOC.png) + ![UwJqLVpUZx.png](./images/ka04u000000Qmg4_0EM4u000007cgOC.png) 5. For objects, select the **Objects** tab in the left pane, check the **Exclude these objects** checkbox and click **Add** to exclude objects from the monitoring scope. Once you've added the objects, click **Save & Close**. - ![RmVD0BXEc0.png](../../../images/ka04u000000Qmg4_0EM4u000007cgPy.png) + ![RmVD0BXEc0.png](./images/ka04u000000Qmg4_0EM4u000007cgPy.png) The following examples explain how the exclusion rules work for **Objects**. Same logic applies to the inclusion rules: diff --git a/docs/kb/auditor/how-to-figure-out-the-ip-address-used-for-a-failed-logon-attempt.md b/docs/kb/auditor/how-to-figure-out-the-ip-address-used-for-a-failed-logon-attempt.md index f4c7227ac7..1f624ab9ea 100644 --- a/docs/kb/auditor/how-to-figure-out-the-ip-address-used-for-a-failed-logon-attempt.md +++ b/docs/kb/auditor/how-to-figure-out-the-ip-address-used-for-a-failed-logon-attempt.md @@ -33,7 +33,7 @@ However there are 2 ways you can figure out the IP address: 1. Note the **Computer** **name** and the timestamp of the particular failed logon attempt. - ![Image 1](../../../images/ka04u000000HcPz_0EM700000004y2I.png) + ![Image 1](./images/ka04u000000HcPz_0EM700000004y2I.png) 2. Go to **Start / All Programs / Netwrix Auditor / Event Log Manager / Advanced Tools / Viewer** 3. In the **Viewer** tool: @@ -42,42 +42,42 @@ However there are 2 ways you can figure out the IP address: - select **Event Log** as **Security** - specify dates **From** and **To**, use date from the timestamp that you have noticed on step 1 - ![Image 2](../../../images/ka04u000000HcPz_0EM700000004y2N.png) + ![Image 2](./images/ka04u000000HcPz_0EM700000004y2N.png) 4. Click the **View** button, and specify the location of the evt-file and click **OK**. The newly saved event log will be opened in **Event Viewer** automatically. 5. To convert the evt-file to evtx format, in the left hand panel, right click the saved log and select **Save All Events As**, specify the location of the evtx-file and click **OK**. Open the saved file via **Event Viewer**. - ![Image 3](../../../images/ka04u000000HcPz_0EM700000004y2S.png) + ![Image 3](./images/ka04u000000HcPz_0EM700000004y2S.png) 6. When the evtx-file is opened, click **Filter Current Log** in the **Actions** pane. 7. In the **Filter Current Log** dialog box, specify `Event ID` as `4625,529-537,539` (failed logon attempts IDs), and then click **Logged** drop-down list and select **Custom range**. - ![Image 4](../../../images/ka04u000000HcPz_0EM700000004y2X.png) + ![Image 4](./images/ka04u000000HcPz_0EM700000004y2X.png) 8. Specify date range around the timestamp that you have noticed on step 1 and click **OK**. Click **OK** - ![Image 5](../../../images/ka04u000000HcPz_0EM700000004y2c.png) + ![Image 5](./images/ka04u000000HcPz_0EM700000004y2c.png) 9. Find the corresponding event in the filtered log and double-click it. 10. The **IP Address** is displayed in the **Network Information** section of the event description. - ![Image 6](../../../images/ka04u000000HcPz_0EM700000004y2h.png) + ![Image 6](./images/ka04u000000HcPz_0EM700000004y2h.png) ## Procedure 2: 1. Note the **Computer name** and the timestamp of the particular failed logon attempt. - ![Image 1-1](../../../images/ka04u000000HcPz_0EM700000004y31.png) + ![Image 1-1](./images/ka04u000000HcPz_0EM700000004y31.png) 2. In the **Netwrix Auditor Management Console**, go to **Managed Objects / <Your Mananaged Object> / Event Log Manager** node. 3. Enable the "**Write event descriptions into the database**" check box (if it is already selected, continue from **step 6**). Close console. - ![Image 1-2](../../../images/ka04u000000HcPz_0EM700000004y3B.png) + ![Image 1-2](./images/ka04u000000HcPz_0EM700000004y3B.png) 4. Go to **Start / All Programs / Netwrix Auditor / Event Log Manager / Advanced Tools / DB Importer** 5. Select your managed object from the drop-down list and specify the date range that includes the date of the event. Click **Import**. - ![Image 1-3](../../../images/ka04u000000HcPz_0EM700000004y3G.png) + ![Image 1-3](./images/ka04u000000HcPz_0EM700000004y3G.png) 6. Start **Netwrix Auditor Management Console**, go to **Managed Objects / <Your Mananaged Object> / Event Log Manager / Reports / General Reports / All Events by Computer** report. 7. In the filters: @@ -86,16 +86,16 @@ However there are 2 ways you can figure out the IP address: - specify **Event ID** as **%5%** - specify **Event Log** as **Security** - !" ![Image](../../../images/servlet_image_3823966b1661.png) + !" ![Image](./images/servlet_image_3823966b1661.png) 8. Click the **View Report** button. 9. Find the corresponding event in the filtered log and click the blue link in the **Date** field. - ![Image 1-5](../../../images/ka04u000000HcPz_0EM700000004y3V.png) + ![Image 1-5](./images/ka04u000000HcPz_0EM700000004y3V.png) 10. The page with **Event Details** will be displayed. - ![Image 1-6](../../../images/ka04u000000HcPz_0EM700000004y3k.png) + ![Image 1-6](./images/ka04u000000HcPz_0EM700000004y3k.png) NOTE: diff --git a/docs/kb/auditor/how-to-filter-out-certain-users-from-reports.md b/docs/kb/auditor/how-to-filter-out-certain-users-from-reports.md index 90e7646703..f58971542a 100644 --- a/docs/kb/auditor/how-to-filter-out-certain-users-from-reports.md +++ b/docs/kb/auditor/how-to-filter-out-certain-users-from-reports.md @@ -38,7 +38,7 @@ How do I filter out certain users from mailbox access reports? ## Image -![User-added image](../../../images/ka04u000000HcPk_0EM7000000054Bf.png) +![User-added image](./images/ka04u000000HcPk_0EM7000000054Bf.png) ## Note diff --git a/docs/kb/auditor/how-to-find-destination-of-failed-ntlm-logons.md b/docs/kb/auditor/how-to-find-destination-of-failed-ntlm-logons.md index 5c18ba3564..3dc9a27bda 100644 --- a/docs/kb/auditor/how-to-find-destination-of-failed-ntlm-logons.md +++ b/docs/kb/auditor/how-to-find-destination-of-failed-ntlm-logons.md @@ -44,4 +44,4 @@ To find the actual source of failed logons, enable NTLM auditing temporarily. Fo ## Related Articles: -- [Why Do I Have Incomplete Information on Failed Logons?](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/why-do-i-have-incomplete-information-on-failed-logons.md) +- [Why Do I Have Incomplete Information on Failed Logons?](/docs/kb/auditor/why-do-i-have-incomplete-information-on-failed-logons) diff --git a/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version.md b/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version.md index 867564c7c4..56bc64fe03 100644 --- a/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version.md +++ b/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version.md @@ -34,5 +34,5 @@ To establish the version and build of your Netwrix Auditor instance, refer to th 2. In the left pane, select **About Netwrix Auditor**. 3. Your current version and build will be available in the right section. -![About Netwrix Auditor dialog showing version and build](../../../images/ka04u00000116gG_0EM4u000008LXT9.png) +![About Netwrix Auditor dialog showing version and build](./images/ka04u00000116gG_0EM4u000008LXT9.png) diff --git a/docs/kb/auditor/how-to-force-netwrix-auditor-to-collect-a-specific-applications-and-services-event-log.md b/docs/kb/auditor/how-to-force-netwrix-auditor-to-collect-a-specific-applications-and-services-event-log.md index 48c5dd2f90..0266eadc91 100644 --- a/docs/kb/auditor/how-to-force-netwrix-auditor-to-collect-a-specific-applications-and-services-event-log.md +++ b/docs/kb/auditor/how-to-force-netwrix-auditor-to-collect-a-specific-applications-and-services-event-log.md @@ -30,9 +30,9 @@ When creating a new filter for **Event Log Manager**, you can select the log nam 2. Right click on it and select **Log Properties**. 3. On the **Properties** window, copy **Full Name** of the event log. -![EventViewer - select desired log](../../../images/ka04u000000HcPp_0EM700000005DIQ.png) +![EventViewer - select desired log](./images/ka04u000000HcPp_0EM700000005DIQ.png) 4. Paste that name to the **Event Log** field of the filter: -![image.png](../../../images/ka04u000000HcPp_0EM4u000007qsVK.png) +![image.png](./images/ka04u000000HcPp_0EM4u000007qsVK.png) diff --git a/docs/kb/auditor/how-to-get-full-netwrix-auditor-version.md b/docs/kb/auditor/how-to-get-full-netwrix-auditor-version.md index 6d6ecefee0..bc6eb2c047 100644 --- a/docs/kb/auditor/how-to-get-full-netwrix-auditor-version.md +++ b/docs/kb/auditor/how-to-get-full-netwrix-auditor-version.md @@ -34,4 +34,4 @@ A trial version and a full version of Netwrix Auditor are the same version of th - In case you already have Netwrix Auditor installed, apply you new license to the existing Auditor instance. -Refer to the following article for additional information on applying a license to your Netwrix Auditor instance: [How to Apply Netwrix Auditor License](/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md). +Refer to the following article for additional information on applying a license to your Netwrix Auditor instance: [How to Apply Netwrix Auditor License](/docs/kb/auditor/how-to-apply-netwrix-auditor-license). diff --git a/docs/kb/auditor/how-to-identify-whether-auditor-server-can-receive-data-from-meraki-api.md b/docs/kb/auditor/how-to-identify-whether-auditor-server-can-receive-data-from-meraki-api.md index affc191ad0..70a79ce277 100644 --- a/docs/kb/auditor/how-to-identify-whether-auditor-server-can-receive-data-from-meraki-api.md +++ b/docs/kb/auditor/how-to-identify-whether-auditor-server-can-receive-data-from-meraki-api.md @@ -53,7 +53,7 @@ curl https://api.meraki.com/api/v1 > 1.html This is an example of a response when the product cannot access the Meraki API: -![User-added image](../../../images/ka0Qk0000002jaX_0EMQk0000045bUT.png) +![User-added image](./images/ka0Qk0000002jaX_0EMQk0000045bUT.png) In this case, check the ports required to audit the Meraki dashboard source and your internal firewall. Learn more about required ports and protocols in this article: Data Source Configuration — Network Devices — Network Devices Ports — v10.6 https://docs.netwrix.com/docs/auditor/10_8). diff --git a/docs/kb/auditor/how-to-install-access-reviews.md b/docs/kb/auditor/how-to-install-access-reviews.md index 51ed6f12b4..5829d0a57e 100644 --- a/docs/kb/auditor/how-to-install-access-reviews.md +++ b/docs/kb/auditor/how-to-install-access-reviews.md @@ -35,7 +35,7 @@ In case you're planning the on-premise deployment, click **On-premises Deploymen For the VM deployment, proceed with the **Virtual Appliance** option and select the suitable package. Netwrix Auditor Access Reviews will come preinstalled for the VM of your choice. -![pI1UIaaJkT.png](../../images/ka04u00000116Ju_0EM4u000008LKrz.png) +![pI1UIaaJkT.png](./images/ka04u00000116Ju_0EM4u000008LKrz.png) diff --git a/docs/kb/auditor/how-to-install-and-use-netwrix-account-lockout-examiner.md b/docs/kb/auditor/how-to-install-and-use-netwrix-account-lockout-examiner.md index 91db2efdf8..2bdb5a2605 100644 --- a/docs/kb/auditor/how-to-install-and-use-netwrix-account-lockout-examiner.md +++ b/docs/kb/auditor/how-to-install-and-use-netwrix-account-lockout-examiner.md @@ -32,7 +32,7 @@ Once you've downloaded ALE, open the folder. Here you will find the following it 1. Right click the `Netwrix_Account_Lockout_Examiner.exe` and click **Run as Administrator**. 2. A window will appear with a License Agreement and EULA. Please read the contents carefully and then choose to **Accept**. -![User-added image](../../../images/ka04u000000HdES_0EM4u000002CO3k.png) +![User-added image](./images/ka04u000000HdES_0EM4u000002CO3k.png) ## Operating Netwrix Account Lockout Examiner The next page that appears the the starting page for ALE. Here is a brief description of the options available to you. diff --git a/docs/kb/auditor/how-to-investigate-compression-services-errors.md b/docs/kb/auditor/how-to-investigate-compression-services-errors.md index f0a0b1ea99..f573bef5f8 100644 --- a/docs/kb/auditor/how-to-investigate-compression-services-errors.md +++ b/docs/kb/auditor/how-to-investigate-compression-services-errors.md @@ -37,9 +37,9 @@ In the Netwrix Auditor health log, some error events mention issues with the com **Note:** Pay attention to which collector you're going to adjust permissions. 3. Test the ports required for the problematic monitoring plan: - [Protocols and Ports](https://docs.netwrix.com/docs/auditor/10_8/requirements/ports) - - [Check TCP and UDP Ports Required](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/check-tcp-and-udp-ports-required.md) + - [Check TCP and UDP Ports Required](/docs/kb/auditor/check-tcp-and-udp-ports-required) 4. Check Remote Registry and Windows Management Instrumentation Services: - [Enable Remote Registry and Windows Management Instrumentation Services for Windows Server](https://docs.netwrix.com/docs/auditor/10_8/configuration/windowsserver/remoteregistry) - [Enable Remote Registry Services for File Server](https://docs.netwrix.com/docs/auditor/10_8/configuration/fileservers/windows/remoteregistryservice) 5. Add antivirus exclusions on the Netwrix and target servers for folders: - - [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) + - [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) diff --git a/docs/kb/auditor/how-to-manually-remove-compression-services-from-audited-servers.md b/docs/kb/auditor/how-to-manually-remove-compression-services-from-audited-servers.md index d843af8e99..f20de76674 100644 --- a/docs/kb/auditor/how-to-manually-remove-compression-services-from-audited-servers.md +++ b/docs/kb/auditor/how-to-manually-remove-compression-services-from-audited-servers.md @@ -93,7 +93,7 @@ Do make sure to replace `*PATH TO FILESHARE*` with a relevant path. If you'd like to remove Compression Service from a single server, replace `@"*PATH TO FILESHARE*\serverlist.txt"` with `\Servername`. Refer to the following screenshot for the output reference: -![Output reference](../../../images/ka04u00000116iG_0EM4u000004bz9T.png) +![Output reference](./images/ka04u00000116iG_0EM4u000004bz9T.png) The script calls upon the functions in the msi to upgrade the Compression Service to the version of .msi installer and then to remove said Compression Service, since it only can execute remove command on a Compression Service of the same version. diff --git a/docs/kb/auditor/how-to-migrate-account-lockout-examiner.md b/docs/kb/auditor/how-to-migrate-account-lockout-examiner.md index a41cdf295b..00ebe4f035 100644 --- a/docs/kb/auditor/how-to-migrate-account-lockout-examiner.md +++ b/docs/kb/auditor/how-to-migrate-account-lockout-examiner.md @@ -43,5 +43,5 @@ To migrate NetWrix Account Lockout Examiner to a different server, perform the f 5. Start the NetWrix Account Lockout Examiner service on the new server. 6. If you are using the NetWrix Account Lockout Examiner Web Help-Desk Portal, install it on the new server. -![User-added image](../../../images/ka04u000000HcNT_0EM700000004wyK.png) +![User-added image](./images/ka04u000000HcNT_0EM700000004wyK.png) diff --git a/docs/kb/auditor/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md b/docs/kb/auditor/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md index 85bf383be7..3c75446460 100644 --- a/docs/kb/auditor/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md +++ b/docs/kb/auditor/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md @@ -50,16 +50,16 @@ Yes, you are able to migrate audit databases to another Microsoft SQL Server ins 3. Under the **Source** section, select the **Device** option, and click **...** to browse for databases. 4. In the **Specify Backup Devices** window, click **Add** and select the backup database file. Click **OK**. 5. Specify the database name and check the **Restore** checkbox under the **Backup sets to restore** section. -5. Deploy the new Report Database. For more information, see [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +5. Deploy the new Report Database. For more information, see [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) 6. Stop the old **SQL Server (%instance_name%)** service. 7. Start `Netwrix Auditor Archive Service` and `Netwrix Auditor Management Service`. 8. In the main Netwrix Auditor menu, select **Settings** > **Audit Database** tab, and specify the new SQL Server and Reporting Service settings. > **NOTE:** If you receive the following pop-up message, click **Yes** to proceed with modifying the Audit Database settings: -> ![Audit Database modification prompt](../../images/servlet_image_3823966b1661.png) +> ![Audit Database modification prompt](./images/servlet_image_3823966b1661.png) 9. Click **Yes** when the following message appears: - ![Confirmation dialog: Data will become unavailable until the new database is configured](../../images/servlet_image_3823966b1661.png) + ![Confirmation dialog: Data will become unavailable until the new database is configured](./images/servlet_image_3823966b1661.png) 10. In the main Netwrix Auditor menu, select **Settings** > **Investigations** tab. Click **Modify** to specify the new SQL Server settings. 11. Run a search with the filter **When | Equals | Last 7 days**. If you see the relevant data, the databases were migrated successfully and the new SQL Server is being used. 12. **Optional:** Start the old SQL Server instance if it is used for any other tasks. @@ -68,6 +68,6 @@ Yes, you are able to migrate audit databases to another Microsoft SQL Server ins - [How to Assign db_owner Permissions](docs/kb/auditor/how-to-assign-db-owner-permissions.md) - [SQL Server Reporting Services](https://docs.netwrix.com/docs/auditor/10_8/requirements/overview) -- [How to Prepare the Netwrix Server for a SQL Upgrade](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-prepare-the-netwrix-server-for-a-sql-upgrade.md) -- [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +- [How to Prepare the Netwrix Server for a SQL Upgrade](/docs/kb/auditor/how-to-prepare-the-netwrix-server-for-a-sql-upgrade) +- [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) diff --git a/docs/kb/auditor/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md b/docs/kb/auditor/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md index 9d2c47aabe..d1603ef107 100644 --- a/docs/kb/auditor/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md +++ b/docs/kb/auditor/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md @@ -34,13 +34,13 @@ The size of your Working Folder may grow significantly (up to 1 TB) depending on > > - Long-Term Archive, a repository of collected audit data stored in proprietary Netwrix format (activity records). Audit data is kept in the Long-Term Archive for 10 years as per default settings. The default Long-Term Archive location is ` %ProgramData%\Netwrix Auditor\Data`. For more information on setting Long-Term Archive up, refer to the following article: [Long-Term Archive](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/longtermarchive) > -> If you would like to move Long-Term Archive to another location, refer to the following article: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md). +> If you would like to move Long-Term Archive to another location, refer to the following article: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location). > > - Working Folder, a repository for Netwrix Auditor to store operational information (configuration files for product components, log files, and other data). To ensure the audit trail continuity, Netwrix Auditor also caches some audit data locally in the Working Folder prior to placing it to the Long-Term Archive or any audit database. Audit data is kept in the Working Folder for a shorter period of up to several weeks. The default Working Folder location is ` %ProgramData%\Netwrix Auditor\`. ### Planning and preparation -1. To track your current Working Folder capacity and estimate the disk space you will need on the new target drive, use the **Working Folder** widget of the Health Status dashboard. Refer to the following articles for additional information: [Netwrix Auditor Operations and Health − Health Status Dashboard](https://docs.netwrix.com/docs/auditor/10_8/admin/healthstatus/dashboard/overview) and [How to Check the Netwrix Auditor Health Status](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-check-the-netwrix-auditor-health-status.md). +1. To track your current Working Folder capacity and estimate the disk space you will need on the new target drive, use the **Working Folder** widget of the Health Status dashboard. Refer to the following articles for additional information: [Netwrix Auditor Operations and Health − Health Status Dashboard](https://docs.netwrix.com/docs/auditor/10_8/admin/healthstatus/dashboard/overview) and [How to Check the Netwrix Auditor Health Status](/docs/kb/auditor/how-to-check-the-netwrix-auditor-health-status). 2. The Working Folder can be stored only locally on the Netwrix server — prepare a local folder for the migration process. Make sure the target folder location differs from the Long-Term Archive location. > **NOTE:** Network shares are not supported. @@ -51,19 +51,19 @@ The size of your Working Folder may grow significantly (up to 1 TB) depending on 1. Navigate to ` %Netwrix Auditor installation folder%\Audit Intelligence` and launch the `WorkingFolderMigration.exe` utility. 2. Specify the target folder in the **Specify new destination** field. - ![User-added image](../../../images/ka0Qk0000002slt_0EM0g000002BkO9.png) + ![User-added image](./images/ka0Qk0000002slt_0EM0g000002BkO9.png) > **IMPORTANT:** Network shares are not supported − make sure the new Working Folder destination is a local folder. 3. Click **Migrate**. All temporary data from ` %ProgramData%\Netwrix Auditor\` will be copied to the specified target folder. 4. Wait for the migration process to complete. Your final screen should look like the following screenshot in case the migration process was completed correctly: - ![wf_migration.png](../../../images/ka0Qk0000002slt_0EM4u000007chgj.png) + ![wf_migration.png](./images/ka0Qk0000002slt_0EM4u000007chgj.png) If the migration process was completed successfully, proceed to steps described in **Scenario A**. In case any error occurs during the migration process, the Working Folder contents will remain in the original location. The final screen might look like the following screenshot: -![User-added image](../../../images/ka0Qk0000002slt_0EM0g000002BkNM.png) +![User-added image](./images/ka0Qk0000002slt_0EM0g000002BkNM.png) In case the migration process was not completed successfully, follow the steps described in **Scenario B**. @@ -94,8 +94,8 @@ If migration was completed with any errors, refer to the following steps: ## Related articles and links - [Long-Term Archive](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/longtermarchive) -- [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md) +- [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location) - [Netwrix Auditor Operations and Health − Health Status Dashboard](https://docs.netwrix.com/docs/auditor/10_8/admin/healthstatus/dashboard/overview) -- [How to Check the Netwrix Auditor Health Status](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-check-the-netwrix-auditor-health-status.md) +- [How to Check the Netwrix Auditor Health Status](/docs/kb/auditor/how-to-check-the-netwrix-auditor-health-status) - [Open a Ticket · Netwrix 🧭](https://www.netwrix.com/tickets.html#/open-a-ticket) diff --git a/docs/kb/auditor/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md b/docs/kb/auditor/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md index 4b7acb0a8e..a1367373e2 100644 --- a/docs/kb/auditor/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md +++ b/docs/kb/auditor/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md @@ -30,7 +30,7 @@ On Netwrix Auditor Versions 9.0 and Newer, Inactive Users Tracker is installed a 2. Copy the following files to the same location on the new server: - Contents of `C:\ProgramData\Netwrix Auditor\Inactive Users Tracker` - Screenshot all four tabs of the Inactive Users Tracker interface for configuration - ![User-added image](../../../images/ka04u000000HcNW_0EM4u000002QzDA.png) + ![User-added image](./images/ka04u000000HcNW_0EM4u000002QzDA.png) 3. Paste the contents of original `C:\ProgramData\Netwrix Auditor\Inactive Users Tracker` folder to the `C:\ProgramData\Netwrix Auditor\Inactive Users Tracker` folder on the new server 4. Reconfigure Inactive Users Tracker using the screenshots you captured 5. Apply your Netwrix Auditor License to the new instance of Netwrix Auditor. diff --git a/docs/kb/auditor/how-to-modify-the-account-lockout-examiner-service-account.md b/docs/kb/auditor/how-to-modify-the-account-lockout-examiner-service-account.md index 24e451f469..6b395d9e30 100644 --- a/docs/kb/auditor/how-to-modify-the-account-lockout-examiner-service-account.md +++ b/docs/kb/auditor/how-to-modify-the-account-lockout-examiner-service-account.md @@ -31,5 +31,5 @@ The Netwrix Account Lockout Examiner service account you entered during installa 4. Change the account, click **OK**. 5. Restart the **Account Lockout Examiner** service. -![User-added](../../../images/servlet_image_3823966b1661.png) +![User-added](./images/servlet_image_3823966b1661.png) diff --git a/docs/kb/auditor/how-to-monitor-print-service-activity.md b/docs/kb/auditor/how-to-monitor-print-service-activity.md index 636b9f434e..4e1ff381d4 100644 --- a/docs/kb/auditor/how-to-monitor-print-service-activity.md +++ b/docs/kb/auditor/how-to-monitor-print-service-activity.md @@ -31,22 +31,22 @@ You can enable the print event logging by following the steps below: 1. Enable logging for the print service of the print server — open **Event Viewer** > **Applications and Services Logs** > **Microsoft** > **Windows** > **PrintService**. 2. Right-click the **Operational** item to select **Properties**. - ![1.png](../../../images/ka04u000000HdPU_0EM4u0000084ozs.png) + ![1.png](./images/ka04u000000HdPU_0EM4u0000084ozs.png) 3. Check the **Enable logging** checkbox — print service events will now be logged. Click **OK** to save changes. - ![2.png](../../../images/ka04u000000HdPU_0EM4u0000084ozx.png) + ![2.png](./images/ka04u000000HdPU_0EM4u0000084ozx.png) Create an inclusive filter in Netwrix Auditor Event Log Manager: 1. Create a new monitoring plan by clicking **Add** or select the preexisting monitoring plan and click **Edit**. 2. Click the **Configure** button for Audit archiving filters. - ![1.png](../../../images/ka04u000000HdPU_0EM4u0000084p07.png) + ![1.png](./images/ka04u000000HdPU_0EM4u0000084p07.png) 3. Click **Add** for Inclusive Filters. - ![2.png](../../../images/ka04u000000HdPU_0EM4u0000084p0C.png) + ![2.png](./images/ka04u000000HdPU_0EM4u0000084p0C.png) 4. Fill in the filter name and description with the **Event Log** field to contain the following line: @@ -56,7 +56,7 @@ Create an inclusive filter in Netwrix Auditor Event Log Manager: Verify the location for the print server event logs via Event Viewer — the Log Name should correspond with the actual event logs location. - ![3.png](../../../images/ka04u000000HdPU_0EM4u0000084p0D.png) + ![3.png](./images/ka04u000000HdPU_0EM4u0000084p0D.png) 5. You can specify Event IDs in the **Event Fields** tab to filter the events (e.g. Event ID 307 for **Printing a document**). Additionally you can filter the events via **Insertion Strings**, refer to the index numbers specified in event details (e.g. Param1 stands for Index 1 with "Job #" value). @@ -65,7 +65,7 @@ Download the **Printed Documents RDL.zip** archive provided below and extract th 1. Open the Reports Server URL in your browser and navigate to the folder you'd like to upload the report to (e.g. **Home** > **Netwrix Auditor** > **Netwrix Auditor for Event Log** > **Change Reports**). 2. Click **Upload** to upload the report to the folder. - ![1.png](../../../images/ka04u000000HdPU_0EM4u0000084p0b.png) + ![1.png](./images/ka04u000000HdPU_0EM4u0000084p0b.png) Configure the report to use the `Netwrix_Auditor_EventLog` database: @@ -79,15 +79,15 @@ Configure the report to use the `Netwrix_Auditor_EventLog` database: NOTE: `SQLINSTANCE` should be replaced with the name of your SQL Server instance. - ![2.png](../../../images/ka04u000000HdPU_0EM4u0000084p0l.png) + ![2.png](./images/ka04u000000HdPU_0EM4u0000084p0l.png) 4. Input your credentials, test the connection and save the changes. - ![3.png](../../../images/ka04u000000HdPU_0EM4u0000084p0q.png) + ![3.png](./images/ka04u000000HdPU_0EM4u0000084p0q.png) 5. The report is now available via the web interface of your Report Server. It will not appear under Reports in the Netwrix Auditor console. - ![4.png](../../../images/ka04u000000HdPU_0EM4u0000084p15.png) + ![4.png](./images/ka04u000000HdPU_0EM4u0000084p15.png) Printed Documents RDL: https://www.netwrix.com/download/Printed-Documents-RDL.zip diff --git a/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location.md b/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location.md index abbafd7dd0..ce6962dda5 100644 --- a/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location.md +++ b/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location.md @@ -37,7 +37,7 @@ For a clean installation of Netwrix Auditor 8.5 or newer, follow these steps: - Navigate to **Start** > **All Programs** > **Task Scheduler** > **Task Scheduler Library** and locate the tasks named Netwrix Auditor with descriptions mentioning the Netwrix Password Reset, Inactive User Tracker, or Event Log Manager applications. - Select these tasks (if any) and click **Disable** in the right pane. - ![lta_mig_1.png](../../../images/ka04u00000117ad_0EM4u000008LFeu.png) + ![lta_mig_1.png](./images/ka04u00000117ad_0EM4u000008LFeu.png) 2. Copy all files from the old Long-Term-Archive folder into the new Long-Term-Archive folder except for the `ActivityRecords` folder. diff --git a/docs/kb/auditor/how-to-move-netwrix-auditor-to-the-cloud.md b/docs/kb/auditor/how-to-move-netwrix-auditor-to-the-cloud.md index 20bcf48780..fe2e1dc743 100644 --- a/docs/kb/auditor/how-to-move-netwrix-auditor-to-the-cloud.md +++ b/docs/kb/auditor/how-to-move-netwrix-auditor-to-the-cloud.md @@ -32,7 +32,7 @@ Consider it to simply be an installation on another network. Netwrix recommends 1. Spin up a new Windows Server VM in your cloud environment, provision it based on the Auditor Requirements: [Requirements](https://docs.netwrix.com/docs/auditor/10_8/requirements/overview) -2. After that, migrate your old instance according to the following article: Migrating Netwrix Auditor to New Server: [Migrating Auditor to New Server](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/migrating-auditor-to-new-server.md). +2. After that, migrate your old instance according to the following article: Migrating Netwrix Auditor to New Server: [Migrating Auditor to New Server](/docs/kb/auditor/migrating-auditor-to-new-server). > **NOTE:** When you go to migrate, both the old and new instances of Netwrix Auditor must be exactly the same version and build. In Netwrix Auditor, navigate to **Settings** -> **About Netwrix Auditor** and check the build number. diff --git a/docs/kb/auditor/how-to-prepare-for-printing-ssrs-based-reports.md b/docs/kb/auditor/how-to-prepare-for-printing-ssrs-based-reports.md index 469e0bb629..ee29280a88 100644 --- a/docs/kb/auditor/how-to-prepare-for-printing-ssrs-based-reports.md +++ b/docs/kb/auditor/how-to-prepare-for-printing-ssrs-based-reports.md @@ -36,7 +36,7 @@ Take the following steps: - **Script ActiveX controls marked safe for scripting** - **Download signed ActiveX controls** -![User-added image](../../../images/ka04u000000HcZ6_0EM4u000002P6Cl.png) +![User-added image](./images/ka04u000000HcZ6_0EM4u000002P6Cl.png) 6. Click **OK**. 7. Open any SSRS-based report using Internet Explorer and click **Print**. diff --git a/docs/kb/auditor/how-to-prepare-netwrix-server-for-os-upgrade.md b/docs/kb/auditor/how-to-prepare-netwrix-server-for-os-upgrade.md index ddf9ea6ea4..850aee93a0 100644 --- a/docs/kb/auditor/how-to-prepare-netwrix-server-for-os-upgrade.md +++ b/docs/kb/auditor/how-to-prepare-netwrix-server-for-os-upgrade.md @@ -33,7 +33,7 @@ This article provides preparation steps for upgrading an operating system (Windo Taking a snapshot or creating a backup of the Netwrix Auditor Server is recommended for data protection and recovery. The method to be used depends on the approach used for Auditor installation, whether it's on a virtual or physical machine. -> **TIP:** You can configure Netwrix Auditor in the failover mode. To learn about failover and backup scenarios, read [How to Configure Netwrix Auditor in Failover Mode](/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-netwrix-auditor-in-failover-mode.md) +> **TIP:** You can configure Netwrix Auditor in the failover mode. To learn about failover and backup scenarios, read [How to Configure Netwrix Auditor in Failover Mode](/docs/kb/auditor/how-to-configure-netwrix-auditor-in-failover-mode) Stop all Netwrix services running in your server − run the following line in elevated PowerShell: @@ -55,4 +55,4 @@ After the upgrade, you might notice warnings in the Health log. These warnings o ## Related articles -- [How to Configure Netwrix Auditor in Failover Mode](/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-netwrix-auditor-in-failover-mode.md) +- [How to Configure Netwrix Auditor in Failover Mode](/docs/kb/auditor/how-to-configure-netwrix-auditor-in-failover-mode) diff --git a/docs/kb/auditor/how-to-prevent-long-term-archive-overflow.md b/docs/kb/auditor/how-to-prevent-long-term-archive-overflow.md index 04d1f67b95..8b23ea002b 100644 --- a/docs/kb/auditor/how-to-prevent-long-term-archive-overflow.md +++ b/docs/kb/auditor/how-to-prevent-long-term-archive-overflow.md @@ -34,8 +34,8 @@ You can deal with this issue in one of the following ways: 1. Modify Long-Term Archive retention period. For that: - In Netwrix Auditor, navigate to **Settings**. - Select the **Long-Term Archive** page and modify the archive retention settings – provide the value in months. -2. Move the archive to another drive. Learn more in the following article: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md) -3. Exclude Data from the Auditing Scope. For additional information, refer to the following article: [How to Exclude Users and Objects from Monitoring Scope in Netwrix Auditor UI](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md) +2. Move the archive to another drive. Learn more in the following article: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location) +3. Exclude Data from the Auditing Scope. For additional information, refer to the following article: [How to Exclude Users and Objects from Monitoring Scope in Netwrix Auditor UI](/docs/kb/auditor/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui) You can also fine tune your monitoring scope via omit lists — this allows you to proactively decrease the DB loads as changes for omitted items are not recorded. For additional information on available omit lists, review the corresponding article applicable to your target system. For example, for Active Directory omit lists, refer to the following article: [Active Directory Monitoring Scope](https://docs.netwrix.com/docs/auditor/10_8/admin/monitoringplans/activedirectory/scope) diff --git a/docs/kb/auditor/how-to-properly-remove-auditor-components-prior-to-further-clear-installation.md b/docs/kb/auditor/how-to-properly-remove-auditor-components-prior-to-further-clear-installation.md index 237c2db2f0..9700df0a29 100644 --- a/docs/kb/auditor/how-to-properly-remove-auditor-components-prior-to-further-clear-installation.md +++ b/docs/kb/auditor/how-to-properly-remove-auditor-components-prior-to-further-clear-installation.md @@ -53,7 +53,7 @@ In most cases, yes it does. However, for the proper uninstallation of all compre ### Related Article -- [Migrating Auditor to New Server](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/migrating-auditor-to-new-server.md) +- [Migrating Auditor to New Server](/docs/kb/auditor/migrating-auditor-to-new-server) diff --git a/docs/kb/auditor/how-to-reduce-audit-database-size-for-netwrix-auditor.md b/docs/kb/auditor/how-to-reduce-audit-database-size-for-netwrix-auditor.md index 588701fe5d..5352a9fd67 100644 --- a/docs/kb/auditor/how-to-reduce-audit-database-size-for-netwrix-auditor.md +++ b/docs/kb/auditor/how-to-reduce-audit-database-size-for-netwrix-auditor.md @@ -38,7 +38,7 @@ You can configure the audit database retention settings by following the next st 2. In the left pane, select the **Audit Database** tab. 3. Click **Modify** under the **Database Retention** section and input the retention period in days. - ![User-added image](../../../images/ka04u00000117bz_0EM0g000000hGVv.png) + ![User-added image](./images/ka04u00000117bz_0EM0g000000hGVv.png) - **Tip:** Longer retention periods results in larger audit databases. @@ -51,7 +51,7 @@ Data that exceeds the new retention period will be removed during the next colle 1. In Windows Services Manager on your Netwrix host, stop both **Netwrix Auditor Archive Service** and **Netwrix Auditor Management Service**. 2. Run your SQL Management Studio instance and navigate to ` %SQL_Server_database_name% > Databases` to select the database you are going to delete. - ![User-added image](../../../images/ka04u00000117bz_0EM70000000QIPr.png) + ![User-added image](./images/ka04u00000117bz_0EM70000000QIPr.png) 3. In the Delete Object window, check both option checkboxes: 1. Delete backup and restore history information for databases. @@ -66,7 +66,7 @@ The audit database has now been successfully deleted. Refer to the **Rebuilding 2. In the left pane, select the **Audit Database** tab. Review the database name and update it if necessary. Netwrix Auditor allows you to specify settings for each monitoring plan individually, so you'll have to rebuild the database for each monitoring plan separately. - ![User-added image](../../../images/ka04u00000117bz_0EM0g000000hGWo.png) + ![User-added image](./images/ka04u00000117bz_0EM0g000000hGWo.png) 3. Refresh or reopen the SQL Management Studio to ensure the audit database was rebuilt. @@ -76,7 +76,7 @@ The audit database has now been successfully deleted. Refer to the **Rebuilding 2. Run your SQL Management Studio instance and navigate to ` %SQL_Server_database_name% > Databases` to select the database you are going to rename. 3. Right-click the selected database and select **Rename**. - ![Screenshot_1.png](../../../images/ka04u00000117bz_0EM4u000004dCnj.png) + ![Screenshot_1.png](./images/ka04u00000117bz_0EM4u000004dCnj.png) 4. Add **_old** or another word to the end of the database name to differentiate it from other databases. 5. Once the database has been renamed, restart **Netwrix Auditor Archive Service** and **Netwrix Auditor Management Service**. @@ -89,12 +89,12 @@ The audit database has now been successfully renamed. Refer to the **Rebuilding > **NOTE:** In order to correctly set the retention period, you have to estimate your audit database growth. If you are using Netwrix Auditor 9.6 or newer, this can be done by monitoring **Health Status** > **Database statistics**. -![db_stats.png](../../../images/ka04u00000117bz_0EM4u000008LKwz.png) +![db_stats.png](./images/ka04u00000117bz_0EM4u000008LKwz.png) 1. Run your SQL Management Studio instance and navigate to ` %SQL_Server_database_name% > Databases` to locate the required database. 2. Right-click it and select **Properties**. - ![User-added image](../../../images/ka04u00000117bz_0EM70000000QIQN.png) + ![User-added image](./images/ka04u00000117bz_0EM70000000QIQN.png) 3. Review **Size** and **Space Available** parameters. diff --git a/docs/kb/auditor/how-to-repair-netwrix-auditor-installation.md b/docs/kb/auditor/how-to-repair-netwrix-auditor-installation.md index 9d74c59ba3..3f545c6222 100644 --- a/docs/kb/auditor/how-to-repair-netwrix-auditor-installation.md +++ b/docs/kb/auditor/how-to-repair-netwrix-auditor-installation.md @@ -33,11 +33,11 @@ How to repair a Netwrix Auditor installation in our environment? > Stop-Service -Displayname Netwrix* > ``` -1. Establish the Netwrix Auditor version and build you're currently running in your environment. Refer to the following article for additional information: [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-find-out-my-netwrix-auditor-version.md). +1. Establish the Netwrix Auditor version and build you're currently running in your environment. Refer to the following article for additional information: [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version). 2. Proceed to your **My Products** page to download the executable for the corresponding version. Refer to the following link: [Netwrix — My Products](https://www.netwrix.com/my_products.html). 3. Run the downloaded executable. Once the files are extracted, a setup screen will be prompted. - ![Install Netwrix Auditor setup screen](../../images/ka04u00000117fh_0EM4u000008MBTP.png) + ![Install Netwrix Auditor setup screen](./images/ka04u00000117fh_0EM4u000008MBTP.png) 4. Select **Install** under **Install Netwrix Auditor**. 5. Click **Next**, and select **Repair**. @@ -47,7 +47,7 @@ How to repair a Netwrix Auditor installation in our environment? ## Related articles -- [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-find-out-my-netwrix-auditor-version.md) +- [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version) diff --git a/docs/kb/auditor/how-to-restrict-access-to-the-help-desk-portal-and-the-administrative-console.md b/docs/kb/auditor/how-to-restrict-access-to-the-help-desk-portal-and-the-administrative-console.md index b0ab6a39c8..6221713ac7 100644 --- a/docs/kb/auditor/how-to-restrict-access-to-the-help-desk-portal-and-the-administrative-console.md +++ b/docs/kb/auditor/how-to-restrict-access-to-the-help-desk-portal-and-the-administrative-console.md @@ -39,5 +39,5 @@ By default, the **Administrator** role includes users belonging to the local `Ad 2. Click the **Modify** button next to the group that you want to edit. 3. In the dialog that opens, click **Add** to add a member to the selected security role, or select a user and click **Remove** to exclude them. -[![User-added image](../../../images/ka04u000000HcVz_0EM700000004wyU.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAd1&feoid=00N700000032Pj2&refid=0EM700000004wyU) +[![User-added image](./images/ka04u000000HcVz_0EM700000004wyU.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAd1&feoid=00N700000032Pj2&refid=0EM700000004wyU) diff --git a/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md b/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md index 73e60c49a6..01f5a176e2 100644 --- a/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md +++ b/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md @@ -44,12 +44,12 @@ The exported System Health event log will appear on your Desktop. 1. Open **Event Viewer**. 2. Expand the **Applications and Services Logs** folder. - ![Netwrix Auditor System Health Logs](../../../images/ka04u00000117Ay_0EM70000000tnyM.png) + ![Netwrix Auditor System Health Logs](./images/ka04u00000117Ay_0EM70000000tnyM.png) 3. Right-click the **Netwrix Auditor System Health** log file and select **Save All Events As...**. 4. Name the file and click **Save**. - ![Save All Events As](../../../images/ka04u00000117Ay_0EM70000000tnyW.png) + ![Save All Events As](./images/ka04u00000117Ay_0EM70000000tnyW.png) 5. Select the option to **Display information for these languages**, check the **English (United States)** checkbox, and click **OK**. 6. Once the file is saved, right-click it and zip the file. diff --git a/docs/kb/auditor/how-to-send-netwrix-auditor-logs.md b/docs/kb/auditor/how-to-send-netwrix-auditor-logs.md index 352e1975e3..823df3c91f 100644 --- a/docs/kb/auditor/how-to-send-netwrix-auditor-logs.md +++ b/docs/kb/auditor/how-to-send-netwrix-auditor-logs.md @@ -34,7 +34,7 @@ knowledge_article_id: kA00g000000H9efCAC Netwrix Technical Support might request a collection of your Netwrix Auditor logs for troubleshooting purposes. Make sure you gather the following items to help your Technical Support Engineer resolve your issue. -- **Netwrix Auditor System Health event log**. Refer to the following article for additional information on exporting the System Health event log: [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md) +- **Netwrix Auditor System Health event log**. Refer to the following article for additional information on exporting the System Health event log: [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log) - **Netwrix Auditor configuration files**. Navigate to ` %Working Folder%\AuditCore\ConfigServer ` and copy the **ConfigServer** folder. The default location of the **ConfigServer** folder is `C:\ProgramData\Netwrix Auditor\AuditCore\ConfigServer`. @@ -71,13 +71,13 @@ Netwrix Technical Support might request a collection of your Netwrix Auditor log > **NOTE:** Once you have opened the **Open Tickets** page and identified the corresponding ticket (with a matching ticket #), you can attach the logs via one of the following ways: > > - Click the **Add attachments** button located under the **Actions** column of the ticket. -> ![Customer Portal Attachments 1](../../../images/ka0Qk000000Bei5_00N0g000004CA0p_0EMQk000008M3Qr.png) +> ![Customer Portal Attachments 1](./images/ka0Qk000000Bei5_00N0g000004CA0p_0EMQk000008M3Qr.png) > > - Expand the ticket details by clicking the **down carat (▼)** button and click the **plus (+)** button next to **Attachments**. -> ![Customer Portal Attachments 2](../../../images/ka0Qk000000Bei5_00N0g000004CA0p_0EMQk000008M3U5.png) +> ![Customer Portal Attachments 2](./images/ka0Qk000000Bei5_00N0g000004CA0p_0EMQk000008M3U5.png) ## Related links -- [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md) +- [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log) - [Netwrix Customer Portal](https://www.netwrix.com/tickets.html#/tickets/open) diff --git a/docs/kb/auditor/how-to-upgrade-netwrix-auditor.md b/docs/kb/auditor/how-to-upgrade-netwrix-auditor.md index c9bf2986a9..b9ec3c0d88 100644 --- a/docs/kb/auditor/how-to-upgrade-netwrix-auditor.md +++ b/docs/kb/auditor/how-to-upgrade-netwrix-auditor.md @@ -40,7 +40,7 @@ How to update Netwrix Auditor? ### Netwrix Auditor v.9.95 and earlier Older versions of Netwrix Auditor must be upgraded incrementally. You must wait 24 hours in between each incremental upgrade. -> **NOTE:** For additional information on upgrade increments, refer to the following article: [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/upgrade-increments-for-netwrix-auditor.md) +> **NOTE:** For additional information on upgrade increments, refer to the following article: [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/upgrade-increments-for-netwrix-auditor) If you are upgrading from a version earlier than 9.96, view the additional steps under **Post Upgrade** > **Legacy Steps** further in this article. @@ -64,10 +64,10 @@ Upon completion, Netwrix Auditor will launch. To confirm integrity, run the foll - **Legacy Steps:** On version 8.5 and lower, you will need to launch the Netwrix Auditor Administrator Console and manually upgrade the Audit Databases in SQL. - Click **Audit Database** and then click **Upgrade**. - ![8.0-Upgrade-6-1.png](../../../images/ka0Qk000000Csfl_0EM4u0000084TwA.png) + ![8.0-Upgrade-6-1.png](./images/ka0Qk000000Csfl_0EM4u0000084TwA.png) ## Related articles - [Upgrading to the Latest Version](https://docs.netwrix.com/docs/auditor/10_8/install/upgrade) -- [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/upgrade-increments-for-netwrix-auditor.md) +- [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/upgrade-increments-for-netwrix-auditor) diff --git a/docs/kb/auditor/how-to-use-wildcards-in-netwrix-auditor-reports.md b/docs/kb/auditor/how-to-use-wildcards-in-netwrix-auditor-reports.md index 6ffc4c9137..5b33280e3d 100644 --- a/docs/kb/auditor/how-to-use-wildcards-in-netwrix-auditor-reports.md +++ b/docs/kb/auditor/how-to-use-wildcards-in-netwrix-auditor-reports.md @@ -72,5 +72,5 @@ Netwrix Auditor reports are based on SQL Server Reporting Services — the same - `AOE` - Not `ABE`, `ACE`, `AAE`, `ADE`. -![Wildcards image](../../../images/ka04u00000117UP_0EM4u000008M7Sw.png) +![Wildcards image](./images/ka04u00000117UP_0EM4u000008M7Sw.png) diff --git a/docs/kb/auditor/how-to-view-custom-sensitive-file-categories-in-netwrix-auditor.md b/docs/kb/auditor/how-to-view-custom-sensitive-file-categories-in-netwrix-auditor.md index d1e547f0cd..216b66e298 100644 --- a/docs/kb/auditor/how-to-view-custom-sensitive-file-categories-in-netwrix-auditor.md +++ b/docs/kb/auditor/how-to-view-custom-sensitive-file-categories-in-netwrix-auditor.md @@ -50,7 +50,7 @@ Refer to the following steps: > **NOTE:** To delete parent terms, first delete the children terms. 3. Once the built-in terms are cleared, create a new child term under the root taxonomy term. Right-click the root term and click **Add Child Term(s)**. Then, insert the new clues to the child term. - ![User-added image](../../../images/ka0Qk0000002kpx_0EMQk000003xxWz.png) + ![User-added image](./images/ka0Qk0000002kpx_0EMQk000003xxWz.png) 4. Set up your sources to include target files for the modified taxonomy. Wait for the files to be crawled and classified. The corresponding Netwrix Auditor report will include the used taxonomy and file owner. diff --git a/docs/kb/auditor/hyperlinks-in-custom-branding.md b/docs/kb/auditor/hyperlinks-in-custom-branding.md index e15e14f425..2b04a7a115 100644 --- a/docs/kb/auditor/hyperlinks-in-custom-branding.md +++ b/docs/kb/auditor/hyperlinks-in-custom-branding.md @@ -37,5 +37,5 @@ This can be done by using html tags. 3. Modify the URL (`https://netwrix.com/`) and caption (`Support link`) as needed -![User-added image](../../../images/ka04u000000HcNU_0EM700000004xUL.png) +![User-added image](./images/ka04u000000HcNU_0EM700000004xUL.png) diff --git a/docs/kb/auditor/illegible-notification-contents-and-characters-in-password-expiration-notifier.md b/docs/kb/auditor/illegible-notification-contents-and-characters-in-password-expiration-notifier.md index 6d37d24828..3253cb962a 100644 --- a/docs/kb/auditor/illegible-notification-contents-and-characters-in-password-expiration-notifier.md +++ b/docs/kb/auditor/illegible-notification-contents-and-characters-in-password-expiration-notifier.md @@ -26,7 +26,7 @@ knowledge_article_id: kA0Qk0000000Q8zKAE When previewing or viewing notifications sent by Netwrix Auditor Netwrix Password Reset (PEN), the contents are illegible. The text and particular characters do not correspond to the intended language. -![IllegibleCharacters](../../../images/ka0Qk0000001Zjh_0EMQk000002jqCb.png) +![IllegibleCharacters](./images/ka0Qk0000001Zjh_0EMQk000002jqCb.png) ## Cause diff --git a/docs/kb/auditor/images-are-not-shown.md b/docs/kb/auditor/images-are-not-shown.md index 4d412531ea..dd697210bf 100644 --- a/docs/kb/auditor/images-are-not-shown.md +++ b/docs/kb/auditor/images-are-not-shown.md @@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9YHCA0 ## Question Web Portal shows no images just red boxes. Whats the case? -![User-added image](../../../images/ka04u00000117dv_0EM7000000050pb.png) +![User-added image](./images/ka04u00000117dv_0EM7000000050pb.png) ## Answer The issue occurs because IIS cannot display images because of configuration. diff --git a/docs/kb/auditor/impossible-to-export-a-report.md b/docs/kb/auditor/impossible-to-export-a-report.md index 86baa26f79..f18359a0f9 100644 --- a/docs/kb/auditor/impossible-to-export-a-report.md +++ b/docs/kb/auditor/impossible-to-export-a-report.md @@ -49,7 +49,7 @@ Refer to the following options to save the report: 1. In Netwrix Auditor, navigate to the **Reports** menu and run a report. 2. Click the **Print** icon, select the appropriate format, and click **Print**. - ![Print dialog or options](../../../images/ka0Qk000000CoU5_0EM4u0000084Tco.png) + ![Print dialog or options](./images/ka0Qk000000CoU5_0EM4u0000084Tco.png) 3. Proceed with the further steps to save the report. ## Related Articles diff --git a/docs/kb/auditor/invalid-character-value-for-cast-specification-error-occurs-when-trying-to-store-audit-data.md b/docs/kb/auditor/invalid-character-value-for-cast-specification-error-occurs-when-trying-to-store-audit-data.md index 55c5d00700..446acc91d1 100644 --- a/docs/kb/auditor/invalid-character-value-for-cast-specification-error-occurs-when-trying-to-store-audit-data.md +++ b/docs/kb/auditor/invalid-character-value-for-cast-specification-error-occurs-when-trying-to-store-audit-data.md @@ -67,4 +67,4 @@ The source of the issue was resolved in newer versions, and since you are on 9.9 After the database retention period passes, you will be able to remove the old database from the SQL Server completely and will not need this empty plan anymore (stale data would be cleared according to database retention settings, and all the current data will be in the new database). -**IMPORTANT:** If, after these workarounds, you will have the *Archive Service is busy processing activity records* error, refer to the following article: [Archive Service is Busy Processing Activity Records](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/archive-service-is-busy-processing-activity-records.md). +**IMPORTANT:** If, after these workarounds, you will have the *Archive Service is busy processing activity records* error, refer to the following article: [Archive Service is Busy Processing Activity Records](/docs/kb/auditor/archive-service-is-busy-processing-activity-records). diff --git a/docs/kb/auditor/is-it-possible-to-have-ndc-sql-database-and-auditor-databases-on-the-same-sql-server.md b/docs/kb/auditor/is-it-possible-to-have-ndc-sql-database-and-auditor-databases-on-the-same-sql-server.md index 6439ce3af6..fbc0320292 100644 --- a/docs/kb/auditor/is-it-possible-to-have-ndc-sql-database-and-auditor-databases-on-the-same-sql-server.md +++ b/docs/kb/auditor/is-it-possible-to-have-ndc-sql-database-and-auditor-databases-on-the-same-sql-server.md @@ -32,4 +32,4 @@ Is it possible to have both: Netwrix Data Classification (NDC) SQL database and Netwrix strongly recommends **do not keep** these databases on the same SQL Server. This may lead to significant performance loss. -If, for some reasons, you need to migrate your Netwrix Data Classification (NDC) SQL database to another server, refer to the following article for additional information: [How to Migrate the Netwrix Data Classification Database](/docs/kb/dataclassification/migration-and-maintenance/how-to-migrate-the-netwrix-data-classification-database.md). +If, for some reasons, you need to migrate your Netwrix Data Classification (NDC) SQL database to another server, refer to the following article for additional information: [How to Migrate the Netwrix Data Classification Database](/docs/kb/dataclassification/how-to-migrate-the-netwrix-data-classification-database). diff --git a/docs/kb/auditor/kds-removal-tool-for-adv-2023-003-failed-to-load-configuration-file.md b/docs/kb/auditor/kds-removal-tool-for-adv-2023-003-failed-to-load-configuration-file.md index 35a54827de..7986afe08c 100644 --- a/docs/kb/auditor/kds-removal-tool-for-adv-2023-003-failed-to-load-configuration-file.md +++ b/docs/kb/auditor/kds-removal-tool-for-adv-2023-003-failed-to-load-configuration-file.md @@ -32,7 +32,7 @@ Failed to load configuration file. Could not find a part of the path ``` -![Error dialog image](../../../images/ka04u00000117HW_0EM4u000008LwaA.png) +![Error dialog image](./images/ka04u00000117HW_0EM4u000008LwaA.png) ## Cause diff --git a/docs/kb/auditor/lockouts-are-not-tracked.md b/docs/kb/auditor/lockouts-are-not-tracked.md index fb3c9aec1f..34a45f9a98 100644 --- a/docs/kb/auditor/lockouts-are-not-tracked.md +++ b/docs/kb/auditor/lockouts-are-not-tracked.md @@ -36,9 +36,9 @@ First, make sure the Windows security log on your DC is reachable: connect via * 4. Create a new DWORD named `UseWatcher` and set its value to `1`. 5. Restart the Netwrix Account Lockout Examiner service via the Services snap-in. -[![User-added image](../../../images/ka04u000000HcWD_0EM700000004udF.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcl&feoid=00N700000032Pj2&refid=0EM700000004udF) +[![User-added image](./images/ka04u000000HcWD_0EM700000004udF.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcl&feoid=00N700000032Pj2&refid=0EM700000004udF) If the above doesn't help, try to change the value of the `UseWMI` registry key to `0`. -[![User-added image](../../../images/ka04u000000HcWD_0EM700000004wzc.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcl&feoid=00N700000032Pj2&refid=0EM700000004wzc) +[![User-added image](./images/ka04u000000HcWD_0EM700000004wzc.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcl&feoid=00N700000032Pj2&refid=0EM700000004wzc) diff --git a/docs/kb/auditor/log-overwrites-warnings.md b/docs/kb/auditor/log-overwrites-warnings.md index b5e6da41de..aab0a680ce 100644 --- a/docs/kb/auditor/log-overwrites-warnings.md +++ b/docs/kb/auditor/log-overwrites-warnings.md @@ -56,14 +56,14 @@ NOTE: for **Security** and **System** event logs, you can figure out who cleared IMPORTANT: Before changing `Maximum log size`, make sure that the system drive has enough free space to store the event log of the maximum size. If not, the event log will grow and fill up all free space on the system drive and the system will stop responding. 4. Make sure the **Overwrite events as needed** option is selected and click **Apply**. -![Configuring maximum log size](../../../images/ka04u000000HcXR_0EM700000004vPE.png) +![Configuring maximum log size](./images/ka04u000000HcXR_0EM700000004vPE.png) ## Procedure 2: Increase `Maximum log size` via Group Policy Object 1. Go to **Start** / **Administrative Tools** / **Group Policy Management**. 2. In the window displayed, go to **Group Policy Management** / **Forest Name** / **Domains** / **Group Policy Objects** / right-click the appropriate policy (or create new) and select **Edit**. **Group Policy Management Editor** starts. -![Group Policy Management](../../../images/ka04u000000HcXR_0EM700000004vPJ.png) +![Group Policy Management](./images/ka04u000000HcXR_0EM700000004vPJ.png) 3. In the left pane, go to **Computer Configuration** / **Policies** / **Windows Settings** / **Security Settings** / **Event Log**. Right-click **Retention method for ``**, choose **Properties**. 4. In the **Security Policy Setting** tab, check the **Define this policy setting** box and select **Do not overwrite events (clear log manually)**. Click OK. @@ -71,7 +71,7 @@ NOTE: for **Security** and **System** event logs, you can figure out who cleared 6. In the **Security Policy Setting** tab, check the **Define this policy setting** box and set the size to `4194240` Kb as recommended by Microsoft: http://support.microsoft.com/kb/957662 IMPORTANT: The affected machines must have enough free space on their system drives for storing the event log of the maximum size. If not, the event log will grow and fill up all free space on the system drive and the system will stop responding. -![Group Policy Management Editor](../../../images/ka04u000000HcXR_0EM700000004vPO.png) +![Group Policy Management Editor](./images/ka04u000000HcXR_0EM700000004vPO.png) 7. Close **Group Policy Object Editor** and link the configured GPO to the required OUs and containers in **Group Policy Management**. 8. OPTIONAL: Upgrade the group policies on the problematic servers by performing the following command: @@ -85,7 +85,7 @@ NOTE: for **Security** and **System** event logs, you can figure out who cleared 2. When the **Resultant Set of Policy** is processed, expand **Computer Configuration** / **Windows Setting** / **Security Settings** / **Event Log**. 3. Make sure that the **Retention method for ``** policy setting has the **Not Defined** or **Manually** value set. If not, change this setting using **Group Policy Management Editor** as described in **Procedure 2**. -![RSOP Results](../../../images/ka04u000000HcXR_0EM700000004vPT.png) +![RSOP Results](./images/ka04u000000HcXR_0EM700000004vPT.png) 4. Perform the following steps: - Click **Start** / **Run**, type `eventvwr.msc` and press **Enter**. The **Event Viewer** window will be displayed. @@ -94,7 +94,7 @@ NOTE: for **Security** and **System** event logs, you can figure out who cleared - Select the **Archive the log when full, do not overwrite events** radio button. - Click the **Clear Log** button. Click the **Apply** button. -![Event Viewer Settings on Windows 2008](../../../images/ka04u000000HcXR_0EM700000004vPn.png) +![Event Viewer Settings on Windows 2008](./images/ka04u000000HcXR_0EM700000004vPn.png) NOTE: These maximum sizes are recommended by Microsoft: http://support.microsoft.com/kb/957662 IMPORTANT: Before you change `Maximum log size` and enable the **Archive events when full** option, make sure that the system drive has enough free space to store the event log and log's backup files of the maximum size. If not, the event log will grow and fill up all free space on the system drive and the system will stop responding. @@ -110,5 +110,5 @@ IMPORTANT: Before you change `Maximum log size` and enable the **Archive events - `ProcessBackupLogs` set to `1` - `CleanAutoBackupLogs` set to `X` (if you want the archives to be removed when all events in them are older than `X` hours, for example: `24` hours). -![Event Log Manager Registry Settings](../../../images/ka04u000000HcXR_0EM700000004vPs.png) +![Event Log Manager Registry Settings](./images/ka04u000000HcXR_0EM700000004vPs.png) diff --git a/docs/kb/auditor/logon-failed-for-unattended-execution-account-running-netwrix-auditor-reports.md b/docs/kb/auditor/logon-failed-for-unattended-execution-account-running-netwrix-auditor-reports.md index 44b8dc2fab..ba0cccfb92 100644 --- a/docs/kb/auditor/logon-failed-for-unattended-execution-account-running-netwrix-auditor-reports.md +++ b/docs/kb/auditor/logon-failed-for-unattended-execution-account-running-netwrix-auditor-reports.md @@ -64,7 +64,7 @@ If no credentials are visible in Report Server Configuration Manager, follow the 2. Open the `rsreportserver.config` file in a text editor, and locate the `` node. - ![UnattendedExecutionAccount node](../../../images/ka04u00000117zS_0EM4u000008MT4S.png) + ![UnattendedExecutionAccount node](./images/ka04u00000117zS_0EM4u000008MT4S.png) 3. Delete the credentials specified in ``, ``, and `` fields. diff --git a/docs/kb/auditor/long-data-collection-improving-the-performance.md b/docs/kb/auditor/long-data-collection-improving-the-performance.md index 9ffb5ba4aa..e6ed3c217b 100644 --- a/docs/kb/auditor/long-data-collection-improving-the-performance.md +++ b/docs/kb/auditor/long-data-collection-improving-the-performance.md @@ -60,7 +60,7 @@ Depending on your environment and needs, the Audit Database retention period can ### Exclude Netwrix-related folders from antivirus scans -As Netwrix Auditor creates and writes audit data in smaller portions, your antivirus suite will attempt to check every new or edited file to complete the threat check. Full file reads might take extra time to complete, hindering the writing capability of Netwrix Auditor, in some cases leading to timeouts and additional RAM and CPU loads. Refer to the following article for additional information on folders to be excluded from regular antivirus checks: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +As Netwrix Auditor creates and writes audit data in smaller portions, your antivirus suite will attempt to check every new or edited file to complete the threat check. Full file reads might take extra time to complete, hindering the writing capability of Netwrix Auditor, in some cases leading to timeouts and additional RAM and CPU loads. Refer to the following article for additional information on folders to be excluded from regular antivirus checks: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) ### Set up data collection for State-in-Time reports @@ -89,7 +89,7 @@ In case you have an Event Log Manager plan set up, make sure it doesn't monitor ### Omit lists -You can limit the monitoring scope in your environment via omit lists — this allows to proactively decrease the DB loads as changes for omitted items are not recorded. For additional information on how to exclude users and objects via Netwrix Auditor UI, refer to the following article: [How to Exclude Users and Objects from Monitoring Scope in Netwrix Auditor UI](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md). For additional information on how to use omit lists, refer to the following article: [How to Use Omit Lists](https://docs.netwrix.com/docs/kb/auditor/how-to-use-omit-lists) +You can limit the monitoring scope in your environment via omit lists — this allows to proactively decrease the DB loads as changes for omitted items are not recorded. For additional information on how to exclude users and objects via Netwrix Auditor UI, refer to the following article: [How to Exclude Users and Objects from Monitoring Scope in Netwrix Auditor UI](/docs/kb/auditor/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui). For additional information on how to use omit lists, refer to the following article: [How to Use Omit Lists](https://docs.netwrix.com/docs/kb/auditor/how-to-use-omit-lists) ### Related articles @@ -97,7 +97,7 @@ You can limit the monitoring scope in your environment via omit lists — this a - [Hardware Requirements](https://docs.netwrix.com/docs/auditor/10_8/requirements/console) - [Settings for Data Collection](https://docs.netwrix.com/docs/auditor/10_8/admin/monitoringplans/create#settings-for-data-collection) - [Configure Database Retention](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/auditdatabase#configure-database-retention) -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) - [Manage Data Sources](https://docs.netwrix.com/docs/auditor/10_8/admin/monitoringplans/datasources) -- [How to Exclude Users and Objects from Monitoring Scope in Netwrix Auditor UI](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md) +- [How to Exclude Users and Objects from Monitoring Scope in Netwrix Auditor UI](/docs/kb/auditor/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui) - [How to Use Omit Lists](https://docs.netwrix.com/docs/kb/auditor/how-to-use-omit-lists) diff --git a/docs/kb/auditor/malformed-control-request.md b/docs/kb/auditor/malformed-control-request.md index 18a250c980..f5207e5b9e 100644 --- a/docs/kb/auditor/malformed-control-request.md +++ b/docs/kb/auditor/malformed-control-request.md @@ -34,7 +34,7 @@ It should be a reply to lockout notification and shall have the code specified a For example: -![User-added image](../../../images/ka04u000000HcT2_0EM700000005kEC.png) +![User-added image](./images/ka04u000000HcT2_0EM700000005kEC.png) --- diff --git a/docs/kb/auditor/manually-update-user-activity-core-service.md b/docs/kb/auditor/manually-update-user-activity-core-service.md index 1dde705e89..d3090db07b 100644 --- a/docs/kb/auditor/manually-update-user-activity-core-service.md +++ b/docs/kb/auditor/manually-update-user-activity-core-service.md @@ -29,7 +29,7 @@ The Netwrix Auditor User Activity Core Service version in a target server does n ## Answer -> **NOTE:** Refer to the following article for additional information on establishing the version of your Auditor server: [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-find-out-my-netwrix-auditor-version.md) +> **NOTE:** Refer to the following article for additional information on establishing the version of your Auditor server: [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version) > **IMPORTANT:** It is recommended to stop User Activity services in the Netwrix server before making changes to installed Core Services in targets. Run the following command in elevated PowerShell to stop User Activity Core Service and Audit Service: > @@ -117,5 +117,5 @@ User Activity Core Service is designed to be deployed automatically when adding ## Related links -- [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-find-out-my-netwrix-auditor-version.md) +- [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version) - [Uninstall Netwrix Product](https://www.netwrix.com/download/products/KnowledgeBase/Uninstall-NetwrixProduct.ps1) diff --git a/docs/kb/auditor/migrate-netwrix-password-expiration-notifier-to-a-different-server.md b/docs/kb/auditor/migrate-netwrix-password-expiration-notifier-to-a-different-server.md index 30b68a7a38..3c66662603 100644 --- a/docs/kb/auditor/migrate-netwrix-password-expiration-notifier-to-a-different-server.md +++ b/docs/kb/auditor/migrate-netwrix-password-expiration-notifier-to-a-different-server.md @@ -35,7 +35,7 @@ In Netwrix Auditor versions 9.0 and newer, Netwrix Password Reset is installed a 2. Copy the following data from the old server to the new server: - Templates folder from `C:\Program Files (x86)\Netwrix Auditor\Password Expiration Alerting\Templates`. - Screenshot all four tabs of the Netwrix Password Reset interface for configuration details. - ![tIfrvbFLMt.png](../../../images/ka04u00000117hE_0EM4u000007ccaS.png) + ![tIfrvbFLMt.png](./images/ka04u00000117hE_0EM4u000007ccaS.png) 3. Reconfigure Netwrix Password Reset according to the screenshots you captured. 4. Apply your Netwrix Auditor License to the new instance of Netwrix Auditor. @@ -43,5 +43,5 @@ In Netwrix Auditor versions 9.0 and newer, Netwrix Password Reset is installed a Message templates customized via the Netwrix Password Reset UI should be transferred manually — make sure to copy the contents of the **Actions** tab reports highlighted in the screenshot. -![CslItbePFg.png](../../../images/ka04u00000117hE_0EM4u000007ccac.png) +![CslItbePFg.png](./images/ka04u00000117hE_0EM4u000007ccac.png) diff --git a/docs/kb/auditor/migrating-auditor-to-new-server.md b/docs/kb/auditor/migrating-auditor-to-new-server.md index 7e1d4631b4..696e2a6bfd 100644 --- a/docs/kb/auditor/migrating-auditor-to-new-server.md +++ b/docs/kb/auditor/migrating-auditor-to-new-server.md @@ -73,12 +73,12 @@ By default, Long-Term Archive is located at `C:\ProgramData\Netwrix Auditor\Data Navigate to your Long-Term Archive location and copy the entire folder. Proceed by transferring Long-Term Archive to the new Netwrix Auditor server. While you can migrate it to the default location, it is recommended to keep Long-Term Archive on a separate drive. This will prevent rapid storage consumption on the C drive. Take note of where you have placed Long-Term Archive on the new Netwrix Auditor server. -> **NOTE:** You can split the Long-Term Archive migration into two steps if the size of your ActivityRecords folder doesn't allow for a quick migration. For additional information, refer to the following article: How to Move Long-Term Archive to a New Location: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md) +> **NOTE:** You can split the Long-Term Archive migration into two steps if the size of your ActivityRecords folder doesn't allow for a quick migration. For additional information, refer to the following article: How to Move Long-Term Archive to a New Location: [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location) ### SQL Databases -It is important to decide on migration of your SQL databases or keeping them in your current SQL Server instance during the Netwrix Auditor migration. In case you'd like to migrate your SQL Server databases, refer to the following article for additional information:[How to Migrate Netwrix Auditor Databases to Another SQL Server Instance](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md) -Once SQL migration is complete, refer to the following article for additional information on Report Server Database deployment:[Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +It is important to decide on migration of your SQL databases or keeping them in your current SQL Server instance during the Netwrix Auditor migration. In case you'd like to migrate your SQL Server databases, refer to the following article for additional information:[How to Migrate Netwrix Auditor Databases to Another SQL Server Instance](/docs/kb/auditor/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance) +Once SQL migration is complete, refer to the following article for additional information on Report Server Database deployment:[Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) ### Final Steps @@ -110,16 +110,16 @@ Start-Service -Displayname Netwrix* 3. In Netwrix Auditor **Settings** menu, select **Audit Databse** in the left pane and click **Modify** under **Audit database settings**. 4. Specify the SQL Server instance name and credentials of the account used to write data to SQL databases. Refer to the following articles for additional information on SQL permissions and report server database deployment: - [Requirements for SQL Server to Store Audit Data](https://docs.netwrix.com/docs/auditor/10_8/requirements/sqlserver) - - [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) + - [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) ### Important Notes Post-Migration -- If you've previously had any omit lists configured, you will have to either copy the contents of these omit lists or copy the files to the new server. For additional information on omit lists and their locations, refer to the following article: [How to Use Omit Lists](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-use-omit-lists.md) +- If you've previously had any omit lists configured, you will have to either copy the contents of these omit lists or copy the files to the new server. For additional information on omit lists and their locations, refer to the following article: [How to Use Omit Lists](/docs/kb/auditor/how-to-use-omit-lists) - You cannot migrate Event Log Manager or its configuration files. Remember to manually copy the configuration over to the new server. Event Log Manager data will be migrated in case you've migrated SQL databases. - Netwrix Password Expiration Notifier and Netwrix Inactive Users Tracker do not store any data — their reports are sent daily via email. For more information on how to migrate these Netwrix tools, refer to the following articles: - - [Migrate PEN to a Different Server](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/migrate-netwrix-password-expiration-notifier-to-a-different-server.md) - - How to migrate Netwrix Inactive Users Tracker to other servers: [How to Migrate Netwrix Inactive Users Tracker to Other Servers](/docs/kb/auditor/monitoring-plans/user-activity-monitoring/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md) -- User Activity data will not be collected until the Core Service is redeployed after migration. For more information on how to reset Netwrix Auditor User Activity Core Service to allow the monitoring plan to redeploy with the new configuration settings and registry keys, review the following article: [Uninstalling User Activity Monitoring Agents](/docs/kb/auditor/monitoring-plans/user-activity-monitoring/uninstalling-user-activity-monitoring-agents.md) + - [Migrate PEN to a Different Server](/docs/kb/auditor/migrate-netwrix-password-expiration-notifier-to-a-different-server) + - How to migrate Netwrix Inactive Users Tracker to other servers: [How to Migrate Netwrix Inactive Users Tracker to Other Servers](/docs/kb/auditor/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers) +- User Activity data will not be collected until the Core Service is redeployed after migration. For more information on how to reset Netwrix Auditor User Activity Core Service to allow the monitoring plan to redeploy with the new configuration settings and registry keys, review the following article: [Uninstalling User Activity Monitoring Agents](/docs/kb/auditor/uninstalling-user-activity-monitoring-agents) ### Validation Checklist @@ -128,7 +128,7 @@ Run the following checks for your migrated Netwrix Auditor instance: - Run a search with blank parameters (an open search). - Run a report on a data source you are auditing. - Confirm your monitoring plans have carried over. -- Apply the Auditor license. Refer to the following article for additional information:[How to Apply Netwrix Auditor License](/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md) +- Apply the Auditor license. Refer to the following article for additional information:[How to Apply Netwrix Auditor License](/docs/kb/auditor/how-to-apply-netwrix-auditor-license) > **IMPORTANT:** The SSL certificate previously used for Integration API will be missing from the certificate store in your new Netwrix Auditor server. Generate a new SSL certificate for Netwrix Auditor Integration API − refer to the following article for additional information: [Integration API](https://docs.netwrix.com/docs/auditor/10_8/api/overview) @@ -138,12 +138,12 @@ Monitor the system over the next few days to confirm the migration has been comp - [Software Requirements](https://docs.netwrix.com/docs/auditor/10_8/requirements/software) - [Hardware Requirements](https://docs.netwrix.com/docs/auditor/10_8/requirements/console) -- [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md) -- [How to Migrate Netwrix Auditor Databases to Another SQL Server Instance](/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md) -- [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +- [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location) +- [How to Migrate Netwrix Auditor Databases to Another SQL Server Instance](/docs/kb/auditor/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance) +- [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) - [Requirements for SQL Server to Store Audit Data](https://docs.netwrix.com/docs/auditor/10_8/requirements/sqlserver) [Integration API](https://docs.netwrix.com/docs/auditor/10_8/api/overview) -- [Specified Logon Session Does Not Exist Error in Netwrix Auditor](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/specified-logon-session-does-not-exist-error-in-netwrix-auditor.md) -- [How to Apply Netwrix Auditor License](/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md) -- [Migrate PEN to a Different Server](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/migrate-netwrix-password-expiration-notifier-to-a-different-server.md) -- [How to Migrate Netwrix Inactive Users Tracker to Other Servers](/docs/kb/auditor/monitoring-plans/user-activity-monitoring/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md) +- [Specified Logon Session Does Not Exist Error in Netwrix Auditor](/docs/kb/auditor/specified-logon-session-does-not-exist-error-in-netwrix-auditor) +- [How to Apply Netwrix Auditor License](/docs/kb/auditor/how-to-apply-netwrix-auditor-license) +- [Migrate PEN to a Different Server](/docs/kb/auditor/migrate-netwrix-password-expiration-notifier-to-a-different-server) +- [How to Migrate Netwrix Inactive Users Tracker to Other Servers](/docs/kb/auditor/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers) diff --git a/docs/kb/auditor/netwrix-auditor-configuration-server-service-fails-to-start-too-many-methods-to-fire-events-from.md b/docs/kb/auditor/netwrix-auditor-configuration-server-service-fails-to-start-too-many-methods-to-fire-events-from.md index 18fd0d236d..1af621e19d 100644 --- a/docs/kb/auditor/netwrix-auditor-configuration-server-service-fails-to-start-too-many-methods-to-fire-events-from.md +++ b/docs/kb/auditor/netwrix-auditor-configuration-server-service-fails-to-start-too-many-methods-to-fire-events-from.md @@ -32,11 +32,11 @@ Windows could not start the Netwrix Auditor Configuration Server Service service Error 0x80040209: An interface has too many methods to fire events from. ``` -![Screenshot 1](../../../images/ka04u00000117L8_0EM4u000008LCum.png) +![Screenshot 1](./images/ka04u00000117L8_0EM4u000008LCum.png) Other services are running as expected. -![Screenshot 2](../../../images/ka04u00000117L8_0EM4u000008LCuw.png) +![Screenshot 2](./images/ka04u00000117L8_0EM4u000008LCuw.png) - The following error is prompted in the main Netwrix Auditor screen: @@ -45,7 +45,7 @@ Connection failed Access is denied ``` -![Screenshot 3](../../../images/ka04u00000117L8_0EM4u000008M2Tz.png) +![Screenshot 3](./images/ka04u00000117L8_0EM4u000008M2Tz.png) Upon checking Services running, Netwrix Auditor Configuration Server Service appears to have stopped. When attempting to restart the service, the same error is prompted. @@ -64,7 +64,7 @@ Refer to the following steps to troubleshoot the issue: 1. Back up the ConfigServer folder located in ` %Working Folder%\AuditCore\ConfigServer`. 2. Delete all files in the original ConfigServer folder except for the StorageBackups folder and the Configuration.xml file. -![ConfigServer folder contents](../../../images/ka04u00000117L8_0EM4u000008LCv1.png) +![ConfigServer folder contents](./images/ka04u00000117L8_0EM4u000008LCv1.png) 3. Restart Netwrix Auditor Configuration Server Service. 4. Make sure the following services are running (including all the monitoring plan-related services): @@ -77,11 +77,11 @@ In case the aforementioned steps did not help, refer to the following steps to t 1. Back up the ConfigServer folder located in ` %Working Folder%\AuditCore\ConfigServer`. 2. Delete all files in the original ConfigServer folder except for the StorageBackups folder. It is located in ` %Working Folder%\AuditCore\ConfigServer`. -![ConfigServer StorageBackups folder](../../../images/ka04u00000117L8_0EM4u000008LCvL.png) +![ConfigServer StorageBackups folder](./images/ka04u00000117L8_0EM4u000008LCvL.png) 3. Copy the Configuration.xml file from the latest **BACKUP_%DATE%**\%GUID% folder. -![Backup folder selection](../../../images/ka04u00000117L8_0EM4u000008LCvk.png) +![Backup folder selection](./images/ka04u00000117L8_0EM4u000008LCvk.png) 4. Paste the copied Configuration.xml file to ` %Working Folder%\AuditCore\ConfigServer`. 5. Restart Netwrix Auditor Configuration Server Service. @@ -92,7 +92,7 @@ In case the aforementioned steps did not help, refer to the following steps to t > **NOTE:** If these steps did not help, try using the Configuration.xml file from the second to the last **BACKUP_%DATE%**\%GUID% folder. Paste the file to ` %Working Folder%\AuditCore\ConfigServer` and restart Netwrix Auditor services. -![Configuration restored](../../../images/ka04u00000117L8_0EM4u000008LCwE.png) +![Configuration restored](./images/ka04u00000117L8_0EM4u000008LCwE.png) > **NOTE:** If the issue reoccurs after some time, contact [Netwrix Technical Support](https://www.netwrix.com/open_a_ticket.html). diff --git a/docs/kb/auditor/netwrix-auditor-consumes-disk-space-recommendations.md b/docs/kb/auditor/netwrix-auditor-consumes-disk-space-recommendations.md index 236853abb3..edeebacf8c 100644 --- a/docs/kb/auditor/netwrix-auditor-consumes-disk-space-recommendations.md +++ b/docs/kb/auditor/netwrix-auditor-consumes-disk-space-recommendations.md @@ -42,18 +42,18 @@ The following recommendations will allow you to reduce disk space consumption: Follow these Knowledge Base articles for additional information: - - [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md) - - [How to Prevent Long-Term Archive Overflow](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-prevent-long-term-archive-overflow.md) + - [How to Move Long-Term Archive to a New Location](/docs/kb/auditor/how-to-move-long-term-archive-to-a-new-location) + - [How to Prevent Long-Term Archive Overflow](/docs/kb/auditor/how-to-prevent-long-term-archive-overflow) 3. Migrate Working Folder to a new location. The size of your Working Folder may grow significantly (normally, up to `10 – 20GB`) depending on the workload, especially during activity peaks. If your system drive capacity is limited, you might want to keep the temporary files and trace logs on another drive, i.e. change the Working Folder default location. - For additional information on how to move the Working Folder, refer to the following article: [How to Migrate Netwrix Auditor Working Folder to a New Location](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md). + For additional information on how to move the Working Folder, refer to the following article: [How to Migrate Netwrix Auditor Working Folder to a New Location](/docs/kb/auditor/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location). 4. Remove the **Netwrix Backup** folder. Netwrix strongly recommends keeping the backups for supported product versions. - For additional information about the Backup folder, refer to the following article: [Backups Folder in Netwrix Auditor](/docs/kb/auditor/system-administration/backup-and-recovery/backups-folder-in-netwrix-auditor.md). + For additional information about the Backup folder, refer to the following article: [Backups Folder in Netwrix Auditor](/docs/kb/auditor/backups-folder-in-netwrix-auditor). 5. Additional space might be consumed by the **Local DB** in the **ShortTerm** folder; this can occur when the SQL communication is not working properly or the DB files getting corrupted. Follow the resolution steps in the article: [Netwrix Auditor System Health Log Contains EventID 2002](https://docs.netwrix.com/docs/kb/auditor/netwrix-auditor-health-log-contains-eventid-2002). @@ -73,7 +73,7 @@ The following recommendations will allow you to reduce disk space consumption: ## Related Articles -- [Error: Netwrix Auditor for File Servers Audit Service Terminated Unexpectedly](/docs/kb/auditor/configuration-and-setup/file-server-auditing/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md) -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) -- [How to Add Additional Space to Long-Term Archive](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-add-additional-space-to-long-term-archive.md) +- [Error: Netwrix Auditor for File Servers Audit Service Terminated Unexpectedly](/docs/kb/auditor/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) +- [How to Add Additional Space to Long-Term Archive](/docs/kb/auditor/how-to-add-additional-space-to-long-term-archive) - [Netwrix Auditor System Health Log Contains EventID 2002](https://docs.netwrix.com/docs/kb/auditor/netwrix-auditor-health-log-contains-eventid-2002) diff --git a/docs/kb/auditor/netwrix-auditor-event-log-manager-shows-smtp-authentication-errors-while-configuring-a-monitoring-pl.md b/docs/kb/auditor/netwrix-auditor-event-log-manager-shows-smtp-authentication-errors-while-configuring-a-monitoring-pl.md index 871947fdb4..7081906138 100644 --- a/docs/kb/auditor/netwrix-auditor-event-log-manager-shows-smtp-authentication-errors-while-configuring-a-monitoring-pl.md +++ b/docs/kb/auditor/netwrix-auditor-event-log-manager-shows-smtp-authentication-errors-while-configuring-a-monitoring-pl.md @@ -26,7 +26,7 @@ knowledge_article_id: kA04u00000110xFCAQ ## Symptom 1. Netwrix Auditor Event Log Manager does not collect logs and shows the following error while trying to 'verify' if the messages were being sent in the Event Log Manager monitoring plan. - ![User-added image](../../../images/ka04u00000116xf_0EM4u000008Ljuv.png) + ![User-added image](./images/ka04u00000116xf_0EM4u000008Ljuv.png) 2. When providing credentials for the Netwrix Auditor Event Log Manager monitoring plan, the following dialog appears: diff --git a/docs/kb/auditor/netwrix-auditor-licensing-faqs.md b/docs/kb/auditor/netwrix-auditor-licensing-faqs.md index 9c9457119e..2b3823d4f2 100644 --- a/docs/kb/auditor/netwrix-auditor-licensing-faqs.md +++ b/docs/kb/auditor/netwrix-auditor-licensing-faqs.md @@ -59,7 +59,7 @@ Per server | | Netwrix Auditor for MS Teams | Per enabled Microsoft Entra ID user | ## How Can I Count Enabled AD Users? -To count the number of licenses, you should provide the number of `enabled AD user accounts`, that is, calculate the number of your Active Directory user accounts in the Enabled state. Follow the instructions provided in this Netwrix Auditor Knowledge Base article: [Determining the Number of Enabled Active Directory User Accounts](/docs/kb/auditor/configuration-and-setup/active-directory-auditing/determining-the-number-of-enabled-active-directory-user-accounts.md). Then round up the calculation result to reserve some space for growth and to prevent scalability issues. For example: +To count the number of licenses, you should provide the number of `enabled AD user accounts`, that is, calculate the number of your Active Directory user accounts in the Enabled state. Follow the instructions provided in this Netwrix Auditor Knowledge Base article: [Determining the Number of Enabled Active Directory User Accounts](/docs/kb/auditor/determining-the-number-of-enabled-active-directory-user-accounts). Then round up the calculation result to reserve some space for growth and to prevent scalability issues. For example: - If the calculation script returns 214, round up this value to 220 when applying for the license. - If the calculation script returns 1841, round up this value to 2000 when applying for the license. @@ -67,10 +67,10 @@ To count the number of licenses, you should provide the number of `enabled AD us > **IMPORTANT:** > - Service accounts are also counted. The accounts under which the services run in your infrastructure are included in the license count and, eventually, in the cost of a license. > - Deleted, disabled, group, or computer accounts are not included in the license count. -> - You can use either `Omitallowedpathlist` omit list to reduce user count by omitting certain OUs from being audited or specify omitted OUs in the Netwrix Auditor UI. You will not gain any information from these OUs; however, the amount of licenses will be reduced. For additional information on reducing the user count via Netwrix Auditor UI, refer to the following article: [Reducing the Used Active Directory and Entra ID License Counts](/docs/kb/auditor/configuration-and-setup/active-directory-auditing/reducing-the-used-active-directory-and-entra-id-license-counts.md). For additional information on omit lists, refer to the following article: [How to Use Omit Lists](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-use-omit-lists.md). +> - You can use either `Omitallowedpathlist` omit list to reduce user count by omitting certain OUs from being audited or specify omitted OUs in the Netwrix Auditor UI. You will not gain any information from these OUs; however, the amount of licenses will be reduced. For additional information on reducing the user count via Netwrix Auditor UI, refer to the following article: [Reducing the Used Active Directory and Entra ID License Counts](/docs/kb/auditor/reducing-the-used-active-directory-and-entra-id-license-counts). For additional information on omit lists, refer to the following article: [How to Use Omit Lists](/docs/kb/auditor/how-to-use-omit-lists). ## What Should I Provide for Netwrix Auditor for Network Devices Licensing? -You should provide the number of `source IP addresses` of your network devices. This count is used to estimate the number of licenses required to audit the Network Devices data source. To learn more, read the How to Count the Number of Your Network Devices in Your Configuration article: [How to count the number of your network devices in your configuration?](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-count-the-number-of-your-network-devices-in-your-configuration.md). +You should provide the number of `source IP addresses` of your network devices. This count is used to estimate the number of licenses required to audit the Network Devices data source. To learn more, read the How to Count the Number of Your Network Devices in Your Configuration article: [How to count the number of your network devices in your configuration?](/docs/kb/auditor/how-to-count-the-number-of-your-network-devices-in-your-configuration). > **IMPORTANT:** You should count all physical devices regardless of your forwarding configuration. ## What Should I Provide for Netwrix Auditor for Oracle Database Licensing? @@ -89,7 +89,7 @@ For per-server licensing, count and provide the total number of the servers (phy ## What Should I Provide for Netwrix Auditor for Microsoft Entra ID Licensing? You should provide the number of `enabled Microsoft Entra ID user accounts`. Starting from version 9.96, guest/external users are not included in the license count. Follow the instructions outlined in the How to Determine the Count of Enabled Microsoft Entra ID Accounts article: /docs/kb/auditor/determining-the-number-of-enabled-microsoft-entra-id-accounts. -You can use `omitUPNlist.txt` omit list to reduce user count by omitting certain user UPNs from being audited. You will not gain any information on these users; however, the amount of licenses will be reduced. For additional information on reducing the user count via Netwrix Auditor UI, refer to the following article: [Reducing the Used Active Directory and Entra ID License Counts](/docs/kb/auditor/configuration-and-setup/active-directory-auditing/reducing-the-used-active-directory-and-entra-id-license-counts.md). For additional information on omit lists, refer to the following article: [How to Use Omit Lists](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-use-omit-lists.md). +You can use `omitUPNlist.txt` omit list to reduce user count by omitting certain user UPNs from being audited. You will not gain any information on these users; however, the amount of licenses will be reduced. For additional information on reducing the user count via Netwrix Auditor UI, refer to the following article: [Reducing the Used Active Directory and Entra ID License Counts](/docs/kb/auditor/reducing-the-used-active-directory-and-entra-id-license-counts). For additional information on omit lists, refer to the following article: [How to Use Omit Lists](/docs/kb/auditor/how-to-use-omit-lists). ## What Should I Provide for Netwrix Auditor for Exchange Licensing? For the Exchange data source, Netwrix Auditor offers a convenient hybrid pricing model specifically designed for prospects with a hybrid Exchange (on-premises Exchange Server and Exchange Online) deployment. You can also have an on-premises-only or a cloud-only Exchange environment. @@ -97,7 +97,7 @@ To get a hybrid Exchange license, you need to provide the `total number of user For example, if you have 200 online mailboxes and 300 on-premises Exchange mailboxes, you need to purchase a license for 500 mailboxes. -To calculate the number of user mailboxes used in your Microsoft Office 365 tenants, refer to the guidelines presented in the article titled How to Count Number of Licenses Required for Auditing a Microsoft Office 365 Tenant: [How to count number of licenses required for auditing a Microsoft Office 365 tenant?](/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md). +To calculate the number of user mailboxes used in your Microsoft Office 365 tenants, refer to the guidelines presented in the article titled How to Count Number of Licenses Required for Auditing a Microsoft Office 365 Tenant: [How to count number of licenses required for auditing a Microsoft Office 365 tenant?](/docs/kb/auditor/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant). > **IMPORTANT:** A **user mailbox** can be a personal mailbox, an Online Archive mailbox, or both. Shared and resource mailboxes do not count. For example, if an Exchange Online user has one personal mailbox and one Online Archive mailbox, this user will be counted as a single licensed object. If a user has no Online Archive mailbox but three personal mailboxes, this will be counted as three licensed objects. @@ -126,7 +126,7 @@ To request more licensing information, please contact licensing@netwrix.com. You can use the **Licenses** window to review the status of your current licenses, update them, and add new licenses. On the Netwrix Auditor main screen, click the **Settings** tile and then select **Licenses**. The window will look as shown below. -![Licenses window in Auditor UI showing license status and counts](../../../images/ka0Qk000000DbzR_0EM4u000002PbUM.png) +![Licenses window in Auditor UI showing license status and counts](./images/ka0Qk000000DbzR_0EM4u000002PbUM.png) Here: @@ -139,12 +139,12 @@ Here: You may choose to no longer audit a data source, and thus not renew the license for the corresponding application. Unused licenses do not need to be removed from Netwrix Auditor, with the exception of one special case. This case is upgrading a Netwrix Auditor installation that has some expired licenses. Most recent (9.95 and up) versions of Netwrix Auditor allow you to remove a license directly from the user interface. If you have an older version of Netwrix Auditor and need to remove an expired license as it blocks your upgrade, contact Netwrix Technical Support. ## Related Articles -- [Determining the Number of Enabled Active Directory User Accounts](/docs/kb/auditor/configuration-and-setup/active-directory-auditing/determining-the-number-of-enabled-active-directory-user-accounts.md) -- [Reducing the Used Active Directory and Entra ID License Counts](/docs/kb/auditor/configuration-and-setup/active-directory-auditing/reducing-the-used-active-directory-and-entra-id-license-counts.md) -- [How to Use Omit Lists](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-use-omit-lists.md) -- [How to count the number of your network devices in your configuration?](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-count-the-number-of-your-network-devices-in-your-configuration.md) +- [Determining the Number of Enabled Active Directory User Accounts](/docs/kb/auditor/determining-the-number-of-enabled-active-directory-user-accounts) +- [Reducing the Used Active Directory and Entra ID License Counts](/docs/kb/auditor/reducing-the-used-active-directory-and-entra-id-license-counts) +- [How to Use Omit Lists](/docs/kb/auditor/how-to-use-omit-lists) +- [How to count the number of your network devices in your configuration?](/docs/kb/auditor/how-to-count-the-number-of-your-network-devices-in-your-configuration) - [Oracle Processor Core Factor Table](http://www.oracle.com/us/corporate/contracts/processor-core-factor-table-070634.pdf) - [How to Count Number of CPU Cores on Your Oracle Database Deployment](https://docs.netwrix.com/docs/kb/auditor/how-to-count-number-of-cpu-cores-on-your-oracle-database-deployment) - [How to Determine the Count of Enabled Microsoft Entra ID Accounts](https://docs.netwrix.com/docs/kb/auditor/determining-the-number-of-enabled-microsoft-entra-id-accounts#instructions) -- [How to count number of licenses required for auditing a Microsoft Office 365 tenant?](/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md) +- [How to count number of licenses required for auditing a Microsoft Office 365 tenant?](/docs/kb/auditor/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant) diff --git a/docs/kb/auditor/netwrix-auditor-stops-working-after-upgrading-host-server-windows.md b/docs/kb/auditor/netwrix-auditor-stops-working-after-upgrading-host-server-windows.md index bbe1e7a499..142c5ac083 100644 --- a/docs/kb/auditor/netwrix-auditor-stops-working-after-upgrading-host-server-windows.md +++ b/docs/kb/auditor/netwrix-auditor-stops-working-after-upgrading-host-server-windows.md @@ -29,7 +29,7 @@ knowledge_article_id: kA04u000000PoKECA0 - Netwrix Auditor stops working after the Windows version on the Netwrix host server was upgraded. - Monitoring plans are disabled. - License status for a product states **Unavailable**. - ![1.png](../../../images/ka04u00000116G7_0EM4u000007ceka.png) + ![1.png](./images/ka04u00000116G7_0EM4u000007ceka.png) ## Cause @@ -42,7 +42,7 @@ Windows Setup suite overwrites license-related settings of Netwrix Auditor durin Re-apply your license: 1. In the main Netwrix Auditor screen, go to **Settings** > **Licenses** and click **Update**. - ![2.png](../../../images/ka04u00000116G7_0EM4u000007cekk.png) + ![2.png](./images/ka04u00000116G7_0EM4u000007cekk.png) 2. Navigate to your `.lic` file and select the file. 3. Click **Open**. diff --git a/docs/kb/auditor/netwrix-auditor-upgrade-process-taking-too-long.md b/docs/kb/auditor/netwrix-auditor-upgrade-process-taking-too-long.md index 5e861c1ae0..a402241821 100644 --- a/docs/kb/auditor/netwrix-auditor-upgrade-process-taking-too-long.md +++ b/docs/kb/auditor/netwrix-auditor-upgrade-process-taking-too-long.md @@ -33,7 +33,7 @@ Depending on the version you're upgrading from and to, there could be major chan Refer to the following steps in case your upgrade process takes over 20 hours to complete: -- Add corresponding exclusions to the monitoring scope of your antivirus suite — refer to the following article for additional information: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md). +- Add corresponding exclusions to the monitoring scope of your antivirus suite — refer to the following article for additional information: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor). - Clear the temporary folder: diff --git a/docs/kb/auditor/netwrix_auditor_data_collection_service_crashes_after_upgrade_to_v10.7.13707.md b/docs/kb/auditor/netwrix_auditor_data_collection_service_crashes_after_upgrade_to_v10.7.13707.md index a4092f896c..b6b49a0d57 100644 --- a/docs/kb/auditor/netwrix_auditor_data_collection_service_crashes_after_upgrade_to_v10.7.13707.md +++ b/docs/kb/auditor/netwrix_auditor_data_collection_service_crashes_after_upgrade_to_v10.7.13707.md @@ -41,4 +41,4 @@ Upgrade your Auditor instance to v10.7.13710 or later. Download the executable i ## Related Articles - [My Products · Netwrix](https://www.netwrix.com/my_products.html) -- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md) \ No newline at end of file +- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/how-to-upgrade-netwrix-auditor) \ No newline at end of file diff --git a/docs/kb/auditor/no-monitoring-plans-found-in-netwrix-auditor.md b/docs/kb/auditor/no-monitoring-plans-found-in-netwrix-auditor.md index 91e475647a..c8d60368b6 100644 --- a/docs/kb/auditor/no-monitoring-plans-found-in-netwrix-auditor.md +++ b/docs/kb/auditor/no-monitoring-plans-found-in-netwrix-auditor.md @@ -30,7 +30,7 @@ When attempting to view a report, the **Monitoring Plan** dropdown list reads as NO MONITORING PLANS FOUND ``` -![Monitoring Plan dropdown showing NO MONITORING PLANS FOUND](../../../images/ka04u00000117TM_0EM4u000008M6Wx.png) +![Monitoring Plan dropdown showing NO MONITORING PLANS FOUND](./images/ka04u00000117TM_0EM4u000008M6Wx.png) ## Causes @@ -95,7 +95,7 @@ NO MONITORING PLANS FOUND > > - The account specified in **Audit database settings** for Report Server should have local admin permissions, as well as permissions to create folders, and upload folders. > - Any folder/report access permissions set up in Report Manager directly instead of monitoring plans delegation will have to be reconfigured. Alternatively, you can delete a particular affected report instead of deleting the entire **Netwrix Auditor** reports folder. -> - In case you've previously added a custom report, you will have to manually set it up again. This could apply to the report provided in the following article: [How to Monitor Print Service Activity](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-monitor-print-service-activity.md). +> - In case you've previously added a custom report, you will have to manually set it up again. This could apply to the report provided in the following article: [How to Monitor Print Service Activity](/docs/kb/auditor/how-to-monitor-print-service-activity). ## Related articles diff --git a/docs/kb/auditor/not-all-changes-are-included-in-reports-for-database-content-audit.md b/docs/kb/auditor/not-all-changes-are-included-in-reports-for-database-content-audit.md index 5a96e7033f..4abe7ffb3e 100644 --- a/docs/kb/auditor/not-all-changes-are-included-in-reports-for-database-content-audit.md +++ b/docs/kb/auditor/not-all-changes-are-included-in-reports-for-database-content-audit.md @@ -29,5 +29,5 @@ When you perform bulk inserts, not all modified rows are reported. How do you ch In the **SQL Server data source settings** there is a value that defines the number of data changes per SQL transaction to be included in a report. By default it is set to `10`. -![sql_transactions_9](../../../images/ka04u00000116R6_0EM0g000000hUdK.png) +![sql_transactions_9](./images/ka04u00000116R6_0EM0g000000hUdK.png) diff --git a/docs/kb/auditor/notifications-are-not-sent-to-distribution-groups.md b/docs/kb/auditor/notifications-are-not-sent-to-distribution-groups.md index c496b12d61..f4a62999b0 100644 --- a/docs/kb/auditor/notifications-are-not-sent-to-distribution-groups.md +++ b/docs/kb/auditor/notifications-are-not-sent-to-distribution-groups.md @@ -39,7 +39,7 @@ There are two solutions: 1. Configure SMTP authentication in the settings of the **Netwrix Auditor** management console - ![SMTP authentication settings in Netwrix Auditor](../../../images/ka04u000000HcSG_0EM700000005pJq.png) + ![SMTP authentication settings in Netwrix Auditor](./images/ka04u000000HcSG_0EM700000005pJq.png) 2. Disable the "require authentication" option in distribution group options as follows @@ -47,16 +47,16 @@ There are two solutions: 2. Navigate to **MS Exchange - Recipient configuration - Distribution groups** 3. Select the required distribution group and open its **Properties** - ![User-added image](../../../images/ka04u000000HcSG_0EM7000000054Pc.png) + ![User-added image](./images/ka04u000000HcSG_0EM7000000054Pc.png) 4. Go to **Mail Flow Setting** tab 5. Select **Message Delivery Restrictions** from the list and open its **Properties** - ![User-added image](../../../images/ka04u000000HcSG_0EM7000000054Ph.png) + ![User-added image](./images/ka04u000000HcSG_0EM7000000054Ph.png) 6. Uncheck **Require that all senders are authenticated** and click **OK** - ![User-added image](../../../images/ka04u000000HcSG_0EM7000000054Pm.png) + ![User-added image](./images/ka04u000000HcSG_0EM7000000054Pm.png) Alternatively, you can run the following command via Exchange Management Shell: diff --git a/docs/kb/auditor/nwx-executables-removed-and-readded-to-domain-controllers.md b/docs/kb/auditor/nwx-executables-removed-and-readded-to-domain-controllers.md index 971c521ed6..166953875b 100644 --- a/docs/kb/auditor/nwx-executables-removed-and-readded-to-domain-controllers.md +++ b/docs/kb/auditor/nwx-executables-removed-and-readded-to-domain-controllers.md @@ -30,6 +30,6 @@ The same Netwrix Auditor-related executable files are being regularly removed an ## Answer -Yes, this behavior is to be expected — these executable files represent the network traffic compression service running on domain controllers. The use of the up-to-date version of compression service executables is ensured when copying these files on every data collection. The compression service collects and pre-filters data to send it to your Netwrix Auditor server in a highly compressed format. For additional information on network traffic compression service, refer to the following article: [How the Network Traffic Compression Service Works](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-the-network-traffic-compression-service-works.md). +Yes, this behavior is to be expected — these executable files represent the network traffic compression service running on domain controllers. The use of the up-to-date version of compression service executables is ensured when copying these files on every data collection. The compression service collects and pre-filters data to send it to your Netwrix Auditor server in a highly compressed format. For additional information on network traffic compression service, refer to the following article: [How the Network Traffic Compression Service Works](/docs/kb/auditor/how-the-network-traffic-compression-service-works). > **IMPORTANT:** While not recommended, you can disable the compression service. Refer to the following article for additional information on monitoring plan setup: Monitoring Plans — Create a New Plan. diff --git a/docs/kb/auditor/object-type-and-what-changed-columns-are-empty.md b/docs/kb/auditor/object-type-and-what-changed-columns-are-empty.md index 701f920150..f68c515ddc 100644 --- a/docs/kb/auditor/object-type-and-what-changed-columns-are-empty.md +++ b/docs/kb/auditor/object-type-and-what-changed-columns-are-empty.md @@ -22,7 +22,7 @@ knowledge_article_id: kA00g000000H9ZpCAK # Object type" and "What Changed" columns are empty -![User-added](../../../images/servlet_image_3823966b1661.png) +![User-added](./images/servlet_image_3823966b1661.png) --- diff --git a/docs/kb/auditor/parallel-redo-events-in-sql-server-event-log.md b/docs/kb/auditor/parallel-redo-events-in-sql-server-event-log.md index eb72be5c77..d9477838a7 100644 --- a/docs/kb/auditor/parallel-redo-events-in-sql-server-event-log.md +++ b/docs/kb/auditor/parallel-redo-events-in-sql-server-event-log.md @@ -60,7 +60,7 @@ Disable the AUTO_CLOSE option for the affected database: 3. Right-click the affected database and select **Properties**. 4. In the left pane, select the **Options** tab, locate the **Auto Close** option under the **Automatic** section, and select the **False** option from the drop-down list. -![Auto Close option screenshot](../../../images/ka04u00000118GJ_0EM4u000008MgWU.png) +![Auto Close option screenshot](./images/ka04u00000118GJ_0EM4u000008MgWU.png) 5. Click **OK** to save changes. diff --git a/docs/kb/auditor/password-expiration-notifier-email-header-and-footer-reset-after-upgrade.md b/docs/kb/auditor/password-expiration-notifier-email-header-and-footer-reset-after-upgrade.md index 5c73cdd77d..6f0388be87 100644 --- a/docs/kb/auditor/password-expiration-notifier-email-header-and-footer-reset-after-upgrade.md +++ b/docs/kb/auditor/password-expiration-notifier-email-header-and-footer-reset-after-upgrade.md @@ -26,7 +26,7 @@ knowledge_article_id: kA04u000001116CCAQ ## Symptoms -- The Netwrix Password Expiration Notifier (PEN) email header and footer were reset after the recent upgrade. [Hide and Disable Header and Footer in PEN Emails](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md). +- The Netwrix Password Expiration Notifier (PEN) email header and footer were reset after the recent upgrade. [Hide and Disable Header and Footer in PEN Emails](/docs/kb/auditor/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails). - The **HideEmailAdditionalInfo** key in `HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Netwrix Auditor\Password Expiration Notifier` is still present. ## Resolution @@ -42,4 +42,4 @@ knowledge_article_id: kA04u000001116CCAQ ## Related articles -- [Hide and Disable Header and Footer in PEN Emails](/docs/kb/auditor/monitoring-plans/password-expiration-notifier/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md) +- [Hide and Disable Header and Footer in PEN Emails](/docs/kb/auditor/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails) diff --git a/docs/kb/auditor/password-expiration-notifier-stopped-showing-results.md b/docs/kb/auditor/password-expiration-notifier-stopped-showing-results.md index a1510846d5..b79b651572 100644 --- a/docs/kb/auditor/password-expiration-notifier-stopped-showing-results.md +++ b/docs/kb/auditor/password-expiration-notifier-stopped-showing-results.md @@ -30,5 +30,5 @@ A possible cause is blank lines accidentally added at the beginning, in the midd 2. Remove any blank lines at the beginning, middle, or end of the file. 3. Save the file. -![image.png](../../../images/ka04u000000HdDR_0EM4u0000084XpS.png) +![image.png](./images/ka04u000000HdDR_0EM4u0000084XpS.png) diff --git a/docs/kb/auditor/permission-denied-error-code-2146828218.md b/docs/kb/auditor/permission-denied-error-code-2146828218.md index 2c75ced0c2..ba5cf90bef 100644 --- a/docs/kb/auditor/permission-denied-error-code-2146828218.md +++ b/docs/kb/auditor/permission-denied-error-code-2146828218.md @@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9cCCAS When trying to access the Help-Desk portal, a non-admin user gets a "You do not have a Helpdesk operator permissions" message or "Permission denied" error (error code -2146828218) -![User-added image](../../../images/ka04u000000HcUx_0EM700000004wyo.png) +![User-added image](./images/ka04u000000HcUx_0EM700000004wyo.png) --- @@ -44,7 +44,7 @@ To grant a user access to the Help-Desk portal, add this user to the Help Desk O 2. In the **Help-Desk Operators** section, click the **Modify** button. 3. In the dialog that opens, click the **Add** button and specify user(s) that you want to add to this role. -![User-added image](../../../images/ka04u000000HcUx_0EM700000004wyy.png) +![User-added image](./images/ka04u000000HcUx_0EM700000004wyy.png) If the issue persists, check that Authentication options are configured properly in IIS: @@ -52,5 +52,5 @@ If the issue persists, check that Authentication options are configured properly 5. Select this folder by left-clicking on it and look for the **Authentication** feature under the IIS block in the central pane. Double-click on it. 6. Make sure that `"Anonymous Authentication"` is disabled. -![User-added image](../../../images/ka04u000000HcUx_0EM700000004wyt.png) +![User-added image](./images/ka04u000000HcUx_0EM700000004wyt.png) diff --git a/docs/kb/auditor/permission_manifests_for_auditing_office_365_and_microsoft_entra_id_(auditor_v10.0_and_older).md b/docs/kb/auditor/permission_manifests_for_auditing_office_365_and_microsoft_entra_id_(auditor_v10.0_and_older).md index be7d489663..a7a0415060 100644 --- a/docs/kb/auditor/permission_manifests_for_auditing_office_365_and_microsoft_entra_id_(auditor_v10.0_and_older).md +++ b/docs/kb/auditor/permission_manifests_for_auditing_office_365_and_microsoft_entra_id_(auditor_v10.0_and_older).md @@ -32,7 +32,7 @@ This article contains permission manifests for Microsoft 365 and Microsoft Entra 3. Select the app you would like to configure. 4. In the left pane of the new **Overview** window, select the **Manifest** tab. You can either edit the manifest in the web-based manifest editor, or select **Download** to edit the manifest locally to **Upload** it to reapply it to your application. - ![Manifest tab in the Overview window](../../images/servlet_image_31a741be3a3d.png) + ![Manifest tab in the Overview window](./images/servlet_image_31a741be3a3d.png) 5. After opening the manifest file, replace the contents of **requiredResourceAccess** with the data provided below. 6. Once changes are introduced, save the manifest and grant administrator permissions in the **API Permissions** tab. @@ -41,15 +41,15 @@ You can use the following screenshots for permissions reference: - **SharePoint Online** - ![SharePoint Online permissions](../../images/servlet_image_b88c6cd43443.png) + ![SharePoint Online permissions](./images/servlet_image_b88c6cd43443.png) - **Exchange Online** - ![Exchange Online permissions](../../images/servlet_image_a59a6a87d3a0.png) + ![Exchange Online permissions](./images/servlet_image_a59a6a87d3a0.png) - **Microsoft Entra ID** - ![Microsoft Entra ID permissions](../../images/servlet_image_bcb70814f4ea.png) + ![Microsoft Entra ID permissions](./images/servlet_image_bcb70814f4ea.png) ### Manifest for SharePoint Online diff --git a/docs/kb/auditor/reading-log-status.md b/docs/kb/auditor/reading-log-status.md index ad83bf9b74..a7d303e40b 100644 --- a/docs/kb/auditor/reading-log-status.md +++ b/docs/kb/auditor/reading-log-status.md @@ -26,7 +26,7 @@ knowledge_article_id: kA00g000000H9TZCA0 In NetWrix Account Lockout Examiner Console, a domain controller has a yellow exclamation mark in front of the **DC Name** column of the **Monitored Domain Controllers** grid. Connection status is shown **Reading log**. Lockout events from this domain controller cannot be read by the program as well. -![User-added image](../../../images/ka04u000000HcNK_0EM700000004x01.png) +![User-added image](./images/ka04u000000HcNK_0EM700000004x01.png) --- @@ -43,5 +43,5 @@ To fix the issue, do the following: 3. In the right pane, double-click `readLog`, specify `0` in the Value data field and click **OK**. 4. In NetWrix Account Lockout Examiner Console main menu bar, navigate to **File - Settings** and click **OK** to apply registry changes. -![User-added image](../../../images/ka04u000000HcNK_0EM700000004wzw.png) +![User-added image](./images/ka04u000000HcNK_0EM700000004wzw.png) diff --git a/docs/kb/auditor/reducing-the-used-active-directory-and-entra-id-license-counts.md b/docs/kb/auditor/reducing-the-used-active-directory-and-entra-id-license-counts.md index 68b305dabe..4fb1b28af0 100644 --- a/docs/kb/auditor/reducing-the-used-active-directory-and-entra-id-license-counts.md +++ b/docs/kb/auditor/reducing-the-used-active-directory-and-entra-id-license-counts.md @@ -22,7 +22,7 @@ knowledge_article_id: kA04u000000PoL7CAK # Reducing the Used Active Directory and Entra ID License Counts -> **IMPORTANT:** Netwrix Auditor is licensed per enabled Active Directory (AD) and Entra ID user object. For additional information on determining the number of enabled users, refer to the following articles: [Determining the Number of Enabled Active Directory User Accounts](/docs/kb/auditor/configuration-and-setup/active-directory-auditing/determining-the-number-of-enabled-active-directory-user-accounts.md) — [Determining the Number of Enabled Microsoft Entra ID Accounts](/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/determining-the-number-of-enabled-microsoft-entra-id-accounts.md). Netwrix Auditor only collects data from objects that are not excluded (omitted), which means that any objects that are omitted will not be monitored. +> **IMPORTANT:** Netwrix Auditor is licensed per enabled Active Directory (AD) and Entra ID user object. For additional information on determining the number of enabled users, refer to the following articles: [Determining the Number of Enabled Active Directory User Accounts](/docs/kb/auditor/determining-the-number-of-enabled-active-directory-user-accounts) — [Determining the Number of Enabled Microsoft Entra ID Accounts](/docs/kb/auditor/determining-the-number-of-enabled-microsoft-entra-id-accounts). Netwrix Auditor only collects data from objects that are not excluded (omitted), which means that any objects that are omitted will not be monitored. ## Question @@ -58,11 +58,11 @@ Refer to the following steps to exclude OUs and user objects from the monitoring 2. Select the relevant AD monitoring plan and click **Edit**. 3. Select the data source and click **Edit data source**. -![Edit data source](../../images/ka0Qk000000EIjS_0EMQk00000661ik.png) +![Edit data source](./images/ka0Qk000000EIjS_0EMQk00000661ik.png) 4. In the left pane, select the **Objects** tab. Select the **Exclude these objects** checkbox, then click **Add** to exclude objects from the monitoring scope. After adding the objects, click **Save & Close**. -![Exclude these objects](../../images/ka0Qk000000EIjS_0EMQk000005FPXt.png) +![Exclude these objects](./images/ka0Qk000000EIjS_0EMQk000005FPXt.png) Refer to the following examples to learn about how the exclusion rules work for **Objects**. The same logic applies to the inclusion rules: @@ -95,7 +95,7 @@ To exclude specific Entra ID users from the license count, populate the `omitUPN ## Related Links -- [Determining the Number of Enabled Active Directory User Accounts](/docs/kb/auditor/configuration-and-setup/active-directory-auditing/determining-the-number-of-enabled-active-directory-user-accounts.md) -- [Determining the Number of Enabled Microsoft Entra ID Accounts](/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/determining-the-number-of-enabled-microsoft-entra-id-accounts.md) +- [Determining the Number of Enabled Active Directory User Accounts](/docs/kb/auditor/determining-the-number-of-enabled-active-directory-user-accounts) +- [Determining the Number of Enabled Microsoft Entra ID Accounts](/docs/kb/auditor/determining-the-number-of-enabled-microsoft-entra-id-accounts) - [Active Directory Monitoring Scope](https://docs.netwrix.com/docs/auditor/10_8) - [Microsoft Entra ID Monitoring Scope](https://docs.netwrix.com/docs/auditor/10_8) diff --git "a/docs/kb/auditor/remote_certificate_is_invalid_according_to_validation_procedure_\342\200\224_subscriptions_error_in_netwrix_aud.md" "b/docs/kb/auditor/remote_certificate_is_invalid_according_to_validation_procedure_\342\200\224_subscriptions_error_in_netwrix_aud.md" index 7c22f4d234..2ce524ddaf 100644 --- "a/docs/kb/auditor/remote_certificate_is_invalid_according_to_validation_procedure_\342\200\224_subscriptions_error_in_netwrix_aud.md" +++ "b/docs/kb/auditor/remote_certificate_is_invalid_according_to_validation_procedure_\342\200\224_subscriptions_error_in_netwrix_aud.md" @@ -36,7 +36,7 @@ Error: The remote certificate is invalid according to the validation procedure. If enforced certificate validation is intended, refer to the following steps to troubleshoot the issue: - Ensure your SSL certificate is still valid. Netwrix Auditor stops generating reports once your certificate expires. In case you’re using a self-signed certificate in your environment, you can reboot your Netwrix Auditor server to reissue the certificate. -- If you would like to set up a secure connection between your Netwrix Auditor instance and SQL Server Reporting Services, refer to the following article for additional information: [Set Up Secure Connection Between Auditor and SSRS via SSL/TLS Channel](/docs/kb/auditor/troubleshooting-and-errors/ssl-tls-certificate-issues/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel.md). +- If you would like to set up a secure connection between your Netwrix Auditor instance and SQL Server Reporting Services, refer to the following article for additional information: [Set Up Secure Connection Between Auditor and SSRS via SSL/TLS Channel](/docs/kb/auditor/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel). - Make sure the FQDN of your SMTP server is stated instead of the IP address in **Netwrix Auditor settings** > **Notifications**. If certificate validation was not intended, refer to the following steps: @@ -47,4 +47,4 @@ If certificate validation was not intended, refer to the following steps: ### Related Articles -[Set Up Secure Connection Between Auditor and SSRS via SSL/TLS Channel](/docs/kb/auditor/troubleshooting-and-errors/ssl-tls-certificate-issues/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel.md) \ No newline at end of file +[Set Up Secure Connection Between Auditor and SSRS via SSL/TLS Channel](/docs/kb/auditor/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel) \ No newline at end of file diff --git a/docs/kb/auditor/reports-generation-takes-a-while-and-completes-with-errors.md b/docs/kb/auditor/reports-generation-takes-a-while-and-completes-with-errors.md index b87377eb70..a8447164c5 100644 --- a/docs/kb/auditor/reports-generation-takes-a-while-and-completes-with-errors.md +++ b/docs/kb/auditor/reports-generation-takes-a-while-and-completes-with-errors.md @@ -51,7 +51,7 @@ To resolve the issue, do one of the following: - On your SQL Server host, restart the **SQL Server (Instance name)** windows service. -- Follow the recommendations to improve the overall Netwrix Auditor performance. Learn more in [Long Data Collection — Improving the Performance](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/long-data-collection-improving-the-performance.md). +- Follow the recommendations to improve the overall Netwrix Auditor performance. Learn more in [Long Data Collection — Improving the Performance](/docs/kb/auditor/long-data-collection-improving-the-performance). - Disable the report generating timeout by following these steps: 1. Open the **ReportManager URL** and click the **Site Settings** link in the top-right corner. @@ -64,4 +64,4 @@ To resolve the issue, do one of the following: ### Related Articles -- [Long Data Collection — Improving the Performance](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/long-data-collection-improving-the-performance.md) +- [Long Data Collection — Improving the Performance](/docs/kb/auditor/long-data-collection-improving-the-performance) diff --git a/docs/kb/auditor/request-is-not-supported-windows-server-auditing.md b/docs/kb/auditor/request-is-not-supported-windows-server-auditing.md index b66cc945ba..bc1ab5e0ec 100644 --- a/docs/kb/auditor/request-is-not-supported-windows-server-auditing.md +++ b/docs/kb/auditor/request-is-not-supported-windows-server-auditing.md @@ -51,7 +51,7 @@ The request is not supported. (Exception from HRESULT: 0x80070032) - Refer to the list of protocols and ports required for Netwrix Auditor for Windows Server: Protocols and Ports — Windows Server. - Refer to the list of inbound connection rules to be configured: Windows Servers — Windows Firewall Inbound Connection Rules. -- Review the recommended antivirus exclusions — refer to the following article for additional information: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md). +- Review the recommended antivirus exclusions — refer to the following article for additional information: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor). - Review the gMSA configuration — refer to the following article for additional information: Data Collection Account — Group Managed Service Account (gMSA). diff --git a/docs/kb/auditor/rif-document-is-not-compatible-with-this-code-version.md b/docs/kb/auditor/rif-document-is-not-compatible-with-this-code-version.md index d0527020a0..9f32351ef2 100644 --- a/docs/kb/auditor/rif-document-is-not-compatible-with-this-code-version.md +++ b/docs/kb/auditor/rif-document-is-not-compatible-with-this-code-version.md @@ -23,7 +23,7 @@ knowledge_article_id: kA00g000000H9Z2CAK You receive the following pop-up related to Reporting: -![User-added image](../../../images/ka04u000000HcS3_0EM700000005HCR.png) +![User-added image](./images/ka04u000000HcS3_0EM700000005HCR.png) --- diff --git a/docs/kb/auditor/service-did-not-respond-to-the-start-or-control-request-error-in-user-activity-service.md b/docs/kb/auditor/service-did-not-respond-to-the-start-or-control-request-error-in-user-activity-service.md index 792487d993..7069d8f464 100644 --- a/docs/kb/auditor/service-did-not-respond-to-the-start-or-control-request-error-in-user-activity-service.md +++ b/docs/kb/auditor/service-did-not-respond-to-the-start-or-control-request-error-in-user-activity-service.md @@ -48,12 +48,12 @@ Refer to the following possible causes for the symptoms: Depending on the cause, implement the corresponding resolution to address the issue: -1. Exclude Netwrix Auditor-related folders from the monitoring scope of your antivirus solution. Refer to the following article to learn more about recommended antivirus exclusions: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md). +1. Exclude Netwrix Auditor-related folders from the monitoring scope of your antivirus solution. Refer to the following article to learn more about recommended antivirus exclusions: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor). 2. Verify the open ports in both the target and Netwrix Auditor servers. Refer to the following article to learn more about the ports required for correct User Activity operation: Data Source Configuration − User Activity Ports · v10.6. 3. Verify that the .NET Framework v4.8 is installed on both the target and Netwrix Auditor servers. Refer to the following article to learn more about software requirements in Netwrix Auditor v10.6: Requirements − Software Requirements · v10.6. ## Related Articles -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) - Data Source Configuration − User Activity Ports · v10.6 - Requirements − Software Requirements · v10.6 diff --git a/docs/kb/auditor/set-up-direct-send-for-netwrix-auditor-and-netwrix-data-classification.md b/docs/kb/auditor/set-up-direct-send-for-netwrix-auditor-and-netwrix-data-classification.md index e5126d77e8..e604813b4a 100644 --- a/docs/kb/auditor/set-up-direct-send-for-netwrix-auditor-and-netwrix-data-classification.md +++ b/docs/kb/auditor/set-up-direct-send-for-netwrix-auditor-and-netwrix-data-classification.md @@ -44,7 +44,7 @@ In the main Netwrix Auditor menu, click **Settings**. In the left pane, select t - Specify any email address for one of your Microsoft 365 or Office 365 accepted domains in the **Sender address** field. This email does not need to have a mailbox. - The use of SSL/TLS is optional. -![Netwrix Auditor SMTP settings](../../../images/ka04u00000116zv_0EM4u000008Ll2v.png) +![Netwrix Auditor SMTP settings](./images/ka04u00000116zv_0EM4u000008Ll2v.png) > **NOTE:** When sending messages from a static IP, add the IP to your SPF record in your domain registrar's DNS settings to avoid having messages flagged as spam: > @@ -61,7 +61,7 @@ In the main Netwrix Data Classification screen, click **Settings**. In the left - Specify any email address for one of your Microsoft 365 or Office 365 accepted domains in the **Sender address** field. This email does not need to have a mailbox. - The use of SSL is optional. -![Netwrix Data Classification Email Server settings](../../../images/ka04u00000116zv_0EM4u000008LlzE.png) +![Netwrix Data Classification Email Server settings](./images/ka04u00000116zv_0EM4u000008LlzE.png) > **NOTE:** Direct send does not support SMTP AUTH. You can enter any SMTP credentials to proceed. diff --git a/docs/kb/auditor/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel.md b/docs/kb/auditor/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel.md index aa30777a7c..ea0108a555 100644 --- a/docs/kb/auditor/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel.md +++ b/docs/kb/auditor/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel.md @@ -31,7 +31,7 @@ Netwrix Auditor uses SQL Server Reporting Services (SSRS) to generate reports. I 2. In the left pane, select **Web Service URL**. 3. In the **HTTPS Certificate** dropdown list, select the certificate you installed previously. Both **HTTPS Port** and **Report Server Web Services URL** fields will fill in automatically. - > **NOTE:** For additional information on installing and using self-signed and authority-issued certificates, refer to the following articles: [Use Certificate Authority-issued Certificates in SSRS](/docs/kb/auditor/troubleshooting-and-errors/ssl-tls-certificate-issues/use-certificate-authority-issued-certificates-in-ssrs.md), [Generate Self-signed SSL Certificate for SSRS](/docs/kb/auditor/troubleshooting-and-errors/ssl-tls-certificate-issues/generate-self-signed-ssl-certificate-for-ssrs.md). + > **NOTE:** For additional information on installing and using self-signed and authority-issued certificates, refer to the following articles: [Use Certificate Authority-issued Certificates in SSRS](/docs/kb/auditor/use-certificate-authority-issued-certificates-in-ssrs), [Generate Self-signed SSL Certificate for SSRS](/docs/kb/auditor/generate-self-signed-ssl-certificate-for-ssrs). 4. Click **Apply**. 5. Select the **Web Portal URL** tab in the left pane—the **Virtual Directory** field should fill in automatically. @@ -64,5 +64,5 @@ The traffic between Auditor and SSRS is now encrypted. It is recommended to upda ## Related Articles -- [Use Certificate Authority-issued Certificates in SSRS](/docs/kb/auditor/troubleshooting-and-errors/ssl-tls-certificate-issues/use-certificate-authority-issued-certificates-in-ssrs.md) -- [Generate Self-signed SSL Certificate for SSRS](/docs/kb/auditor/troubleshooting-and-errors/ssl-tls-certificate-issues/generate-self-signed-ssl-certificate-for-ssrs.md) \ No newline at end of file +- [Use Certificate Authority-issued Certificates in SSRS](/docs/kb/auditor/use-certificate-authority-issued-certificates-in-ssrs) +- [Generate Self-signed SSL Certificate for SSRS](/docs/kb/auditor/generate-self-signed-ssl-certificate-for-ssrs) \ No newline at end of file diff --git a/docs/kb/auditor/setting-up-account-lockout-alert.md b/docs/kb/auditor/setting-up-account-lockout-alert.md index d84bbd7234..3844f4696b 100644 --- a/docs/kb/auditor/setting-up-account-lockout-alert.md +++ b/docs/kb/auditor/setting-up-account-lockout-alert.md @@ -28,19 +28,19 @@ This article explains how to set up an account lockout alert in Netwrix Auditor ## Steps 1. Select **New Real-Time Alert** by clicking on **Real-Time Alert** and then right-clicking on **Real-Time Alert** - ![User-added image](../../../images/ka04u000000HcRf_0EM70000000xMZN.png) + ![User-added image](./images/ka04u000000HcRf_0EM70000000xMZN.png) 2. Name the alert, then click **Next**. Click **Add** to add the alert filters needed. - ![User-added image](../../../images/ka04u000000HcRf_0EM70000000xMZS.png) + ![User-added image](./images/ka04u000000HcRf_0EM70000000xMZS.png) 3. Here, if you would like to see lockouts for a specific OU, select the highlighted box. This can also be left as `*` for a wildcard to monitor all user account lockouts. - ![User-added image](../../../images/ka04u000000HcRf_0EM70000000xMZc.png) + ![User-added image](./images/ka04u000000HcRf_0EM70000000xMZc.png) 4. Select the existing attribute filter that is added by default and select **Edit**. - ![User-added image](../../../images/ka04u000000HcRf_0EM70000000xMZr.png) + ![User-added image](./images/ka04u000000HcRf_0EM70000000xMZr.png) 5. Place in the following attribute filters to see all account lockouts. - ![User-added image](../../../images/ka04u000000HcRf_0EM70000000xMZw.png) + ![User-added image](./images/ka04u000000HcRf_0EM70000000xMZw.png) 6. Hit **OK** and follow the rest of the prompts for filling in the specified e-mail address the alert will go to. diff --git a/docs/kb/auditor/sharepoint-application-deployment-for-ndc.md b/docs/kb/auditor/sharepoint-application-deployment-for-ndc.md index 2e947edfab..070eb2d2f3 100644 --- a/docs/kb/auditor/sharepoint-application-deployment-for-ndc.md +++ b/docs/kb/auditor/sharepoint-application-deployment-for-ndc.md @@ -31,19 +31,19 @@ To enable the app you will need to add the app to the **App Catalog** then deplo 1. Navigate to the **App Catalog** → **Site Contents** and ensure you are using the classic experience. 2. Click **Add an app** and select `conceptClassifierApp`. -![User-added image](../../images/ka04u000000HcXd_0EM4u000002D96q.png) +![User-added image](./images/ka04u000000HcXd_0EM4u000002D96q.png) 3. Click **Trust It** to accept the app permissions and allow the app to be installed into the App Catalog. - ![User-added image](../../images/ka04u000000HcXd_0EM4u000002D975.png) + ![User-added image](./images/ka04u000000HcXd_0EM4u000002D975.png) 4. Once the app has been added to the App Catalog, configure the deployment by hovering over the app then clicking on the ellipsis in the top right corner of the app and clicking **Deployment**. - ![User-added image](../../images/ka04u000000HcXd_0EM4u000002D97U.png) + ![User-added image](./images/ka04u000000HcXd_0EM4u000002D97U.png) 5. Select how to deploy the app to a combination of specific Sire Collections, by pats, and by a template. Click **OK**. **Note:** The default order of the page is to show the newest app first, so you should see the app as one of the first options (if you do not you can search for “conceptClassifierApp”): 6. The app will then be scheduled for deployment to the chosen Site Collections. This can take a few minutes and on completion, `conceptClassifierApp` will appear in the Site Contents of these Site Collections. -![User-added image](../../images/ka04u000000HcXd_0EM4u000002D97j.png) +![User-added image](./images/ka04u000000HcXd_0EM4u000002D97j.png) 7. To complete the setup, navigate to the **Site Collection** → **Site Contents** and select `conceptClassifierApp`. This will complete the installation of the app on the Site Collection and allow you to configure the writing of classifications (if licensed). diff --git a/docs/kb/auditor/sharepoint-application-installation-for-netwrix-data-classification.md b/docs/kb/auditor/sharepoint-application-installation-for-netwrix-data-classification.md index 086c1e3a14..9b2967a7f7 100644 --- a/docs/kb/auditor/sharepoint-application-installation-for-netwrix-data-classification.md +++ b/docs/kb/auditor/sharepoint-application-installation-for-netwrix-data-classification.md @@ -32,22 +32,22 @@ The `conceptClassifierAppInstaller.exe` can be used to install or upgrade the `c Extract the files and run `conceptClassifierAppInstaller.exe`. -![User-added image](../../images/ka04u000000HcXh_0EM4u000002Qx7U.png) +![User-added image](./images/ka04u000000HcXh_0EM4u000002Qx7U.png) 1. Click *next* after reading the wizard introduction and recommendations. Read and confirm that you accept the EULA and click *next*. -![User-added image](../../images/ka04u000000HcXh_0EM4u000002Qx7Z.png) +![User-added image](./images/ka04u000000HcXh_0EM4u000002Qx7Z.png) Specify connection details for your organization's app catalog (you may have more than one of these if you are working across multiple web applications; if so, you will need to run the installer once per app catalog). -![User-added image](../../images/ka04u000000HcXh_0EM4u000002Qx7t.png) +![User-added image](./images/ka04u000000HcXh_0EM4u000002Qx7t.png) Enter the location of the conceptSearching server (which must be installed onto a secure server with a secure (HTTPS) endpoint): in the case of SharePoint Online, the certificate used must be externally verifiable (from a trusted source). Select the **Use SharePoint Online Login** checkbox if you want to use the new authentication method. -![User-added image](../../images/ka04u000000HcXh_0EM4u000002Qx8I.png) +![User-added image](./images/ka04u000000HcXh_0EM4u000002Qx8I.png) Please also note, the HTTPS binding in IIS should have the host header specified — in the case of the above example the host header would be `secure.conceptsearching.com`. To do this please follow these steps: diff --git a/docs/kb/auditor/some-accounts-were-not-moved-or-deleted-in-inactive-user-tracker-report.md b/docs/kb/auditor/some-accounts-were-not-moved-or-deleted-in-inactive-user-tracker-report.md index 4d8feb4513..76819839c5 100644 --- a/docs/kb/auditor/some-accounts-were-not-moved-or-deleted-in-inactive-user-tracker-report.md +++ b/docs/kb/auditor/some-accounts-were-not-moved-or-deleted-in-inactive-user-tracker-report.md @@ -28,13 +28,13 @@ Your report states some accounts were not moved or deleted. Why were they not af ## Answer -Since Inactive User Tracker (IUT) in Netwrix Auditor has the ability to make actual changes within your Active Directory, it has requirements to meet to introduce these changes. IUT requires all DCs to be operating, otherwise it cannot verify that a user is truly inactive. In case there are non-operable or decommissioned domain controllers in your network, you can omit them — refer to the following article for additional information: [How to Exclude Non-operable Domain Controllers from Monitoring in Netwrix Auditor](/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md). +Since Inactive User Tracker (IUT) in Netwrix Auditor has the ability to make actual changes within your Active Directory, it has requirements to meet to introduce these changes. IUT requires all DCs to be operating, otherwise it cannot verify that a user is truly inactive. In case there are non-operable or decommissioned domain controllers in your network, you can omit them — refer to the following article for additional information: [How to Exclude Non-operable Domain Controllers from Monitoring in Netwrix Auditor](/docs/kb/auditor/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor). If you still encounter reports showing the `Cannot delete the account` status for accounts after omitting the inoperable DCs, refer to the following steps: - This error might appear if the targeted computer account is not an end object but a container for other objects. IUT won't be able to remove those accounts unless the **Delete account with all its subnodes** checkbox is checked. - ![Delete account with all its subnodes checkbox](../../../images/ka04u000001179H_0EM4u000008Lt2y.png) + ![Delete account with all its subnodes checkbox](./images/ka04u000001179H_0EM4u000008Lt2y.png) > **IMPORTANT:** This will lead to the deletion of the entire container considered as inactive by IUT. diff --git a/docs/kb/auditor/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md b/docs/kb/auditor/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md index 5fbd84b182..23187c92fa 100644 --- a/docs/kb/auditor/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md +++ b/docs/kb/auditor/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md @@ -35,5 +35,5 @@ How to specify a custom port for Netwrix Auditor to communicate with the SQL Ser SERVER-SQL\TEST-SQL,14337 ``` -![Specify custom SQL Server port image](../../images/ka04u00000117sv_0EM4u000008LXSz.png) +![Specify custom SQL Server port image](./images/ka04u00000117sv_0EM4u000008LXSz.png) diff --git a/docs/kb/auditor/sql-server-express-database-size-reached-10gb.md b/docs/kb/auditor/sql-server-express-database-size-reached-10gb.md index 4d42ceac42..86bd14b8c2 100644 --- a/docs/kb/auditor/sql-server-express-database-size-reached-10gb.md +++ b/docs/kb/auditor/sql-server-express-database-size-reached-10gb.md @@ -68,11 +68,11 @@ While it is highly recommended to implement either a SQL Server Standard or Ente - Split items in multiple monitoring plans to decrease the amount of data written to a single database. -- Decrease the database retention period. Refer to the following article for additional information: [How to Reduce Audit Database Size for Netwrix Auditor](/docs/kb/auditor/system-administration/database-management/how-to-reduce-audit-database-size-for-netwrix-auditor.md) +- Decrease the database retention period. Refer to the following article for additional information: [How to Reduce Audit Database Size for Netwrix Auditor](/docs/kb/auditor/how-to-reduce-audit-database-size-for-netwrix-auditor) ## Related Articles - [Investigations](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/investigations) -- [How to Reduce Audit Database Size for Netwrix Auditor](/docs/kb/auditor/system-administration/database-management/how-to-reduce-audit-database-size-for-netwrix-auditor.md) -- [Could Not Allocate Space for Object (ObjectName) in Database (DatabaseName)](/docs/kb/auditor/system-administration/database-management/could-not-allocate-space-for-object-objectname-in-database-databasename.md) +- [How to Reduce Audit Database Size for Netwrix Auditor](/docs/kb/auditor/how-to-reduce-audit-database-size-for-netwrix-auditor) +- [Could Not Allocate Space for Object (ObjectName) in Database (DatabaseName)](/docs/kb/auditor/could-not-allocate-space-for-object-objectname-in-database-databasename) diff --git a/docs/kb/auditor/ssl-exception-failed-to-deliver-netwrix-auditor-health-summary-email.md b/docs/kb/auditor/ssl-exception-failed-to-deliver-netwrix-auditor-health-summary-email.md index 84b926a1ec..9a5fefb87f 100644 --- a/docs/kb/auditor/ssl-exception-failed-to-deliver-netwrix-auditor-health-summary-email.md +++ b/docs/kb/auditor/ssl-exception-failed-to-deliver-netwrix-auditor-health-summary-email.md @@ -36,4 +36,4 @@ Your TLS\SSL certificate has expired — Netwrix Auditor stops generating report ## Resolution -To establish whether your certificate has expired, check the Microsoft Management Console (MMC) Certificates Snap-in (your certificate store). For additional information on setting up the SSL\TLS channel communication, refer to the following article: [Set Up Secure Connection Between Auditor and SSRS via SSL/TLS Channel](/docs/kb/auditor/troubleshooting-and-errors/ssl-tls-certificate-issues/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel.md) +To establish whether your certificate has expired, check the Microsoft Management Console (MMC) Certificates Snap-in (your certificate store). For additional information on setting up the SSL\TLS channel communication, refer to the following article: [Set Up Secure Connection Between Auditor and SSRS via SSL/TLS Channel](/docs/kb/auditor/set_up_secure_connection_between_auditor_and_ssrs_via_ssltls_channel) diff --git a/docs/kb/auditor/support-for-fine-grained-password-policies-in-netwrix-password-expiration-notifier.md b/docs/kb/auditor/support-for-fine-grained-password-policies-in-netwrix-password-expiration-notifier.md index da3c30a167..bf3dc79cb5 100644 --- a/docs/kb/auditor/support-for-fine-grained-password-policies-in-netwrix-password-expiration-notifier.md +++ b/docs/kb/auditor/support-for-fine-grained-password-policies-in-netwrix-password-expiration-notifier.md @@ -33,6 +33,6 @@ Yes, PEN supports Fine-Grained Password Policies. To configure PEN to work only 2. Select or create a **Monitoring Plan** that will apply Fine-Grained Password Policies. 3. Click the **Advanced Tab**. 4. At the bottom of the Advanced Options window, select the **Only report on users with Fine-Grained Password Policies** applied box. - ![Fine-grained password policies applied](../../../images/ka0Qk0000006sTx_0EMQk000008Iaq1.png) + ![Fine-grained password policies applied](./images/ka0Qk0000006sTx_0EMQk000008Iaq1.png) 5. Click **Save**. diff --git a/docs/kb/auditor/symbolic-link-cannot-be-followed-error-in-file-server-monitoring-plan.md b/docs/kb/auditor/symbolic-link-cannot-be-followed-error-in-file-server-monitoring-plan.md index ec3542d66d..d6909b7429 100644 --- a/docs/kb/auditor/symbolic-link-cannot-be-followed-error-in-file-server-monitoring-plan.md +++ b/docs/kb/auditor/symbolic-link-cannot-be-followed-error-in-file-server-monitoring-plan.md @@ -52,7 +52,7 @@ Enable all symbolic link types. Once executed, you'll see the settings for symbolic links (enabled or disabled). - ![SymlinkEvaluation output](../../images/servlet_image_3823966b1661.png) + ![SymlinkEvaluation output](./images/servlet_image_3823966b1661.png) 2. To enable a symlink type, run the following command: diff --git a/docs/kb/auditor/system-cannot-find-the-path-specified-in-logon-activity-monitoring-plan.md b/docs/kb/auditor/system-cannot-find-the-path-specified-in-logon-activity-monitoring-plan.md index ecf5fd585b..becc032b30 100644 --- a/docs/kb/auditor/system-cannot-find-the-path-specified-in-logon-activity-monitoring-plan.md +++ b/docs/kb/auditor/system-cannot-find-the-path-specified-in-logon-activity-monitoring-plan.md @@ -44,10 +44,10 @@ Netwrix Auditor Logon Activity Audit Service is corrupted or cannot be found. - Upgrade your Netwrix Auditor instance to the latest version to repair the corrupted service. Refer to the following article for additional information: Installation — Upgrade to the Latest Version ⸱ v10.6. -- If the latest Netwrix Auditor version is installed in your environment, you can repair your Netwrix Auditor instance. Refer to the following article for additional information: [How to Repair Netwrix Auditor Installation](/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-repair-netwrix-auditor-installation.md). +- If the latest Netwrix Auditor version is installed in your environment, you can repair your Netwrix Auditor instance. Refer to the following article for additional information: [How to Repair Netwrix Auditor Installation](/docs/kb/auditor/how-to-repair-netwrix-auditor-installation). ### Related articles - Installation — Upgrade to the Latest Version ⸱ v10.6 -- [How to Repair Netwrix Auditor Installation](/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-repair-netwrix-auditor-installation.md) +- [How to Repair Netwrix Auditor Installation](/docs/kb/auditor/how-to-repair-netwrix-auditor-installation) diff --git a/docs/kb/auditor/target-computer-cannot-be-identified-in-user-activity-monitoring-plan.md b/docs/kb/auditor/target-computer-cannot-be-identified-in-user-activity-monitoring-plan.md index 21f7f2dc5c..bd08043c20 100644 --- a/docs/kb/auditor/target-computer-cannot-be-identified-in-user-activity-monitoring-plan.md +++ b/docs/kb/auditor/target-computer-cannot-be-identified-in-user-activity-monitoring-plan.md @@ -47,15 +47,15 @@ Make sure that it is online and reachable, Remote Registry service is enabled. - Enable the Remote Registry service in the affected client — refer to the following article for additional information: Windows File Servers − Enable Remote Registry Service ⸱ v10.6. - Review the allowed connections in the affected server in accordance with the following article guidelines: User Activity − User Activity Ports ⸱ v10.6. -- Exclude the Netwrix-related folders from the monitoring scope of your antivirus suite — refer to the following article for additional information: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md). +- Exclude the Netwrix-related folders from the monitoring scope of your antivirus suite — refer to the following article for additional information: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor). - Enable the SMB v2/v3 protocol in both the client and server — learn more in [Detect, Enable and Disable SMBv1, SMBv2, and SMBv3 ⸱ Windows Learn](https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-detect-status-enable-and-disable-smb-protocols). -- Review the list of apps installed in the affected server. If User Activity Core Service is either missing or is outdated, refer to the following articles for additional information: Installation − Install for User Activity Core Service · v10.6 and [Manually Update User Activity Core Service](/docs/kb/auditor/monitoring-plans/user-activity-monitoring/manually-update-user-activity-core-service.md). +- Review the list of apps installed in the affected server. If User Activity Core Service is either missing or is outdated, refer to the following articles for additional information: Installation − Install for User Activity Core Service · v10.6 and [Manually Update User Activity Core Service](/docs/kb/auditor/manually-update-user-activity-core-service). ## Related articles - Windows File Servers − Enable Remote Registry Service ⸱ v10.6 - User Activity − User Activity Ports ⸱ v10.6 -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) - [Detect, Enable and Disable SMBv1, SMBv2, and SMBv3 ⸱ Windows Learn](https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-detect-status-enable-and-disable-smb-protocols) - Installation − Install for User Activity Core Service · v10.6 -- [Manually Update User Activity Core Service](/docs/kb/auditor/monitoring-plans/user-activity-monitoring/manually-update-user-activity-core-service.md) +- [Manually Update User Activity Core Service](/docs/kb/auditor/manually-update-user-activity-core-service) diff --git a/docs/kb/auditor/the-account-lockout-examiner-service-account.md b/docs/kb/auditor/the-account-lockout-examiner-service-account.md index ae9cbeb8cb..3ec925216e 100644 --- a/docs/kb/auditor/the-account-lockout-examiner-service-account.md +++ b/docs/kb/auditor/the-account-lockout-examiner-service-account.md @@ -35,7 +35,7 @@ On any Domain Controller that has Group Policy Management: 5. Double-click the **Manage auditing and security log** policy 6. Click **Add user or group**, specify the Account Lockout Examiner **service account**, and click **OK** -[![User-added image](../../../images/ka04u000000HcW3_0EM700000004wqQ.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqQ) +[![User-added image](./images/ka04u000000HcW3_0EM700000004wqQ.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqQ) ## Step 2. Add the service account to the required security groups 1. Run **Active Directory Users and Computers** @@ -44,7 +44,7 @@ On any Domain Controller that has Group Policy Management: 4. Go to the **Members** tab and add the user account you want to use for the Account Lockout Examiner service to the list 5. For **Windows 2008 and above** Domain Controllers, add the service account to the **Event Log Readers** group -[![User-added image](../../../images/ka04u000000HcW3_0EM700000004wqL.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqL) +[![User-added image](./images/ka04u000000HcW3_0EM700000004wqL.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqL) ## Step 3. On every monitored Domain Controller, enable WMI access 1. Run **Computer Management** (Start -> Administrative Tools -> Computer Management) @@ -55,7 +55,7 @@ On any Domain Controller that has Group Policy Management: 6. Add the user account you want to use for the Account Lockout Examiner service to the list 7. Grant it the **Remote Enable** permission (put a check in the **Allow** checkbox) -[![User-added image](../../../images/ka04u000000HcW3_0EM700000004wqV.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqV) +[![User-added image](./images/ka04u000000HcW3_0EM700000004wqV.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqV) ## Step 4. Configure DCOM settings 1. Open **Component Services** (Start -> Programs -> Administrative Tools -> Component Services) @@ -65,7 +65,7 @@ On any Domain Controller that has Group Policy Management: 5. Add the user account you want to use for the Account Lockout Examiner service to the top window 6. Set the **Allow** checkbox for the **Remote Activation** option -[![User-added image](../../../images/ka04u000000HcW3_0EM700000004wqa.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqa) +[![User-added image](./images/ka04u000000HcW3_0EM700000004wqa.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqa) **NOTE:** Steps 3 and 4 might require a reboot to apply the new settings. @@ -75,7 +75,7 @@ On any Domain Controller that has Group Policy Management: 3. Right-click the **Administrators** group and select **Add to group** 4. Click **Add** and specify the service account. Click **OK** -[![User-added image](../../../images/ka04u000000HcW3_0EM700000004wqf.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqf) +[![User-added image](./images/ka04u000000HcW3_0EM700000004wqf.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqf) ## Step 6. On all machines that need to be examined by Account Lockout Examiner, grant local administrator rights to the service account - Grant local administrator rights either manually or by Group Policy. diff --git a/docs/kb/auditor/the-domain-param-parameter-is-missing-a-value.md b/docs/kb/auditor/the-domain-param-parameter-is-missing-a-value.md index d7ec503023..dae4456b30 100644 --- a/docs/kb/auditor/the-domain-param-parameter-is-missing-a-value.md +++ b/docs/kb/auditor/the-domain-param-parameter-is-missing-a-value.md @@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9bECAS You are getting the following warning during AD snapshot report generation: -![User-added image](../../../images/ka04u000000HcTz_0EM700000005AFx.png) +![User-added image](./images/ka04u000000HcTz_0EM700000005AFx.png) --- diff --git a/docs/kb/auditor/the-email-address-column-in-the-enrollment-report.md b/docs/kb/auditor/the-email-address-column-in-the-enrollment-report.md index 2b52e29331..2004d19488 100644 --- a/docs/kb/auditor/the-email-address-column-in-the-enrollment-report.md +++ b/docs/kb/auditor/the-email-address-column-in-the-enrollment-report.md @@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9U3CAK When you run the Enrollment report, the Email Address column fields are blank for all user accounts. What should this column show and what can you do to make this work? -![User-added image](../../../images/ka04u000000HcNo_0EM700000004xIo.png) +![User-added image](./images/ka04u000000HcNo_0EM700000004xIo.png) --- @@ -33,11 +33,11 @@ The **Email Address** column returns the email address used for **Additional aut An email with a unique link to the password reset page is sent to this address after the user answers secret questions. The user then should follow the link to complete password reset. The Email Address field contains data for the enrolled users only, because this email is specified during the enrollment procedure if the Authentication policy feature is enabled. -![User-added image](../../../images/ka04u000000HcNo_0EM700000004xIy.png) +![User-added image](./images/ka04u000000HcNo_0EM700000004xIy.png) To enable this feature: 1. On the **Administrative portal - Settings - Authentication Policy** tab, select the **Additional authentication using the user email** check box. -![User-added image](../../../images/ka04u000000HcNo_0EM700000004xIt.png) +![User-added image](./images/ka04u000000HcNo_0EM700000004xIt.png) diff --git a/docs/kb/auditor/the-event-logs-reports-for-windows-server-does-not-contain-any-data.md b/docs/kb/auditor/the-event-logs-reports-for-windows-server-does-not-contain-any-data.md index e639b76755..8779387354 100644 --- a/docs/kb/auditor/the-event-logs-reports-for-windows-server-does-not-contain-any-data.md +++ b/docs/kb/auditor/the-event-logs-reports-for-windows-server-does-not-contain-any-data.md @@ -36,7 +36,7 @@ To review your data in these reports, you should configure a monitoring plan for 1. On the computer that hosts Netwrix Auditor Server, run Netwrix Auditor Event Log Manager. 2. Navigate to Audit Archiving filters and configure them as described in Configure Audit Archiving Filters for Event Log. - ![User-added image](../../../images/ka04u0000011776_0EM4u000008Ls7s.png) + ![User-added image](./images/ka04u0000011776_0EM4u000008Ls7s.png) 3. Perform any test changes, for example, log in to a server for which you want to review data in reports. 4. Wait for 10 - 15 minutes for changes to take effect and run reports. diff --git a/docs/kb/auditor/the-name-of-the-process-that-caused-an-account-lockout-does-not-appear-in-examination-results.md b/docs/kb/auditor/the-name-of-the-process-that-caused-an-account-lockout-does-not-appear-in-examination-results.md index 1359c9992a..a11b618be3 100644 --- a/docs/kb/auditor/the-name-of-the-process-that-caused-an-account-lockout-does-not-appear-in-examination-results.md +++ b/docs/kb/auditor/the-name-of-the-process-that-caused-an-account-lockout-does-not-appear-in-examination-results.md @@ -27,7 +27,7 @@ Netwrix Account Lockout Examiner relies on the Windows audit system. The name of the process is logged in the invalid logon event (`4625` in Windows Vista/2008/7/2008R2, events `529-539` in older versions). -[![User-added image](../../../images/ka04u000000HcW6_0EM700000004wzN.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcv&feoid=00N700000032Pj2&refid=0EM700000004wzN) +[![User-added image](./images/ka04u000000HcW6_0EM700000004wzN.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcv&feoid=00N700000032Pj2&refid=0EM700000004wzN) **Account Lockout Examiner** will not show the name of the process if either there is no corresponding invalid logon event or the name of the process is not tracked by Windows Audit. diff --git a/docs/kb/auditor/the-order-in-which-domains-appear-in-the-managed-domains-list.md b/docs/kb/auditor/the-order-in-which-domains-appear-in-the-managed-domains-list.md index 788b900ec1..b4f54d5246 100644 --- a/docs/kb/auditor/the-order-in-which-domains-appear-in-the-managed-domains-list.md +++ b/docs/kb/auditor/the-order-in-which-domains-appear-in-the-managed-domains-list.md @@ -26,5 +26,5 @@ The list of managed domains shown on the **Self-Service Portal** is sorted alpha To sort domains, specify the domain name you want at the top in capital letters in the **Domains** section of the **Administrative Portal**. -[![User-added image](../../../images/ka04u000000HcWF_0EM700000004xUV.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsq&feoid=00N700000032Pj2&refid=0EM700000004xUV) +[![User-added image](./images/ka04u000000HcWF_0EM700000004xUV.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsq&feoid=00N700000032Pj2&refid=0EM700000004xUV) diff --git a/docs/kb/auditor/the-remote-procedure-call-failed-error-when-collecting-logs.md b/docs/kb/auditor/the-remote-procedure-call-failed-error-when-collecting-logs.md index 7a6ef84bbb..c0f49f8a61 100644 --- a/docs/kb/auditor/the-remote-procedure-call-failed-error-when-collecting-logs.md +++ b/docs/kb/auditor/the-remote-procedure-call-failed-error-when-collecting-logs.md @@ -48,4 +48,4 @@ Review the possible resolutions depending on you cause: - For cause 2. Make sure you assigned all required rights and permissions to the account used for data collection. For additional information on the data collecting account configuration, refer to the following article: [Data Collecting Account](https://docs.netwrix.com/docs/auditor/10_8/admin/monitoringplans/dataaccounts) -- For cause 3. For additional information on the data collecting account configuration, refer to the following article: [Error 0x800706BA − RPC Server Is Unavailable](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-0x800706ba-rpc-server-is-unavailable.md) +- For cause 3. For additional information on the data collecting account configuration, refer to the following article: [Error 0x800706BA − RPC Server Is Unavailable](/docs/kb/auditor/error-0x800706ba-rpc-server-is-unavailable) diff --git a/docs/kb/auditor/troubleshoot_sharepoint_serveron-premise_errors.md b/docs/kb/auditor/troubleshoot_sharepoint_serveron-premise_errors.md index e4b1b4f74c..9872e6d1b7 100644 --- a/docs/kb/auditor/troubleshoot_sharepoint_serveron-premise_errors.md +++ b/docs/kb/auditor/troubleshoot_sharepoint_serveron-premise_errors.md @@ -21,42 +21,42 @@ This is a reference list of articles on troubleshooting errors in SharePoint Ser ### Related Articles -- [SharePoint Core Service Deployment Failed](/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-core-service-deployment-failed.md) -- [Timeout Expired Error on SharePoint Core Service D](/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/timeout-expired-error-on-sharepoint-core-service-deployment.md) -- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1204-in-health-log.md) -- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1205-in-health-log.md) -- [Error: Event ID 1206 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/error-event-id-1206-in-health-log.md) -- [Event ID 1208 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1208-in-health-log.md) -- [Event ID 1209 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1209-in-health-log.md) -- [Event ID 1210 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1210-in-health-log.md) -- [Event ID 1214 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1214-in-health-log.md) -- [Event ID 1223 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1223-in-health-log.md) -- [Event ID 1225 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1225-in-health-log.md) -- [Event ID 1236 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1236-in-health-log.md) -- [Event ID 1237/1238 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event_id_12371238_in_health_log.md) -- [Event ID 1239 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1239-in-health-log.md) -- [Event ID 1240 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1240-in-health-log.md) -- [Event ID 1241 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1241-in-health-log.md) -- [Event ID 1242 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1242-in-health-log.md) -- [Event ID 1243 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1243-in-health-log.md) -- [Event ID 1244 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1244-in-health-log.md) -- [Event ID 1245 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1245-in-health-log.md) -- [Event ID 1249 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1249-in-health-log.md) -- [Event ID 1250 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1250-in-health-log.md) -- [Event ID 1251 - 1254, 1256 - 1258 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1251-1254-1256-1258-in-health-log.md) -- [Event ID 1255 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1255-in-health-log.md) -- [Event ID 1259 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1259-in-health-log.md) -- [Event ID 1260 − 1266 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1260-1266-in-health-log.md) -- [Event ID 1267 − 1273 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1267-1273-in-health-log.md) -- [Event ID 1274 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1274-in-health-log.md) -- [Event ID 1275 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1275-in-health-log.md) -- [Event ID 1276 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1276-in-health-log.md) -- [Event ID 1280 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1280-in-health-log.md) -- [Event ID 1285 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1285-in-health-log.md) -- [Event ID 1286 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1286-in-health-log.md) -- [Event ID 1287 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1287-in-health-log.md) -- [Event ID 1288 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1288-in-health-log.md) -- [Event ID 1289 in Health Log](/docs/kb/auditor/event-id-reference/health-log-events/event-id-1289-in-health-log.md) +- [SharePoint Core Service Deployment Failed](/docs/kb/auditor/sharepoint-core-service-deployment-failed) +- [Timeout Expired Error on SharePoint Core Service D](/docs/kb/auditor/timeout-expired-error-on-sharepoint-core-service-deployment) +- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-1204-in-health-log) +- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-1205-in-health-log) +- [Error: Event ID 1206 in Health Log](/docs/kb/auditor/error-event-id-1206-in-health-log) +- [Event ID 1208 in Health Log](/docs/kb/auditor/event-id-1208-in-health-log) +- [Event ID 1209 in Health Log](/docs/kb/auditor/event-id-1209-in-health-log) +- [Event ID 1210 in Health Log](/docs/kb/auditor/event-id-1210-in-health-log) +- [Event ID 1214 in Health Log](/docs/kb/auditor/event-id-1214-in-health-log) +- [Event ID 1223 in Health Log](/docs/kb/auditor/event-id-1223-in-health-log) +- [Event ID 1225 in Health Log](/docs/kb/auditor/event-id-1225-in-health-log) +- [Event ID 1236 in Health Log](/docs/kb/auditor/event-id-1236-in-health-log) +- [Event ID 1237/1238 in Health Log](/docs/kb/auditor/event_id_12371238_in_health_log) +- [Event ID 1239 in Health Log](/docs/kb/auditor/event-id-1239-in-health-log) +- [Event ID 1240 in Health Log](/docs/kb/auditor/event-id-1240-in-health-log) +- [Event ID 1241 in Health Log](/docs/kb/auditor/event-id-1241-in-health-log) +- [Event ID 1242 in Health Log](/docs/kb/auditor/event-id-1242-in-health-log) +- [Event ID 1243 in Health Log](/docs/kb/auditor/event-id-1243-in-health-log) +- [Event ID 1244 in Health Log](/docs/kb/auditor/event-id-1244-in-health-log) +- [Event ID 1245 in Health Log](/docs/kb/auditor/event-id-1245-in-health-log) +- [Event ID 1249 in Health Log](/docs/kb/auditor/event-id-1249-in-health-log) +- [Event ID 1250 in Health Log](/docs/kb/auditor/event-id-1250-in-health-log) +- [Event ID 1251 - 1254, 1256 - 1258 in Health Log](/docs/kb/auditor/event-id-1251-1254-1256-1258-in-health-log) +- [Event ID 1255 in Health Log](/docs/kb/auditor/event-id-1255-in-health-log) +- [Event ID 1259 in Health Log](/docs/kb/auditor/event-id-1259-in-health-log) +- [Event ID 1260 − 1266 in Health Log](/docs/kb/auditor/event-id-1260-1266-in-health-log) +- [Event ID 1267 − 1273 in Health Log](/docs/kb/auditor/event-id-1267-1273-in-health-log) +- [Event ID 1274 in Health Log](/docs/kb/auditor/event-id-1274-in-health-log) +- [Event ID 1275 in Health Log](/docs/kb/auditor/event-id-1275-in-health-log) +- [Event ID 1276 in Health Log](/docs/kb/auditor/event-id-1276-in-health-log) +- [Event ID 1280 in Health Log](/docs/kb/auditor/event-id-1280-in-health-log) +- [Event ID 1285 in Health Log](/docs/kb/auditor/event-id-1285-in-health-log) +- [Event ID 1286 in Health Log](/docs/kb/auditor/event-id-1286-in-health-log) +- [Event ID 1287 in Health Log](/docs/kb/auditor/event-id-1287-in-health-log) +- [Event ID 1288 in Health Log](/docs/kb/auditor/event-id-1288-in-health-log) +- [Event ID 1289 in Health Log](/docs/kb/auditor/event-id-1289-in-health-log) diff --git a/docs/kb/auditor/unable-to-connect-to-remote-server.md b/docs/kb/auditor/unable-to-connect-to-remote-server.md index d94271ff1b..bc690a366c 100644 --- a/docs/kb/auditor/unable-to-connect-to-remote-server.md +++ b/docs/kb/auditor/unable-to-connect-to-remote-server.md @@ -48,11 +48,11 @@ In case the **SQL Server Reporting Services** service has stopped − enable the In case of the failed SQL Server upgrade, repair your SQL Server installation. Learn more in [Repair a Failed SQL Server Installation · Microsoft 🤝](https://learn.microsoft.com/en-us/sql/database-engine/install-windows/repair-a-failed-sql-server-installation?view=sql-server-ver16). -For additional information on expired evaluation license in SSRS, refer to the following article: [Error 503 − Reports and Subscriptions Not Working](/docs/kb/auditor/reports-alerts-and-notifications/report-generation/error-503-reports-and-subscriptions-not-working.md). +For additional information on expired evaluation license in SSRS, refer to the following article: [Error 503 − Reports and Subscriptions Not Working](/docs/kb/auditor/error-503-reports-and-subscriptions-not-working). ## Related articles -- [Error 503 − Reports and Subscriptions Not Working](/docs/kb/auditor/reports-alerts-and-notifications/report-generation/error-503-reports-and-subscriptions-not-working.md) +- [Error 503 − Reports and Subscriptions Not Working](/docs/kb/auditor/error-503-reports-and-subscriptions-not-working) - [Start and Stop the Report Server Service · Microsoft 🤝](https://learn.microsoft.com/en-us/sql/reporting-services/report-server/start-and-stop-the-report-server-service?view=sql-server-ver16) - [Setting Time-out Values for Report and Shared Dataset Processing (SSRS) · Microsoft 🤝](https://learn.microsoft.com/en-us/sql/reporting-services/report-server/setting-time-out-values-for-report-and-shared-dataset-processing-ssrs?view=sql-server-ver16) - [Repair a Failed SQL Server Installation · Microsoft 🤝](https://learn.microsoft.com/en-us/sql/database-engine/install-windows/repair-a-failed-sql-server-installation?view=sql-server-ver16) diff --git a/docs/kb/auditor/unable-to-create-real-time-alerts.md b/docs/kb/auditor/unable-to-create-real-time-alerts.md index b84c98ba1f..70d13f55dd 100644 --- a/docs/kb/auditor/unable-to-create-real-time-alerts.md +++ b/docs/kb/auditor/unable-to-create-real-time-alerts.md @@ -26,9 +26,9 @@ knowledge_article_id: kA00g000000H9btCAC The first time you create a real-time alert, you see the following errors: -![Error 1](../../../images/ka04u000000HcUe_0EM7000000050xL.png) +![Error 1](./images/ka04u000000HcUe_0EM7000000050xL.png) -![Error 2](../../../images/ka04u000000HcUe_0EM7000000050xQ.png) +![Error 2](./images/ka04u000000HcUe_0EM7000000050xQ.png) Also in the event viewer System log you can find events like this: diff --git a/docs/kb/auditor/unable-to-launch-netwrix-auditor-user-activity-core-service.md b/docs/kb/auditor/unable-to-launch-netwrix-auditor-user-activity-core-service.md index 104c9e2944..7cb7b8d8de 100644 --- a/docs/kb/auditor/unable-to-launch-netwrix-auditor-user-activity-core-service.md +++ b/docs/kb/auditor/unable-to-launch-netwrix-auditor-user-activity-core-service.md @@ -62,14 +62,14 @@ where `yourservername` is the name of your SMTP server in the FQDN format and `9 3. Follow the installation prompts up to the **Specify User Activity Video Reporter server and TCP port** step. 4. On this step, provide your SMTP server name in the FQDN format in the **Host server** field and provide the port number **9004**. -![User-added image](../../../images/ka0Qk0000001S2H_0EMQk000001wr0A.png) +![User-added image](./images/ka0Qk0000001S2H_0EMQk000001wr0A.png) 5. Complete the installation. -> NOTE: In case User Activity Core Service is installed in target servers, make sure to check the Core Service version in **Apps & Features**. In case of version mismatch, refer to the following article for additional information: [Manually Update User Activity Core Service](/docs/kb/auditor/monitoring-plans/user-activity-monitoring/manually-update-user-activity-core-service.md). +> NOTE: In case User Activity Core Service is installed in target servers, make sure to check the Core Service version in **Apps & Features**. In case of version mismatch, refer to the following article for additional information: [Manually Update User Activity Core Service](/docs/kb/auditor/manually-update-user-activity-core-service). ### Related articles - Configuration — User Activity — User Activity Ports — v10.6 -- [Manually Update User Activity Core Service](/docs/kb/auditor/monitoring-plans/user-activity-monitoring/manually-update-user-activity-core-service.md) +- [Manually Update User Activity Core Service](/docs/kb/auditor/manually-update-user-activity-core-service) diff --git a/docs/kb/auditor/unable-to-process-item-error-when-using-gmsa-in-netwrix-auditor.md b/docs/kb/auditor/unable-to-process-item-error-when-using-gmsa-in-netwrix-auditor.md index 59bde692f8..a001bcf52f 100644 --- a/docs/kb/auditor/unable-to-process-item-error-when-using-gmsa-in-netwrix-auditor.md +++ b/docs/kb/auditor/unable-to-process-item-error-when-using-gmsa-in-netwrix-auditor.md @@ -41,4 +41,4 @@ In Netwrix Auditor version 9.96 group managed service accounts can be used inste ## Solution -For the pre-10.5.11041 Netwrix Auditor version, make sure to update your Netwrix Auditor instance — refer to the following articles for additional information: [How to Upgrade Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md) and [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/upgrade-increments-for-netwrix-auditor.md) +For the pre-10.5.11041 Netwrix Auditor version, make sure to update your Netwrix Auditor instance — refer to the following articles for additional information: [How to Upgrade Netwrix Auditor](/docs/kb/auditor/how-to-upgrade-netwrix-auditor) and [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/upgrade-increments-for-netwrix-auditor) diff --git a/docs/kb/auditor/unable-to-run-reports-system-cannot-find-the-file-specified.md b/docs/kb/auditor/unable-to-run-reports-system-cannot-find-the-file-specified.md index e53b3cf7ce..4dbe138bde 100644 --- a/docs/kb/auditor/unable-to-run-reports-system-cannot-find-the-file-specified.md +++ b/docs/kb/auditor/unable-to-run-reports-system-cannot-find-the-file-specified.md @@ -49,6 +49,6 @@ A report server database is missing. Refer to the following steps to resolve the issue: 1. In your Netwrix Auditor server, disable **Netwrix Auditor Archive Service** and **Netwrix Auditor Management Service** via **Services**. -2. Deploy the report server database — refer to the following article for in-depth instructions: [Deploying the Report Server Database](/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md) +2. Deploy the report server database — refer to the following article for in-depth instructions: [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database) 3. Once you've configured the report server database, grant the roles to the SSRS service account the roles required. Refer to the following article for additional information: [Configure SSRS account](https://docs.netwrix.com/docs/auditor/10_8/requirements/sqlserverreportingservice) and [How to Assign db_owner Permissions](docs\kb\auditor\how-to-assign-db-owner-permissions.md) 4. Restart **Netwrix Auditor Archive Service** and **Netwrix Auditor Management Service** on your Netwrix Auditor server via **Services**. diff --git a/docs/kb/auditor/unable-to-update-netwrix-auditor-due-to-contract-or-subscription-expiration.md b/docs/kb/auditor/unable-to-update-netwrix-auditor-due-to-contract-or-subscription-expiration.md index 63350f069a..c88ffe6699 100644 --- a/docs/kb/auditor/unable-to-update-netwrix-auditor-due-to-contract-or-subscription-expiration.md +++ b/docs/kb/auditor/unable-to-update-netwrix-auditor-due-to-contract-or-subscription-expiration.md @@ -33,7 +33,7 @@ To be able to download and install the new version, renew your maintenance contr Your subscription plan for Netwrix Auditor has expired ``` -![AboutNetwrixAuditor.png](../../../images/ka0Qk0000002uxN_0EM4u000008LHag.png) +![AboutNetwrixAuditor.png](./images/ka0Qk0000002uxN_0EM4u000008LHag.png) ## Cause @@ -47,10 +47,10 @@ Even if you have valid support and maintenance licenses, you might still have so 2. In the left pane, select **Licenses**. 3. Select any expired licenses and click **Remove**. -If you would like to upgrade to the latest product version from a version that is no longer supported, refer to the following incremental upgrade guide: [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/upgrade-increments-for-netwrix-auditor.md). +If you would like to upgrade to the latest product version from a version that is no longer supported, refer to the following incremental upgrade guide: [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/upgrade-increments-for-netwrix-auditor). ## Related articles - Installation — Upgrade to the Latest Version ⸱ v10.6 -- [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/upgrade-increments-for-netwrix-auditor.md) +- [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/upgrade-increments-for-netwrix-auditor) diff --git a/docs/kb/auditor/upgrade-increments-for-netwrix-auditor.md b/docs/kb/auditor/upgrade-increments-for-netwrix-auditor.md index 54967caac0..f74f434f00 100644 --- a/docs/kb/auditor/upgrade-increments-for-netwrix-auditor.md +++ b/docs/kb/auditor/upgrade-increments-for-netwrix-auditor.md @@ -67,7 +67,7 @@ This will stop all Netwrix Services and prevent complications during the upgrade | 8.5 / 9.0 | 9.5 | Not recommended! | | 9.5 | 9.7 | [Download](https://www.netwrix.com/my_products.html) | | 9.7 / 9.8 | 9.9 | [Download](https://www.netwrix.com/my_products.html) | -| 9.9 | 9.96 | [Download](https://www.netwrix.com/my_products.html)
Refer to the following article for additional information:
[Upgrade from 9.9 to 9.96 with Your Netwrix Auditor Version Cannot Be Upgraded Error](/docs/kb/auditor/system-administration/migration-and-upgrade/upgrade_from_9.9_to_9.96_with_your_netwrix_auditor_version_cannot_be_upgraded_error.md)| +| 9.9 | 9.96 | [Download](https://www.netwrix.com/my_products.html)
Refer to the following article for additional information:
[Upgrade from 9.9 to 9.96 with Your Netwrix Auditor Version Cannot Be Upgraded Error](/docs/kb/auditor/upgrade_from_9.9_to_9.96_with_your_netwrix_auditor_version_cannot_be_upgraded_error)| | 9.96 / 10.0 | 10.5 | [Download](https://www.netwrix.com/my_products.html) | | 10 / 10.5 | 10.6 | [Download](https://www.netwrix.com/my_products.html) | | 10.5 / 10.6 | 10.7 | [Download](https://www.netwrix.com/my_products.html) | @@ -75,4 +75,4 @@ This will stop all Netwrix Services and prevent complications during the upgrade ### Related articles -[How to Upgrade Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md) +[How to Upgrade Netwrix Auditor](/docs/kb/auditor/how-to-upgrade-netwrix-auditor) diff --git a/docs/kb/auditor/upgrade_from_9.9_to_9.96_with_your_netwrix_auditor_version_cannot_be_upgraded_error.md b/docs/kb/auditor/upgrade_from_9.9_to_9.96_with_your_netwrix_auditor_version_cannot_be_upgraded_error.md index 65f98d5358..1158fdf167 100644 --- a/docs/kb/auditor/upgrade_from_9.9_to_9.96_with_your_netwrix_auditor_version_cannot_be_upgraded_error.md +++ b/docs/kb/auditor/upgrade_from_9.9_to_9.96_with_your_netwrix_auditor_version_cannot_be_upgraded_error.md @@ -35,5 +35,5 @@ To upgrade to v9.96, contact Technical Support for download links for the latest ## Related Articles -- [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/upgrade-increments-for-netwrix-auditor.md) -- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md) \ No newline at end of file +- [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/upgrade-increments-for-netwrix-auditor) +- [How to Upgrade Netwrix Auditor](/docs/kb/auditor/how-to-upgrade-netwrix-auditor) \ No newline at end of file diff --git a/docs/kb/auditor/volume-shadow-copy-service-support-in-netwrix-auditor-for-file-servers.md b/docs/kb/auditor/volume-shadow-copy-service-support-in-netwrix-auditor-for-file-servers.md index f79418218a..98fb46a650 100644 --- a/docs/kb/auditor/volume-shadow-copy-service-support-in-netwrix-auditor-for-file-servers.md +++ b/docs/kb/auditor/volume-shadow-copy-service-support-in-netwrix-auditor-for-file-servers.md @@ -32,7 +32,7 @@ The **Volume Shadow Copy Service** (hereafter **VSS**) can be enabled via **Netw 1. Navigate to **Managed Objects -> your_File_Servers_Managed_Object_name -> File Servers.** 2. Click **Configure** next to **Advanced Settings** and select the **Enable file versioning and rollback capabilities (based on Volume Shadow Copy).** -![User-added image](../../images/ka04u000000HcNV_0EM700000007LkF.png) +![User-added image](./images/ka04u000000HcNV_0EM700000007LkF.png) ## Where Shadow Copy data is stored diff --git a/docs/kb/auditor/vserver-api-missing-vserver-parameter-error-when-auditing-netapp-cluster.md b/docs/kb/auditor/vserver-api-missing-vserver-parameter-error-when-auditing-netapp-cluster.md index 7000225f0b..e32bb9f66e 100644 --- a/docs/kb/auditor/vserver-api-missing-vserver-parameter-error-when-auditing-netapp-cluster.md +++ b/docs/kb/auditor/vserver-api-missing-vserver-parameter-error-when-auditing-netapp-cluster.md @@ -36,7 +36,7 @@ The specified management interface is not the management interface of the CIFS S 2. Find the interface that has **Management Access** enabled and is assigned to the SVM you are trying to audit. 3. Remember its IP address and specify it in the properties of the NetApp item in Netwrix Auditor in the **ONTAPI** node. -![Management_Interface_NetApp](../../../images/ka04u000000HcZ5_0EM0g000002CGLg.png) +![Management_Interface_NetApp](./images/ka04u000000HcZ5_0EM0g000002CGLg.png) Also make sure the account used to collect to ONTAPI is assigned a custom role on the SVM that has the following capabilities with access query levels: diff --git a/docs/kb/auditor/what-is-sessionid-in-netwrix-auditor-for-file-servers.md b/docs/kb/auditor/what-is-sessionid-in-netwrix-auditor-for-file-servers.md index d484f7fc7a..687909607f 100644 --- a/docs/kb/auditor/what-is-sessionid-in-netwrix-auditor-for-file-servers.md +++ b/docs/kb/auditor/what-is-sessionid-in-netwrix-auditor-for-file-servers.md @@ -33,7 +33,7 @@ This attribute is based on the user’s logon ID within the current session. Bei Session IDs are used to identify changes made by users with unique logon ID's. Session IDs are a combination of both the logon ID itself and the current session associated with this logon ID, to help identifying who made the change. Thus, session ID can be changed due to the fact that Netwrix would count that as a separate activity record too. -![User-added image](../../images/ka0Qk0000001OrV_0EMQk000002Tph8.png) +![User-added image](./images/ka0Qk0000001OrV_0EMQk000002Tph8.png) In addition, Netwrix Auditor generates the following attribute besides Session ID, associated with the object and reserved for internal use: @@ -43,7 +43,7 @@ Since the product associates Session IDs with the current session of the user, t ### Related Article -- [How Does Merging Logon Activity Events Work?](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-does-merging-logon-activity-events-work.md) +- [How Does Merging Logon Activity Events Work?](/docs/kb/auditor/how-does-merging-logon-activity-events-work) diff --git a/docs/kb/auditor/why-a-registry-key-is-missing-in-both-gpmc-and-local.md b/docs/kb/auditor/why-a-registry-key-is-missing-in-both-gpmc-and-local.md index 643932824d..f9bdf9fe93 100644 --- a/docs/kb/auditor/why-a-registry-key-is-missing-in-both-gpmc-and-local.md +++ b/docs/kb/auditor/why-a-registry-key-is-missing-in-both-gpmc-and-local.md @@ -39,7 +39,7 @@ Registry audit settings are required for some data sources, for example, for Log 5. On this screen that pops up, add the required permissions. 6. On the next screen, you’ll be prompted to configure the key, then how you want the settings to be applied; or not allow permission to be replaced. 7. Manually add the path to the Registry Key in the **Selected Key** dialog. - ![User-added image](../../../images/ka0Qk0000001VD3_0EMQk000002dT5q.png) + ![User-added image](./images/ka0Qk0000001VD3_0EMQk000002dT5q.png) This will apply the key settings to the GPO, and all computers affected by the GPO. diff --git a/docs/kb/auditor/why-do-i-have-incomplete-information-on-failed-logons.md b/docs/kb/auditor/why-do-i-have-incomplete-information-on-failed-logons.md index 1d7b8d5557..fa0499ab04 100644 --- a/docs/kb/auditor/why-do-i-have-incomplete-information-on-failed-logons.md +++ b/docs/kb/auditor/why-do-i-have-incomplete-information-on-failed-logons.md @@ -40,4 +40,4 @@ If you would like to have information on how to investigate Failed Logons, check - [Investigating Failed Logons](https://kb.netwrix.com/5198) - [How to detect the root cause of multiple failed logons](https://kb.netwrix.com/3553) -- [How to Find Destination of Failed NTLM Logons?](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/how-to-find-destination-of-failed-ntlm-logons.md) +- [How to Find Destination of Failed NTLM Logons?](/docs/kb/auditor/how-to-find-destination-of-failed-ntlm-logons) diff --git a/docs/kb/auditor/wmi-classes-data-provider-failed-to-get-the-information-on-win32-printer-error.md b/docs/kb/auditor/wmi-classes-data-provider-failed-to-get-the-information-on-win32-printer-error.md index be48c5de8c..bd10b91554 100644 --- a/docs/kb/auditor/wmi-classes-data-provider-failed-to-get-the-information-on-win32-printer-error.md +++ b/docs/kb/auditor/wmi-classes-data-provider-failed-to-get-the-information-on-win32-printer-error.md @@ -42,7 +42,7 @@ The Print Spooler service is stopped or disabled on the monitored server. 4. In the **General** tab, review the **Startup type** value − switch it to **Automatic** and click **Start**. 5. Click **Apply**. -![User-added image](../../../images/ka0Qk0000001f7Z_0EM4u000002CQsV.png) +![User-added image](./images/ka0Qk0000001f7Z_0EM4u000002CQsV.png) --- diff --git a/docs/kb/auditor/workstation-name-is-not-shown.md b/docs/kb/auditor/workstation-name-is-not-shown.md index 2924eff230..aed193f8ae 100644 --- a/docs/kb/auditor/workstation-name-is-not-shown.md +++ b/docs/kb/auditor/workstation-name-is-not-shown.md @@ -30,7 +30,7 @@ Netwrix Account Lockout Examiner shows no data in the **Workstation** field, whi Because Netwrix Account Lockout Examiner processes Windows security logs, it only gets the data that is present in those logs. This issue means that the Account locked out event (ID `644` for Windows XP/2003, ID `4740` for the later versions of Windows) contains an empty **Caller Machine Name** field. Here is an example of the Account locked out event `644` with the empty **Caller Machine Name** field: -[![User-added image](../../../images/ka04u00000118ES_0EM700000004udP.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g0000004KSJ&feoid=00N700000032Pj2&refid=0EM700000004udP) +[![User-added image](./images/ka04u00000118ES_0EM700000004udP.png)](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g0000004KSJ&feoid=00N700000032Pj2&refid=0EM700000004udP) The field can be empty for events where a local computer account was locked out due to a local policy or as a result of computer synchronization with a mobile device. diff --git a/docs/kb/auditor/workstations-cloned-with-windows-server-auditing-service-pre-installed.md b/docs/kb/auditor/workstations-cloned-with-windows-server-auditing-service-pre-installed.md index ef0f2732e5..25d87efd04 100644 --- a/docs/kb/auditor/workstations-cloned-with-windows-server-auditing-service-pre-installed.md +++ b/docs/kb/auditor/workstations-cloned-with-windows-server-auditing-service-pre-installed.md @@ -46,7 +46,7 @@ To establish the affected servers, refer to the following steps: Copy the **AgentID** value. - ![Registry AgentID screenshot](../../images/ka04u000001177u_0EM4u000008Lr6o.png) + ![Registry AgentID screenshot](./images/ka04u000001177u_0EM4u000008Lr6o.png) 2. In your Netwrix Auditor host, navigate to the `C:\ProgramData\Netwrix Auditor\ShortTerm\WSA\Agents\` folder. Look for a folder named after **AgentID** (e.g.,52656fc3-d325-424d-9bef-fb68d14bc919). The **RemoteAgentState.xml** file contains a list of affected servers. diff --git "a/docs/kb/auditor/\321\201onnection_issue_when_tls_1.2_is_required.md" "b/docs/kb/auditor/\321\201onnection_issue_when_tls_1.2_is_required.md" index fdd1493c55..510ed82fee 100644 --- "a/docs/kb/auditor/\321\201onnection_issue_when_tls_1.2_is_required.md" +++ "b/docs/kb/auditor/\321\201onnection_issue_when_tls_1.2_is_required.md" @@ -23,7 +23,7 @@ How to set up connections between the internal environment and Microsoft (Office ### Option 1: For Up-to-Date Environments -For up-to-date environments, refer to the following KB article for additional information: [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm.md). You can also use this registry key to achieve the same results: [TLS Registry Key](https://netwrix.com/download/products/KnowledgeBase/TLSRegkey.reg). +For up-to-date environments, refer to the following KB article for additional information: [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm). You can also use this registry key to achieve the same results: [TLS Registry Key](https://netwrix.com/download/products/KnowledgeBase/TLSRegkey.reg). ### Option 2: For Pre-Windows Server 2019 Environments and Earlier @@ -108,7 +108,7 @@ For 32-bit applications that are running on 64-bit OSs, update the following sub ### Related Articles -- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm.md) +- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm) - [How to enable TLS 1.2 on clients ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client) diff --git a/docs/kb/dataclassification/antivirus-exclusions-for-netwrix-data-classification.md b/docs/kb/dataclassification/antivirus-exclusions-for-netwrix-data-classification.md index c450528b23..1778b6ab0a 100644 --- a/docs/kb/dataclassification/antivirus-exclusions-for-netwrix-data-classification.md +++ b/docs/kb/dataclassification/antivirus-exclusions-for-netwrix-data-classification.md @@ -47,4 +47,4 @@ During data collection, a collector uses a specific to store copies of the files ## Related articles -- [How to back up the Netwrix Data Classification Index](/docs/kb/dataclassification/system-administration/how-to-back-up-the-ndc-index.md) +- [How to back up the Netwrix Data Classification Index](/docs/kb/dataclassification/how-to-back-up-the-ndc-index) diff --git a/docs/kb/dataclassification/classification-troubleshooting.md b/docs/kb/dataclassification/classification-troubleshooting.md index 82ec87ca55..2f1fd95db0 100644 --- a/docs/kb/dataclassification/classification-troubleshooting.md +++ b/docs/kb/dataclassification/classification-troubleshooting.md @@ -35,7 +35,7 @@ Identify a document with incorrect classifications: Go to the workflow logs (`https://[YourNDCServerName]/NDC/Workflows/Logs`) on your Netwrix Data Classification server and check the status: - If it's **negative**, then there was an error. Enable collector tracing and reindex the file, then view the event logs for details of the issue. You will usually see either the `PageID`, `PageURL`, or both in the logs to know which errors are related. -- If it's less than 400, it means that it is not classified and needs to finish processing first. Verify codes in the [NDC Page Status Codes](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/ndc-page-status-codes.md) article. +- If it's less than 400, it means that it is not classified and needs to finish processing first. Verify codes in the [NDC Page Status Codes](/docs/kb/auditor/ndc-page-status-codes) article. - If the status is **Classified (400)** and the **ReindexStatus** is 3, then it means it hasn't been reindexed or reclassified. This means that a change was detected or the user manually requested reprocessing. Give Netwrix Data Classification time to reprocess the document. - If the status is 400 and the reindex status is 0, check the **Text** and **Metadata** tabs. This is an easy way to confirm issues where Optical Character Recognition (OCR) has failed to extract the text you're looking for or if there was an issue processing text extraction for the document. If it doesn't match, enable collector tracing and reindex the document for details in the logs. diff --git a/docs/kb/dataclassification/documents-are-crawled-successfully-with-no-text-extracted.md b/docs/kb/dataclassification/documents-are-crawled-successfully-with-no-text-extracted.md index 471c77e247..bb0c9006ca 100644 --- a/docs/kb/dataclassification/documents-are-crawled-successfully-with-no-text-extracted.md +++ b/docs/kb/dataclassification/documents-are-crawled-successfully-with-no-text-extracted.md @@ -31,7 +31,7 @@ Why is Netwrix Data Classification (NDC) crawling your documents successfully, b Issues with text extraction can have a range of causes. You can find a summary of text extraction errors in the **Stats** dashboard. Click **Details** to view a breakdown by type of error. -![thumbnail_image.png](images/ka0Qk000000309x_0EMQk000004P1LC.png) +![thumbnail_image.png](./images/ka0Qk000000309x_0EMQk000004P1LC.png) ### Steps to Diagnose Text Extraction Failure diff --git a/docs/kb/dataclassification/error-end-encrypted-private-key-not-found.md b/docs/kb/dataclassification/error-end-encrypted-private-key-not-found.md index c96fa68ba3..6869cf4173 100644 --- a/docs/kb/dataclassification/error-end-encrypted-private-key-not-found.md +++ b/docs/kb/dataclassification/error-end-encrypted-private-key-not-found.md @@ -38,7 +38,7 @@ System.IO.IOException: The formatting of the private key in the JSON file is incorrect. Refer to the following example: -![private key example](images/ka0Qk0000005chN_0EMQk000007eSHh.png) +![private key example](./images/ka0Qk0000005chN_0EMQk000007eSHh.png) The private key contains multiple `\n` entries that represent line breaks. diff --git a/docs/kb/dataclassification/error-failed-to-load-classifier-data-cache.md b/docs/kb/dataclassification/error-failed-to-load-classifier-data-cache.md index cfc23cc290..fe8f9f2165 100644 --- a/docs/kb/dataclassification/error-failed-to-load-classifier-data-cache.md +++ b/docs/kb/dataclassification/error-failed-to-load-classifier-data-cache.md @@ -29,7 +29,7 @@ The Netwrix Data Classification: Service Viewer displays the following error mes `Failed-to-load-Classifier-data-cache` -![User-added image](images/ka04u000000HdG2_0EM4u000001rDFG.png) +![User-added image](./images/ka04u000000HdG2_0EM4u000001rDFG.png) ## Solution diff --git a/docs/kb/dataclassification/export-not-available-for-dsar-searches.md b/docs/kb/dataclassification/export-not-available-for-dsar-searches.md index 905413ee35..8b5789dbdb 100644 --- a/docs/kb/dataclassification/export-not-available-for-dsar-searches.md +++ b/docs/kb/dataclassification/export-not-available-for-dsar-searches.md @@ -36,4 +36,4 @@ Exporting DSAR reports requires that you specify an output location. Refer to the following article for additional information on DSAR settings: DSAR Settings. -![DSAR Settings screenshot](images/ka04u000001170U_0EM4u000008LceH.png) +![DSAR Settings screenshot](./images/ka04u000001170U_0EM4u000008LceH.png) diff --git a/docs/kb/dataclassification/export-term-sets-to-an-xml-file-using-concepttermstoremanager.md b/docs/kb/dataclassification/export-term-sets-to-an-xml-file-using-concepttermstoremanager.md index 4a9858c356..b57e4a0b2d 100644 --- a/docs/kb/dataclassification/export-term-sets-to-an-xml-file-using-concepttermstoremanager.md +++ b/docs/kb/dataclassification/export-term-sets-to-an-xml-file-using-concepttermstoremanager.md @@ -31,17 +31,17 @@ Export a term set structure to an XML file via the conceptTermStoreManager using 1. Navigate to `C:\inetpub\wwwroot\conceptQS\bin\conceptTermStoreManager.exe` 2. Run the `conceptTermStoreManager.exe` and observe the following screen: - ![User-added image](images/ka04u000000HdFy_0EM4u000001rAT5.png) + ![User-added image](./images/ka04u000000HdFy_0EM4u000001rAT5.png) 3. Click the **Export** box to export a term set structure to an XML file. 4. On the **Export Term Sets** page, enter the details of the site collection where the Term Store can be accessed using the credentials supplied. - ![User-added image](images/ka04u000000HdFy_0EM4u000001rAV6.png) + ![User-added image](./images/ka04u000000HdFy_0EM4u000001rAV6.png) 5. Click **Next**. 6. Select the term sets you wish to export by using the checkboxes on the right-hand side. - ![User-added image](images/ka04u000000HdFy_0EM4u000001rAVB.png) + ![User-added image](./images/ka04u000000HdFy_0EM4u000001rAVB.png) 7. Click either the **Selected** button to export the checked items or the **All** button to export all term sets found in the term store. 8. Name and save the XML file when the **Save As** window appears. diff --git a/docs/kb/dataclassification/how-to-configure-granular-permissions-for-a-service-account.md b/docs/kb/dataclassification/how-to-configure-granular-permissions-for-a-service-account.md index f2e22713c4..433b49107f 100644 --- a/docs/kb/dataclassification/how-to-configure-granular-permissions-for-a-service-account.md +++ b/docs/kb/dataclassification/how-to-configure-granular-permissions-for-a-service-account.md @@ -42,6 +42,6 @@ To configure granular permissions for a Service Account: 3. Add Write permissions to the index files' location (NTFS Permissions). The index files' location can be looked up in `conceptConfig.exe` in `C:\inetpub\wwwroot\NDC\bin`: - ![index_files_location.png](images/ka0Qk0000005NaH_0EM4u000008LGlJ.png) + ![index_files_location.png](./images/ka0Qk0000005NaH_0EM4u000008LGlJ.png) > **TIP:** In some instances, the Netwrix Data Classification Service Viewer Utility won't work correctly if the service account is not a member of the Local Administrators group on the Netwrix Data Classification server. In this case, you should use the **Service Viewer** built into the web UI. diff --git a/docs/kb/dataclassification/how-to-crawl-a-website-that-does-not-require-credentials.md b/docs/kb/dataclassification/how-to-crawl-a-website-that-does-not-require-credentials.md index 5753ed7991..6812bfe905 100644 --- a/docs/kb/dataclassification/how-to-crawl-a-website-that-does-not-require-credentials.md +++ b/docs/kb/dataclassification/how-to-crawl-a-website-that-does-not-require-credentials.md @@ -84,4 +84,4 @@ This error is gone after adding a specific line in the **Collector Using Agent** Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Sa ``` -![User-added image](images/ka0Qk000000DiGA_0EM4u000008pbhE.png) +![User-added image](./images/ka0Qk000000DiGA_0EM4u000008pbhE.png) diff --git a/docs/kb/dataclassification/how-to-migrate-netwrix-data-classification-to-another-server.md b/docs/kb/dataclassification/how-to-migrate-netwrix-data-classification-to-another-server.md index 9b531f5650..aa0165e274 100644 --- a/docs/kb/dataclassification/how-to-migrate-netwrix-data-classification-to-another-server.md +++ b/docs/kb/dataclassification/how-to-migrate-netwrix-data-classification-to-another-server.md @@ -31,7 +31,7 @@ This article describes how to change or replace the server on which Netwrix Data 1. Stop/disable **all NDC services** on the application server (**conceptClassifier, conceptIndexer, conceptCollector**). - ![User-added image](images/ka0Qk0000007H0v_0EM4u000002Qwyh.png) + ![User-added image](./images/ka0Qk0000007H0v_0EM4u000002Qwyh.png) > **NOTE:** You can also disable the NDC services using the **Service Viewer** located at: `C:\Program Files\ConceptSearching\ServiceViewer` (by default). diff --git a/docs/kb/dataclassification/how-to-migrate-the-netwrix-data-classification-database.md b/docs/kb/dataclassification/how-to-migrate-the-netwrix-data-classification-database.md index eac05700f5..040a420a39 100644 --- a/docs/kb/dataclassification/how-to-migrate-the-netwrix-data-classification-database.md +++ b/docs/kb/dataclassification/how-to-migrate-the-netwrix-data-classification-database.md @@ -65,7 +65,7 @@ Follow these steps to migrate the Netwrix Data Classification database: > **IMPORTANT:** If you are using the Windows Authentication method, verify that the user has the `db_owner` role assigned in the Netwrix Data Classification database. Alternatively, run `conceptConfig.exe` using the service account. - ![conceptConfig.exe configuration window with database server and credentials fields visible](images/ka0Qk0000005157_0EMQk000006Wq6T.png) + ![conceptConfig.exe configuration window with database server and credentials fields visible](./images/ka0Qk0000005157_0EMQk000006Wq6T.png) 5. Open the **Service Viewer** and start all three Netwrix Data Classification services. The default path is: diff --git a/docs/kb/dataclassification/how-to-set-up-single-sign-on-via-microsoft-entra-id-authentication.md b/docs/kb/dataclassification/how-to-set-up-single-sign-on-via-microsoft-entra-id-authentication.md index 960fb9dccd..2cdad08331 100644 --- a/docs/kb/dataclassification/how-to-set-up-single-sign-on-via-microsoft-entra-id-authentication.md +++ b/docs/kb/dataclassification/how-to-set-up-single-sign-on-via-microsoft-entra-id-authentication.md @@ -41,7 +41,7 @@ How can you set up single sign-on (SSO) for Netwrix Data Classification (NDC) vi > **NOTE:** Make sure to check the **Superuser** checkbox. - ![Add user Superuser screenshot](images/ka0Qk0000004LM1_0EMQk000005O4sP.png) + ![Add user Superuser screenshot](./images/ka0Qk0000004LM1_0EMQk000005O4sP.png) 4. Visit the App registrations menu in your Microsoft Azure Portal to register an application: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps @@ -51,7 +51,7 @@ How can you set up single sign-on (SSO) for Netwrix Data Classification (NDC) vi 4. Copy the **Application (Client) ID** of the newly created application. 5. Select your application and open the **Authentication** tab in the left pane. - ![Authentication tab screenshot](images/ka0Qk0000004LM1_0EMQk000005O4u1.png) + ![Authentication tab screenshot](./images/ka0Qk0000004LM1_0EMQk000005O4u1.png) 6. Check the **ID tokens (used for implicit and hybrid flows)** checkbox and click **Save**. @@ -64,7 +64,7 @@ How can you set up single sign-on (SSO) for Netwrix Data Classification (NDC) vi ``` -![web.config snippet screenshot](images/ka0Qk0000004LM1_0EMQk000005O4qo.png) +![web.config snippet screenshot](./images/ka0Qk0000004LM1_0EMQk000005O4qo.png) > **NOTE:** Replace the **Application (Client) ID** with the one copied previously and the `tenantname.onmicrosoft.com` with your tenant's name. diff --git a/docs/kb/dataclassification/how-to-update-service-account-password.md b/docs/kb/dataclassification/how-to-update-service-account-password.md index dd5a3edf87..67944ebb17 100644 --- a/docs/kb/dataclassification/how-to-update-service-account-password.md +++ b/docs/kb/dataclassification/how-to-update-service-account-password.md @@ -50,7 +50,7 @@ Check for the current Netwrix Data Classification version on any of the Netwrix 3. Right click a service with the **Running** status and select **Stop**. > TIP: you can change startup type to **Manual**, so then they don’t startup on their own: - > ![User-added image](images/ka0Qk000000Codl_0EM4u000008Liup.png) + > ![User-added image](./images/ka0Qk000000Codl_0EM4u000008Liup.png) 3. In the **Services** window, scroll down to find the following services: - NDC Classifier @@ -58,7 +58,7 @@ Check for the current Netwrix Data Classification version on any of the Netwrix - NDC Indexer 4. For each service, do the following: - ![Picture2.png](images/ka0Qk000000Codl_0EM4u000008LhoR.png) + ![Picture2.png](./images/ka0Qk000000Codl_0EM4u000008LhoR.png) 1. Right click a service name, select **Properties** and go to the **Log on** tab. 2. Enter new password. 3. Click on **Apply**. @@ -73,24 +73,24 @@ Check for the current Netwrix Data Classification version on any of the Netwrix > **Fresh install of v5.7.x.x**: NDCAppPool 3. Click on the application and then on the right pane, click on **Advanced Settings**. - ![Picture3.png](images/ka0Qk000000Codl_0EM4u000008LhrQ.png) + ![Picture3.png](./images/ka0Qk000000Codl_0EM4u000008LhrQ.png) 6. Once you are in the **Advanced Settings**, go to **Process Model** > **Identity** > **...** - ![Picture4.png](images/ka0Qk000000Codl_0EM4u000008Lhog.png) + ![Picture4.png](./images/ka0Qk000000Codl_0EM4u000008Lhog.png) 7. In the **Application Pool Identity** window do the following: 1. Click on **Set**. 2. Enter new credentials (always enter your domain before the user as not doing so can cause problems later). 3. Click on **OK**. - ![Picture5.png](images/ka0Qk000000Codl_0EM4u000008Lhol.png) + ![Picture5.png](./images/ka0Qk000000Codl_0EM4u000008Lhol.png) 8. Since you are in the IIS, head into your Netwrix Data Classification webpage by doing the following: 1. Expand the **Sites** folder. 2. Expand **Default Web Site** then click on **NDC2** or **ConceptQS**. 3. Click on **Browse** on the right pane. - ![Picture6.png](images/ka0Qk000000Codl_0EM4u000008LhrV.png) + ![Picture6.png](./images/ka0Qk000000Codl_0EM4u000008LhrV.png) Result: the Netwrix Data Classification's **System Dashboard** section appears: - ![Picture7.png](images/ka0Qk000000Codl_0EM4u000008Lhrk.png) + ![Picture7.png](./images/ka0Qk000000Codl_0EM4u000008Lhrk.png) > IMPORTANT: follow the steps below if only you have setup the same Service Account for more than just the services such as SQL Access or SQL Server Instance Services @@ -102,12 +102,12 @@ Check for the current Netwrix Data Classification version on any of the Netwrix 1. Open the `conceptindexer` folder. 2. To sort documents, click **Type** once. 3. Open the `ConceptConfig.exe` file. - ![Picture8.png](images/ka0Qk000000Codl_0EM4u000008Lhp0.png) + ![Picture8.png](./images/ka0Qk000000Codl_0EM4u000008Lhp0.png) 11. In the **Netwrix Data Classification: Database Configuration** window, proceed as follows: 1. Change user password. 2. Click on **Test Connection** to have Netwrix Data Classification try to connect with your new credentials. - ![Picture9.png](images/ka0Qk000000Codl_0EM4u000008LhpP.png) + ![Picture9.png](./images/ka0Qk000000Codl_0EM4u000008LhpP.png) Result: a dialog window with the **Connection Test Succeeded** message appears. 12. Repeat for the other service folder. diff --git a/docs/kb/dataclassification/import-terms-sets-from-an-xml-file-using-concepttermstoremanager.md b/docs/kb/dataclassification/import-terms-sets-from-an-xml-file-using-concepttermstoremanager.md index e9e209b85d..733ff44323 100644 --- a/docs/kb/dataclassification/import-terms-sets-from-an-xml-file-using-concepttermstoremanager.md +++ b/docs/kb/dataclassification/import-terms-sets-from-an-xml-file-using-concepttermstoremanager.md @@ -30,19 +30,19 @@ Import a term set structure from an XML file via the `conceptTermStoreManager` u 1. Navigate to `C:\inetpub\wwwroot\conceptQS\bin\conceptTermStoreManager.exe`. 2. Run the `conceptTermStoreManager.exe` and observe the following screen: - ![User-added image](images/ka04u000000HdFz_0EM4u000001rATU.png) + ![User-added image](./images/ka04u000000HdFz_0EM4u000001rATU.png) 3. Click the **Import** button to import a term set structure from an XML file. 4. Enter the location of the XML file and the destination term store: - ![User-added image](images/ka04u000000HdFz_0EM4u000001rAU8.png) + ![User-added image](./images/ka04u000000HdFz_0EM4u000001rAU8.png) - This example uses an Office 365 destination. 5. Click **Next**. 6. Check the boxes of the term sets you wish to import. 7. For each term set, use the drop down list to select a desired **Action**: - ![User-added image](images/ka04u000000HdFz_0EM4u000001rAUS.png) + ![User-added image](./images/ka04u000000HdFz_0EM4u000001rAUS.png) - In this example, the **Regions** term set will be merged with the existing term set in the **Taxonomies** term group. 8. Click **Next**. 9. Review the summary on the final page: - ![User-added image](images/ka04u000000HdFz_0EM4u000001rAVQ.png) + ![User-added image](./images/ka04u000000HdFz_0EM4u000001rAVQ.png) - If you wish to ensure terms not found in the source are removed from the destination (`Matching GUID`), check the **Process Deletions** box. - If you wish to prevent any changes from occurring in the destination, check the **Report Only** box. - Any changes that would have been made to term sets will be logged to the individual term sets logs, which are visible by clicking the **View Log File** link. diff --git a/docs/kb/dataclassification/netwrix-data-classification-collector-indexer-and-classifier-threads.md b/docs/kb/dataclassification/netwrix-data-classification-collector-indexer-and-classifier-threads.md index 8a108f8c0f..8427f8b80f 100644 --- a/docs/kb/dataclassification/netwrix-data-classification-collector-indexer-and-classifier-threads.md +++ b/docs/kb/dataclassification/netwrix-data-classification-collector-indexer-and-classifier-threads.md @@ -41,7 +41,7 @@ The **Collector Threads** slider allows you to set the number of concurrent thre You can set the Collector Threads value in the **NDC Management Web Console** at `http://localhost/conceptQS/Configuration`. -![Collector Threads slider in the NDC Management Web Console configuration page](images/ka0Qk000000FgmvIAC.jpeg) +![Collector Threads slider in the NDC Management Web Console configuration page](./images/ka0Qk000000FgmvIAC.jpeg) > **NOTE:** If you notice a decrease in processing capacity, set the **Collector Threads** slider to `0` to enable dynamic allocation. diff --git a/docs/kb/dataclassification/service-account-password-reset-for-netwrix-data-classification.md b/docs/kb/dataclassification/service-account-password-reset-for-netwrix-data-classification.md index b8d8595ee3..16da0fa323 100644 --- a/docs/kb/dataclassification/service-account-password-reset-for-netwrix-data-classification.md +++ b/docs/kb/dataclassification/service-account-password-reset-for-netwrix-data-classification.md @@ -28,7 +28,7 @@ After resetting the service account password for Netwrix Data Classification the ## Services -![User-added image](images/ka0Qk000000455x_0EM4u000001rDFz.png) +![User-added image](./images/ka0Qk000000455x_0EM4u000001rDFz.png) Update the **Logon As** value for each of the services listed above to reflect the password change. @@ -46,7 +46,7 @@ Open IIS and click **Application Pools** on the left-hand pane. Right-click on t Find the **Identity** and update the password to match the new password for the account, then restart the application pool. -![User-added image](images/ka0Qk000000455x_0EM4u000001rDGn.png) +![User-added image](./images/ka0Qk000000455x_0EM4u000001rDGn.png) ## Taxonomy Global Settings diff --git a/docs/kb/dataclassification/synchronizing-term-sets-using-the-concepttermstoragemanager.md b/docs/kb/dataclassification/synchronizing-term-sets-using-the-concepttermstoragemanager.md index 22a1d5af27..6dbcf0ea64 100644 --- a/docs/kb/dataclassification/synchronizing-term-sets-using-the-concepttermstoragemanager.md +++ b/docs/kb/dataclassification/synchronizing-term-sets-using-the-concepttermstoragemanager.md @@ -31,18 +31,18 @@ Synchronize term set structures between two SharePoint instances via the concept 1. Navigate to `C:\inetpub\wwwroot\conceptQS\bin\conceptTermStoreManager.exe` 2. Run the `conceptTermStoreManager.exe` and observe the following screen: - - ![User-added image](images/ka04u000000HdG0_0EM4u000001rAVf.png) + - ![User-added image](./images/ka04u000000HdG0_0EM4u000001rAVf.png) 3. Click the **Synchronise** box 4. Enter the **Source SharePoint farm** and **Destination SharePoint farm** URLs 5. Provide credentials that have access to the Term Store 6. Click **Next** 7. Check the boxes for each desired term set 8. Use the drop down box to select an action - - ![User-added image](images/ka04u000000HdG0_0EM4u000001rAVp.png) + - ![User-added image](./images/ka04u000000HdG0_0EM4u000001rAVp.png) - In this example, the **Regions** term set will be merged into the existing term sets in the **Taxonomies** term group 9. Click **Next** 10. Review the summary on the final page - - ![User-added image](images/ka04u000000HdG0_0EM4u000001rAW9.png) + - ![User-added image](./images/ka04u000000HdG0_0EM4u000001rAW9.png) - If you wish to ensure terms not found in the source are removed from the destination (Matching GUID), check the **Process Deletions** box - If you wish to prevent any changes from occurring in the destination, check the **Report Only** box - Any changes that would have been made to term sets will be logged to the individual term sets logs, which are visible by clicking the **View Log File** link. diff --git a/docs/kb/dataclassification/using-sharepoint-modern-authentication.md b/docs/kb/dataclassification/using-sharepoint-modern-authentication.md index d2c3b587b1..cbffc8244b 100644 --- a/docs/kb/dataclassification/using-sharepoint-modern-authentication.md +++ b/docs/kb/dataclassification/using-sharepoint-modern-authentication.md @@ -44,11 +44,11 @@ To register a new application, do the following: 2. Search for and select the **Microsoft Entra admin center**. 3. Under the Azure Directory select the **App registrations** section. 4. Select **New registration**. - ![Picture1.png](images/ka0Qk0000000wyT_0EM4u000004dBat.png) + ![Picture1.png](./images/ka0Qk0000000wyT_0EM4u000004dBat.png) 5. In the **Name** field, enter the application name. 6. In the **Supported account types** select who can use this application – use the **Accounts in this organizational directory only** option. 7. Click the **Register** button. - ![Picture2.png](images/ka0Qk0000000wyT_0EM4u000004dBay.png) + ![Picture2.png](./images/ka0Qk0000000wyT_0EM4u000004dBay.png) **NOTE**: Application redirect URL is optional; you can leave it blank on this step. 8. Copy your application ID from the **Overview** section to a safe location. @@ -74,7 +74,7 @@ Do the following: When found, click on the entry and proceed with adding the nec - `Sites.FullControl.All` (Crawling) - `TermStore.ReadWrite.All` (Term Set access) **NOTE**: For taxonomy manager to fully operate you must also make the user `app@sharepoint` a taxonomy admin (or group admin) - ![Picture3.png](images/ka0Qk0000000wyT_0EM4u000004dBb3.png) + ![Picture3.png](./images/ka0Qk0000000wyT_0EM4u000004dBb3.png) 5. Click **Add permissions**. ## Step 4: Configuring Certificates & Secrets diff --git a/docs/kb/dataclassification/workflow-isn-t-running-or-is-running-unexpectedly.md b/docs/kb/dataclassification/workflow-isn-t-running-or-is-running-unexpectedly.md index 8228423615..35ef1ad34f 100644 --- a/docs/kb/dataclassification/workflow-isn-t-running-or-is-running-unexpectedly.md +++ b/docs/kb/dataclassification/workflow-isn-t-running-or-is-running-unexpectedly.md @@ -36,7 +36,7 @@ This article offers step-by-step guidance for resolving common workflow issues. - **Failed to run the workflow** – A basic error message will be displayed that may assist you with troubleshooting the issue. If it doesn't give enough details, then enable workflow trace logging and reclassify the document. Check the Windows Event Logs for details of any issues. - - **No attempts to run the workflow** – Check that the conditions are configured correctly for the workflow and workflow rule. If the workflow and workflow rules are configured correctly, then check the classifications of the document. If the classifications aren't as expected, then please reference the following documentation for the troubleshooting steps: [Classification Troubleshooting](/docs/kb/dataclassification/troubleshooting-and-errors/classification-troubleshooting.md) + - **No attempts to run the workflow** – Check that the conditions are configured correctly for the workflow and workflow rule. If the workflow and workflow rules are configured correctly, then check the classifications of the document. If the classifications aren't as expected, then please reference the following documentation for the troubleshooting steps: [Classification Troubleshooting](/docs/kb/dataclassification/classification-troubleshooting) 3. Filter the workflow logs and check if there are other workflows being run for the document. Workflows run in a priority order. If there is more than one migration action, then the second migration will fail as the document has already been moved. @@ -46,4 +46,4 @@ This typically means that the document has a classification that isn't expected 1. Check the workflow rule conditions. Pay attention to the parameters. Learn more about rule configuration and description of classification rules: https://docs.netwrix.com/docs/dataclassification/5_7 (Configure a Workflow using Advanced dialog ⸱ v5.7) -2. Check the document's classifications. If there is a classification that is not intended, then reference the following documentation for troubleshooting steps: [Classification Troubleshooting](/docs/kb/dataclassification/troubleshooting-and-errors/classification-troubleshooting.md) +2. Check the document's classifications. If there is a classification that is not intended, then reference the following documentation for troubleshooting steps: [Classification Troubleshooting](/docs/kb/dataclassification/classification-troubleshooting) diff --git a/docs/kb/directorymanager/add-active-directory-attribute-to-replication-schema.md b/docs/kb/directorymanager/add-active-directory-attribute-to-replication-schema.md index 6b22122b40..5dc47404dd 100644 --- a/docs/kb/directorymanager/add-active-directory-attribute-to-replication-schema.md +++ b/docs/kb/directorymanager/add-active-directory-attribute-to-replication-schema.md @@ -43,11 +43,11 @@ Add new or custom Active Directory (AD) attributes to the Netwrix Directory Mana 1. Identify the custom or existing AD attribute that is missing from roles, filters, or Smart Group criteria in Netwrix Directory Manager. 2. Log in to the Netwrix Directory Manager Admin Centre. 3. In the navigation pane, select the **Identity Stores** tab. Click the three-dot icon next to the required identity store, and select **Edit**. - ![Options menu for Identity Store in Directory Manager 11](images/ka0Qk000000EMa9_0EMQk00000BZenT.png) + ![Options menu for Identity Store in Directory Manager 11](./images/ka0Qk000000EMa9_0EMQk00000BZenT.png) 4. In the **Settings** pane, locate **Schedules**. Find the **Schema Replication** schedule, click the three-dot icon and select **Run**. - ![Running the Schema Replication schedule in Directory Manager 11](images/ka0Qk000000EMa9_0EMQk00000BZfd5.png) + ![Running the Schema Replication schedule in Directory Manager 11](./images/ka0Qk000000EMa9_0EMQk00000BZfd5.png) 5. Wait five to ten minutes for the schema replication to complete. 6. In the **Settings** pane, select the **Replication** tab. Click **Add Replication Attributes**. - ![Add Replication Attributes in Replication Settings in Directory Manager 11](images/ka0Qk000000EMa9_0EMQk00000BZgCY.png) + ![Add Replication Attributes in Replication Settings in Directory Manager 11](./images/ka0Qk000000EMa9_0EMQk00000BZgCY.png) 7. In the prompt, search for the new or missing attribute, select it, and click **Save**. - ![Searching for attributes in Replication Settings in Directory Manager 11](images/ka0Qk000000EMa9_0EMQk00000BZgUI.png) + ![Searching for attributes in Replication Settings in Directory Manager 11](./images/ka0Qk000000EMa9_0EMQk00000BZgUI.png) diff --git a/docs/kb/directorymanager/adjust-heap-size-for-elasticsearch-service.md b/docs/kb/directorymanager/adjust-heap-size-for-elasticsearch-service.md index efc002a0dd..af8b82ac42 100644 --- a/docs/kb/directorymanager/adjust-heap-size-for-elasticsearch-service.md +++ b/docs/kb/directorymanager/adjust-heap-size-for-elasticsearch-service.md @@ -50,7 +50,7 @@ It is recommended to set both values to the same amount to maintain performance > **NOTE:** Make sure both `Xms` and `Xmx` values are the same. -5. ![Registry Editor showing Xms and Xmx heap size parameters for Elasticsearch](images/ka0Qk000000Dv0T_0EMQk00000BSBWr.png) +5. ![Registry Editor showing Xms and Xmx heap size parameters for Elasticsearch](./images/ka0Qk000000Dv0T_0EMQk00000BSBWr.png) 6. Close the **Registry Editor** after saving the changes. 7. Restart the **GroupIDElasticSearchService11** service for the changes to take effect. diff --git a/docs/kb/directorymanager/asset-export-utility-configuration.md b/docs/kb/directorymanager/asset-export-utility-configuration.md index d439e0be80..a368149e62 100644 --- a/docs/kb/directorymanager/asset-export-utility-configuration.md +++ b/docs/kb/directorymanager/asset-export-utility-configuration.md @@ -41,27 +41,27 @@ This article provides step-by-step instructions for migrating schedules and sync 3. Select the schedules and synchronize jobs to export. 4. Click **Export** and select a folder to save the exported assets. -![Asset Export utility main screen on Directory Manager 10](images/ka0Qk0000004nIH_0EMQk000004nICn.png) ![Selecting schedules and synchronize jobs for export](images/ka0Qk0000004nIH_0EMQk000004nICo.png) ![Export folder selection dialog](images/ka0Qk0000004nIH_0EMQk000004nICp.png) +![Asset Export utility main screen on Directory Manager 10](./images/ka0Qk0000004nIH_0EMQk000004nICn.png) ![Selecting schedules and synchronize jobs for export](./images/ka0Qk0000004nIH_0EMQk000004nICo.png) ![Export folder selection dialog](./images/ka0Qk0000004nIH_0EMQk000004nICp.png) ### Provide the Encryption Key 1. When prompted, enter the encryption key (passphrase) used for database encryption in Directory Manager 10. The key must match the one used in Directory Manager 10 SR 2. -![Encryption key entry screen in Asset Export utility](images/ka0Qk0000004nIH_0EMQk000004nICq.png) +![Encryption key entry screen in Asset Export utility](./images/ka0Qk0000004nIH_0EMQk000004nICq.png) ### Copy Required Folders to Directory Manager 11 Server - Copy the default installation folder of Directory Manager 10 to the Directory Manager 11 server. -![Default installation folder location for Directory Manager 10](images/ka0Qk0000004nIH_0EMQk000004nICr.png) +![Default installation folder location for Directory Manager 10](./images/ka0Qk0000004nIH_0EMQk000004nICr.png) - Copy the `ProgramData` location to the Directory Manager 11 server for synchronize jobs. -![ProgramData folder for synchronize jobs](images/ka0Qk0000004nIH_0EMQk000004nICs.png) +![ProgramData folder for synchronize jobs](./images/ka0Qk0000004nIH_0EMQk000004nICs.png) - Copy the `Reports` folder in ProgramData to the Directory Manager 11 server. -![Reports folder in ProgramData on Directory Manager 11 server](images/ka0Qk0000004nIH_0EMQk000004nICt.png) +![Reports folder in ProgramData on Directory Manager 11 server](./images/ka0Qk0000004nIH_0EMQk000004nICt.png) > **NOTE:** The `schedules` and `synchronize job` folders should be empty (the Asset Export utility will import these files). However, for the `Reports` folder, copy reports from the Directory Manager 10 server for the respective schedules upgrade. @@ -73,7 +73,7 @@ This article provides step-by-step instructions for migrating schedules and sync 4. The schedules and synchronize jobs will be imported into the respective folders on the Directory Manager 11 server. 5. After import, run the upgrade on the Directory Manager 11 server. -![Asset Export utility import screen on Directory Manager 11](images/ka0Qk0000004nIH_0EMQk000004nICu.png) ![Import progress screen](images/ka0Qk0000004nIH_0EMQk000004nICv.png) ![Imported schedules and synchronize jobs in Directory Manager 11](images/ka0Qk0000004nIH_0EMQk000004nICw.png) ![Upgrade process on Directory Manager 11 server](images/ka0Qk0000004nIH_0EMQk000004nICx.png) +![Asset Export utility import screen on Directory Manager 11](./images/ka0Qk0000004nIH_0EMQk000004nICu.png) ![Import progress screen](./images/ka0Qk0000004nIH_0EMQk000004nICv.png) ![Imported schedules and synchronize jobs in Directory Manager 11](./images/ka0Qk0000004nIH_0EMQk000004nICw.png) ![Upgrade process on Directory Manager 11 server](./images/ka0Qk0000004nIH_0EMQk000004nICx.png) ## Related Links diff --git a/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership.md b/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership.md index b8fa93849d..13517adea4 100644 --- a/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership.md +++ b/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership.md @@ -81,17 +81,17 @@ These practices make use of workflows, access controls, and alerts to offer fool ### Related Articles: -- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/security-permissions-and-access-control/walkthrough-search-policy-define-scope-and-filter-results.md) +- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) -- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how-to-import-members-to-a-group-using-self-service-import-wizard.md) +- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard) -- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how_to_trigger_a_workflow_when_a_user_сreates_a_group.md) +- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_сreates_a_group) -- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/configuration-and-integration/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md) +- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal) -- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/security-permissions-and-access-control/best-practices-for-preventing-accidental-data-leakage.md) +- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage) - [Directory Manager Workflows](https://docs.netwrix.com/docs/directorymanager/11_0/signin/workflow/overview) diff --git a/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage.md b/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage.md index eab037e426..46f9a2b160 100644 --- a/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage.md +++ b/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage.md @@ -37,14 +37,14 @@ Netwrix Directory Manager uses an RBAC model through which you can define Securi For more information on how to set up a limit on the search scope for a particular Security Role, visit the following KB article: -- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/security-permissions-and-access-control/walkthrough-search-policy-define-scope-and-filter-results.md) +- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results) ### Using Security Roles to Specify Specific Area Where Groups Can be Created or Have a Fixed and Hidden Path. In Netwrix Directory Manager, you can apply policies to security roles so that role members use Netwrix Directory Manager in keeping with the policy restrictions. Netwrix Directory Manager’s New Object policy enables you to restrict role members to create new groups in a specific OU only. For more information on how to set up a New Object policy for specific security roles, visit the following KB article: -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) ### Importing Membership via Netwrix Directory Manager Bulk Membership Import Feature for Groups Many times, organizations create groups (Security and Distribution) in advance, i.e., before the actual usage of groups. To avoid any critical information being leaked out, it is recommended that such groups be created without populating membership upon creation. @@ -53,21 +53,21 @@ Instead, you can use the **Bulk Import Membership** feature of Netwrix Directory In Netwrix Directory Manager, bulk import of memberships is possible using the Import Wizard available in the Netwrix Directory Manager Portal. The following KB article provides step-by-step instructions to bulk import members into a group: -- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how-to-import-members-to-a-group-using-self-service-import-wizard.md) +- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard) ### Creating Smart Group Without Updating Memberships Another way to ensure that the group memberships do not update beforehand, if a group has been created in advance, is by just previewing the query results of a Smart group without updating the group memberships. A query-based dynamic *smart group* is one whose membership is determined by the supplied criteria. The results can be previewed but not acted upon until needed. Keeping out of the update schedule ensures that membership updates only occur when you manually trigger them. -![User-added image](images/ka0Qk000000Dg6H_0EMQk000001iOqr.png) +![User-added image](./images/ka0Qk000000Dg6H_0EMQk000001iOqr.png) ### Keep Group Hidden from GAL Until it is Ready to be Used Keeping a group and its membership hidden from discoverability by external tools like Outlook can also help you comply with organizational policies for ensuring secrecy. Using the Netwrix Directory Manager Portal, if a mail-enabled group is created, you can hide the group and its membership from the Address Book and GAL in the following way: -![User-added image](images/ka0Qk000000Dg6H_0EMQk000001iOsT.png) +![User-added image](./images/ka0Qk000000Dg6H_0EMQk000001iOsT.png) ### Selecting Appropriate Security Type for Groups During the creation of a group via the Netwrix Directory Manager Portal, you can designate the security type as Private, Semi-Private, or Public. This classification, serving as a pseudo attribute within Netwrix Directory Manager, governs the permission levels for joining the group. It is always recommended to choose Private as the Security Type for sensitive groups. @@ -81,7 +81,7 @@ It is always recommended to ensure/limit the inflow of email messages received b To set Delivery Restrictions via the Netwrix Directory Manager portal, simply search for the group and navigate to the **Delivery Restriction** tab in **Group Properties**. -![User-added image](images/ka0Qk000000Dg6H_0EMQk000001iOu5.png) +![User-added image](./images/ka0Qk000000Dg6H_0EMQk000001iOu5.png) ### Setting up Approver Workflows for the Creation of New Groups One of the most efficient methods to effectively manage the number and quality of groups being created by end users is the implementation of a continuous monitoring process where admins can approve the group being created. @@ -97,17 +97,17 @@ Another way to ensure that no unauthorized message is sent to critical groups is For more information on customization to the portal, visit the following KB article: -- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/configuration-and-integration/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md) +- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal) ### Other Best Practices to Improve Compliance. In addition to the above-mentioned best practices for making sure the production environment is secure and compliant with company policy, visit the following KB article to learn about best practices for controlling changes to group memberships after creation: -- [Best Practices for Controlling Changes to Group Membership](/docs/kb/directorymanager/reporting-export-and-data-management/best-practices-for-controlling-changes-to-group-membership.md) +- [Best Practices for Controlling Changes to Group Membership](/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership) ## Related Articles: -- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/security-permissions-and-access-control/walkthrough-search-policy-define-scope-and-filter-results.md) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) -- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how-to-import-members-to-a-group-using-self-service-import-wizard.md) -- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how_to_trigger_a_workflow_when_a_user_сreates_a_group.md) -- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/configuration-and-integration/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) +- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) +- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard) +- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_сreates_a_group) +- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) diff --git a/docs/kb/directorymanager/bulk-export-and-sort-all-smart-groups-and-dynasties.md b/docs/kb/directorymanager/bulk-export-and-sort-all-smart-groups-and-dynasties.md index f301b8ce4e..0ead9a8ab0 100644 --- a/docs/kb/directorymanager/bulk-export-and-sort-all-smart-groups-and-dynasties.md +++ b/docs/kb/directorymanager/bulk-export-and-sort-all-smart-groups-and-dynasties.md @@ -54,8 +54,8 @@ Get-SmartGroup | select DisplayName, ManagedGroupType | Sort-Object ManagedGroup > **NOTE:** You can change the export directory by updating the file path in the cmdlet (for example, `D:\exports\list.csv`). -![Exported CSV file example](images/ka0Qk000000DvA9_0EMQk00000BSFdi.png) -![Directory Manager Management Shell output](images/ka0Qk000000DvA9_0EMQk00000BSG3V.png) +![Exported CSV file example](./images/ka0Qk000000DvA9_0EMQk00000BSFdi.png) +![Directory Manager Management Shell output](./images/ka0Qk000000DvA9_0EMQk00000BSG3V.png) 5. To retrieve additional details, you can append more attributes to the cmdlet. Example attributes include: - `smartGroupType` diff --git a/docs/kb/directorymanager/bulk-update-smart-group-object-types.md b/docs/kb/directorymanager/bulk-update-smart-group-object-types.md index 90efad2371..c2733e0ea1 100644 --- a/docs/kb/directorymanager/bulk-update-smart-group-object-types.md +++ b/docs/kb/directorymanager/bulk-update-smart-group-object-types.md @@ -37,7 +37,7 @@ Use the Directory Manager Management Shell in Netwrix Directory Manager to bulk Get-SmartGroup -SearchContainer "Distinguished Name of Organizational Unit" -SmartFilter "(IMSGManagedGroupType=2)" | Set-SmartGroup -ObjectTypes "1","2","3" ``` -![PowerShell command to update Smart Group object types in Netwrix Directory Manager Management Shell](images/ka0Qk000000EZ5x_0EMQk00000Bu2Dh.png) +![PowerShell command to update Smart Group object types in Netwrix Directory Manager Management Shell](./images/ka0Qk000000EZ5x_0EMQk00000Bu2Dh.png) 4. This command updates all Smart Groups in the specified OU to include the following object types: - Users with Mailboxes diff --git a/docs/kb/directorymanager/change-log-level-from-error-to-debug-v11.md b/docs/kb/directorymanager/change-log-level-from-error-to-debug-v11.md index 005d6f700a..10f32d987c 100644 --- a/docs/kb/directorymanager/change-log-level-from-error-to-debug-v11.md +++ b/docs/kb/directorymanager/change-log-level-from-error-to-debug-v11.md @@ -38,7 +38,7 @@ By default, Netwrix Directory Manager records only critical errors in its logs. 5. Select **Logging**. 6. Set both **File Logging** and **Windows Logging** to **Debug** using the dropdown lists. 7. Click **Save** to apply the changes. - ![Logging settings in Netwrix Directory Manager application](images/ka0Qk000000EPRZ_0EMQk00000BbJji.png) + ![Logging settings in Netwrix Directory Manager application](./images/ka0Qk000000EPRZ_0EMQk00000BbJji.png) 8. Repeat these steps for each of the following applications: - Replication Service - Admin Center @@ -48,6 +48,6 @@ By default, Netwrix Directory Manager records only critical errors in its logs. - Mobile Service - Scheduler Service -![List of Netwrix Directory Manager services for log configuration](images/ka0Qk000000EPRZ_0EMQk00000BbINr.png) +![List of Netwrix Directory Manager services for log configuration](./images/ka0Qk000000EPRZ_0EMQk00000BbINr.png) 9. Once complete, Netwrix Directory Manager will capture detailed logs for better system monitoring and troubleshooting. diff --git a/docs/kb/directorymanager/change-self-service-portal-url-in-workflow-email-notifications.md b/docs/kb/directorymanager/change-self-service-portal-url-in-workflow-email-notifications.md index e8f1dbe622..e9102a7315 100644 --- a/docs/kb/directorymanager/change-self-service-portal-url-in-workflow-email-notifications.md +++ b/docs/kb/directorymanager/change-self-service-portal-url-in-workflow-email-notifications.md @@ -37,7 +37,7 @@ If you change the hostname for the Netwrix Directory Manager (formerly GroupID) 2. On the **Identity Stores** tab, click the three-dot icon next to the relevant identity store and select **Edit**. 3. Click the **Workflows** tab. Select the workflow for which you want to change the portal URL and click **Edit**. To change the URL in email notifications that alert group owners to approve or deny membership requests, select **Workflow to Join a Group**. - ![Editing a workflow in Directory Manager 11](images/ka0Qk000000EMbl_0EMQk00000Ba629.png) + ![Editing a workflow in Directory Manager 11](./images/ka0Qk000000EMbl_0EMQk00000Ba629.png) 4. In the **Portal URL** box, select the portal URL you want to use. - ![Selecting the Portal URL in Directory Manager 11](images/ka0Qk000000EMbl_0EMQk00000Ba65N.png) + ![Selecting the Portal URL in Directory Manager 11](./images/ka0Qk000000EMbl_0EMQk00000Ba65N.png) 5. Click **Update Workflow** and save your changes. The email notifications for this workflow will now include the specified portal URL. Repeat these steps for each workflow as needed. diff --git a/docs/kb/directorymanager/change-the-default-dynasty-operator.md b/docs/kb/directorymanager/change-the-default-dynasty-operator.md index 884881ae3d..d0f5f1bda7 100644 --- a/docs/kb/directorymanager/change-the-default-dynasty-operator.md +++ b/docs/kb/directorymanager/change-the-default-dynasty-operator.md @@ -63,15 +63,15 @@ You can update the default Dynasty grouping behavior when creating a new Dynasty 1. When creating a new Dynasty, continue through the wizard until you reach the **Dynasty Options** window. 2. Select the attribute you want to group by and click **Edit**. In the **GroupBy settings** dialog, click **Filter**. - ![Dynasty Options in Dynasty Creation Wizard - Netwrix Directory Manager 10](images/ka0Qk000000DUI2_0EMQk000009t78Z.png) + ![Dynasty Options in Dynasty Creation Wizard - Netwrix Directory Manager 10](./images/ka0Qk000000DUI2_0EMQk000009t78Z.png) - ![Dynasty Options in Dynasty Creation Wizard - Netwrix Directory Manager 11](images/ka0Qk000000DUI2_0EMQk000009tEWb.png) + ![Dynasty Options in Dynasty Creation Wizard - Netwrix Directory Manager 11](./images/ka0Qk000000DUI2_0EMQk000009tEWb.png) 3. To change the default operator, choose **Left** and enter the desired number of characters if using **Starts with**. Choose **Right** to switch to **Ends with**. - ![Filter Options in Netwrix Directory Manager 10](images/ka0Qk000000DUI2_0EMQk000009tETN.png) + ![Filter Options in Netwrix Directory Manager 10](./images/ka0Qk000000DUI2_0EMQk000009tETN.png) - ![Filter Options in Netwrix Directory Manager 11](images/ka0Qk000000DUI2_0EMQk000009tEUz.png) + ![Filter Options in Netwrix Directory Manager 11](./images/ka0Qk000000DUI2_0EMQk000009tEUz.png) 4. After saving your changes, the Dynasty will reflect the updated grouping behavior. @@ -81,10 +81,10 @@ You can update the default Dynasty grouping behavior when creating a new Dynasty 2. Navigate to the **Netwrix Directory Manager** tab and click **Options**. 3. Follow steps 2 and 3 in the **Creating a New Dynasty** section above to configure and apply the GroupBy filter. - ![Dynasty Option in an existing parent dynasty in Netwrix Directory Manager 10](images/ka0Qk000000DUI2_0EMQk000009t4Na.png) + ![Dynasty Option in an existing parent dynasty in Netwrix Directory Manager 10](./images/ka0Qk000000DUI2_0EMQk000009t4Na.png) - ![Dynasty Option in an existing parent dynasty in Netwrix Directory Manager 11](images/ka0Qk000000DUI2_0EMQk000009tEI7.png) + ![Dynasty Option in an existing parent dynasty in Netwrix Directory Manager 11](./images/ka0Qk000000DUI2_0EMQk000009tEI7.png) 4. After saving your changes, the Dynasty will reflect the updated grouping behavior. - ![Modified Attribute Filter Example](images/ka0Qk000000DUI2_0EMQk000009tEYD.png) + ![Modified Attribute Filter Example](./images/ka0Qk000000DUI2_0EMQk000009tEYD.png) diff --git a/docs/kb/directorymanager/change-the-default-sort-attribute-for-search-results.md b/docs/kb/directorymanager/change-the-default-sort-attribute-for-search-results.md index c4b4e7847b..708fa199fc 100644 --- a/docs/kb/directorymanager/change-the-default-sort-attribute-for-search-results.md +++ b/docs/kb/directorymanager/change-the-default-sort-attribute-for-search-results.md @@ -30,11 +30,11 @@ This article explains how to configure the default sort attribute for search res ## Instructions 1. In the Netwrix Directory Manager Admin Center, go to **Applications**. For the application or portal where you want to change the setting, click the three dots and select **Settings**. - ![Accessing portal settings in Directory Manager Admin Center](images/ka0Qk000000DvQH_0EMQk00000BSXab.png) + ![Accessing portal settings in Directory Manager Admin Center](./images/ka0Qk000000DvQH_0EMQk00000BSXab.png) 2. Click **Advanced Settings**. In the right pane, find the **Sort Search** option and select your desired sort attribute from the drop-down menu. - ![Selecting the default sort attribute in Advanced Settings](images/ka0Qk000000DvQH_0EMQk00000BSXfR.png) + ![Selecting the default sort attribute in Advanced Settings](./images/ka0Qk000000DvQH_0EMQk00000BSXfR.png) 3. Scroll down and click **Save** to apply your changes. diff --git a/docs/kb/directorymanager/change-the-header-and-footer-logo-in-notifications.md b/docs/kb/directorymanager/change-the-header-and-footer-logo-in-notifications.md index 03c32cc42e..728b6cf3b1 100644 --- a/docs/kb/directorymanager/change-the-header-and-footer-logo-in-notifications.md +++ b/docs/kb/directorymanager/change-the-header-and-footer-logo-in-notifications.md @@ -29,7 +29,7 @@ knowledge_article_id: kA0Qk00000015iPKAQ Can you change the logo in the header and footer of Netwrix Directory Manager notifications? -![Notification Logo Screenshot](images/ka0Qk000000DSOH_0EMQk000004nEE1.png) +![Notification Logo Screenshot](./images/ka0Qk000000DSOH_0EMQk000004nEE1.png) ## Answer diff --git a/docs/kb/directorymanager/collecting-all-log-files-in-v11.md b/docs/kb/directorymanager/collecting-all-log-files-in-v11.md index 255cd72787..f6d95c1bbe 100644 --- a/docs/kb/directorymanager/collecting-all-log-files-in-v11.md +++ b/docs/kb/directorymanager/collecting-all-log-files-in-v11.md @@ -46,4 +46,4 @@ Follow the steps below to use the **Logs Download** feature to collect and save 5. Click **Download**. 6. A zipped file containing the logs will be downloaded to your server's Downloads folder. -![Logs Download screen in Directory Manager Admin Center](images/ka0Qk000000DvID_0EMQk00000BSOM1.png) +![Logs Download screen in Directory Manager Admin Center](./images/ka0Qk000000DvID_0EMQk00000BSOM1.png) diff --git a/docs/kb/directorymanager/configure-email-notifications-for-an-identity-store.md b/docs/kb/directorymanager/configure-email-notifications-for-an-identity-store.md index 8b79d4bbab..38d6c07ecd 100644 --- a/docs/kb/directorymanager/configure-email-notifications-for-an-identity-store.md +++ b/docs/kb/directorymanager/configure-email-notifications-for-an-identity-store.md @@ -34,13 +34,13 @@ Email notifications in Netwrix Directory Manager (formerly GroupID) inform users 2. On the **Identity Stores** tab, double-click the required identity store to open its properties. 3. Select the **Configurations** tab, then click **Notification** in the left pane. -![Notification configuration tab in Directory Manager identity store properties](images/ka0Qk000000EZCP_0EMQk00000BuMPJ.png) +![Notification configuration tab in Directory Manager identity store properties](./images/ka0Qk000000EZCP_0EMQk00000BuMPJ.png) 4. Configure the following notification settings: - **SMTP server:** Enter the IP address or FQDN of the SMTP server that will route notifications. - **From email address:** Enter the sender address for notification emails (for example, `no-reply@domain.com` or `notification@demo.com`). - ![From email address field in notification settings](images/ka0Qk000000EZCP_0EMQk00000BuMNh.png) + ![From email address field in notification settings](./images/ka0Qk000000EZCP_0EMQk00000BuMNh.png) - **Port:** Enter the port number for the SMTP server. - **Test:** After entering the email address and port, click **Test** to verify the server settings. Enter a destination address to send a test notification. If successful, a confirmation message appears and a test email is sent. - **Use SMTP User Authentication:** By default, the credentials of the logged-in user are used. To use a different account, select **Use SMTP User Authentication** and enter the **Username** and **Password** for an authorized account. diff --git a/docs/kb/directorymanager/convert-between-smart-groups-and-static-groups.md b/docs/kb/directorymanager/convert-between-smart-groups-and-static-groups.md index cd3230c275..8a901bd3d6 100644 --- a/docs/kb/directorymanager/convert-between-smart-groups-and-static-groups.md +++ b/docs/kb/directorymanager/convert-between-smart-groups-and-static-groups.md @@ -36,7 +36,7 @@ In Netwrix Directory Manager, you can convert a Smart Group to a static group by 4. Click the **Clear** button next to the Smart Group query. 5. When prompted, click **Clear query text** to confirm. The group will be converted to a static group, and the current membership will remain unchanged. -![Clearing Smart Group query in Directory Manager](images/ka0Qk000000EYrR_0EMQk00000BpDeP.png) +![Clearing Smart Group query in Directory Manager](./images/ka0Qk000000EYrR_0EMQk00000BpDeP.png) ### Convert a Static Group to a Smart Group 1. Log in to the application portal of Netwrix Directory Manager. @@ -45,4 +45,4 @@ In Netwrix Directory Manager, you can convert a Smart Group to a static group by 4. When prompted, confirm the action. The query designer will open, allowing you to specify the LDAP query as required. 5. After confirming the query, the group will be converted to a Smart Group. -![Upgrading a static group to a Smart Group in Directory Manager](images/ka0Qk000000EYrR_0EMQk00000BpDcn.png) +![Upgrading a static group to a Smart Group in Directory Manager](./images/ka0Qk000000EYrR_0EMQk00000BpDcn.png) diff --git a/docs/kb/directorymanager/copy-smart-group-query-criteria-using-import-and-export.md b/docs/kb/directorymanager/copy-smart-group-query-criteria-using-import-and-export.md index d51b9f52f9..74c5615921 100644 --- a/docs/kb/directorymanager/copy-smart-group-query-criteria-using-import-and-export.md +++ b/docs/kb/directorymanager/copy-smart-group-query-criteria-using-import-and-export.md @@ -36,10 +36,10 @@ Netwrix Directory Manager supports exporting and importing Smart Group query def 2. Open the properties of the Smart Group whose criteria you want to copy. 3. Navigate to the **Smart Group** tab and open **Query Designer**. 4. In the Query Designer window, click the three-dot icon and select **Export query**. The JSON file will be downloaded to your default download location. - ![Exporting a Smart Group query in Directory Manager Query Designer](images/ka0Qk000000EYwH_0EMQk00000BpDrJ.png) + ![Exporting a Smart Group query in Directory Manager Query Designer](./images/ka0Qk000000EYwH_0EMQk00000BpDrJ.png) 5. Open the properties of the Smart Group where you want to apply the copied criteria. 6. Navigate to the **Smart Group** tab and open **Query Designer**. 7. In the Query Designer window, click the three-dot icon and select **Import query** to upload the previously exported JSON file. - ![Importing a Smart Group query in Directory Manager Query Designer](images/ka0Qk000000EYwH_0EMQk00000BpBfq.png) + ![Importing a Smart Group query in Directory Manager Query Designer](./images/ka0Qk000000EYwH_0EMQk00000BpBfq.png) 8. Click **Preview** to confirm that the query returns the expected results. 9. Complete the remaining steps of the Smart Group wizard to save your changes. diff --git a/docs/kb/directorymanager/creating-and-managing-dynasties.md b/docs/kb/directorymanager/creating-and-managing-dynasties.md index 229959ddf7..c58698a964 100644 --- a/docs/kb/directorymanager/creating-and-managing-dynasties.md +++ b/docs/kb/directorymanager/creating-and-managing-dynasties.md @@ -52,17 +52,17 @@ The three templates are configurable, whereas the custom Dynasty can fulfill num ### Creating an Organizational Dynasty 1. In Netwrix Directory Manager Portal, select **Create New** > **Organizational Dynasty** template and click **Next**. - ![Selecting Organizational Dynasty template](images/ka0Qk000000Du4P_0EMQk00000BS5BL.png) + ![Selecting Organizational Dynasty template](./images/ka0Qk000000Du4P_0EMQk00000BS5BL.png) 2. On the **Group Options** page, enter the group name, select the container where the group will be created, and specify the group type, scope, and security settings. - ![Group Options page](images/ka0Qk000000Du4P_0EMQk00000BS8nW.png) + ![Group Options page](./images/ka0Qk000000Du4P_0EMQk00000BS8nW.png) 3. On the **Dynasty Options** page, review and modify the attributes that will be used to create child groups. For example, you can remove *Title* and add *Office* as needed. - ![Dynasty Options page](images/ka0Qk000000Du4P_0EMQk00000BS9zh.png) + ![Dynasty Options page](./images/ka0Qk000000Du4P_0EMQk00000BS9zh.png) 4. On the **Query Options** page, review the current configuration of your Dynasty. You can click **Query Designer** to launch the Query Designer, where you can modify the query to filter the objects for group membership. For example, you may filter out disabled users or get a specific employee type. - ![Query Options page](images/ka0Qk000000Du4P_0EMQk00000BRwsy.png) + ![Query Options page](./images/ka0Qk000000Du4P_0EMQk00000BRwsy.png) 5. Once your query is complete, proceed to the **Update Options** page. The Dynasty can be updated manually or via an automated schedule. - ![Update Options page](images/ka0Qk000000Du4P_0EMQk00000BS4Gs.png) + ![Update Options page](./images/ka0Qk000000Du4P_0EMQk00000BS4Gs.png) 6. On the **Owners** page, you can specify additional owners for the group. By default, Netwrix Directory Manager sets the logged-in user as the primary owner. The primary owner will be inherited by all child groups. You can add additional owners by clicking the **Add** button. Users, contacts, and even security groups can be set as additional owners. - ![Owners page](images/ka0Qk000000Du4P_0EMQk00000BS48q.png) + ![Owners page](./images/ka0Qk000000Du4P_0EMQk00000BS48q.png) 7. The **Completion** page gives a summary of the selected settings. Click **Finish**. 8. If you selected **Now** for your update options, a parent Dynasty will be created with the name provided on the **Group Options** page, and child groups will be created according to the configured template. diff --git a/docs/kb/directorymanager/display-groups-with-additional-ownership-in-the-my-groups-tab.md b/docs/kb/directorymanager/display-groups-with-additional-ownership-in-the-my-groups-tab.md index e8b3d4b7e8..c40e5e1153 100644 --- a/docs/kb/directorymanager/display-groups-with-additional-ownership-in-the-my-groups-tab.md +++ b/docs/kb/directorymanager/display-groups-with-additional-ownership-in-the-my-groups-tab.md @@ -30,15 +30,15 @@ Use these steps to configure the **My Groups** tab in Netwrix Directory Manager 1. From the Admin portal, navigate to **Applications** > **your application portal**. 2. Click the three-dot icon and select **Settings**. - ![Admin portal navigation to application portal settings](images/ka0Qk000000EZ4L_0EMQk00000Bsr2b.png) + ![Admin portal navigation to application portal settings](./images/ka0Qk000000EZ4L_0EMQk00000Bsr2b.png) 3. In the settings menu, go to **Advanced Settings** > **Listing Displays**. - ![Advanced settings and listing displays in admin portal](images/ka0Qk000000EZ4L_0EMQk00000Bsr4D.png) + ![Advanced settings and listing displays in admin portal](./images/ka0Qk000000EZ4L_0EMQk00000Bsr4D.png) 4. Find the option for **Display Groups in My Groups** and toggle it to include groups where the user is an additional owner. - ![Toggle for Display Groups in My Groups setting](images/ka0Qk000000EZ4L_0EMQk00000Bsr0z.png) + ![Toggle for Display Groups in My Groups setting](./images/ka0Qk000000EZ4L_0EMQk00000Bsr0z.png) 5. Click **Save** and then **OK** to apply the changes. 6. Log in to the application portal. The **My Groups** page will now display groups for which the logged-in user is an additional owner. 7. Individual users can adjust their own settings in the application portal to view groups they own as both primary and additional owner. After changing this setting, remember to click **Save**. - ![User-level setting to display groups as primary and additional owner](images/ka0Qk000000EZ4L_0EMQk00000Bsr5p.png) + ![User-level setting to display groups as primary and additional owner](./images/ka0Qk000000EZ4L_0EMQk00000Bsr5p.png) diff --git a/docs/kb/directorymanager/displaying-moderators-for-exchange-distribution-lists-in-the-portal.md b/docs/kb/directorymanager/displaying-moderators-for-exchange-distribution-lists-in-the-portal.md index 782fd667b0..6f8bb88b28 100644 --- a/docs/kb/directorymanager/displaying-moderators-for-exchange-distribution-lists-in-the-portal.md +++ b/docs/kb/directorymanager/displaying-moderators-for-exchange-distribution-lists-in-the-portal.md @@ -47,44 +47,44 @@ Follow the instructions below to configure the Netwrix Directory Manager Portal: 2. On the **Replication** tab, click **Add Replication Attributes** and add the required attributes. - ![Replication attribute screenshot](images/ka0Qk000000E76T_0EMQk00000BdPOP.png) + ![Replication attribute screenshot](./images/ka0Qk000000E76T_0EMQk00000BdPOP.png) 3. Click **Settings**. A new page will appear. - ![Portal settings screenshot](images/ka0Qk000000E76T_0EMQk00000BdNHn.png) + ![Portal settings screenshot](./images/ka0Qk000000E76T_0EMQk00000BdNHn.png) 4. Select the appropriate **Identity Store**. - ![Identity Store selection screenshot](images/ka0Qk000000E76T_0EMQk00000BdPHx.png) + ![Identity Store selection screenshot](./images/ka0Qk000000E76T_0EMQk00000BdPHx.png) 5. Under the **Properties** tab, select **Group** from the **Select Directory Object** list. 6. Select **Advanced** in the **Name** list and click the **Pencil** icon. - ![Advanced group design](images/ka0Qk000000E76T_0EMQk00000BdPRd.png) + ![Advanced group design](./images/ka0Qk000000E76T_0EMQk00000BdPRd.png) 7. On the Edit Design Category dialog box, click **Add Field**. - ![Add Field screenshot](images/ka0Qk000000E76T_0EMQk00000BdPJZ.png) + ![Add Field screenshot](./images/ka0Qk000000E76T_0EMQk00000BdPJZ.png) 8. Select `mxExchEnableModeration` from the **Field** list, enter the display name as **Is Moderation Enabled** and set the display type to **Check**. 9. Click **OK** and then click **Add Fields** again. - ![ModeratedByLink field screenshot](images/ka0Qk000000E76T_0EMQk00000BdPLB.png) + ![ModeratedByLink field screenshot](./images/ka0Qk000000E76T_0EMQk00000BdPLB.png) 10. Select `mxExchModeratedByLink`, enter the display name as **Moderators**, and set the display type to **DNs**. 11. Click **OK** and then click **Add Fields** again. - ![A screenshot of adding attribute.](images/ka0Qk000000E76T_0EMQk00000BdDrv.png) + ![A screenshot of adding attribute.](./images/ka0Qk000000E76T_0EMQk00000BdDrv.png) 12. Select `mxExchBypassModerationLink`, enter the display name as **Bypass Moderation**, and set the display type to **DNs**. 13. Click **OK** and then click the **Save** icon at the top of the page. - ![Bypass moderators field screenshot](images/ka0Qk000000E76T_0EMQk00000BdPMn.png) + ![Bypass moderators field screenshot](./images/ka0Qk000000E76T_0EMQk00000BdPMn.png) 14. Launch the **Netwrix Directory Manager Portal**. The new attributes should appear under the **Groups** tab under **Advanced**. - ![Final portal attributes screenshot](images/ka0Qk000000E76T_0EMQk00000BdPQ1.png) + ![Final portal attributes screenshot](./images/ka0Qk000000E76T_0EMQk00000BdPQ1.png) diff --git a/docs/kb/directorymanager/enable-and-configure-workflow-approver-acceleration.md b/docs/kb/directorymanager/enable-and-configure-workflow-approver-acceleration.md index d2fe6e52c7..15dc24cb02 100644 --- a/docs/kb/directorymanager/enable-and-configure-workflow-approver-acceleration.md +++ b/docs/kb/directorymanager/enable-and-configure-workflow-approver-acceleration.md @@ -36,9 +36,9 @@ To address this, Netwrix Directory Manager includes workflow approver accelerati 1. In the Netwrix Directory Manager Management Console, click the **Identity Stores** node. 2. On the **Identity Stores** tab, double-click an identity store to open its properties. 3. On the **Workflow** tab, click the **Advanced Options** link. - ![Workflows tab in Netwrix Directory Manager 10 Identity Properties](images/ka0Qk000000DunZ_0EMQk00000BZ9rj.png) + ![Workflows tab in Netwrix Directory Manager 10 Identity Properties](./images/ka0Qk000000DunZ_0EMQk00000BZ9rj.png) 4. Select the **Enable Approver Acceleration** checkbox to apply the settings and rules to all workflow routes defined for the identity store. - ![Workflow Approver Acceleration in Workflow Options](images/ka0Qk000000DunZ_0EMQk00000BZFvX.png) + ![Workflow Approver Acceleration in Workflow Options](./images/ka0Qk000000DunZ_0EMQk00000BZFvX.png) 5. To disable approver acceleration for a route, see the "Disable Approver Acceleration for a Workflow Route" section. 6. In the **Maximum Levels** box, specify the maximum number of escalation levels (for example, `2`). Requests not approved or denied at the maximum level are routed to the default approver, as specified in group life cycle settings for the identity store. 7. In the **Repeat every days** box, specify the number of days (for example, `5`). If an approver does not act within this period, the request is escalated to the next approver in the chain. @@ -46,9 +46,9 @@ To address this, Netwrix Directory Manager includes workflow approver accelerati ### Enable Workflow Approver Acceleration for an Identity Store in Netwrix Directory Manager 11 1. Log in to the Netwrix Directory Manager Admin Center, click the **Identity Stores** tab, and then edit the required identity store. - ![Identity Stores tab in Netwrix Directory Manager 11 Admin Center](images/ka0Qk000000DunZ_0EMQk00000BZdBR.png) + ![Identity Stores tab in Netwrix Directory Manager 11 Admin Center](./images/ka0Qk000000DunZ_0EMQk00000BZdBR.png) 2. From the Settings pane, select **Workflows**, then select **Advanced Workflow Settings** on the card menu on the right. - ![Advanced Workflow Settings in Netwrix Directory Manager 11](images/ka0Qk000000DunZ_0EMQk00000BZbJK.png) + ![Advanced Workflow Settings in Netwrix Directory Manager 11](./images/ka0Qk000000DunZ_0EMQk00000BZbJK.png) 3. Toggle **Approver Acceleration** and configure the options as needed. Click **Save** at the bottom right of the screen. > **NOTE:** Approver acceleration requires that an SMTP server is configured for the identity store. @@ -68,7 +68,7 @@ Follow the steps below for Netwrix Directory Manager 11: 1. Log in to the Netwrix Directory Manager Admin Center, then navigate to the **Identity Stores** tab from the navigation pane. 2. Click the options (three dots) for the required identity store and select **Edit**. 3. Click **Workflows** from the Settings tab. In the list of workflows, click the options (three dots) for the workflow you want to update, then select **Edit**. - ![Disable Approver Acceleration - Workflow Edit Menu - Netwrix Directory Manager 11](images/ka0Qk000000DunZ_0EMQk00000BZUPv.png) + ![Disable Approver Acceleration - Workflow Edit Menu - Netwrix Directory Manager 11](./images/ka0Qk000000DunZ_0EMQk00000BZUPv.png) 4. Clear the **Approver Acceleration** option and click **Update Workflow**. Then scroll down and click **Save**. 5. This will exempt the workflow from approver acceleration. diff --git a/docs/kb/directorymanager/enable-group-owner-suggestion-for-orphan-groups.md b/docs/kb/directorymanager/enable-group-owner-suggestion-for-orphan-groups.md index 560d992bd1..54af87d3d6 100644 --- a/docs/kb/directorymanager/enable-group-owner-suggestion-for-orphan-groups.md +++ b/docs/kb/directorymanager/enable-group-owner-suggestion-for-orphan-groups.md @@ -40,13 +40,13 @@ There are two ways to address Orphan Groups: 4. Netwrix Directory Manager will suggest a primary owner for an orphan group on the **Owner** tab in group properties. The suggestion is based on group membership. Netwrix Directory Manager checks the managers of group members and suggests the user who appears most frequently as a manager, even if that user is not a group member. 5. Click the **Save** icon on the toolbar. -![Suggest Owner/Manager setting in Directory Manager portal settings](images/ka0Qk000000EWsr_0EMQk00000Bo2pu.png) +![Suggest Owner/Manager setting in Directory Manager portal settings](./images/ka0Qk000000EWsr_0EMQk00000Bo2pu.png) ## Use Owner Suggestion in the Portal 1. Log in to the Netwrix Directory Manager portal. 2. Go to the properties page of an orphan group and click the **Owner** tab. -![Owner tab in group properties showing suggested owner](images/ka0Qk000000EWsr_0EMQk00000BoBA3.png) +![Owner tab in group properties showing suggested owner](./images/ka0Qk000000EWsr_0EMQk00000BoBA3.png) 3. Netwrix Directory Manager will display a suggested owner for the group. 4. Click **Make Owner** to set the suggested user as the group's primary owner. diff --git a/docs/kb/directorymanager/entraid-application-proxy-configuration.md b/docs/kb/directorymanager/entraid-application-proxy-configuration.md index 130a279f69..a4d493dbe5 100644 --- a/docs/kb/directorymanager/entraid-application-proxy-configuration.md +++ b/docs/kb/directorymanager/entraid-application-proxy-configuration.md @@ -34,17 +34,17 @@ This article provides step-by-step instructions for configuring Entra Tenant App ### Configure Entra Tenant Application Proxy -![Entra Tenant Application Proxy configuration screen with key fields visible](images/ka0Qk000000DUWX_0EMQk000004n3iR.png) +![Entra Tenant Application Proxy configuration screen with key fields visible](./images/ka0Qk000000DUWX_0EMQk000004n3iR.png) ### Install Outbound Connector on Directory Manager Machine -![Outbound connector installation window on Directory Manager machine](images/ka0Qk000000DUWX_0EMQk000004n3iS.png) +![Outbound connector installation window on Directory Manager machine](./images/ka0Qk000000DUWX_0EMQk000004n3iS.png) ### Configure Outbound Proxy -![Outbound proxy configuration screen](images/ka0Qk000000DUWX_0EMQk000004n3iT.png) +![Outbound proxy configuration screen](./images/ka0Qk000000DUWX_0EMQk000004n3iT.png) -![Additional outbound proxy configuration options](images/ka0Qk000000DUWX_0EMQk000004n3iU.png) +![Additional outbound proxy configuration options](./images/ka0Qk000000DUWX_0EMQk000004n3iU.png) ### Configure the Application @@ -60,31 +60,31 @@ This article provides step-by-step instructions for configuring Entra Tenant App - Internal URL: `https://onenexx2:4443/` - Link: https://onenexx2:4443/ - ![Application proxy configuration with internal and external URLs](images/ka0Qk000000DUWX_0EMQk000004n3iV.png) + ![Application proxy configuration with internal and external URLs](./images/ka0Qk000000DUWX_0EMQk000004n3iV.png) ### Register the Application and Assign Users 1. Go to **App Registration** and open **All Applications**. - ![App Registration screen showing all applications](images/ka0Qk000000DUWX_0EMQk000004n3iW.png) + ![App Registration screen showing all applications](./images/ka0Qk000000DUWX_0EMQk000004n3iW.png) 2. Assign users to this application. - ![Assigning users to the application in App Registration](images/ka0Qk000000DUWX_0EMQk000004n3iX.png) + ![Assigning users to the application in App Registration](./images/ka0Qk000000DUWX_0EMQk000004n3iX.png) ### Create and Upload an SSL Certificate 1. Create an SSL certificate. - ![SSL certificate creation window](images/ka0Qk000000DUWX_0EMQk000004n3iY.png) + ![SSL certificate creation window](./images/ka0Qk000000DUWX_0EMQk000004n3iY.png) - ![SSL certificate details screen](images/ka0Qk000000DUWX_0EMQk000004n3iZ.png) + ![SSL certificate details screen](./images/ka0Qk000000DUWX_0EMQk000004n3iZ.png) - ![SSL certificate management interface](images/ka0Qk000000DUWX_0EMQk000004n3ia.png) + ![SSL certificate management interface](./images/ka0Qk000000DUWX_0EMQk000004n3ia.png) 2. Upload the certificate. - ![Upload certificate screen](images/ka0Qk000000DUWX_0EMQk000004n3ib.png) + ![Upload certificate screen](./images/ka0Qk000000DUWX_0EMQk000004n3ib.png) > **NOTE:** Self-signed certificates will not work. Add a public certificate instead. You can turn off SSL in the application proxy to test the configuration. @@ -92,7 +92,7 @@ This article provides step-by-step instructions for configuring Entra Tenant App 1. Change the portal URLs to use the external URLs provided by the application proxy. - ![Portal URL configuration screen](images/ka0Qk000000DUWX_0EMQk000004n3ic.png) + ![Portal URL configuration screen](./images/ka0Qk000000DUWX_0EMQk000004n3ic.png) 2. Verify that the changes are reflected in the `svc.client` table and `web.config` file. @@ -101,17 +101,17 @@ This article provides step-by-step instructions for configuring Entra Tenant App - External URL (visible): `https://GroupID10SSP-5l607h.msappproxy.net/GroupID/` - External URL (HREF/target provided by portal): `https://GroupID10SSP-5l607h.msappproxy.net/Directory Manager/` - ![web.config file showing updated external URL](images/ka0Qk000000DUWX_0EMQk000004n3id.png) + ![web.config file showing updated external URL](./images/ka0Qk000000DUWX_0EMQk000004n3id.png) 3. Edit the **Issuer** and **Realm** URLs as needed: - ![Issuer and Realm URL configuration screen](images/ka0Qk000000DUWX_0EMQk000004n3ie.png) + ![Issuer and Realm URL configuration screen](./images/ka0Qk000000DUWX_0EMQk000004n3ie.png) 4. Update the `svc.client` table in the database with the return, error, and realm URLs. > **NOTE:** Paste all URLs with a forward slash at the end. For example: `https://groupid10ssp-5l607h.msappproxy.net/Directory Manager/` -![svc.client table showing updated URLs](images/ka0Qk000000DUWX_0EMQk000004n3if.png) +![svc.client table showing updated URLs](./images/ka0Qk000000DUWX_0EMQk000004n3if.png) ## Related Links diff --git a/docs/kb/directorymanager/export-enrolled-user-reports-with-additional-fields.md b/docs/kb/directorymanager/export-enrolled-user-reports-with-additional-fields.md index 4a679d8bcd..54186f8ba2 100644 --- a/docs/kb/directorymanager/export-enrolled-user-reports-with-additional-fields.md +++ b/docs/kb/directorymanager/export-enrolled-user-reports-with-additional-fields.md @@ -35,7 +35,7 @@ By default, the Netwrix Directory Manager (formerly GroupID) Password Center Hel - Password Expires On - Enrolled With -![Default enrolled users export fields in Directory Manager 10](images/ka0Qk000000EWo1_0EMQk00000Bh5ni.png) +![Default enrolled users export fields in Directory Manager 10](./images/ka0Qk000000EWo1_0EMQk00000Bh5ni.png) However, you cannot add additional fields to the exported file using the Password Center interface, as the design node is not available in the MMC for design changes. As a workaround, you can use the Netwrix Directory Manager management shell to export user data with additional fields such as `SamAccountName` and `Email Address`. diff --git a/docs/kb/directorymanager/export-owners-and-additional-owners-for-groups-using-management-shell.md b/docs/kb/directorymanager/export-owners-and-additional-owners-for-groups-using-management-shell.md index 473cbc9edb..616037debf 100644 --- a/docs/kb/directorymanager/export-owners-and-additional-owners-for-groups-using-management-shell.md +++ b/docs/kb/directorymanager/export-owners-and-additional-owners-for-groups-using-management-shell.md @@ -38,7 +38,7 @@ Get-SmartGroup | Select Name, @{Name="Owner"; Expression={ (Get-User -Identity $ > **NOTE:** To change the directory, replace `C:\smartgroups.csv` with the desired directory path. -![Exporting Smart Group owners and additional owners in Directory Manager Management Shell](images/ka0Qk000000EZ7Z_0EMQk00000BuCxp.png) +![Exporting Smart Group owners and additional owners in Directory Manager Management Shell](./images/ka0Qk000000EZ7Z_0EMQk00000BuCxp.png) 4. To export the owner and additional owner list for all types of groups (managed and unmanaged), run the command below. This cmdlet will provide the owner and additional owner information for all types of groups. diff --git a/docs/kb/directorymanager/generate-a-report-of-all-groups-in-the-domain.md b/docs/kb/directorymanager/generate-a-report-of-all-groups-in-the-domain.md index 693d7dc9d2..4b55e76419 100644 --- a/docs/kb/directorymanager/generate-a-report-of-all-groups-in-the-domain.md +++ b/docs/kb/directorymanager/generate-a-report-of-all-groups-in-the-domain.md @@ -35,21 +35,21 @@ Use the reporting feature in Netwrix Directory Manager to create a list of all g ### Steps to Generate a Report of All Groups 1. Open the Netwrix Directory Manager portal and go to the **Reports** options. - ![Reports options in Directory Manager portal](images/ka0Qk000000EMWv_0EMQk00000BX3X5.png) + ![Reports options in Directory Manager portal](./images/ka0Qk000000EMWv_0EMQk00000BX3X5.png) 2. Select **Group Reports** > **All Groups in the Domain**. 3. Click **Create Report**. This launches the **Create Report** wizard. - ![Create Report wizard in Directory Manager](images/ka0Qk000000EMWv_0EMQk00000BX9nl.png) + ![Create Report wizard in Directory Manager](./images/ka0Qk000000EMWv_0EMQk00000BX9nl.png) 4. On the first page, enter a custom title for your report in the **Report Name** box. The default title is **All Groups in Domain**. 5. Click **Browse** to open the **Select Container** dialog box and select the required source container. The default selection is the Global Catalog. 6. Select the **Include sub-folders** check box to include sub-folders for the selected container in the report. 7. In the **Filter Criteria** section, modify the default LDAP filter as required. This filter is used to select items from the container to display in the report. To add additional filters, click **Add More Filters**. 8. Click **Next**. - ![Filter Criteria section in Create Report wizard](images/ka0Qk000000EMWv_0EMQk00000BXA77.png) + ![Filter Criteria section in Create Report wizard](./images/ka0Qk000000EMWv_0EMQk00000BXA77.png) 9. The **Fields** section displays the fields that will be included in the report. You can add or remove fields from the list, and you can move fields to change their order. 10. From the **Sort By** drop-down list, select the field by which you want to sort the results in the report. 11. From the **Schedule** drop-down list, select the schedule for the report. If you select a schedule, the report will run automatically at the specified time. 12. Click **Finish**. - ![Report results in Directory Manager](images/ka0Qk000000EMWv_0EMQk00000BXAK1.png) + ![Report results in Directory Manager](./images/ka0Qk000000EMWv_0EMQk00000BXAK1.png) 13. The report is displayed based on the settings you configured in the portal. The report includes the following information: - Connected identity store name - Selected container diff --git a/docs/kb/directorymanager/generating-a-report-on-users-who-never-logged-on.md b/docs/kb/directorymanager/generating-a-report-on-users-who-never-logged-on.md index 5f29c15005..3c97e2091b 100644 --- a/docs/kb/directorymanager/generating-a-report-on-users-who-never-logged-on.md +++ b/docs/kb/directorymanager/generating-a-report-on-users-who-never-logged-on.md @@ -29,16 +29,16 @@ This article provides step-by-step instructions for generating a report on users ## Instructions 1. Navigate to the **Application Portal** and click **Reports**. - ![Reports section in the Application Portal](images/ka0Qk000000Dtxx_0EMQk00000BSNt0.png) + ![Reports section in the Application Portal](./images/ka0Qk000000Dtxx_0EMQk00000BSNt0.png) 2. In the new tab that opens, click **User Reports**. - ![User Reports section](images/ka0Qk000000Dtxx_0EMQk00000BSOST.png) + ![User Reports section](./images/ka0Qk000000Dtxx_0EMQk00000BSOST.png) 3. Sort the reports by clicking the **Title** column. Locate the report titled **Users Who Never Logged On** on the second page and click it. - ![Sorting and selecting the Users Who Never Logged On report](images/ka0Qk000000Dtxx_0EMQk00000BSOU5.png) + ![Sorting and selecting the Users Who Never Logged On report](./images/ka0Qk000000Dtxx_0EMQk00000BSOU5.png) 4. Click **Create Report**. - ![Create Report button](images/ka0Qk000000Dtxx_0EMQk00000BSOQr.png) + ![Create Report button](./images/ka0Qk000000Dtxx_0EMQk00000BSOQr.png) 5. On the **Create Report** page, configure the following settings: - **Report Name:** Enter a descriptive name, such as "Users Who Never Logged On."" @@ -50,7 +50,7 @@ This article provides step-by-step instructions for generating a report on users - `lastLogonTimeStamp` – Not Present: Captures accounts that have never logged in. Use the **Add More Filters** option for additional criteria. - ![Create Report configuration page](images/ka0Qk000000Dtxx_0EMQk00000BSLmM.png) + ![Create Report configuration page](./images/ka0Qk000000Dtxx_0EMQk00000BSLmM.png) 6. Customize the report output by selecting the fields to display: - Use the **Add Field** button to add or remove fields. @@ -66,11 +66,11 @@ This article provides step-by-step instructions for generating a report on users 8. Optionally, schedule the report generation by selecting a predefined job from the dropdown menu in the **Scheduled Job** section. 9. Click **Finish** to complete the report generation process. - ![Finish button to complete report generation](images/ka0Qk000000Dtxx_0EMQk00000BSKYY.png) + ![Finish button to complete report generation](./images/ka0Qk000000Dtxx_0EMQk00000BSKYY.png) ## Viewing and Managing the Report After clicking **Finish**, the report results will display all users who have never logged into their accounts. -![Report results showing users who never logged on](images/ka0Qk000000Dtxx_0EMQk00000BSLMa.png) +![Report results showing users who never logged on](./images/ka0Qk000000Dtxx_0EMQk00000BSLMa.png) Additional actions you can perform include: - Pin Report: Pin the report for quick access on the dashboard. diff --git a/docs/kb/directorymanager/hide-distribution-lists-from-end-users-in-portal.md b/docs/kb/directorymanager/hide-distribution-lists-from-end-users-in-portal.md index f0b3c6568b..7dad781157 100644 --- a/docs/kb/directorymanager/hide-distribution-lists-from-end-users-in-portal.md +++ b/docs/kb/directorymanager/hide-distribution-lists-from-end-users-in-portal.md @@ -41,6 +41,6 @@ In some environments, it may be necessary to prevent end users from viewing dist 5. Save the settings in the security roles. 6. Sign out of the Netwrix Directory Manager portal and sign in again with an account that is part of the user security role to verify the change. -![LDAP filter settings in Netwrix Directory Manager security role](images/ka0Qk000000EYmb_0EMQk00000BoN3A.png) +![LDAP filter settings in Netwrix Directory Manager security role](./images/ka0Qk000000EYmb_0EMQk00000BoN3A.png) > **NOTE:** For Universal and Global distribution groups, the `sAMAccountType` value is **268435457**. For Domain local distribution groups, the value is **536870913**. diff --git a/docs/kb/directorymanager/hide-reports-entitlements-and-synchronize-tabs-in-the-user-portal.md b/docs/kb/directorymanager/hide-reports-entitlements-and-synchronize-tabs-in-the-user-portal.md index 6a01853cce..428f047e1b 100644 --- a/docs/kb/directorymanager/hide-reports-entitlements-and-synchronize-tabs-in-the-user-portal.md +++ b/docs/kb/directorymanager/hide-reports-entitlements-and-synchronize-tabs-in-the-user-portal.md @@ -29,7 +29,7 @@ Netwrix Directory Manager 11 ## Overview By default, the **Synchronize**, **Reports**, and **Entitlements** tabs appear on the navigation bar in the Netwrix Directory Manager User Portal. You can control which users see these tabs by adjusting their access level settings. Restricting access ensures that only users with the appropriate roles can view or use these options. -![Navigation bar in Directory Manager User Portal showing Synchronize, Reports, and Entitlements tabs](images/ka0Qk000000EMez_0EMQk00000BbHoM.png) +![Navigation bar in Directory Manager User Portal showing Synchronize, Reports, and Entitlements tabs](./images/ka0Qk000000EMez_0EMQk00000BbHoM.png) ## Instructions @@ -37,21 +37,21 @@ By default, the **Synchronize**, **Reports**, and **Entitlements** tabs appear o 1. Go to the **Admin Center**. 2. Navigate to **Applications**. 3. Open the **Settings** for the portal you want to apply the changes to. - ![Portal settings in Directory Manager Admin Center](images/ka0Qk000000EMez_0EMQk00000BbBHX.png) + ![Portal settings in Directory Manager Admin Center](./images/ka0Qk000000EMez_0EMQk00000BbBHX.png) 4. Go to **Design Settings** and expand **Identity Store**. 5. Select **Navigation Bar**. 6. Click the **Dropdown List** and select **External Links**. - ![External Links dropdown in Navigation Bar settings](images/ka0Qk000000EMez_0EMQk00000BbIFm.png) + ![External Links dropdown in Navigation Bar settings](./images/ka0Qk000000EMez_0EMQk00000BbIFm.png) 7. Edit **Entitlements**. 8. In the **Access Level** list, select a security role: - The **Entitlements** link will be visible to users of this role and any roles with a higher priority. - To hide the link from all users, select **Never**. - To allow only **Administrators** to see it, select **Administrator** (users in roles below Administrator will not have access). - ![Access Level settings for Entitlements tab](images/ka0Qk000000EMez_0EMQk00000BbH6o.png) + ![Access Level settings for Entitlements tab](./images/ka0Qk000000EMez_0EMQk00000BbH6o.png) 9. Click **OK** to save the changes. 10. Log in to the **Netwrix Directory Manager Portal** to verify the changes. - ![Portal view after hiding tabs](images/ka0Qk000000EMez_0EMQk00000BbJN7.png) + ![Portal view after hiding tabs](./images/ka0Qk000000EMez_0EMQk00000BbJN7.png) 11. Repeat these steps for the **Reports** and **Synchronize** tabs. Edit each tab individually and set the **Access Level** as required. 12. Once configured, users without the required access level will no longer see the **Reports**, **Entitlements**, and **Synchronize** tabs in the portal. -![Portal navigation bar with hidden tabs](images/ka0Qk000000EMez_0EMQk00000BbJYP.png) +![Portal navigation bar with hidden tabs](./images/ka0Qk000000EMez_0EMQk00000BbJYP.png) diff --git a/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md b/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md index 3e122b6d92..432830725e 100644 --- a/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md +++ b/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md @@ -53,7 +53,7 @@ Follow the below-provided instructions to customize the portal: 1. In the **Netwrix Directory Manager Admin Center Portal**, select **Self-Service** **GroupID Portals** **[required portal]** **Triple Dot button** **Settings**. - ![User-added image](images/ka0Qk000000D2Dh_0EMQk000001gaph.png) + ![User-added image](./images/ka0Qk000000D2Dh_0EMQk000001gaph.png) 2. Under the **Design Settings** tab, select the **Identity Store** you want to customize in the portal. @@ -61,33 +61,33 @@ Follow the below-provided instructions to customize the portal: 4. Select **Advanced** in the **Name** list and click **Edit**. - ![User-added image](images/ka0Qk000000D2Dh_0EMQk000001garJ.png) + ![User-added image](./images/ka0Qk000000D2Dh_0EMQk000001garJ.png) 5. On the **Edit Design Category** dialog box, click **Add Field**. - ![User-added image](images/ka0Qk000000D2Dh_0EMQk000001gasv.png) + ![User-added image](./images/ka0Qk000000D2Dh_0EMQk000001gasv.png) 6. Select the `mxExchEnableModeration` attribute in the **Field** list, enter the display name as **Is Moderator Enabled** and set the display type to **Check**. - ![User-added image](images/ka0Qk000000D2Dh_0EMQk000001gauX.png) + ![User-added image](./images/ka0Qk000000D2Dh_0EMQk000001gauX.png) 7. Click **Add** on the dialog boxes and then click **Add Field** again on the **Edit Design Category**. 8. Select the `mxExchModeratedByLink` attribute in the **Field** list, enter the display name as **Moderators**, and set the display type to **DNs**. - ![User-added image](images/ka0Qk000000D2Dh_0EMQk000001gaxl.png) + ![User-added image](./images/ka0Qk000000D2Dh_0EMQk000001gaxl.png) 9. Click **Add** on the dialog boxes and then click **Add Fields** again on the **Edit Design Category**. 10. Select the `mxExchBypassModerationLink` attribute in the **Field** list, enter the display name as **Bypass Moderators**, and set the display type to **DNs**. - ![User-added image](images/ka0Qk000000D2Dh_0EMQk000001gazN.png) + ![User-added image](./images/ka0Qk000000D2Dh_0EMQk000001gazN.png) 11. Click **Add** on the dialog boxes and then click the **Save** button to save the settings. 12. Launch the **Netwrix Directory Manager** portal. You should be able to see the newly added attributes in the **Group’s Properties** under the **Advanced** tab. - ![User-added image](images/ka0Qk000000D2Dh_0EMQk000001gb0z.png) + ![User-added image](./images/ka0Qk000000D2Dh_0EMQk000001gb0z.png) @@ -96,14 +96,14 @@ Follow the below-provided instructions to customize the portal: ## Related Articles: - [Customize Properties Pages](https://docs.netwrix.com/docs/directorymanager/11_0/signin/service/mobileservice/design/objectproperties) -- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/security-permissions-and-access-control/walkthrough-search-policy-define-scope-and-filter-results.md) +- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) -- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how-to-import-members-to-a-group-using-self-service-import-wizard.md) +- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard) -- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how_to_trigger_a_workflow_when_a_user_сreates_a_group.md) +- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_сreates_a_group) - [Best Practices for Controlling Changes to Group Membership](https://docs.netwrix.com/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership#netwrix-directory-manager-best-practices) -- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/security-permissions-and-access-control/best-practices-for-preventing-accidental-data-leakage.md) +- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage) diff --git a/docs/kb/directorymanager/how-to-allow-users-to-create-specific-objects-in-user-portal.md b/docs/kb/directorymanager/how-to-allow-users-to-create-specific-objects-in-user-portal.md index dbaccfcfcd..7227e6d816 100644 --- a/docs/kb/directorymanager/how-to-allow-users-to-create-specific-objects-in-user-portal.md +++ b/docs/kb/directorymanager/how-to-allow-users-to-create-specific-objects-in-user-portal.md @@ -34,21 +34,21 @@ To grant or deny permission to create specific objects in the Netwrix Directory 1. Open the Netwrix Directory Manager Admin Portal at `https://servername/AdminCenter/`. Navigate to **Identity Stores**. Under an identity store's name, click the three dots (**...**) to edit it. - ![Identity Stores list with edit option highlighted in Directory Manager Admin Portal](images/ka0Qk000000CuJN_0EMQk00000BSXU9.png) + ![Identity Stores list with edit option highlighted in Directory Manager Admin Portal](./images/ka0Qk000000CuJN_0EMQk00000BSXU9.png) 2. In the identity store's properties, click the **Security Roles** tab. Select the role you want to modify and click **Edit**. - ![Security Roles tab and Edit button in Directory Manager Admin Portal](images/ka0Qk000000CuJN_0EMQk00000BSXPJ.png) + ![Security Roles tab and Edit button in Directory Manager Admin Portal](./images/ka0Qk000000CuJN_0EMQk00000BSXPJ.png) 3. On the **Role Properties** page, click the **Permissions** tab. - ![Permissions tab in Role Properties in Directory Manager Admin Portal](images/ka0Qk000000CuJN_0EMQk00000BSXNh.png) + ![Permissions tab in Role Properties in Directory Manager Admin Portal](./images/ka0Qk000000CuJN_0EMQk00000BSXNh.png) 4. The **Create** permissions for the User portal are shown in the following images: - ![Create permissions for object types in Directory Manager User portal](images/ka0Qk000000CuJN_0EMQk00000BSXQv.png) + ![Create permissions for object types in Directory Manager User portal](./images/ka0Qk000000CuJN_0EMQk00000BSXQv.png) - ![Additional create permissions for object types in Directory Manager User portal](images/ka0Qk000000CuJN_0EMQk00000BSXVl.png) + ![Additional create permissions for object types in Directory Manager User portal](./images/ka0Qk000000CuJN_0EMQk00000BSXVl.png) 5. Select the **Allow** option for **Group** and **Contact** object types to permit creation. Select the **Deny** option for all other object types to restrict creation. @@ -56,4 +56,4 @@ To grant or deny permission to create specific objects in the Netwrix Directory When you allow the role to create *groups* and *contacts* using the portal, the result will look like this: -![User portal showing only group and contact creation options](images/ka0Qk000000CuJN_0EMQk00000BSXSX.png) +![User portal showing only group and contact creation options](./images/ka0Qk000000CuJN_0EMQk00000BSXSX.png) diff --git a/docs/kb/directorymanager/how-to-allow-users-to-only-create-distribution-groups.md b/docs/kb/directorymanager/how-to-allow-users-to-only-create-distribution-groups.md index d27facdd64..3b2c3532f2 100644 --- a/docs/kb/directorymanager/how-to-allow-users-to-only-create-distribution-groups.md +++ b/docs/kb/directorymanager/how-to-allow-users-to-only-create-distribution-groups.md @@ -32,20 +32,20 @@ By default, users can create both distribution and security groups using the Net ## Steps: 1. In the NDM Admin Center, select **Applications >** Under **Netwrix Directory Manager Portal**, select the **three dots** button on your portal > Click **Settings**. - ![NDM Admin Center - Portal Settings](images/ka0Qk000000EECn_0EMQk00000CtNBZ.png) + ![NDM Admin Center - Portal Settings](./images/ka0Qk000000EECn_0EMQk00000CtNBZ.png) 2. On the **Server Settings** tab, under **Design Settings**, select your identity store. 3. Click the **Create Object** tab > Under **Select Directory Object**, select **Group**. In the **Name** list, select **General** and click **Edit**. - ![Create Object - Group General](images/ka0Qk000000EECn_0EMQk00000CtNDB.png) + ![Create Object - Group General](./images/ka0Qk000000EECn_0EMQk00000CtNDB.png) 4. On the **Edit Category** dialog box, select **Group Type** in the **Fields** area and click **Edit**. - ![Edit Category - Group Type](images/ka0Qk000000EECn_0EMQk00000CtN9x.png) + ![Edit Category - Group Type](./images/ka0Qk000000EECn_0EMQk00000CtN9x.png) 5. On the **Edit Field** dialog box, click **Advanced options**. 6. Make sure that under **Default Value**, nothing is selected. If there is already a value, clear it out. - ![Edit Field - Advanced Options and Default Value](images/ka0Qk000000EECn_0EMQk00000CtN8L.png) + ![Edit Field - Advanced Options and Default Value](./images/ka0Qk000000EECn_0EMQk00000CtN8L.png) 7. Also, make sure that the checkbox named **Is Read Only** is unchecked / not selected > Click **OK** > Scroll down and **Save** your changes. @@ -54,13 +54,13 @@ By default, users can create both distribution and security groups using the Net 9. On the **Server Settings** tab, under **Design Settings**, select your portal. 10. Select **Custom Display Types** > Then under **Custom Display Types**, select **groupType** from the list and click the **Edit** button. - ![Custom Display Types - groupType](images/ka0Qk000000EECn_0EMQk00000CtNEn.png) + ![Custom Display Types - groupType](./images/ka0Qk000000EECn_0EMQk00000CtNEn.png) 11. A new dialog box named **Edit Radio Display Type** will open. - ![Edit Radio Display Type dialog](images/ka0Qk000000EECn_0EMQk00000CtNGP.png) + ![Edit Radio Display Type dialog](./images/ka0Qk000000EECn_0EMQk00000CtNGP.png) 12. Under the **Edit Radio Display Type** dialog box, edit the option named **Security** > Change its **Visibility** to **Administrator** > Then edit the option named **Distribution** and make sure its **Visibility** is set to **User** (this will be the default value here). - ![Edit Radio Display Type - Visibility Settings](images/ka0Qk000000EECn_0EMQk00000CtLOI.png) + ![Edit Radio Display Type - Visibility Settings](./images/ka0Qk000000EECn_0EMQk00000CtLOI.png) 13. If you see any other option in this mini window besides **Security** and **Distribution**, edit them and set their **Visibility** to **Never**. Scroll down and **Save** your changes. diff --git a/docs/kb/directorymanager/how-to-apply-real-time-data-validation.md b/docs/kb/directorymanager/how-to-apply-real-time-data-validation.md index 43fc97dff2..80ebf73156 100644 --- a/docs/kb/directorymanager/how-to-apply-real-time-data-validation.md +++ b/docs/kb/directorymanager/how-to-apply-real-time-data-validation.md @@ -42,7 +42,7 @@ Netwrix Directory Manager validates data according to rules for uniqueness and s 5. Enter a name for the display type in the **Name** box. 6. From the **Type** list, select *Textbox* and click **OK**. -![Creating a textbox display type with real-time validation in Netwrix Directory Manager](images/ka0Qk000000FE97_0EMQk00000BxDMI.png) +![Creating a textbox display type with real-time validation in Netwrix Directory Manager](./images/ka0Qk000000FE97_0EMQk00000BxDMI.png) 7. Enter a value in the **Default Value** box to set it as the default for the text box. Users can modify this value in the portal. 8. In the **Regular Expression** box, type a regular expression to validate data entered in the text box. Leave this box blank if you do not want to apply a validation rule. diff --git a/docs/kb/directorymanager/how-to-change-a-user-s-membership-type.md b/docs/kb/directorymanager/how-to-change-a-user-s-membership-type.md index 6dc9774103..cc6f05793a 100644 --- a/docs/kb/directorymanager/how-to-change-a-user-s-membership-type.md +++ b/docs/kb/directorymanager/how-to-change-a-user-s-membership-type.md @@ -45,6 +45,6 @@ Netwrix Directory Manager allows you to add users to Active Directory groups as 2. Select the group on the **Search Results** page and click **Properties** on the toolbar. The **Members** tab in group properties lists the group members. 3. To change a member's membership type, click anywhere in the respective row to make it editable. Select **Temporary Member** from the **Membership** column then specify the membership period using the **Beginning** and **Ending** fields. Other membership options are described in the table above. -![Editing membership type and period for a group member in Directory Manager](images/ka0Qk000000FGZ7_0EMQk00000C65MH.png) +![Editing membership type and period for a group member in Directory Manager](./images/ka0Qk000000FGZ7_0EMQk00000C65MH.png) 4. Save the changes. diff --git a/docs/kb/directorymanager/how-to-change-the-user-session-timeout-for-portals.md b/docs/kb/directorymanager/how-to-change-the-user-session-timeout-for-portals.md index 535b0f31c3..4840eb1647 100644 --- a/docs/kb/directorymanager/how-to-change-the-user-session-timeout-for-portals.md +++ b/docs/kb/directorymanager/how-to-change-the-user-session-timeout-for-portals.md @@ -48,4 +48,4 @@ The file is available at the following locations for the respective portals: ``` 3. Set the value in minutes as needed. If the key does not exist, add the line and save the changes. -![web.config file showing sessiontimeout key under appSettings section](images/ka0Qk000000CsUT_0EMQk00000BP4Jp.png) +![web.config file showing sessiontimeout key under appSettings section](./images/ka0Qk000000CsUT_0EMQk00000BP4Jp.png) diff --git a/docs/kb/directorymanager/how-to-copy-the-design-of-portal-via-sql-query.md b/docs/kb/directorymanager/how-to-copy-the-design-of-portal-via-sql-query.md index 68445a3319..703d65deda 100644 --- a/docs/kb/directorymanager/how-to-copy-the-design-of-portal-via-sql-query.md +++ b/docs/kb/directorymanager/how-to-copy-the-design-of-portal-via-sql-query.md @@ -33,7 +33,7 @@ This article provides step-by-step instructions for copying a portal design betw 1. Go to the database used with the test server. 2. Select the database and create a new query. - ![SQL Server Management Studio new query window with database selected](images/ka0Qk000000DSzN_0EMQk000004n9O2.png) + ![SQL Server Management Studio new query window with database selected](./images/ka0Qk000000DSzN_0EMQk000004n9O2.png) 3. Enter the following query: ```sql @@ -48,13 +48,13 @@ WHERE ClientId = @toClient AND IdentityStoreId = @tostore ``` 4. In `@fromClient`, enter the Client ID of the portal you want to copy. For example, to copy the design of Portal 1, use Client ID 11. - ![PortalDesigns table showing Client ID and Identity Store ID values](images/ka0Qk000000DSzN_0EMQk000004nLdh.png) + ![PortalDesigns table showing Client ID and Identity Store ID values](./images/ka0Qk000000DSzN_0EMQk000004nLdh.png) 5. In `@fromStore`, enter the Identity Store ID. For example, use 2. - ![Identity Store ID value in PortalDesigns table](images/ka0Qk000000DSzN_0EMQk000004nH3t.png) + ![Identity Store ID value in PortalDesigns table](./images/ka0Qk000000DSzN_0EMQk000004nH3t.png) 6. In `@toClient` and `@toStore`, enter the Client ID and Identity Store ID for the target portal. For example, Client ID 13 and Store ID 2. 7. Run the query. 8. The following screenshot shows the executed query: - ![Screenshot of executed SQL query](images/ka0Qk000000DSzN_0EMQk000004nLfJ.png) + ![Screenshot of executed SQL query](./images/ka0Qk000000DSzN_0EMQk000004nLfJ.png) ### Copy the Design with the Same SQL Server and Different Databases @@ -76,11 +76,11 @@ WHERE ClientId = @toClient AND IdentityStoreId = @tostore 3. In `@fromClient`, `@fromStore`, `@toClient`, and `@toStore`, enter the appropriate Client ID and Store ID values as described above. 4. In `[toDB]`, enter the database name of the production portal. - ![Screenshot of SQL query for copying design between databases](images/ka0Qk000000DSzN_0EMQk000004nLgv.png) + ![Screenshot of SQL query for copying design between databases](./images/ka0Qk000000DSzN_0EMQk000004nLgv.png) 5. In `[fromDB]`, enter the database name of the test portal. 6. Run the query. 7. The following screenshot shows the executed query: - ![Screenshot of executed SQL query for different databases](images/ka0Qk000000DSzN_0EMQk000004nLiX.png) + ![Screenshot of executed SQL query for different databases](./images/ka0Qk000000DSzN_0EMQk000004nLiX.png) ### Copy the Design with Different SQL Servers and Databases @@ -91,17 +91,17 @@ Environment: Test server configured with **DB1**, production server configured w 3. Create a new linked server. 4. In the **New Linked Server** window, enter the name of the server you want to link. 5. Select **Server type** as **SQL Server**. - ![Linked server properties window](images/ka0Qk000000DSzN_0EMQk000004nIXn.png) + ![Linked server properties window](./images/ka0Qk000000DSzN_0EMQk000004nIXn.png) 6. Select **Security** from the left pane, choose the appropriate login option, and enter the server credentials. 7. Click **OK**. The linked server will appear in the list. - ![Linked server security settings](images/ka0Qk000000DSzN_0EMQk000004nIXo.png) + ![Linked server security settings](./images/ka0Qk000000DSzN_0EMQk000004nIXo.png) -![Linked server shown in SQL Server Management Studio](images/ka0Qk000000DSzN_0EMQk000004nIXp.png) +![Linked server shown in SQL Server Management Studio](./images/ka0Qk000000DSzN_0EMQk000004nIXp.png) 8. Go to the Netwrix Directory Manager portal of the test server and make the required changes to the portal design. 9. Return to SQL Server. 10. Right-click the server and select **New Query**. - ![SQL Server Management Studio new query window for linked server](images/ka0Qk000000DSzN_0EMQk000004nIXq.png) + ![SQL Server Management Studio new query window for linked server](./images/ka0Qk000000DSzN_0EMQk000004nIXq.png) 11. Enter the following query: ```sql @@ -120,9 +120,9 @@ WHERE ClientId = @toClient AND IdentityStoreId = @tostore 12. In `@fromClient`, `@fromStore`, `@toClient`, and `@toStore`, enter the appropriate Client ID and Store ID values as described above. 13. In `[toSourceServer]`, enter the server name of the production server. - ![Linked server name entry in SQL query](images/ka0Qk000000DSzN_0EMQk000004nIXr.png) + ![Linked server name entry in SQL query](./images/ka0Qk000000DSzN_0EMQk000004nIXr.png) 14. In `[fromSourceServer]`, enter the server name of the test server. 15. In `[fromDB]` and `[toDB]`, enter the database names as described above. 16. Execute the query. -![Screenshot of executed SQL query for linked server](images/ka0Qk000000DSzN_0EMQk000004nIXs.png) +![Screenshot of executed SQL query for linked server](./images/ka0Qk000000DSzN_0EMQk000004nIXs.png) diff --git a/docs/kb/directorymanager/how-to-delegate-password-reset-privileges-in-self-service-portal.md b/docs/kb/directorymanager/how-to-delegate-password-reset-privileges-in-self-service-portal.md index 28b84f8011..8cb9807ceb 100644 --- a/docs/kb/directorymanager/how-to-delegate-password-reset-privileges-in-self-service-portal.md +++ b/docs/kb/directorymanager/how-to-delegate-password-reset-privileges-in-self-service-portal.md @@ -35,7 +35,7 @@ This article explains how to delegate the password reset function to users in th 4. Click the **Navigation bar** tab. 5. In the **Tab** list, select *Users* and click **Edit**. 6. On the **Edit Tab** dialog box, select **Reset Password** in the **Links** section and click **Edit**. - ![Edit Tab dialog with Reset Password link highlighted](images/ka0Qk000000DtrV_0EMQk00000BSBJx.png) + ![Edit Tab dialog with Reset Password link highlighted](./images/ka0Qk000000DtrV_0EMQk00000BSBJx.png) 7. From the **Access Level** list on the **Edit Link** dialog box, select a security role. This role and any roles with a higher priority value can reset the passwords of other users through the Self-Service portal. 8. Click **OK** to close the dialog boxes and then save the changes. diff --git a/docs/kb/directorymanager/how-to-display-nested-group-ownership-in-the-my-groups-page.md b/docs/kb/directorymanager/how-to-display-nested-group-ownership-in-the-my-groups-page.md index 6158fa1575..7d20fb4d3b 100644 --- a/docs/kb/directorymanager/how-to-display-nested-group-ownership-in-the-my-groups-page.md +++ b/docs/kb/directorymanager/how-to-display-nested-group-ownership-in-the-my-groups-page.md @@ -34,12 +34,12 @@ Some groups in Active Directory are owned by a security group. You may want memb ## Instructions 1. In the Directory Manager Admin Center, select **Applications**. Under **Directory Manager Portal**, select the **three dots** button for your portal, then click **Settings**. - ![Directory Manager Admin Center with Settings option highlighted under Directory Manager Portal](images/ka0Qk000000Dxjp_0EMQk00000BYF1V.png) + ![Directory Manager Admin Center with Settings option highlighted under Directory Manager Portal](./images/ka0Qk000000Dxjp_0EMQk00000BYF1V.png) 2. On the **Server Settings** tab, click **Advanced Settings**. Select **Listings Display**, then enable the **Display Nested Ownership** option. - ![Advanced Settings in Server Settings tab with Display Nested Ownership option enabled](images/ka0Qk000000Dxjp_0EMQk00000BYEzt.png) + ![Advanced Settings in Server Settings tab with Display Nested Ownership option enabled](./images/ka0Qk000000Dxjp_0EMQk00000BYEzt.png) 3. Scroll to the bottom of the page and click **Save** to apply your changes. - ![Save button at the bottom of the settings page in Directory Manager Admin Center](images/ka0Qk000000Dxjp_0EMQk00000BYEyH.png) + ![Save button at the bottom of the settings page in Directory Manager Admin Center](./images/ka0Qk000000Dxjp_0EMQk00000BYEyH.png) diff --git a/docs/kb/directorymanager/how-to-enforce-group-type-as-distribution-or-security-v10.md b/docs/kb/directorymanager/how-to-enforce-group-type-as-distribution-or-security-v10.md index e2e6936687..3598ae0844 100644 --- a/docs/kb/directorymanager/how-to-enforce-group-type-as-distribution-or-security-v10.md +++ b/docs/kb/directorymanager/how-to-enforce-group-type-as-distribution-or-security-v10.md @@ -31,9 +31,9 @@ This article explains how you can enforce the Group Type as `Distribution` in th ## Instructions 1. In the Directory Manager Admin Center, go to **Applications** > **Directory Manager Portals** and locate the required portal. 2. Once you have chosen the required portal, click the three-dot icon on the portal then click **Settings**. - ![Steps 1-2](images/ka0Qk000000DusP_0EMQk00000C19C1.png) + ![Steps 1-2](./images/ka0Qk000000DusP_0EMQk00000C19C1.png) 3. Under **Application Settings**, select an identity store from the **Design Settings** section. - ![Step 3](images/ka0Qk000000DusP_0EMQk00000C13Mk.png) + ![Step 3](./images/ka0Qk000000DusP_0EMQk00000C13Mk.png) 4. Click the **Create Object** tab. 5. In the **Select Directory Object** list, choose **Group**. 6. In the **Name** list, select **General** and click **Edit**. diff --git a/docs/kb/directorymanager/how-to-enforce-group-type-as-distribution-or-security-v11.md b/docs/kb/directorymanager/how-to-enforce-group-type-as-distribution-or-security-v11.md index 1d23d09fa7..7651fd1713 100644 --- a/docs/kb/directorymanager/how-to-enforce-group-type-as-distribution-or-security-v11.md +++ b/docs/kb/directorymanager/how-to-enforce-group-type-as-distribution-or-security-v11.md @@ -45,7 +45,7 @@ Netwrix Directory Manager allows you to customize the Create wizard for director - Select the **Is Read Only** checkbox. - Or set the **Visibility Role** to `Never`. - ![Set Group Type as Distribution and restrict editing](images/ka0Qk000000Duu1_0EMQk00000BS90Q.png) + ![Set Group Type as Distribution and restrict editing](./images/ka0Qk000000Duu1_0EMQk00000BS90Q.png) 11. To enforce the `Distribution` group type for a specific role (for example, Role C), set the visibility level to a role with a higher priority than Role C. Only users with the selected role or higher can modify the group type. Users with Role C or lower will not be able to change the default selection. 12. Click **OK** to close the dialog boxes and save your changes. @@ -53,4 +53,4 @@ Netwrix Directory Manager allows you to customize the Create wizard for director ## Expected Results In the Create Group wizard in the Directory Manager portal, the **Group Type** field will be set to `Distribution` by default. Users will not be able to change the group type, so all new groups will be created as distribution lists only. -![Create Group wizard with Group Type set to Distribution](images/ka0Qk000000Duu1_0EMQk00000BS31S.png) +![Create Group wizard with Group Type set to Distribution](./images/ka0Qk000000Duu1_0EMQk00000BS31S.png) diff --git a/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou.md b/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou.md index d564ab1878..44b5270bbd 100644 --- a/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou.md +++ b/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou.md @@ -43,9 +43,9 @@ Netwrix Directory Manager’s **New Object** policy enables you to restrict role The selected OU appears below the **Groups** option. - ![User-added image](images/ka0Qk000000Dg4f_0EMQk000001f3Kk.png) + ![User-added image](./images/ka0Qk000000Dg4f_0EMQk000001f3Kk.png) - ![User-added image](images/ka0Qk000000Dg4f_0EMQk000001f68v.png) + ![User-added image](./images/ka0Qk000000Dg4f_0EMQk000001f68v.png) 7. Click **OK**. 8. Click **Update Security Role** and then **Save**. @@ -53,10 +53,10 @@ Now when members of the security role try to create groups, they will be created ## Related Articles: -- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/security-permissions-and-access-control/walkthrough-search-policy-define-scope-and-filter-results.md) -- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how-to-import-members-to-a-group-using-self-service-import-wizard.md) -- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how_to_trigger_a_workflow_when_a_user_сreates_a_group.md) -- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/configuration-and-integration/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md) +- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results) +- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard) +- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_сreates_a_group) +- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal) - [Best Practices for Controlling Changes to Group Membership](https://docs.netwrix.com/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership#netwrix-directory-manager-best-practices) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) -- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/security-permissions-and-access-control/best-practices-for-preventing-accidental-data-leakage.md) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) +- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage) diff --git a/docs/kb/directorymanager/how-to-generate-a-report-on-all-groups-with-report-to-originator-set-to-false-or-true.md b/docs/kb/directorymanager/how-to-generate-a-report-on-all-groups-with-report-to-originator-set-to-false-or-true.md index 8cb8fc9ecd..c710c11511 100644 --- a/docs/kb/directorymanager/how-to-generate-a-report-on-all-groups-with-report-to-originator-set-to-false-or-true.md +++ b/docs/kb/directorymanager/how-to-generate-a-report-on-all-groups-with-report-to-originator-set-to-false-or-true.md @@ -37,16 +37,16 @@ Netwrix Directory Manager (formerly GroupID) allows you to generate reports on a ### Generate a Report for All Groups with Report to Originator Set to False 1. Open the Netwrix Directory Manager Portal and go to the **Reports** options. 2. Select **Group Reports** > **All groups with report to originator set to False**. - ![Group Reports section in Directory Manager Reports module](images/ka0Qk000000FXID_0EMQk00000BxOMY.png) + ![Group Reports section in Directory Manager Reports module](./images/ka0Qk000000FXID_0EMQk00000BxOMY.png) 3. Click **Create Report** to launch the **Create Report** wizard. 4. On the first page, specify a custom title for your report in the **Report Name** box if desired. The default title is **All Groups with Report to Originator Set to False**. - ![Create Report wizard in Directory Manager](images/ka0Qk000000FXID_0EMQk00000BxQsz.png) + ![Create Report wizard in Directory Manager](./images/ka0Qk000000FXID_0EMQk00000BxQsz.png) 5. Click **Browse** to open the **Select Container** dialog box and select the required source container. The default selection is the **Global Catalog**. 6. Select the **Include sub containers** check box to include sub-containers for the selected container. 7. In the **Filter Criteria** section, modify the default LDAP filter as required. To add additional filters, click **Add More Filters**. 8. Click **Next**. 9. In the **Fields** section, add or remove fields as needed and adjust their order. - ![Fields section in Create Report wizard](images/ka0Qk000000FXID_0EMQk00000BxIu1.png) + ![Fields section in Create Report wizard](./images/ka0Qk000000FXID_0EMQk00000BxIu1.png) 10. From the **Sort By** drop-down list, select the field by which to sort the report results. 11. From the **Schedule** drop-down list, select a schedule for the report if desired. The report will run automatically at the specified time. 12. Click **Finish**. @@ -57,7 +57,7 @@ Netwrix Directory Manager (formerly GroupID) allows you to generate reports on a - Date the report was created - Filter applied - List of report results - ![Sample report output in Directory Manager](images/ka0Qk000000FXID_0EMQk00000BxR5t.png) + ![Sample report output in Directory Manager](./images/ka0Qk000000FXID_0EMQk00000BxR5t.png) 14. The report is listed in the template's page. You can create multiple reports from the same template. 15. To download the report, click **Download** and select the format (PDF, Excel, or HTML). 16. You can also pin the report to the Dashboard by clicking **Pin Report**. @@ -65,16 +65,16 @@ Netwrix Directory Manager (formerly GroupID) allows you to generate reports on a ### Generate a Report for All Groups with Report to Originator Set to True 1. Open the Netwrix Directory Manager Portal and go to the **Reports** options. 2. Select **Group Reports** > **All groups with report to originator set to True**. - ![Group Reports section for report to originator set to True](images/ka0Qk000000FXID_0EMQk00000BxHL4.png) + ![Group Reports section for report to originator set to True](./images/ka0Qk000000FXID_0EMQk00000BxHL4.png) 3. Click **Create Report** to launch the **Create Report** wizard. 4. On the first page, specify a custom title for your report in the **Report Name** box if desired. The default title is **All Groups with Report to Originator Set to True**. - ![Create Report wizard for report to originator set to True](images/ka0Qk000000FXID_0EMQk00000BxMhJ.png) + ![Create Report wizard for report to originator set to True](./images/ka0Qk000000FXID_0EMQk00000BxMhJ.png) 5. Click **Browse** to open the **Select Container** dialog box and select the required source container. The default selection is the **Global Catalog**. 6. Select the **Include sub containers** check box to include sub-containers for the selected container. 7. In the **Filter Criteria** section, modify the default LDAP filter as required. To add additional filters, click **Add More Filters**. 8. Click **Next**. 9. In the **Fields** section, add or remove fields as needed and adjust their order. - ![Fields section in Create Report wizard for report to originator set to True](images/ka0Qk000000FXID_0EMQk00000BxMpN.png) + ![Fields section in Create Report wizard for report to originator set to True](./images/ka0Qk000000FXID_0EMQk00000BxMpN.png) 10. From the **Sort By** drop-down list, select the field by which to sort the report results. 11. From the **Schedule** drop-down list, select a schedule for the report if desired. The report will run automatically at the specified time. 12. Click **Finish**. @@ -85,7 +85,7 @@ Netwrix Directory Manager (formerly GroupID) allows you to generate reports on a - Date the report was created - Filter applied - List of report results - ![Sample report output for report to originator set to True](images/ka0Qk000000FXID_0EMQk00000BxMuD.png) + ![Sample report output for report to originator set to True](./images/ka0Qk000000FXID_0EMQk00000BxMuD.png) 14. The report is listed in the template's page. You can create multiple reports from the same template. 15. To download the report, click **Download** and select the format (PDF, Excel, or HTML). 16. You can also pin the report to the Dashboard by clicking **Pin Report**. diff --git a/docs/kb/directorymanager/how-to-identify-groups-without-owners.md b/docs/kb/directorymanager/how-to-identify-groups-without-owners.md index 7c7cdda613..a80be1c2d8 100644 --- a/docs/kb/directorymanager/how-to-identify-groups-without-owners.md +++ b/docs/kb/directorymanager/how-to-identify-groups-without-owners.md @@ -30,22 +30,22 @@ This article shows how to use the Reports module in Netwrix Directory Manager 11 1. In the Directory Manager application portal, click the **Reports** tab on the left side of the dashboard page. - ![Directory Manager application portal with Reports tab highlighted on the dashboard](images/ka0Qk000000Dxof_0EMQk00000BSZAz.png) + ![Directory Manager application portal with Reports tab highlighted on the dashboard](./images/ka0Qk000000Dxof_0EMQk00000BSZAz.png) 2. When the Reports module opens, click the **Group Reports** tab on the left side of the page. - ![Group Reports tab selected in the Reports module](images/ka0Qk000000Dxof_0EMQk00000BSZ69.png) + ![Group Reports tab selected in the Reports module](./images/ka0Qk000000Dxof_0EMQk00000BSZ69.png) 3. To find groups without a primary owner, run the report titled **Groups with no owner**. - ![Groups with no owner report selected in Group Reports](images/ka0Qk000000Dxof_0EMQk00000BSZ9N.png) + ![Groups with no owner report selected in Group Reports](./images/ka0Qk000000Dxof_0EMQk00000BSZ9N.png) 4. To find groups without additional owners, run the report titled **Groups without additional owners**. - ![Groups without additional owners report selected in Group Reports](images/ka0Qk000000Dxof_0EMQk00000BSZ7l.png) + ![Groups without additional owners report selected in Group Reports](./images/ka0Qk000000Dxof_0EMQk00000BSZ7l.png) 5. To find groups without both primary and additional owners, run either of the above reports. In the **Report Generation** wizard, replace the LDAP query with your custom query as needed. - ![Report Generation wizard with LDAP query field](images/ka0Qk000000Dxof_0EMQk00000BSXh5.png) + ![Report Generation wizard with LDAP query field](./images/ka0Qk000000Dxof_0EMQk00000BSXh5.png) 6. Complete the wizard. The generated report will show groups that do not have a primary owner or additional owners. diff --git a/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard.md b/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard.md index d751d42f13..adae271afb 100644 --- a/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard.md +++ b/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard.md @@ -39,7 +39,7 @@ The process to import members is discussed in these steps: 1. Launch the Netwrix Directory Manager portal and search for the Group you would like to import members into. 2. Navigate to the **Members** tab and click on the **Import** button to launch the Import Wizard. - ![User-added image](images/ka0Qk000000Dfzp_0EMQk000001fbhN.png) + ![User-added image](./images/ka0Qk000000Dfzp_0EMQk000001fbhN.png) 3. On the **Membership Lifecycle** page, specify whether the imported members will remain in the group permanently or temporarily. Provide the following information and click **Next**. @@ -56,26 +56,26 @@ The process to import members is discussed in these steps: Members are added to the group on the date in the From box. - ![User-added image](images/ka0Qk000000Dfzp_0EMQk000001fbkb.png) + ![User-added image](./images/ka0Qk000000Dfzp_0EMQk000001fbkb.png) 4. On the **Data Source** page, select and configure the data source that contains the objects to import to the group. You can choose between a **Local File** such as TXT, CSV, XLS, XLSX, and XML or an **External Data Source** such as SQL DB, ODBC, SCIM providers, etc. - ![User-added image](images/ka0Qk000000Dfzp_0EMQk000001fYTO.png) + ![User-added image](./images/ka0Qk000000Dfzp_0EMQk000001fYTO.png) - For an **External Data Source**, provide LDAP Criteria and an External Source in the Query Designer. - ![User-added image](images/ka0Qk000000Dfzp_0EMQk000001fbpR.png) + ![User-added image](./images/ka0Qk000000Dfzp_0EMQk000001fbpR.png) Click on the **Query Designer** button and provide the Data Source from where you would like to import the Membership. - ![User-added image](images/ka0Qk000000Dfzp_0EMQk000001fc5Z.png) + ![User-added image](./images/ka0Qk000000Dfzp_0EMQk000001fc5Z.png) - For the **Local File**, simply upload the relevant file. - ![User-added image](images/ka0Qk000000Dfzp_0EMQk000001fc8n.png) + ![User-added image](./images/ka0Qk000000Dfzp_0EMQk000001fc8n.png) 5. Click **Next**. - ![User-added image](images/ka0Qk000000Dfzp_0EMQk000001fcDd.png) + ![User-added image](./images/ka0Qk000000Dfzp_0EMQk000001fcDd.png) 6. On the **Import Options** step, select the search option and map the data source fields to the corresponding Active Directory fields. The wizard matches the values of the mapped fields to determine the objects to import. @@ -86,15 +86,15 @@ The process to import members is discussed in these steps: 8. Click **Next** to preview the objects returned for adding as group members. - ![User-added image](images/ka0Qk000000Dfzp_0EMQk000001fVfD.png) + ![User-added image](./images/ka0Qk000000Dfzp_0EMQk000001fVfD.png) 9. Click **Finish**. ### Related Articles: -- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/security-permissions-and-access-control/walkthrough-search-policy-define-scope-and-filter-results.md) -- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how-to-import-members-to-a-group-using-self-service-import-wizard.md) -- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how_to_trigger_a_workflow_when_a_user_сreates_a_group.md) -- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/configuration-and-integration/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md) +- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results) +- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard) +- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_сreates_a_group) +- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal) - [Best Practices for Controlling Changes to Group Membership](https://docs.netwrix.com/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership#netwrix-directory-manager-best-practices) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) -- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/security-permissions-and-access-control/best-practices-for-preventing-accidental-data-leakage.md) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) +- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage) diff --git a/docs/kb/directorymanager/how-to-limit-searchable-object-types-in-user-portals.md b/docs/kb/directorymanager/how-to-limit-searchable-object-types-in-user-portals.md index 4191e1e0c8..b38d9e5865 100644 --- a/docs/kb/directorymanager/how-to-limit-searchable-object-types-in-user-portals.md +++ b/docs/kb/directorymanager/how-to-limit-searchable-object-types-in-user-portals.md @@ -32,19 +32,19 @@ By default, the **Find** dialog box in Netwrix Directory Manager 11 portals allo ## Instructions 1. In the **Netwrix Directory Manager Admin Center**, go to **Applications**. For the application or portal where you want to implement this setting, click the three dots (**...**) and select **Settings**. - ![Applications page in Netwrix Directory Manager Admin Center with settings option highlighted](images/ka0Qk000000CzVx_0EMQk00000BYFKr.png) + ![Applications page in Netwrix Directory Manager Admin Center with settings option highlighted](./images/ka0Qk000000CzVx_0EMQk00000BYFKr.png) 2. On the next page, click **Advanced Settings**. Under the **Portal & Search** tab on the right, find the option named **Find Dialogue / Look For**. Uncheck **Groups** and **Contacts** to limit searches to user objects only. - ![Advanced Settings with Find Dialogue / Look For options in Netwrix Directory Manager](images/ka0Qk000000CzVx_0EMQk00000BYFJF.png) + ![Advanced Settings with Find Dialogue / Look For options in Netwrix Directory Manager](./images/ka0Qk000000CzVx_0EMQk00000BYFJF.png) 3. Scroll down and click the **Save** button to apply your changes. ## Impact Before making this change, the **Find** dialog box allows searches for *Users*, *Contacts*, and *Groups*: -![Find dialog box showing all object types: Users, Contacts, and Groups](images/ka0Qk000000CzVx_0EMQk00000BYFMT.png) +![Find dialog box showing all object types: Users, Contacts, and Groups](./images/ka0Qk000000CzVx_0EMQk00000BYFMT.png) After updating the settings to allow only **Users**, the **Find** dialog box will display only the *User* object type in searches: -![Find dialog box showing only User object type](images/ka0Qk000000CzVx_0EMQk00000BYFHd.png) +![Find dialog box showing only User object type](./images/ka0Qk000000CzVx_0EMQk00000BYFHd.png) diff --git a/docs/kb/directorymanager/how-to-limit-users-to-search-only-for-user-objects.md b/docs/kb/directorymanager/how-to-limit-users-to-search-only-for-user-objects.md index 8340eb061d..9b7294a24d 100644 --- a/docs/kb/directorymanager/how-to-limit-users-to-search-only-for-user-objects.md +++ b/docs/kb/directorymanager/how-to-limit-users-to-search-only-for-user-objects.md @@ -31,11 +31,11 @@ By default, the **Find** dialog box allows users to search for all object types, 1. In the **Directory Manager Admin Center**, go to **Applications**. Locate the desired application/portal and click the three-dot icon to select **Settings**. - ![Accessing application settings in Netwrix Directory Manager Admin Center](images/ka0Qk000000FGyv_0EMQk00000CAMWb.png) + ![Accessing application settings in Netwrix Directory Manager Admin Center](./images/ka0Qk000000FGyv_0EMQk00000CAMWb.png) 2. Click **Advanced Settings**. Under the **Portal & Search** tab on the right, locate the **Find Dialogue / Look For** option. Uncheck **Groups** and **Contacts** to limit searches to User objects only. - ![Configuring Find Dialogue object types in Advanced Settings](images/ka0Qk000000FGyv_0EMQk00000CAMYD.png) + ![Configuring Find Dialogue object types in Advanced Settings](./images/ka0Qk000000FGyv_0EMQk00000CAMYD.png) 3. Scroll down and click **Save** to apply your changes. @@ -43,8 +43,8 @@ By default, the **Find** dialog box allows users to search for all object types, By default, the **Find** dialog box allows searches for *Users*, *Contacts*, and *Groups*. -![Default Find dialog box showing all object types](images/ka0Qk000000FGyv_0EMQk00000CAMUz.png) +![Default Find dialog box showing all object types](./images/ka0Qk000000FGyv_0EMQk00000CAMUz.png) After applying the configuration, the **Find** dialog box will display only the **User** object type in searches. -![Find dialog box limited to User object type](images/ka0Qk000000FGyv_0EMQk00000CALUk.png) +![Find dialog box limited to User object type](./images/ka0Qk000000FGyv_0EMQk00000CALUk.png) diff --git a/docs/kb/directorymanager/how-to-modify-expiring-group-email-template.md b/docs/kb/directorymanager/how-to-modify-expiring-group-email-template.md index d5fe5433ff..325ea66b52 100644 --- a/docs/kb/directorymanager/how-to-modify-expiring-group-email-template.md +++ b/docs/kb/directorymanager/how-to-modify-expiring-group-email-template.md @@ -31,17 +31,17 @@ By default, the Group Lifecycle notification email in Netwrix Directory Manager ## Instructions 1. In the Netwrix Directory Manager Admin Center, select **Notifications** then **Notification Editor**. - ![Notification Editor in Directory Manager Admin Center](images/ka0Qk000000D8m9_0EMQk00000BpGZ3.png) + ![Notification Editor in Directory Manager Admin Center](./images/ka0Qk000000D8m9_0EMQk00000BpGZ3.png) 2. On the next page, you will see a list of all notifications in Netwrix Directory Manager. Search for the notification named `GLMExpiredNotify`. Under **Actions**, click **Edit**. - ![List of notifications with Edit option in Directory Manager](images/ka0Qk000000D8m9_0EMQk00000BpGXR.png) + ![List of notifications with Edit option in Directory Manager](./images/ka0Qk000000D8m9_0EMQk00000BpGXR.png) 3. Select the **Source Code** tab and go to line 44. This line contains the consequence of not renewing a group. Edit the text as needed to include your custom message. - ![Source Code tab with editable email body in Directory Manager](images/ka0Qk000000D8m9_0EMQk00000BpGaf.png) + ![Source Code tab with editable email body in Directory Manager](./images/ka0Qk000000D8m9_0EMQk00000BpGaf.png) 4. After making your changes, go to the **Interactive** tab to preview the results in a clean, easy-to-read format. - ![Interactive tab showing email preview in Directory Manager](images/ka0Qk000000D8m9_0EMQk00000BpGcH.png) + ![Interactive tab showing email preview in Directory Manager](./images/ka0Qk000000D8m9_0EMQk00000BpGcH.png) 5. If you are satisfied with the output, return to the **Source Code** tab and click **Save**. Confirm your changes by clicking **Save** again. - ![Save button in Source Code tab in Directory Manager](images/ka0Qk000000D8m9_0EMQk00000BpCs2.png) - ![Confirmation of saved changes in Directory Manager](images/ka0Qk000000D8m9_0EMQk00000BpGdt.png) + ![Save button in Source Code tab in Directory Manager](./images/ka0Qk000000D8m9_0EMQk00000BpCs2.png) + ![Confirmation of saved changes in Directory Manager](./images/ka0Qk000000D8m9_0EMQk00000BpGdt.png) diff --git a/docs/kb/directorymanager/how-to-notify-objects-when-a-profile-is-modified.md b/docs/kb/directorymanager/how-to-notify-objects-when-a-profile-is-modified.md index 76a957cde4..67e7396d65 100644 --- a/docs/kb/directorymanager/how-to-notify-objects-when-a-profile-is-modified.md +++ b/docs/kb/directorymanager/how-to-notify-objects-when-a-profile-is-modified.md @@ -41,17 +41,17 @@ Notifications are generated for events such as group renewal, expiry policy chan ## Instructions 1. In Netwrix Directory Manager Admin Center, select **Identity Stores**. For your identity store, click the three dots (**...**) and select **Edit**. - ![Identity Stores list with edit option highlighted in Directory Manager Admin Center](images/ka0Qk000000D8kX_0EMQk00000BpFwM.png) + ![Identity Stores list with edit option highlighted in Directory Manager Admin Center](./images/ka0Qk000000D8kX_0EMQk00000BpFwM.png) 2. On the next page, click **Configurations**. - ![Configurations button in Directory Manager Admin Center](images/ka0Qk000000D8kX_0EMQk00000BpG9G.png) + ![Configurations button in Directory Manager Admin Center](./images/ka0Qk000000D8kX_0EMQk00000BpG9G.png) 3. Click **Notifications**. - ![Notifications button in Directory Manager Admin Center](images/ka0Qk000000D8kX_0EMQk00000BpGCT.png) + ![Notifications button in Directory Manager Admin Center](./images/ka0Qk000000D8kX_0EMQk00000BpGCT.png) 4. Under the **Also Notify** option, select the checkbox for **Object being modified**. - ![Also Notify option with Object being modified checkbox selected](images/ka0Qk000000D8kX_0EMQk00000BpG9H.png) + ![Also Notify option with Object being modified checkbox selected](./images/ka0Qk000000D8kX_0EMQk00000BpG9H.png) 5. Scroll down and click the **Save** button. ## Impact For example, if an administrator changes the **Notes** field of a user account in Active Directory, the user whose account was modified will receive an email notification about the change. -![Sample email notification sent to user after profile modification in Directory Manager](images/ka0Qk000000D8kX_0EMQk00000BpGAr.png) +![Sample email notification sent to user after profile modification in Directory Manager](./images/ka0Qk000000D8kX_0EMQk00000BpGAr.png) diff --git a/docs/kb/directorymanager/how-to-replace-logo-on-landing-page.md b/docs/kb/directorymanager/how-to-replace-logo-on-landing-page.md index 2197f1305d..6a76cec76e 100644 --- a/docs/kb/directorymanager/how-to-replace-logo-on-landing-page.md +++ b/docs/kb/directorymanager/how-to-replace-logo-on-landing-page.md @@ -30,7 +30,7 @@ Netwrix Directory Manager 11 – Directory Manager Portal Can you replace the logo and picture on the landing page of the Netwrix Directory Manager portal? -![Directory Manager portal landing page with default logo and image](images/ka0Qk000000De4T_0EMQk00000BO0Jt.png) +![Directory Manager portal landing page with default logo and image](./images/ka0Qk000000De4T_0EMQk00000BO0Jt.png) ## Answer @@ -43,7 +43,7 @@ Yes, you are able to replace the logo and picture. This can be acheived by follo 2. Replace the file named `imanami-logos-master-1@3x.webp`. **IMPORTANT:** The new file must have the same name, size, and extension as the original. -![Directory showing imanami-logos-master-1@3x.webp file](images/ka0Qk000000De4T_0EMQk00000BNz9K.png) +![Directory showing imanami-logos-master-1@3x.webp file](./images/ka0Qk000000De4T_0EMQk00000BNz9K.png) > **IMPORTANT:** Take a backup of the original file before replacing it. @@ -54,7 +54,7 @@ Yes, you are able to replace the logo and picture. This can be acheived by follo 2. Replace the file named `groupid-3x.webp`. **IMPORTANT:** The new file must have the same name, size, and extension as the original. -![Directory showing groupid-3x.webp file](images/ka0Qk000000De4T_0EMQk00000BO3JN.png) +![Directory showing groupid-3x.webp file](./images/ka0Qk000000De4T_0EMQk00000BO3JN.png) > **IMPORTANT:** Take a backup of the original file before replacing it. @@ -62,4 +62,4 @@ Yes, you are able to replace the logo and picture. This can be acheived by follo 1. Open the landing page of the Directory Manager portal in incognito mode to verify that the logo and image have been updated. -![Directory Manager portal landing page with updated logo and image](images/ka0Qk000000De4T_0EMQk00000BNzAx.png) +![Directory Manager portal landing page with updated logo and image](./images/ka0Qk000000De4T_0EMQk00000BNzAx.png) diff --git a/docs/kb/directorymanager/how-to-replace-logo-on-sign-in-page.md b/docs/kb/directorymanager/how-to-replace-logo-on-sign-in-page.md index 96d0b1d8a8..42e04a140d 100644 --- a/docs/kb/directorymanager/how-to-replace-logo-on-sign-in-page.md +++ b/docs/kb/directorymanager/how-to-replace-logo-on-sign-in-page.md @@ -24,7 +24,7 @@ knowledge_article_id: kA0Qk00000015yXKAQ Can you replace the logo on the sign-in page of the Netwrix Directory Manager (formerly Netwrix GroupID) portal? -![Sign-in Page Screenshot](images/ka0Qk000000DGa1_0EMQk000004nK9l.png) +![Sign-in Page Screenshot](./images/ka0Qk000000DGa1_0EMQk000004nK9l.png) ## Answer @@ -33,8 +33,8 @@ Yes, this can be done by replacing the image file in the Netwrix Directory Manag 1. Navigate to `C:\Program Files\Imanami\GroupID 11.0\GroupIDSecurityService\Inetpub\GroupIDSecurityService\Web\wwwroot\Content\Images` 2. Replace the image file named `vector-smart-object.png`, ensuring the file name, size, and extension remain the same. -![Replacement Image Screenshot](images/ka0Qk000000DGa1_0EMQk000004nK9m.png) +![Replacement Image Screenshot](./images/ka0Qk000000DGa1_0EMQk000004nK9m.png) > **NOTE:** Take a backup of the original file. -![Final Result Screenshot](images/ka0Qk000000DGa1_0EMQk000004nK9n.png) +![Final Result Screenshot](./images/ka0Qk000000DGa1_0EMQk000004nK9n.png) diff --git a/docs/kb/directorymanager/how-to-replace-the-password-center-portal-logo.md b/docs/kb/directorymanager/how-to-replace-the-password-center-portal-logo.md index e78caab65f..bd8e780894 100644 --- a/docs/kb/directorymanager/how-to-replace-the-password-center-portal-logo.md +++ b/docs/kb/directorymanager/how-to-replace-the-password-center-portal-logo.md @@ -29,7 +29,7 @@ Netwrix Directory Manager 11.1 – Directory Manager Portal ## Question Can you replace the logo on the Password Center portal in Netwrix Directory Manager (formerly GroupID)? -![Password Center portal with default logo](images/ka0Qk000000CapJ_0EMQk00000Az6M6.png) +![Password Center portal with default logo](./images/ka0Qk000000CapJ_0EMQk00000Az6M6.png) ## Answer Yes, you can replace the Password Center logo. Follow the steps below. @@ -39,13 +39,13 @@ Yes, you can replace the Password Center logo. Follow the steps below. `C:\Program Files\Imanami\GroupID 11.0\GroupIDPortal\Inetpub\\Web\wwwroot\Content\Images\vector` 2. Locate the file named `PCFullLogoTransaprent.svg`. This file is used to render the logo on the portal. - ![Directory showing PCFullLogoTransaprent.svg file](images/ka0Qk000000CapJ_0EMQk00000AzEMr.png) + ![Directory showing PCFullLogoTransaprent.svg file](./images/ka0Qk000000CapJ_0EMQk00000AzEMr.png) 3. Convert your logo to the `.svg` format and copy it to the same directory. 4. Rename the existing `PCFullLogoTransaprent.svg` file to `PCFullLogoTransaprentbackup.svg` for backup purposes. 5. Rename your new logo file to `PCFullLogoTransaprent.svg`. 6. Open the Password Center portal in incognito mode to verify that the new logo appears. -![Password Center portal with updated logo](images/ka0Qk000000CapJ_0EMQk00000Az8kU.png) +![Password Center portal with updated logo](./images/ka0Qk000000CapJ_0EMQk00000Az8kU.png) > **NOTE:** Adjust the dimensions of your logo as needed to fit the portal layout. diff --git a/docs/kb/directorymanager/how-to-replace-the-security-service-certificate.md b/docs/kb/directorymanager/how-to-replace-the-security-service-certificate.md index a56ca7abff..dd5c67d0cc 100644 --- a/docs/kb/directorymanager/how-to-replace-the-security-service-certificate.md +++ b/docs/kb/directorymanager/how-to-replace-the-security-service-certificate.md @@ -41,31 +41,31 @@ Follow the steps below to replace the Security Service certificate: 2. Select Version as `10.2` and download patch #`370874`, but DO NOT apply it yet. 3. If you do not have the Directory Manager Updates tool, you can download it from https://www.netwrix.com/my_products.html. -![](images/ka0Qk000000DSRV_0EMQk00000A0EV5.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A0EV5.png) -![](images/ka0Qk000000DSRV_0EMQk00000A2mh7.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A2mh7.png) -![](images/ka0Qk000000DSRV_0EMQk00000A0P5V.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A0P5V.png) 4. Once downloaded, navigate to the patch download folder. Rename the file `370874.gpb` to `370874.zip`. 5. Once renamed, right-click the zip file and click **Properties**. In the **General** tab, uncheck **Unblock** and apply the changes. -![](images/ka0Qk000000DSRV_0EMQk00000A0IX3.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A0IX3.png) 6. After the zip file is unblocked, extract the contents of the ZIP file to access the utility. Run the `GroupIDSecurityServiceCertificateUpdate.exe` as an **Administrator**. -![](images/ka0Qk000000DSRV_0EMQk00000A0ISD.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A0ISD.png) 7. Verify that the **DataService** path and **Service Account** are correct. 8. Enter the information for the **Service Account** (e.g., Domain\Account_Name). 9. Click **Replace Security Service**. This action assigns the necessary permissions to the new certificate, replaces the existing one, and updates the thumbprints across all integrated applications. -![](images/ka0Qk000000DSRV_0EMQk00000A0ITp.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A0ITp.png) 10. Perform an `IISRESET` by launching Windows PowerShell/Command Prompt as an Administrator and typing `IISRESET`. 11. Verify the expiry date for the Security Service certificate by launching **IIS Manager Home** then clicking **Server Certificates**. The new expiration date should show **1/13/2045**. -![](images/ka0Qk000000DSRV_0EMQk00000A0IYf.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A0IYf.png) ### Update or Recreate Scheduled Jobs @@ -77,16 +77,16 @@ Once the Directory Manager Security Service Certificate has been updated, you ha 1. Create a backup of the Directory Manager Scheduled Job task files located at `\Program Files\Imanami\GroupID 10.0\Schedules`. 2. Create a new scheduled job in the Directory Manager Management Console. Any job type is acceptable, but the SmartGroup Update Job is recommended. -![](images/ka0Qk000000DSRV_0EMQk00000A2A0j.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A2A0j.png) 3. Navigate to `\Program Files\Imanami\GroupID 10.0\Schedules` and open the newly created task file. Sort by **Modified Date** to identify it. 4. Open the task file in Notepad. 5. Click at the beginning of the first line and press **CTRL + F**. 6. Search for `<#!#>`. On the second occurrence, copy everything afterward to the end of the file. -![](images/ka0Qk000000DSRV_0EMQk00000A25Yw.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A25Yw.png) -![](images/ka0Qk000000DSRV_0EMQk00000A21Os.png) +![](./images/ka0Qk000000DSRV_0EMQk00000A21Os.png) 7. Open another Notepad file and save the copied information. You will use this in the next step. 8. Open each remaining task file in the same directory and replace the content after the second occurrence of `<#!#>` with the copied token. diff --git a/docs/kb/directorymanager/how-to-set-semi-private-as-the-default-security-type-in-v10.md b/docs/kb/directorymanager/how-to-set-semi-private-as-the-default-security-type-in-v10.md index 268926639f..b0f850abff 100644 --- a/docs/kb/directorymanager/how-to-set-semi-private-as-the-default-security-type-in-v10.md +++ b/docs/kb/directorymanager/how-to-set-semi-private-as-the-default-security-type-in-v10.md @@ -38,22 +38,22 @@ By default, users can select from multiple security types when creating a group 3. In the **Name** list, select **General** and click **Edit**. 4. In the **Edit Design Category** dialog box, select **Security** and click **Edit**. - ![Edit Design Category dialog box with Security field selected](images/ka0Qk000000CsRF_0EMQk00000BP1x3.png) + ![Edit Design Category dialog box with Security field selected](./images/ka0Qk000000CsRF_0EMQk00000BP1x3.png) 5. In the **Edit Field** dialog box, click the **Advanced options** link. - ![Edit Field dialog box with Advanced options link](images/ka0Qk000000CsRF_0EMQk00000BP23V.png) + ![Edit Field dialog box with Advanced options link](./images/ka0Qk000000CsRF_0EMQk00000BP23V.png) 6. Select `Semi Private: Owner Must Approve` from the **Default Value** drop-down list. - ![Default Value drop-down list with Semi Private selected](images/ka0Qk000000CsRF_0EMQk00000BP21t.png) + ![Default Value drop-down list with Semi Private selected](./images/ka0Qk000000CsRF_0EMQk00000BP21t.png) 7. Optional: To enforce the semi-private security type, select the **Is Read-Only** check box. This will disable the **Security** drop-down list in the **Create Group** wizard, displaying only the default value. - ![Is Read-Only check box selected in Edit Field dialog box](images/ka0Qk000000CsRF_0EMQk00000BP1yf.png) + ![Is Read-Only check box selected in Edit Field dialog box](./images/ka0Qk000000CsRF_0EMQk00000BP1yf.png) 8. Optional: To hide the **Security** drop-down list from a specific role, select the desired role (such as **Administrator** or **Helpdesk**) from the **Visibility Role** drop-down list. The **Security** drop-down list will be visible to users of the selected role and roles with a higher priority value, and hidden from all roles with a lower priority value. - ![Visibility Role drop-down list in Edit Field dialog box](images/ka0Qk000000CsRF_0EMQk00000BP20H.png) + ![Visibility Role drop-down list in Edit Field dialog box](./images/ka0Qk000000CsRF_0EMQk00000BP20H.png) 9. Click **OK** to close the dialog boxes and save your changes. diff --git a/docs/kb/directorymanager/how-to-set-semi-private-as-the-default-security-type-in-v11.md b/docs/kb/directorymanager/how-to-set-semi-private-as-the-default-security-type-in-v11.md index 110098088a..e2ed4b4593 100644 --- a/docs/kb/directorymanager/how-to-set-semi-private-as-the-default-security-type-in-v11.md +++ b/docs/kb/directorymanager/how-to-set-semi-private-as-the-default-security-type-in-v11.md @@ -30,33 +30,33 @@ By default, users can choose from several security types when creating a group i ## Instructions 1. Open the Directory Manager Admin Portal at `https://servername/AdminCenter/`. Navigate to **Applications**, select your desired portal, and click the three dots (**...**) to edit it. - ![Applications page in Netwrix Directory Manager Admin Portal with edit option highlighted](images/ka0Qk000000CsSr_0EMQk00000BP3cH.png) + ![Applications page in Netwrix Directory Manager Admin Portal with edit option highlighted](./images/ka0Qk000000CsSr_0EMQk00000BP3cH.png) 2. Click **Settings**. - ![Settings option in Netwrix Directory Manager Admin Portal](images/ka0Qk000000CsSr_0EMQk00000BP3fV.png) + ![Settings option in Netwrix Directory Manager Admin Portal](./images/ka0Qk000000CsSr_0EMQk00000BP3fV.png) 3. Under **Design Settings**, click your identity store’s name. - ![Design Settings section in Netwrix Directory Manager Admin Portal](images/ka0Qk000000CsSr_0EMQk00000BP3af.png) + ![Design Settings section in Netwrix Directory Manager Admin Portal](./images/ka0Qk000000CsSr_0EMQk00000BP3af.png) 4. On the **Create Object** tab, select **Group** from the **Select Directory Object** drop-down list. - ![Create Object tab with Group selected](images/ka0Qk000000CsSr_0EMQk00000BP3dt.png) + ![Create Object tab with Group selected](./images/ka0Qk000000CsSr_0EMQk00000BP3dt.png) 5. In the **Name** list, select *General* and click **Edit**. 6. In the **Edit Design Category** dialog box, select **Security** and click **Edit**. - ![Edit Design Category dialog box with Security field selected](images/ka0Qk000000CsSr_0EMQk00000BP3kL.png) + ![Edit Design Category dialog box with Security field selected](./images/ka0Qk000000CsSr_0EMQk00000BP3kL.png) 7. In the **Edit Field** dialog box, click the **Advanced options** link. - ![Edit Field dialog box with Advanced options link](images/ka0Qk000000CsSr_0EMQk00000BP3lx.png) + ![Edit Field dialog box with Advanced options link](./images/ka0Qk000000CsSr_0EMQk00000BP3lx.png) 8. Select `Semi_Private` from the **Default Value** drop-down list. - ![Default Value drop-down list with Semi_Private selected](images/ka0Qk000000CsSr_0EMQk00000BP3nZ.png) + ![Default Value drop-down list with Semi_Private selected](./images/ka0Qk000000CsSr_0EMQk00000BP3nZ.png) 9. Optional: To enforce the semi-private security type, select the **Is Read-Only** check box. This action disables the **Security** drop-down list in the **Create Group** wizard and displays only the default value. - ![Is Read-Only check box selected in Edit Field dialog box](images/ka0Qk000000CsSr_0EMQk00000BP3ij.png) - ![Create Group wizard with Security drop-down list disabled](images/ka0Qk000000CsSr_0EMQk00000BP3qn.png) + ![Is Read-Only check box selected in Edit Field dialog box](./images/ka0Qk000000CsSr_0EMQk00000BP3ij.png) + ![Create Group wizard with Security drop-down list disabled](./images/ka0Qk000000CsSr_0EMQk00000BP3qn.png) 10. Optional: To hide the **Security** drop-down list from a specific role, select the desired role (such as **Administrator** or **Helpdesk**) from the **Visibility Role** drop-down list. The **Security** drop-down list is visible to users of the selected role and to roles with a higher priority value, but hidden from all roles with a lower priority value. - ![Visibility Role drop-down list in Edit Field dialog box](images/ka0Qk000000CsSr_0EMQk00000BP3pB.png) + ![Visibility Role drop-down list in Edit Field dialog box](./images/ka0Qk000000CsSr_0EMQk00000BP3pB.png) 11. Click **OK** to close the dialog boxes then save your changes. diff --git a/docs/kb/directorymanager/how-to-trigger-a-workflow-when-a-user-creates-a-group.md b/docs/kb/directorymanager/how-to-trigger-a-workflow-when-a-user-creates-a-group.md index 859a36f57b..1b803ca744 100644 --- a/docs/kb/directorymanager/how-to-trigger-a-workflow-when-a-user-creates-a-group.md +++ b/docs/kb/directorymanager/how-to-trigger-a-workflow-when-a-user-creates-a-group.md @@ -46,9 +46,9 @@ If the workflow conditions are met, a request is generated and sent to the appro 1. In the **Netwrix Directory Manager Admin Center**, click the **Identity Stores** node from the Navigation Bar. 2. On the **Identity Stores** tab, click the three-dot icon and click the **Edit** button of an identity store to open its properties. - ![Identity Store Edit Screenshot](images/ka0Qk000000DGYP_0EMQk00000BdOqX.png) + ![Identity Store Edit Screenshot](./images/ka0Qk000000DGYP_0EMQk00000BdOqX.png) 3. Click the **Workflow** tab. - ![Workflow Tab Screenshot](images/ka0Qk000000DGYP_0EMQk00000BdOs9.png) + ![Workflow Tab Screenshot](./images/ka0Qk000000DGYP_0EMQk00000BdOs9.png) 4. Click **Add Workflow**. 5. In the **Object(s)** list, select *Group*. 6. Enter a name for the workflow in the **Name** box. For example, `Group Creation`. @@ -58,7 +58,7 @@ If the workflow conditions are met, a request is generated and sent to the appro 10. The **Enable approver acceleration** check box applies if approver acceleration has been enabled for the identity store. To exempt this workflow route from approver acceleration, clear this check box. 11. In the **Description** box, enter a brief description of the workflow. For example, `This workflow tracks creation of groups by people from User Security Role.` 12. In the **Portal URL** drop-down list, select a Self-Service portal URL to include in the workflow email notifications. The URL would redirect the recipients to the portal for acting on the respective request, such as approve or deny it. - ![Add Workflow Screenshot](images/ka0Qk000000DGYP_0EMQk00000BdOtl.png) + ![Add Workflow Screenshot](./images/ka0Qk000000DGYP_0EMQk00000BdOtl.png) 13. Use the **Filters** area to define a condition that must be met for the workflow to trigger. Leave the filter blank to apply the workflow to all users. If a condition is set and not met, the workflow will not initiate. For example, the following filter targets users in the User security role: | Field | Condition | Value | @@ -67,7 +67,7 @@ If the workflow conditions are met, a request is generated and sent to the appro With this filter, when a user from the User role creates a group via the Self-Service portal, the workflow is triggered and the changes are held for approval. Users outside this role can create groups without triggering the workflow. 14. In the **Approvers** area, click **Add**. - ![Add Approver Screenshot](images/ka0Qk000000DGYP_0EMQk00000BdOov.png) + ![Add Approver Screenshot](./images/ka0Qk000000DGYP_0EMQk00000BdOov.png) 15. Select the user or group responsible for approving requests generated by this workflow. For best results, assign an administrator or helpdesk member rather than group owners. 16. Click **OK** to save the approver configuration. 17. Click **OK** on the **Workflow Route** dialog box and then on the **Workflow** tab to finalize the configuration. diff --git a/docs/kb/directorymanager/how-to-uninstall-directory-manager.md b/docs/kb/directorymanager/how-to-uninstall-directory-manager.md index a85f0c27a3..3d1889d8db 100644 --- a/docs/kb/directorymanager/how-to-uninstall-directory-manager.md +++ b/docs/kb/directorymanager/how-to-uninstall-directory-manager.md @@ -36,7 +36,7 @@ The steps below guide you through uninstalling Netwrix Directory Manager for an ### Uninstall Netwrix Directory Manager to Upgrade to a Newer Version 1. Double-click the **setup.exe** file in the Directory Manager installation package to launch the Directory Manager Installer. - ![Directory Manager Installer main screen with Uninstall Directory Manager option](images/ka0Qk0000006YdJ_0EMQk000004nD8J.png) + ![Directory Manager Installer main screen with Uninstall Directory Manager option](./images/ka0Qk0000006YdJ_0EMQk000004nD8J.png) 2. Click **Uninstall Directory Manager** to remove the application files via **Programs & Features** in Control Panel. 3. Proceed with the upgrade to the newer version of Directory Manager. 4. Click the **Install Directory Manager** link on the Directory Manager Installer to install the latest version. @@ -98,7 +98,7 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Imanami\GroupID\Version 11.0 1. Open the Internet Information Services (IIS) console by typing `inetmgr` in the Windows **Run** dialog box. 2. Expand the **\** node in the console tree and click **Application Pools**. 3. On the Application Pools page, delete **Directory Manager App Pool 11** and all other pools that start with **GroupID11_GroupIDSite11** prefixes. - ![IIS Application Pools page with Directory Manager App Pool 11 selected](images/ka0Qk0000006YdJ_0EMQk000004nD8S.png) + ![IIS Application Pools page with Directory Manager App Pool 11 selected](./images/ka0Qk0000006YdJ_0EMQk000004nD8S.png) ### Remove Directory Manager Certificates diff --git a/docs/kb/directorymanager/how-to-view-roles-assigned-to-a-user-v10.md b/docs/kb/directorymanager/how-to-view-roles-assigned-to-a-user-v10.md index 2e8bd1ff57..f4c8beb882 100644 --- a/docs/kb/directorymanager/how-to-view-roles-assigned-to-a-user-v10.md +++ b/docs/kb/directorymanager/how-to-view-roles-assigned-to-a-user-v10.md @@ -42,10 +42,10 @@ You can check a user's security role assignment for the following Netwrix Direct 1. In the Netwrix Directory Manager Management Console, click the **Identity Stores** node. 2. On the **Identity Stores** tab, double-click an identity store to open its properties. 3. On the **Security Roles** tab, click **Get Security Roles** to view the roles assigned to a user in the selected Netwrix Directory Manager client. - ![Security Roles tab in Identity Store properties](images/ka0Qk000000Du9F_0EMQk00000BQXBk.png) + ![Security Roles tab in Identity Store properties](./images/ka0Qk000000Du9F_0EMQk00000BQXBk.png) 4. Click the **Find User** button to specify the user you want to check the role for. 5. The **Find** dialog box is displayed, where you can search for and select the required user. You can use the **Delete** icon to remove the selected user and specify another one. - ![Find dialog box for selecting a user](images/ka0Qk000000Du9F_0EMQk00000BQZYT.png) + ![Find dialog box for selecting a user](./images/ka0Qk000000Du9F_0EMQk00000BQZYT.png) 6. In the **Client Name** list, select a Netwrix Directory Manager client to view the user’s role for that client. To see the user’s role in a specific portal, select the relevant Self-Service portal. To view the user’s highest privileged role in Netwrix Directory Manager, select `None`. - ![Client Name list for selecting Directory Manager client](images/ka0Qk000000Du9F_0EMQk00000BQZmz.png) + ![Client Name list for selecting Directory Manager client](./images/ka0Qk000000Du9F_0EMQk00000BQZmz.png) 7. Click the **Get Role** button. The **Applied Role** area shows the user role for the selected client along with role priority. For `None`, the highest privileged role of the user is displayed, regardless of any client. diff --git a/docs/kb/directorymanager/how-to-view-roles-assigned-to-a-user-v11.md b/docs/kb/directorymanager/how-to-view-roles-assigned-to-a-user-v11.md index c66bf95495..8a167e431e 100644 --- a/docs/kb/directorymanager/how-to-view-roles-assigned-to-a-user-v11.md +++ b/docs/kb/directorymanager/how-to-view-roles-assigned-to-a-user-v11.md @@ -44,15 +44,15 @@ These roles can be customized or extended with additional custom roles as needed 1. Log in to the **Netwrix Directory Admin Center**. 2. Click **Identity Stores** in the left pane. 3. Click the three-dot icon next to the relevant identity store and select **Edit**. - ![Three-dot icon and Edit option for identity store](images/ka0Qk000000Du7d_0EMQk00000BN8mX.png) + ![Three-dot icon and Edit option for identity store](./images/ka0Qk000000Du7d_0EMQk00000BN8mX.png) 4. Click **Security Roles** under the **Settings** section. - ![Security Roles option in identity store settings](images/ka0Qk000000Du7d_0EMQk00000BN8pl.png) + ![Security Roles option in identity store settings](./images/ka0Qk000000Du7d_0EMQk00000BN8pl.png) 5. Click **Check Security Roles** and the dialog box opens. - ![Check Security Roles button in Security Roles section](images/ka0Qk000000Du7d_0EMQk00000BN8ub.png) + ![Check Security Roles button in Security Roles section](./images/ka0Qk000000Du7d_0EMQk00000BN8ub.png) 6. From the **Client name** drop-down list, select one of the following Netwrix Directory Manager clients: - Select a deployed client (e.g., portal) to view the user's role in that client. - Select **None** to view the user's highest privileged role across the entire identity store. - ![Client name drop-down and user search in Check Security Roles dialog](images/ka0Qk000000Du7d_0EMQk00000BN8zR.png) + ![Client name drop-down and user search in Check Security Roles dialog](./images/ka0Qk000000Du7d_0EMQk00000BN8zR.png) 7. Search for a user using one of the following methods: - Enter a search string and press **Enter** to filter users by username. - Click **Advanced** to search by additional fields such as name, department, company, or email. Click **Search** and select the desired user. diff --git "a/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_\321\201reates_a_group.md" "b/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_\321\201reates_a_group.md" index 5a3569a741..262658d1c0 100644 --- "a/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_\321\201reates_a_group.md" +++ "b/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_\321\201reates_a_group.md" @@ -85,9 +85,9 @@ Admin Center — Workflows — Overview — v11.0 ### Related Articles -- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/security-permissions-and-access-control/walkthrough-search-policy-define-scope-and-filter-results.md) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) -- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how-to-import-members-to-a-group-using-self-service-import-wizard.md) -- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/configuration-and-integration/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) -- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/security-permissions-and-access-control/best-practices-for-preventing-accidental-data-leakage.md) +- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) +- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard) +- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) +- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage) diff --git a/docs/kb/directorymanager/identify-similar-groups-in-the-directory.md b/docs/kb/directorymanager/identify-similar-groups-in-the-directory.md index 89599250da..9275441337 100644 --- a/docs/kb/directorymanager/identify-similar-groups-in-the-directory.md +++ b/docs/kb/directorymanager/identify-similar-groups-in-the-directory.md @@ -46,9 +46,9 @@ For example, if you have a distribution group (Group A) with three members (A1, > **NOTE:** Netwrix Directory Manager only displays up to six similar groups, even if more exist in the directory. The similarity ranking is based on group type and the number of shared members. -![Similar Groups tab in Directory Manager group properties page](images/ka0Qk000000EMTh_0EMQk00000BWvT4.png) +![Similar Groups tab in Directory Manager group properties page](./images/ka0Qk000000EMTh_0EMQk00000BWvT4.png) 6. Click a bar for a group to view similarity details. 7. The **Similarity Details** dialog box displays the common type and common members that both groups have. -![Similarity Details dialog box showing common type and members](images/ka0Qk000000EMTh_0EMQk00000BX24j.png) +![Similarity Details dialog box showing common type and members](./images/ka0Qk000000EMTh_0EMQk00000BX24j.png) diff --git a/docs/kb/directorymanager/limit-users-to-create-new-objects-in-specified-containers.md b/docs/kb/directorymanager/limit-users-to-create-new-objects-in-specified-containers.md index a6f0624068..741813bd08 100644 --- a/docs/kb/directorymanager/limit-users-to-create-new-objects-in-specified-containers.md +++ b/docs/kb/directorymanager/limit-users-to-create-new-objects-in-specified-containers.md @@ -49,7 +49,7 @@ This article explains how to limit users to creating new objects only in specifi 6. Click **Apply** and then **OK** on the **New Object** page. -![New Object policy configuration in Directory Manager](images/ka0Qk000000EZFd_0EMQk00000BuMdp.png) +![New Object policy configuration in Directory Manager](./images/ka0Qk000000EZFd_0EMQk00000BuMdp.png) > **NOTE:** Removing all containers for an object type means the New Object policy no longer applies to that object type, and users can create the object in any OU in the identity store. @@ -60,12 +60,12 @@ With the New Object policy applied, role members can create new objects only in ### In Automate - On the **Group Options** page of the **New Group** wizard, users can view and select only the specified OUs for new group creation. - ![OU selection in Automate New Group wizard](images/ka0Qk000000EZFd_0EMQk00000BuMYz.png) + ![OU selection in Automate New Group wizard](./images/ka0Qk000000EZFd_0EMQk00000BuMYz.png) ### In the Self-Service portal - On the **General** page of the **Create Group** wizard, users can view and select only the specified OUs for new group creation. - ![OU selection in Self-Service Create Group wizard](images/ka0Qk000000EZFd_0EMQk00000BuMab.png) + ![OU selection in Self-Service Create Group wizard](./images/ka0Qk000000EZFd_0EMQk00000BuMab.png) - On the **Account** page of the **Create Contact** wizard, users can view and select only the specified OUs for new contact creation. - ![OU selection in Self-Service Create Contact wizard](images/ka0Qk000000EZFd_0EMQk00000BuMcD.png) + ![OU selection in Self-Service Create Contact wizard](./images/ka0Qk000000EZFd_0EMQk00000BuMcD.png) diff --git a/docs/kb/directorymanager/linking-directory-manager-processes-with-microsoft-flow.md b/docs/kb/directorymanager/linking-directory-manager-processes-with-microsoft-flow.md index 4d894e0ff5..ac4d65571e 100644 --- a/docs/kb/directorymanager/linking-directory-manager-processes-with-microsoft-flow.md +++ b/docs/kb/directorymanager/linking-directory-manager-processes-with-microsoft-flow.md @@ -48,7 +48,7 @@ Refer to the official Microsoft documentation to create a custom connector in MS During setup, you must enter the **Client ID** and **Client Secret** and import the `GroupIDConnector.swagger.json` file. -![Security page showing fields for Client ID and Client Secret](images/ka0Qk000000DS6X_0EMQk000004nFgL.png) +![Security page showing fields for Client ID and Client Secret](./images/ka0Qk000000DS6X_0EMQk000004nFgL.png) ### Step 2: Retrieve the Client ID, Secret, and Swagger File @@ -56,7 +56,7 @@ During setup, you must enter the **Client ID** and **Client Secret** and import 2. On the **Identity Stores** tab, double-click the identity store you want to link to MS Flow. 3. On the **Workflow** tab in identity store properties, click the **MS Flow** link. -![Workflow tab showing Microsoft Flow link](images/ka0Qk000000DS6X_0EMQk000004nFgM.png) +![Workflow tab showing Microsoft Flow link](./images/ka0Qk000000DS6X_0EMQk000004nFgM.png) 4. Click the copy button next to **MS Flow Client ID** to copy the client ID to the clipboard, then paste the ID in the **Client ID** box in MS Flow. 5. Click the copy button next to **MS Flow Client Secret** to copy the client secret (password) to the clipboard, then paste this password in the **Client Secret** box in MS Flow. diff --git a/docs/kb/directorymanager/manage-elastic-repository-on-a-separate-instance-with-v11.md b/docs/kb/directorymanager/manage-elastic-repository-on-a-separate-instance-with-v11.md index 848e5308e3..47fcd97496 100644 --- a/docs/kb/directorymanager/manage-elastic-repository-on-a-separate-instance-with-v11.md +++ b/docs/kb/directorymanager/manage-elastic-repository-on-a-separate-instance-with-v11.md @@ -40,7 +40,7 @@ Yes, this is possible. To improve performance and manageability, you can install 1. Install Elasticsearch on a separate machine by downloading the latest version from the official website. 2. Extract the package and open CMD. 3. Navigate to the `bin` directory and run `elasticsearch.bat`. - ![Steps 1-3 in CMD](images/ka0Qk000000DSPt_0EMQk00000C0zmA.png) + ![Steps 1-3 in CMD](./images/ka0Qk000000DSPt_0EMQk00000C0zmA.png) 4. Take note of the **username** and **password** provided upon successful installation. You may keep the password provided, but if you would like to reset the password, run the command below: ```bat @@ -62,7 +62,7 @@ in CMD. Let the installation complete. 3. Verify Elasticsearch is running by navigating to the service URL in your browser. 4. On the Netwrix Directory Manager server, open the **Netwrix Directory Manager Configuration Tool**. When prompted, select **I will install and manage Elastic myself**. 5. Enter the **URL** and **credentials** for the separate Elasticsearch machine. - ![GroupID Config Tool](images/ka0Qk000000DSPt_0EMQk00000C15Bd.png) + ![GroupID Config Tool](./images/ka0Qk000000DSPt_0EMQk00000C15Bd.png) 6. Complete the remaining configuration steps to finalize the setup. Once completed, Netwrix Directory Manager 11 will be successfully configured to use an external Elasticsearch instance for its repository. diff --git a/docs/kb/directorymanager/notify-logged-in-users-about-changes-made-to-directory-objects.md b/docs/kb/directorymanager/notify-logged-in-users-about-changes-made-to-directory-objects.md index 98ebec5d44..99395bc0a7 100644 --- a/docs/kb/directorymanager/notify-logged-in-users-about-changes-made-to-directory-objects.md +++ b/docs/kb/directorymanager/notify-logged-in-users-about-changes-made-to-directory-objects.md @@ -31,13 +31,13 @@ You can configure Netwrix Directory Manager 11 (formerly GroupID) to send users ## Instructions 1. In Directory Manager Admin Center, click the **Identity Stores** node. 2. For your identity store, click the three dots (**...**) button and select **Edit**. - ![Identity Stores list with edit option highlighted in Directory Manager Admin Center](images/ka0Qk000000D8iv_0EMQk00000BpFrV.png) + ![Identity Stores list with edit option highlighted in Directory Manager Admin Center](./images/ka0Qk000000D8iv_0EMQk00000BpFrV.png) 3. On the next page, click the **Configurations** button. - ![Configurations button in Directory Manager Admin Center](images/ka0Qk000000D8iv_0EMQk00000BpFoH.png) + ![Configurations button in Directory Manager Admin Center](./images/ka0Qk000000D8iv_0EMQk00000BpFoH.png) 4. Click the **Notifications** button. - ![Notifications button in Directory Manager Admin Center](images/ka0Qk000000D8iv_0EMQk00000BpFmf.png) + ![Notifications button in Directory Manager Admin Center](./images/ka0Qk000000D8iv_0EMQk00000BpFmf.png) 5. Under the **Also Notify** option, select the checkbox labeled **Logged in users for their actions**. - ![Also Notify option with Logged in users for their actions checkbox selected](images/ka0Qk000000D8iv_0EMQk00000BpFuj.png) + ![Also Notify option with Logged in users for their actions checkbox selected](./images/ka0Qk000000D8iv_0EMQk00000BpFuj.png) 6. Scroll down and click the **Save** button. With this notification setting enabled, email notifications will be sent to the logged-in user for changes they make to directory objects using the portal. @@ -47,8 +47,8 @@ With this notification setting enabled, email notifications will be sent to the ## Impact In the example below, an end user changes the **Description** field of a group. -![User editing the Description field of a group in Directory Manager user portal](images/ka0Qk000000D8iv_0EMQk00000BpFt7.png) +![User editing the Description field of a group in Directory Manager user portal](./images/ka0Qk000000D8iv_0EMQk00000BpFt7.png) The user will receive an email notification for the changes they made. -![Sample email notification sent to user after making changes in Directory Manager user portal](images/ka0Qk000000D8iv_0EMQk00000BpFpt.png) +![Sample email notification sent to user after making changes in Directory Manager user portal](./images/ka0Qk000000D8iv_0EMQk00000BpFpt.png) diff --git a/docs/kb/directorymanager/phoneid-authentication-option-discontinued.md b/docs/kb/directorymanager/phoneid-authentication-option-discontinued.md index 82ca82c95f..01f4055737 100644 --- a/docs/kb/directorymanager/phoneid-authentication-option-discontinued.md +++ b/docs/kb/directorymanager/phoneid-authentication-option-discontinued.md @@ -44,39 +44,39 @@ Netwrix recommends using Netwrix Directory Manager in conjunction with a FIDO2-b 1. Enable YubiKey support in the configuration, even if you do not plan on using YubiKey hardware tokens. - ![A screenshot of a computerDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAgZi.png) + ![A screenshot of a computerDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAgZi.png) - ![A screenshot of a phoneDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAfKI.png) + ![A screenshot of a phoneDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAfKI.png) - ![A screenshot of a phoneDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAfow.png) + ![A screenshot of a phoneDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAfow.png) - ![A screenshot of a computer screenDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAl4j.png) + ![A screenshot of a computer screenDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAl4j.png) 2. From the user portal, users should enroll their account and select YubiKey from the available options. - ![A screenshot of a phoneDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAkS2.png) + ![A screenshot of a phoneDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAkS2.png) - ![A screenshot of a computer screenDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAl7x.png) + ![A screenshot of a computer screenDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAl7x.png) 3. Give your passkey-enabled device an appropriate name. - ![A screenshot of a computerDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAl9Z.png) + ![A screenshot of a computerDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAl9Z.png) 4. You will be prompted to choose a location to save your passkey. - ![A screenshot of a computerDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAlBB.png) + ![A screenshot of a computerDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAlBB.png) 5. You will receive a notification on your device or be prompted to insert a USB token, depending on the chosen method. - ![A screenshot of a computer error messageDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAlEP.png) + ![A screenshot of a computer error messageDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAlEP.png) 6. If using a mobile phone, you should be prompted to create a key for the web portal enrollment. - ![A screenshot of a phoneDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAlO5.png) + ![A screenshot of a phoneDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAlO5.png) 7. After completion, you will receive confirmation on both the mobile device and the portal. - ![A white sign with black textDescription automatically generated](images/ka0Qk000000Bt1B_0EMQk00000AAlUX.png) + ![A white sign with black textDescription automatically generated](./images/ka0Qk000000Bt1B_0EMQk00000AAlUX.png) ## What is a Passkey, and why do we recommend using it? diff --git a/docs/kb/directorymanager/remove-the-displayname-requirement-for-groups-created-in-active-directory.md b/docs/kb/directorymanager/remove-the-displayname-requirement-for-groups-created-in-active-directory.md index 4397f8ef16..61c7d6b446 100644 --- a/docs/kb/directorymanager/remove-the-displayname-requirement-for-groups-created-in-active-directory.md +++ b/docs/kb/directorymanager/remove-the-displayname-requirement-for-groups-created-in-active-directory.md @@ -31,32 +31,32 @@ Netwrix Directory Manager, however, requires the **displayName** attribute becau This article describes a workaround that allows you to save changes to these groups by making the **displayName** attribute optional in the portal design. -![Error message displayed in Self-Service Portal when displayName is missing](images/ka0Qk000000DvbZ_0EMQk00000BSYlB.png) ![Error details dialog showing missing displayName attribute](images/ka0Qk000000DvbZ_0EMQk00000BSWjO.png) +![Error message displayed in Self-Service Portal when displayName is missing](./images/ka0Qk000000DvbZ_0EMQk00000BSYlB.png) ![Error details dialog showing missing displayName attribute](./images/ka0Qk000000DvbZ_0EMQk00000BSWjO.png) ## Instructions 1. In the Netwrix Directory Manager Admin Center, go to the **Applications** tab. Open the settings for the application where you want to remove the **displayName** requirement by clicking the **Settings** button (top right corner of the application card). - ![Open application settings in Directory Manager Admin Center](images/ka0Qk000000DvbZ_0EMQk00000BSYmn.png) + ![Open application settings in Directory Manager Admin Center](./images/ka0Qk000000DvbZ_0EMQk00000BSYmn.png) 2. Under **Design Settings**, click the domain name. - ![Select domain under Design Settings](images/ka0Qk000000DvbZ_0EMQk00000BSYoP.png) + ![Select domain under Design Settings](./images/ka0Qk000000DvbZ_0EMQk00000BSYoP.png) 3. Go to the **Properties** tab and set the **Directory Object** to **Groups**. - ![Set Directory Object to Groups](images/ka0Qk000000DvbZ_0EMQk00000BSYq1.png) + ![Set Directory Object to Groups](./images/ka0Qk000000DvbZ_0EMQk00000BSYq1.png) 4. Edit the **General** field by clicking the pencil icon. - ![Edit General field](images/ka0Qk000000DvbZ_0EMQk00000BSYrd.png) + ![Edit General field](./images/ka0Qk000000DvbZ_0EMQk00000BSYrd.png) 5. Edit the **DisplayName** field by clicking the pencil icon in the Design category window. - ![Edit DisplayName field](images/ka0Qk000000DvbZ_0EMQk00000BSYtF.png) + ![Edit DisplayName field](./images/ka0Qk000000DvbZ_0EMQk00000BSYtF.png) 6. Expand **Advanced Options** and uncheck the **Is Required** box. - ![Uncheck Is Required for DisplayName](images/ka0Qk000000DvbZ_0EMQk00000BSYwT.png) + ![Uncheck Is Required for DisplayName](./images/ka0Qk000000DvbZ_0EMQk00000BSYwT.png) 7. Click all **OK** buttons to save your changes, then log in to your portal. You should now be able to save changes to a group even if the **displayName** attribute is not populated. diff --git a/docs/kb/directorymanager/replicating-custom-ad-attributes-to-elasticsearch.md b/docs/kb/directorymanager/replicating-custom-ad-attributes-to-elasticsearch.md index 5ac9f062f4..8679bc39a5 100644 --- a/docs/kb/directorymanager/replicating-custom-ad-attributes-to-elasticsearch.md +++ b/docs/kb/directorymanager/replicating-custom-ad-attributes-to-elasticsearch.md @@ -32,20 +32,20 @@ Netwrix Directory Manager 10 allows you to replicate custom Active Directory (AD 1. Create the custom attribute in the Active Directory schema. For example, to add `campusName` for users, define the attribute in the AD schema and assign it to user objects. Once completed, the attribute will appear in the attribute list for users in AD. 2. On the Netwrix Directory Manager machine, open **Task Scheduler** and run the task named **Schema Replication**. - ![Task Scheduler with Schema Replication task highlighted](images/ka0Qk000000CtIT_0EMQk00000BQYMJ.png) + ![Task Scheduler with Schema Replication task highlighted](./images/ka0Qk000000CtIT_0EMQk00000BQYMJ.png) 3. After the **Schema Replication** task completes, open the Netwrix Directory Manager Management Console and click the **Identity Stores** node. 4. On the **Identity Stores** tab, double-click the required identity store to open its properties. 5. On the **Replication** tab, add the custom attribute you created. - ![Replication tab in Identity Store properties with custom attribute added](images/ka0Qk000000CtIT_0EMQk00000BQZgZ.png) + ![Replication tab in Identity Store properties with custom attribute added](./images/ka0Qk000000CtIT_0EMQk00000BQZgZ.png) 6. Once complete, open **Services** and restart the **Elasticsearch** service and the **Netwrix Replication** service. 7. Open `regedit.msc` and navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Imanami\GroupID\Version 10.0\Replication`. 8. Expand the **Replication** registry key to view your identity stores. Select your domain’s identity store, and in the `users` value, delete the existing value data. Click **OK** to save your changes. This action forces a full replication of user objects, ensuring the new attribute is included in Elasticsearch. - ![Registry editor showing Replication key and users value](images/ka0Qk000000CtIT_0EMQk00000BQXA7.png) + ![Registry editor showing Replication key and users value](./images/ka0Qk000000CtIT_0EMQk00000BQXA7.png) 9. In the Netwrix Directory Manager Management Console, go to the **Replication** tab for the identity store and click **Replicate Now** in the Replication Service area. This starts users-only replication for your domain. Once complete, your custom attribute will be included in Elasticsearch. diff --git a/docs/kb/directorymanager/require-unique-group-display-names-in-portal.md b/docs/kb/directorymanager/require-unique-group-display-names-in-portal.md index 2a4ca1405d..33e3bf9eea 100644 --- a/docs/kb/directorymanager/require-unique-group-display-names-in-portal.md +++ b/docs/kb/directorymanager/require-unique-group-display-names-in-portal.md @@ -32,15 +32,15 @@ To prevent duplicate group names, you can configure Netwrix Directory Manager to ### Configure the Portal to Require Unique Group Display Names 1. In the Netwrix Directory Manager Admin Center, navigate to **Applications > [Your Portal] > Settings**. - ![Portal settings in Directory Manager Admin Center](images/ka0Qk000000EYoD_0EMQk00000BpDHp.png) + ![Portal settings in Directory Manager Admin Center](./images/ka0Qk000000EYoD_0EMQk00000BpDHp.png) 2. Click the identity store name under the **Design Settings** section. - ![Identity store selection in Design Settings](images/ka0Qk000000EYoD_0EMQk00000BpDEb.png) + ![Identity store selection in Design Settings](./images/ka0Qk000000EYoD_0EMQk00000BpDEb.png) 3. On the **Properties** tab, select **Group** as the directory object then select **General** and click **Edit**. - ![Editing group properties in Directory Manager](images/ka0Qk000000EYoD_0EMQk00000BpDGD.png) + ![Editing group properties in Directory Manager](./images/ka0Qk000000EYoD_0EMQk00000BpDGD.png) 4. In the **Edit Design Category** box, select **Display name** and click **Edit**. - ![Edit Design Category dialog in Directory Manager](images/ka0Qk000000EYoD_0EMQk00000BpDL3.png) + ![Edit Design Category dialog in Directory Manager](./images/ka0Qk000000EYoD_0EMQk00000BpDL3.png) 5. In the **Edit Field** dialog box, ensure `displayName` is selected in the **Field** box. For **Display Type**, select `UniqueText`. - ![Edit Field dialog in Directory Manager](images/ka0Qk000000EYoD_0EMQk00000BpDJR.png) + ![Edit Field dialog in Directory Manager](./images/ka0Qk000000EYoD_0EMQk00000BpDJR.png) 6. Click **OK** then click **Save** in the outer window. 7. If you want to apply this setting to Smart Groups, select **Smart Group** as the directory object in step 3 and repeat the same steps. 8. After this configuration, when a user tries to create a group from the Self-Service portal with a display name that already exists, the portal will not allow it. diff --git a/docs/kb/directorymanager/restricting-expiration-policy-options-by-role.md b/docs/kb/directorymanager/restricting-expiration-policy-options-by-role.md index 1fde6e9102..1b0be73119 100644 --- a/docs/kb/directorymanager/restricting-expiration-policy-options-by-role.md +++ b/docs/kb/directorymanager/restricting-expiration-policy-options-by-role.md @@ -33,25 +33,25 @@ By default, all expiration policy options are available in the **Expiration Poli ### Show Specific Options in the Expiration Policy List 1. In Netwrix Directory Manager Admin Center, go to **Applications**. Under **Directory Manager Portal**, click the three dots (**...**) next to your portal and select **Settings**. - ![Applications page in Directory Manager Admin Center with settings option highlighted](images/ka0Qk000000DvYL_0EMQk00000Br3EL.png) + ![Applications page in Directory Manager Admin Center with settings option highlighted](./images/ka0Qk000000DvYL_0EMQk00000Br3EL.png) 2. On the **Server Settings** tab, under **Design Settings**, select your portal. - ![Design Settings section in Directory Manager Admin Center](images/ka0Qk000000DvYL_0EMQk00000Br3B7.png) + ![Design Settings section in Directory Manager Admin Center](./images/ka0Qk000000DvYL_0EMQk00000Br3B7.png) 3. On the **Custom Display Types** tab, select `lstExpirationPolicy` and click **Edit**. - ![Custom Display Types tab with lstExpirationPolicy selected](images/ka0Qk000000DvYL_0EMQk00000Br3Fx.png) + ![Custom Display Types tab with lstExpirationPolicy selected](./images/ka0Qk000000DvYL_0EMQk00000Br3Fx.png) 4. In the **Edit Dropdown List Display Type** window, select a value in the **Values** area and click **Edit**. The **Values** area displays all values defined for the Expiration Policy drop-down list. - ![Edit Dropdown List Display Type window in Directory Manager](images/ka0Qk000000DvYL_0EMQk00000Br2be.png) + ![Edit Dropdown List Display Type window in Directory Manager](./images/ka0Qk000000DvYL_0EMQk00000Br2be.png) 5. In the **Combo Value** dialog box, select a visibility level for the value: - Select a role to make the value visible to users of that role and roles with a higher priority value. - Select `Never` to hide the value from all users. - ![Combo Value dialog box for setting visibility in Directory Manager](images/ka0Qk000000DvYL_0EMQk00000Br3Cj.png) + ![Combo Value dialog box for setting visibility in Directory Manager](./images/ka0Qk000000DvYL_0EMQk00000Br3Cj.png) 6. Click **OK** to close the **Combo Value** and **Edit Design Type** dialog boxes. Then click the **Save** icon at the bottom to save your changes. @@ -59,30 +59,30 @@ You can set the visibility level for all required values in the **Expiration Pol By default, or if no visibility settings are configured, all expiry options are available in the **Expiration Policy** drop-down list: -![Expiration Policy drop-down list showing all options](images/ka0Qk000000DvYL_0EMQk00000Br3Sr.png) +![Expiration Policy drop-down list showing all options](./images/ka0Qk000000DvYL_0EMQk00000Br3Sr.png) After applying visibility settings, only the selected values will be available. For example, if you set `Never` for all but two values, only those two will appear in the list: -![Expiration Policy drop-down list showing limited options](images/ka0Qk000000DvYL_0EMQk00000Br3RF.png) +![Expiration Policy drop-down list showing limited options](./images/ka0Qk000000DvYL_0EMQk00000Br3RF.png) > **NOTE:** You can also completely hide the **Expiration Policy** drop-down list or make it read-only. ### Make the Expiration Policy Drop-Down List Read-Only 1. In Netwrix Directory Manager Admin Center, go to **Applications**. Under **Directory Manager Portal**, click the three dots (**...**) next to your portal and select **Settings**. - ![Applications page in Directory Manager Admin Center with settings option highlighted](images/ka0Qk000000DvYL_0EMQk00000Br3MP.png) + ![Applications page in Directory Manager Admin Center with settings option highlighted](./images/ka0Qk000000DvYL_0EMQk00000Br3MP.png) 2. On the **Server Settings** tab, under **Design Settings**, select your portal. - ![Design Settings section in Directory Manager Admin Center](images/ka0Qk000000DvYL_0EMQk00000Br3JB.png) + ![Design Settings section in Directory Manager Admin Center](./images/ka0Qk000000DvYL_0EMQk00000Br3JB.png) 3. On the **Properties** tab, select `Group` in the **Select Directory Object** list. Then select the **General** option and click **Edit**. - ![Properties tab with Group selected in Directory Manager](images/ka0Qk000000DvYL_0EMQk00000Br3O1.png) + ![Properties tab with Group selected in Directory Manager](./images/ka0Qk000000DvYL_0EMQk00000Br3O1.png) 4. In the **Edit Design Category** dialog box, select the **Expiration Policy** option in the **Fields** section and click **Edit**. - ![Edit Design Category dialog box with Expiration Policy field selected](images/ka0Qk000000DvYL_0EMQk00000Br3UT.png) + ![Edit Design Category dialog box with Expiration Policy field selected](./images/ka0Qk000000DvYL_0EMQk00000Br3UT.png) 5. In the **Edit Field** dialog box, select a role in the **Access Role** list. The access level determines whether a user can change the value in the **Expiration Policy** drop-down list. - Select a role to allow users of that role and roles with a higher priority value to change the value. @@ -93,4 +93,4 @@ After applying visibility settings, only the selected values will be available. The disabled **Expiration Policy** drop-down list will be displayed in the portal as shown below. The **Expiration Date** field is also read-only and displays the group's expiry date, as calculated based on the expiry policy. -![Expiration Policy drop-down list and Expiration Date field shown as read-only](images/ka0Qk000000DvYL_0EMQk00000Br3Pd.png) +![Expiration Policy drop-down list and Expiration Date field shown as read-only](./images/ka0Qk000000DvYL_0EMQk00000Br3Pd.png) diff --git a/docs/kb/directorymanager/search-history-by-specific-user-through-password-center-helpdesk-portal-returns-no-results.md b/docs/kb/directorymanager/search-history-by-specific-user-through-password-center-helpdesk-portal-returns-no-results.md index 005ed5afb6..41a64b770b 100644 --- a/docs/kb/directorymanager/search-history-by-specific-user-through-password-center-helpdesk-portal-returns-no-results.md +++ b/docs/kb/directorymanager/search-history-by-specific-user-through-password-center-helpdesk-portal-returns-no-results.md @@ -36,4 +36,4 @@ The default setting for the **Performed By** field is `Any` instead of `End User 1. Select `End User` in the **Performed By** field. 2. Search for the user by typing their display name in the **User Name** field. -![User-added image](images/ka0Qk0000001Q0T_0EMQk000002TgcF.png) +![User-added image](./images/ka0Qk0000001Q0T_0EMQk000002TgcF.png) diff --git a/docs/kb/directorymanager/triggering-microsoft-flow-from-directory-manager-workflows.md b/docs/kb/directorymanager/triggering-microsoft-flow-from-directory-manager-workflows.md index bc3c4d2c64..df18bdd39f 100644 --- a/docs/kb/directorymanager/triggering-microsoft-flow-from-directory-manager-workflows.md +++ b/docs/kb/directorymanager/triggering-microsoft-flow-from-directory-manager-workflows.md @@ -34,7 +34,7 @@ By integrating Directory Manager workflows with MS Flow, you ensure that when a The Directory Manager application in Azure must have the following permissions for MS Flow: -![Directory Manager Azure permissions screenshot](images/ka0Qk000000DSL3_0EMQk000004nGNu.png) +![Directory Manager Azure permissions screenshot](./images/ka0Qk000000DSL3_0EMQk000004nGNu.png) ## Instructions @@ -50,12 +50,12 @@ Follow the steps below to link a MS Flow to a Directory Manager Workflow: 4. Click **OK** to save changes. 5. Log into the MS Flow portal and open the flow you want to link. 6. Generate a request URL for the MS Flow. - ![Generate request URL screenshot](images/ka0Qk000000DSL3_0EMQk00000C1KQo.png) + ![Generate request URL screenshot](./images/ka0Qk000000DSL3_0EMQk00000C1KQo.png) 7. In the Directory Manager Console, go back to the **Workflow** tab of the identity store properties. 8. Select the workflow to link (e.g., **Create User**) and click **Edit**. 9. In the **Edit Workflow Route** dialog box, paste the MS Flow request URL into the **Microsoft Flow Request URL** field. 10. Click **Authenticate** and provide identity store credentials. - ![Authenticate screenshot](images/ka0Qk000000DSL3_0EMQk00000C1M61.png) + ![Authenticate screenshot](./images/ka0Qk000000DSL3_0EMQk00000C1M61.png) > **NOTE:** To quickly define a flow in MS Flow, click **Create Temp** to create a basic template and connect it. diff --git a/docs/kb/directorymanager/unable-to-sort-groups-by-displayname.md b/docs/kb/directorymanager/unable-to-sort-groups-by-displayname.md index d6d0d71be1..2d24e02a58 100644 --- a/docs/kb/directorymanager/unable-to-sort-groups-by-displayname.md +++ b/docs/kb/directorymanager/unable-to-sort-groups-by-displayname.md @@ -30,7 +30,7 @@ Netwrix Directory Manager 11 ## Symptom When you attempt to sort the **My Groups** listing in Netwrix Directory Manager (formerly GroupID) by the **Display Name** attribute, the groups do not sort in ascending (alphabetical) order as expected. The screen may display a “Loading” message, but the system fails to sort the listing. -![Group listing in Directory Manager portal with Display Name column sorted in ascending order](images/ka0Qk000000EZ2j_0EMQk00000BoBWe.png) +![Group listing in Directory Manager portal with Display Name column sorted in ascending order](./images/ka0Qk000000EZ2j_0EMQk00000BoBWe.png) ## Causes - The **Display Name** attribute is not mandatory for groups created directly in Active Directory, so some groups may not have this attribute populated. diff --git a/docs/kb/directorymanager/uninstall-or-fully-remove-directory-manager.md b/docs/kb/directorymanager/uninstall-or-fully-remove-directory-manager.md index 76ac7338cf..be0256d540 100644 --- a/docs/kb/directorymanager/uninstall-or-fully-remove-directory-manager.md +++ b/docs/kb/directorymanager/uninstall-or-fully-remove-directory-manager.md @@ -38,7 +38,7 @@ This article explains how to uninstall Netwrix Directory Manager (formerly Group ### Uninstall Directory Manager to Upgrade to a Newer Version 1. Double-click the **`setup.exe`** file in the Directory Manager installation package to launch the installer. - ![Directory Manager installer main screen](images/ka0Qk000000EZIr_0EMQk00000BuNWf.png) + ![Directory Manager installer main screen](./images/ka0Qk000000EZIr_0EMQk00000BuNWf.png) 2. Click **Uninstall Directory Manager**. This removes the application files from **Programs & Features** in the **Control Panel**. ### Upgrade to a newer version diff --git a/docs/kb/directorymanager/update-support-email-address-for-contact-link.md b/docs/kb/directorymanager/update-support-email-address-for-contact-link.md index 6224ee147e..c627029b7f 100644 --- a/docs/kb/directorymanager/update-support-email-address-for-contact-link.md +++ b/docs/kb/directorymanager/update-support-email-address-for-contact-link.md @@ -27,15 +27,15 @@ Netwrix Directory Manager 11 ## Overview The Netwrix Directory Manager application portal includes a **Contact** link at the bottom of each page. This link opens your default email application with a pre-filled support email address, allowing users to contact the admin or helpdesk for inquiries, support requests, or feedback. You may need to change this email address so users can contact your local IT team for portal-related issues. -![Contact link at the bottom of Directory Manager portal page](images/ka0Qk000000EMdN_0EMQk00000Ba6Gf.png) +![Contact link at the bottom of Directory Manager portal page](./images/ka0Qk000000EMdN_0EMQk00000Ba6Gf.png) ## Instructions ### Change the Support Email Address for the Contact Link 1. In the Directory Manager Admin Center, select **Application** > your required portal > **Settings**. - ![Portal settings in Directory Manager Admin Center](images/ka0Qk000000EMdN_0EMQk00000Ba6Jt.png) + ![Portal settings in Directory Manager Admin Center](./images/ka0Qk000000EMdN_0EMQk00000Ba6Jt.png) 2. Click the **Directory Manager Support** tab. 3. In the **Support group/administrator's email address** box, enter the email address for the group, user, or contact who will respond to requests or inquiries from portal users. - ![Support group/administrator's email address field in Directory Manager](images/ka0Qk000000EMdN_0EMQk00000Ba6IH.png) + ![Support group/administrator's email address field in Directory Manager](./images/ka0Qk000000EMdN_0EMQk00000Ba6IH.png) 4. Click **Save**. 5. Click the **Contact** link in the portal to verify that your specified email address appears in the 'To' box of your default email application. diff --git a/docs/kb/directorymanager/view-and-manage-your-group-memberships.md b/docs/kb/directorymanager/view-and-manage-your-group-memberships.md index d99674a2ff..62057dd517 100644 --- a/docs/kb/directorymanager/view-and-manage-your-group-memberships.md +++ b/docs/kb/directorymanager/view-and-manage-your-group-memberships.md @@ -37,7 +37,7 @@ End users typically do not have direct access to directory services, such as Act 1. Log in to the Netwrix Directory Manager portal. 2. In the left pane, click **Groups > My Groups** then select the **My Memberships** tab. -![My](images/servlet_image_761bfdbbeba6.png) +![My](./images/servlet_image_761bfdbbeba6.png) 3. This page lists all groups that the logged-in user is a member of. Click the display name of a group to view its properties. 4. The actions you can perform for a group depend on your rights and privileges in Netwrix Directory Manager. For example, your rights determine whether you can edit group properties or leave the group. diff --git a/docs/kb/directorymanager/viewing-and-managing-licenses.md b/docs/kb/directorymanager/viewing-and-managing-licenses.md index d12eb85f0d..0562d7513d 100644 --- a/docs/kb/directorymanager/viewing-and-managing-licenses.md +++ b/docs/kb/directorymanager/viewing-and-managing-licenses.md @@ -48,7 +48,7 @@ This article outlines the licensing model for Netwrix Directory Manager, includi ### Entering License Information 1. During installation, on the **License** page of the Configuration Tool, enter a valid license number and license key. - ![Config Tool](images/ka0Qk000000DSHp_0EMQk00000C1NoU.png) + ![Config Tool](./images/ka0Qk000000DSHp_0EMQk00000C1NoU.png) 2. If the **Next** button remains disabled, retype your entry for accuracy. 3. If using module-based licensing, enter any one module license during setup. 4. To add more licenses later: @@ -59,10 +59,10 @@ This article outlines the licensing model for Netwrix Directory Manager, includi 1. Contact Netwrix Sales to obtain a full or module license number and key. 2. In the **Netwrix Directory Manager Admin Center**, click the **Settings** node. - ![Settings](images/ka0Qk000000DSHp_0EMQk00000C1GiC.png) + ![Settings](./images/ka0Qk000000DSHp_0EMQk00000C1GiC.png) 3. In the **Licensing Settings** dialog box, click **Edit**. 4. Enter the new license number and key provided by Netwrix. - ![Edit in License Settings](images/ka0Qk000000DSHp_0EMQk00000C1Nq7.png) + ![Edit in License Settings](./images/ka0Qk000000DSHp_0EMQk00000C1Nq7.png) 5. Click **Update** and relaunch Netwrix Directory Manager. ### Viewing License Information diff --git a/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results.md b/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results.md index 0766f78118..5736d16123 100644 --- a/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results.md +++ b/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results.md @@ -50,19 +50,19 @@ By default, or in the absence of this policy, any search performed by role membe 1. In Netwrix Directory Manager Admin Center, click the **Identity Stores** node. 2. On the **Identity Stores** tab, click on the **Triple Dot** button, and then click on the **Edit** button to go to the properties of the required identity store. - ![User-added image](images/ka0Qk000000Dg1R_0EMQk000001eu1K.png) + ![User-added image](./images/ka0Qk000000Dg1R_0EMQk000001eu1K.png) 3. On the **Security Roles** tab, select a role to define a search policy for it, and click **Edit**. - ![User-added image](images/ka0Qk000000Dg1R_0EMQk000001f0gD.png) + ![User-added image](./images/ka0Qk000000Dg1R_0EMQk000001f0gD.png) 4. On the **Role Properties** page, click the **Policies** tab and then click **Search** in the left pane. - ![User-added image](images/ka0Qk000000Dg1R_0EMQk000001ezqc.png) + ![User-added image](./images/ka0Qk000000Dg1R_0EMQk000001ezqc.png) 5. Click the **Plus** button and select a container. A search performed by role members would return objects that reside in this container. - ![User-added image](images/ka0Qk000000Dg1R_0EMQk000001f0pt.png) + ![User-added image](./images/ka0Qk000000Dg1R_0EMQk000001f0pt.png) ### Choose a Search Filter: When you apply an LDAP filter, a search performed by role members only shows objects that match the specified criterion. @@ -71,7 +71,7 @@ When you apply an LDAP filter, a search performed by role members only shows obj 2. Select an operator from the second drop-down list (for example, *Is Exactly*). 3. Enter a value concerning the selected schema attribute in the third box. - ![User-added image](images/ka0Qk000000Dg1R_0EMQk000001ezDu.png) + ![User-added image](./images/ka0Qk000000Dg1R_0EMQk000001ezDu.png) You can define multiple queries by clicking on the **+Add More Filters** and using the **AND** or **OR** operator to group all rows that make up a query. @@ -86,23 +86,23 @@ A down arrow appears in the applied operator's icon. Click it to display the con ## Some Useful Examples: - To limit searches to mail-enabled distribution groups and all users: - ![User-added image](images/ka0Qk000000Dg1R_0EMQk000001exAU.png) + ![User-added image](./images/ka0Qk000000Dg1R_0EMQk000001exAU.png) - Limit searches to all global security groups and all users: - ![User-added image](images/ka0Qk000000Dg1R_0EMQk000001evqG.png) + ![User-added image](./images/ka0Qk000000Dg1R_0EMQk000001evqG.png) - Limit searches to mail-enabled groups and mail-enabled users: - ![User-added image](images/ka0Qk000000Dg1R_0EMQk000001f1KX.png) + ![User-added image](./images/ka0Qk000000Dg1R_0EMQk000001f1KX.png) ### Related Articles: -- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/security-permissions-and-access-control/walkthrough-search-policy-define-scope-and-filter-results.md) -- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how-to-import-members-to-a-group-using-self-service-import-wizard.md) -- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/workflows-automation-and-lifecycle-management/how_to_trigger_a_workflow_when_a_user_сreates_a_group.md) -- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/configuration-and-integration/how-to-add-message-approvers-in-group-properties-in-groupid-portal.md) +- [Walkthrough Search Policy - Define Scope and Filter Results](/docs/kb/directorymanager/walkthrough-search-policy-define-scope-and-filter-results) +- [How To Import Members to a Group Using Self-Service Import Wizard](/docs/kb/directorymanager/how-to-import-members-to-a-group-using-self-service-import-wizard) +- [How to Trigger a workflow When a User Сreates a Group](/docs/kb/directorymanager/how_to_trigger_a_workflow_when_a_user_сreates_a_group) +- [How To Add Message Approvers in Group Properties in Netwrix Directory Manager Portal](/docs/kb/directorymanager/how-to-add-message-approvers-in-group-properties-in-groupid-portal) - [Best Practices for Controlling Changes to Group Membership](https://docs.netwrix.com/docs/kb/directorymanager/best-practices-for-controlling-changes-to-group-membership#netwrix-directory-manager-best-practices) -- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/security-permissions-and-access-control/how-to-enforce-users-to-create-groups-in-a-specific-ou.md) -- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/security-permissions-and-access-control/best-practices-for-preventing-accidental-data-leakage.md) +- [How To Enforce Users to Create Groups in a Specific OU](/docs/kb/directorymanager/how-to-enforce-users-to-create-groups-in-a-specific-ou) +- [Best Practices for Preventing Accidental Data Leakage](/docs/kb/directorymanager/best-practices-for-preventing-accidental-data-leakage) diff --git a/docs/kb/endpointprotector/blocking-easylock-folder-access-on-machines-without-the-endpoint-protector-agent.md b/docs/kb/endpointprotector/blocking-easylock-folder-access-on-machines-without-the-endpoint-protector-agent.md index ef196efc1c..44571000ee 100644 --- a/docs/kb/endpointprotector/blocking-easylock-folder-access-on-machines-without-the-endpoint-protector-agent.md +++ b/docs/kb/endpointprotector/blocking-easylock-folder-access-on-machines-without-the-endpoint-protector-agent.md @@ -30,4 +30,4 @@ This article explains how you can prevent access to EasyLock-protected folders f 1. Go to **Device Control** > **Global Settings** > **EasyLock Settings**. 2. Enable the **Endpoint Protector Client presence required** option. 3. Save the changes. - ![Endpoint](images/servlet_image_3f1c3b331cfe.png) + ![Endpoint](./images/servlet_image_3f1c3b331cfe.png) diff --git a/docs/kb/endpointprotector/can-optical-character-recognition-be-enabled-for-file-inspection.md b/docs/kb/endpointprotector/can-optical-character-recognition-be-enabled-for-file-inspection.md index 1a4bf87792..5ccdc5c208 100644 --- a/docs/kb/endpointprotector/can-optical-character-recognition-be-enabled-for-file-inspection.md +++ b/docs/kb/endpointprotector/can-optical-character-recognition-be-enabled-for-file-inspection.md @@ -30,6 +30,6 @@ Yes, OCR is the process that converts an image of text into a machine-readable t You can enable OCR at the global, computer, user, or group level from the following location in the Endpoint Protector console: -![OCR enablement settings page in the EPP console](images/ka0Qk000000DzFN_0EMQk00000C8zgv.png) +![OCR enablement settings page in the EPP console](./images/ka0Qk000000DzFN_0EMQk00000C8zgv.png) Once enabled, the Endpoint Protector client can inspect the content of **JPEG**, **PNG**, **GIF**, **BMP**, and **TIFF** file types. Enabling this option will also update the global MIME Type Allowlists. diff --git a/docs/kb/endpointprotector/create_a_system_backup_v2.md b/docs/kb/endpointprotector/create_a_system_backup_v2.md index 637f637770..304f185b0e 100644 --- a/docs/kb/endpointprotector/create_a_system_backup_v2.md +++ b/docs/kb/endpointprotector/create_a_system_backup_v2.md @@ -30,4 +30,4 @@ This article outlines how to create a backup of all settings, rights, policies, ## Related Links - [System Backup V2](https://docs.netwrix.com/docs/endpointprotector/5_9_4_2/admin/systemmaintenance/backup) -- [How to Perform a Backup Restore](/docs/kb/endpointprotector/enforced-encryption-and-easylock/how_to_perform_a_backup_restore.md) \ No newline at end of file +- [How to Perform a Backup Restore](/docs/kb/endpointprotector/how_to_perform_a_backup_restore) \ No newline at end of file diff --git a/docs/kb/endpointprotector/enable-deep-packet-inspection-for-instant-messaging-applications.md b/docs/kb/endpointprotector/enable-deep-packet-inspection-for-instant-messaging-applications.md index d2a56661f0..37d918f1ac 100644 --- a/docs/kb/endpointprotector/enable-deep-packet-inspection-for-instant-messaging-applications.md +++ b/docs/kb/endpointprotector/enable-deep-packet-inspection-for-instant-messaging-applications.md @@ -33,7 +33,7 @@ The Netwrix Endpoint Protector (EPP) Client can inspect text written in instant 2. Enable **Deep Packet Inspection**. 3. Save the setting. -![Global Settings page with Deep Packet Inspection option highlighted](images/ka0Qk000000DzDl_0EMQk00000BuWJp.png) +![Global Settings page with Deep Packet Inspection option highlighted](./images/ka0Qk000000DzDl_0EMQk00000BuWJp.png) ### Enable Text Inspection @@ -41,7 +41,7 @@ The Netwrix Endpoint Protector (EPP) Client can inspect text written in instant 2. Enable **Text inspection**. 3. Save the setting. -![Deep Packet Inspection settings with Text inspection enabled](images/ka0Qk000000DzDl_0EMQk00000BuWDN.png) +![Deep Packet Inspection settings with Text inspection enabled](./images/ka0Qk000000DzDl_0EMQk00000BuWDN.png) ### Enable DPI for Instant Messaging Applications @@ -50,7 +50,7 @@ The Netwrix Endpoint Protector (EPP) Client can inspect text written in instant 3. Filter for the instant messaging applications you want to use with text inspection. Supported apps include Teams, Skype, Slack, Mattermost, and Google Chat. 4. Click the **Actions** button and select **Enable DPI** for each application. -![Deep Packet Inspection Applications list with Enable DPI action](images/ka0Qk000000DzDl_0EMQk00000BuWGb.png) +![Deep Packet Inspection Applications list with Enable DPI action](./images/ka0Qk000000DzDl_0EMQk00000BuWGb.png) > **NOTE:** You must enable DPI for each application on every operating system where the EPP Client is installed (Windows, macOS, Linux). @@ -61,4 +61,4 @@ The Netwrix Endpoint Protector (EPP) Client can inspect text written in instant 3. Select the instant messaging applications you want to monitor. 4. Save the policy. -![Content Aware Policies configuration with instant messaging apps selected](images/ka0Qk000000DzDl_0EMQk00000BuWID.png) +![Content Aware Policies configuration with instant messaging apps selected](./images/ka0Qk000000DzDl_0EMQk00000BuWID.png) diff --git a/docs/kb/endpointprotector/enabling-advanced-printer-and-mtp-scanning.md b/docs/kb/endpointprotector/enabling-advanced-printer-and-mtp-scanning.md index 34aae443e5..c5a992617b 100644 --- a/docs/kb/endpointprotector/enabling-advanced-printer-and-mtp-scanning.md +++ b/docs/kb/endpointprotector/enabling-advanced-printer-and-mtp-scanning.md @@ -32,7 +32,7 @@ Netwrix Endpoint Protector includes an improved method for Printer and MTP Conte 1. In the Netwrix Endpoint Protector Console, navigate to **Device Control** > **Global Settings**, **Groups**, or **Computers** > **Manage Settings** > **File Tracing and Shadowing**. 2. Toggle the switch to enable **Advanced Printer and MTP Scanning**. 3. Click **Save** within the **File Tracing and Shadowing** section. - ![File Tracing and Shadowing settings with Advanced Printer and MTP Scanning option enabled](images/ka0Qk000000DsH7_0EMQk00000CB1Rh.png) + ![File Tracing and Shadowing settings with Advanced Printer and MTP Scanning option enabled](./images/ka0Qk000000DsH7_0EMQk00000CB1Rh.png) 4. Save your changes and ensure the updated settings are deployed to Netwrix Endpoint Protector Clients by waiting for the clients to update their policies. 5. Restart the machines protected by Netwrix Endpoint Protector. diff --git a/docs/kb/endpointprotector/greyed-out-computer-in-the-client-software-upgrade.md b/docs/kb/endpointprotector/greyed-out-computer-in-the-client-software-upgrade.md index 5fa60687ec..528264b512 100644 --- a/docs/kb/endpointprotector/greyed-out-computer-in-the-client-software-upgrade.md +++ b/docs/kb/endpointprotector/greyed-out-computer-in-the-client-software-upgrade.md @@ -28,7 +28,7 @@ knowledge_article_id: kA0Qk0000002B5pKAE The affected computer is displayed as greyed out and cannot be selected in the Netwrix Endpoint Protector client software upgrade or update interface. -![Example](images/servlet_image_3f1c3b331cfe.png) +![Example](./images/servlet_image_3f1c3b331cfe.png) ## Cause diff --git a/docs/kb/endpointprotector/how-to-block-whatsapp-application-from-launching.md b/docs/kb/endpointprotector/how-to-block-whatsapp-application-from-launching.md index 080915f108..e8e23f5123 100644 --- a/docs/kb/endpointprotector/how-to-block-whatsapp-application-from-launching.md +++ b/docs/kb/endpointprotector/how-to-block-whatsapp-application-from-launching.md @@ -34,17 +34,17 @@ This article explains how to block and prevent the WhatsApp application from ope 2. In the **Parameters** box, enter `*`. 3. Click **Add to Content**. 4. Verify that `WhatsApp.exe *` appears in the **List of Application & CLI Command** box on the right. - ![Applications Denylist configuration for WhatsApp.exe on Windows](images/ka0Qk000000Dzor_0EMQk00000CAfxR.png) + ![Applications Denylist configuration for WhatsApp.exe on Windows](./images/ka0Qk000000Dzor_0EMQk00000CAfxR.png) 3. For macOS operating systems: 1. In the **Application & CLI Command** box, enter `WhatsAppDesktop`. 2. In the **Parameters** box, enter `*`. 3. Click **Add to Content**. 4. Verify that `WhatsAppDesktop *` appears in the **List of Application & CLI Command** box on the right. - ![Applications Denylist configuration for WhatsAppDesktop on macOS](images/ka0Qk000000Dzor_0EMQk00000CAfxR.png) + ![Applications Denylist configuration for WhatsAppDesktop on macOS](./images/ka0Qk000000Dzor_0EMQk00000CAfxR.png) 4. Select all entries by checking their checkboxes, then click **Generate**. 5. The final result should display the denylist entries as shown below. - ![Final Applications Denylist with WhatsApp entries](images/ka0Qk000000Dzor_0EMQk00000CAag4.png) + ![Final Applications Denylist with WhatsApp entries](./images/ka0Qk000000Dzor_0EMQk00000CAag4.png) 6. Under **Policy Denylists** > **Applications** in the Content Aware Protection policy, select the application list you created. 7. Save the policy and update the policies on the endpoint computers. Ensure you assign the policy to the target computers. - ![Assigning the Applications Denylist policy to target computers](images/ka0Qk000000Dzor_0EMQk00000CAgof.png) + ![Assigning the Applications Denylist policy to target computers](./images/ka0Qk000000Dzor_0EMQk00000CAgof.png) 8. Attempt to open the WhatsApp Desktop application to confirm it is blocked. diff --git a/docs/kb/endpointprotector/how-to-check-the-client-to-server-connection-status.md b/docs/kb/endpointprotector/how-to-check-the-client-to-server-connection-status.md index 43af4e8d72..16959c0b55 100644 --- a/docs/kb/endpointprotector/how-to-check-the-client-to-server-connection-status.md +++ b/docs/kb/endpointprotector/how-to-check-the-client-to-server-connection-status.md @@ -41,4 +41,4 @@ This article explains how to check the connection status between the Netwrix End - The connection status - The time and date when the policies were last received - ![Netwrix Endpoint Protector Client Settings tab showing server connection status details](images/ka0Qk000000Dzs5_0EMQk00000CAOoZ.png) + ![Netwrix Endpoint Protector Client Settings tab showing server connection status details](./images/ka0Qk000000Dzs5_0EMQk00000CAOoZ.png) diff --git a/docs/kb/endpointprotector/how-to-check-the-history-and-email-status-of-alerts.md b/docs/kb/endpointprotector/how-to-check-the-history-and-email-status-of-alerts.md index 42873dc092..f68ce846f2 100644 --- a/docs/kb/endpointprotector/how-to-check-the-history-and-email-status-of-alerts.md +++ b/docs/kb/endpointprotector/how-to-check-the-history-and-email-status-of-alerts.md @@ -30,8 +30,8 @@ This article explains how to check the alert history, log details, and the statu 1. Navigate to the desired alert category, such as **System Alerts**, **Device Control Alerts**, **Content Aware Alerts**, or **EasyLock Alerts**. 2. Click **View History** to see the list of generated alerts. The alerts are listed under **Alerts History**. Each alert listed in **Alerts History** is also sent via email. - ![Alerts History page showing list of generated alerts](images/ka0Qk000000Dzth_0EMQk00000CJ9iD.png) + ![Alerts History page showing list of generated alerts](./images/ka0Qk000000Dzth_0EMQk00000CJ9iD.png) 3. In the **Actions** column for the desired alert, click the three-line menu, and then click **View**. - ![Actions column with View option highlighted](images/ka0Qk000000Dzth_0EMQk00000CJ1Co.png) + ![Actions column with View option highlighted](./images/ka0Qk000000Dzth_0EMQk00000CJ1Co.png) 4. The **Log Details** and **Alert Details** will be displayed, along with the **E-mail Status**. Here, you can see if the email was sent successfully from the Netwrix Endpoint Protector Server. - ![Log Details and E-mail Status section showing email delivery status](images/ka0Qk000000Dzth_0EMQk00000CJA4n.png) + ![Log Details and E-mail Status section showing email delivery status](./images/ka0Qk000000Dzth_0EMQk00000CJA4n.png) diff --git a/docs/kb/endpointprotector/how-to-deploy-the-windows-endpoint-protector-agent.md b/docs/kb/endpointprotector/how-to-deploy-the-windows-endpoint-protector-agent.md index 5cec0304ad..2ea5cb78cc 100644 --- a/docs/kb/endpointprotector/how-to-deploy-the-windows-endpoint-protector-agent.md +++ b/docs/kb/endpointprotector/how-to-deploy-the-windows-endpoint-protector-agent.md @@ -75,11 +75,11 @@ Deploying the agent via Group Policy requires editing the MSI either directly or 1. Download the Orca MSI (or your preferred MSI editing software; these instructions use Orca). 1. Orca can be installed from the Windows SDK and selecting the MSI options. - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lsoU.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lsoU.png) 2. Right-click on the `EPPClientSetup` MSI and select **Edit with Orca**. - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lrve.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lrve.png) 3. Click on **Transform** > **New Transform**. 4. Add the required properties to the Property Table. @@ -89,9 +89,9 @@ Deploying the agent via Group Policy requires editing the MSI either directly or 4. Click **Ok**. 5. Optional: If there are more properties that need changing or adding, such as not using the default department code, refer to the Appendix for the list of properties and change them all in the Properties table. - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005ls6y.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005ls6y.png) - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lxoA.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lxoA.png) 5. Generate the Transform. 1. Click on **Transform**. @@ -99,7 +99,7 @@ Deploying the agent via Group Policy requires editing the MSI either directly or 3. In the open box, save your transform. 4. Ensure the packages are placed on a network share that is accessible to all clients that need to install it. - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005m3Ov.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005m3Ov.png) 6. Deploy the MSI with the Transform file via Group Policy. 1. Open Group Policy Management Console. @@ -115,11 +115,11 @@ Deploying the agent via Group Policy requires editing the MSI either directly or 11. Select the transform file and click **Ok**. 12. Click **Ok**. - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005m3VN.png) - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lwId.png) - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005m3gf.png) - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005m13n.png) - ![image.png](images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lzGU.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005m3VN.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lwId.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005m3gf.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005m13n.png) + ![image.png](./images/ka0Qk0000004Rkn_00N0g000004CA0p_0EMQk000005lzGU.png) ## Appendix diff --git a/docs/kb/endpointprotector/how-to-monitor-webmail-for-gmail-outlook-and-yahoo.md b/docs/kb/endpointprotector/how-to-monitor-webmail-for-gmail-outlook-and-yahoo.md index ea88306dcf..09311c6f39 100644 --- a/docs/kb/endpointprotector/how-to-monitor-webmail-for-gmail-outlook-and-yahoo.md +++ b/docs/kb/endpointprotector/how-to-monitor-webmail-for-gmail-outlook-and-yahoo.md @@ -33,4 +33,4 @@ This article explains how you can enable the **Monitor webmail** setting in Netw When you enable this setting, it allows monitoring of the subject and body fields for Gmail, Outlook, and Yahoo webmail accessed through browsers. -![Deep Packet Inspection settings page with Monitor webmail option highlighted](images/ka0Qk000000Drsv_0EMQk00000CB41O.png) +![Deep Packet Inspection settings page with Monitor webmail option highlighted](./images/ka0Qk000000Drsv_0EMQk00000CB41O.png) diff --git a/docs/kb/endpointprotector/how-to-set-fqdn-in-server-certificate-subject.md b/docs/kb/endpointprotector/how-to-set-fqdn-in-server-certificate-subject.md index b604c8f83f..ab86062bf0 100644 --- a/docs/kb/endpointprotector/how-to-set-fqdn-in-server-certificate-subject.md +++ b/docs/kb/endpointprotector/how-to-set-fqdn-in-server-certificate-subject.md @@ -40,7 +40,7 @@ Yes, this is possible. Follow these steps to set the FQDN in the server certific 8. A green banner will appear at the top of the screen stating that the server certificate will be regenerated in a few minutes. You will be logged out from the user interface and will need to log in again. 9. Wait a few minutes until the certificate is regenerated. -![Server Certificate Stack configuration page with FQDN field highlighted](images/ka0Qk000000Dynx_0EMQk00000CKudS.png) +![Server Certificate Stack configuration page with FQDN field highlighted](./images/ka0Qk000000Dynx_0EMQk00000CKudS.png) ### Important Notes diff --git a/docs/kb/endpointprotector/how-to-use-easylock-without-endpoint-protector-software.md b/docs/kb/endpointprotector/how-to-use-easylock-without-endpoint-protector-software.md index 958cdf13f7..fe6f878619 100644 --- a/docs/kb/endpointprotector/how-to-use-easylock-without-endpoint-protector-software.md +++ b/docs/kb/endpointprotector/how-to-use-easylock-without-endpoint-protector-software.md @@ -33,4 +33,4 @@ When the EasyLock software is used on a computer without Netwrix Endpoint Protec After you open EasyLock, the application will prompt you for a password. Any data you copy into the application will be encrypted using 256-bit AES software encryption. Only users with the correct password can access the encrypted data. -![EasyLock password prompt on launch](images/ka0Qk000000DeHN_0EMQk00000CJ50H.png) +![EasyLock password prompt on launch](./images/ka0Qk000000DeHN_0EMQk00000CJ50H.png) diff --git a/docs/kb/endpointprotector/how_to_add_specific_devices_to_the_allow_list.md b/docs/kb/endpointprotector/how_to_add_specific_devices_to_the_allow_list.md index a0a642ce65..56bfb7c699 100644 --- a/docs/kb/endpointprotector/how_to_add_specific_devices_to_the_allow_list.md +++ b/docs/kb/endpointprotector/how_to_add_specific_devices_to_the_allow_list.md @@ -33,4 +33,4 @@ This article explains how to add specific devices to the allow list using the we ## Related Links -- [Set Rights for a Specific Device](/docs/kb/endpointprotector/device-control-and-access-management/set-rights-for-a-specific-device.md) \ No newline at end of file +- [Set Rights for a Specific Device](/docs/kb/endpointprotector/set-rights-for-a-specific-device) \ No newline at end of file diff --git a/docs/kb/endpointprotector/how_to_perform_a_backup_restore.md b/docs/kb/endpointprotector/how_to_perform_a_backup_restore.md index 987d8e1c68..cda42b07eb 100644 --- a/docs/kb/endpointprotector/how_to_perform_a_backup_restore.md +++ b/docs/kb/endpointprotector/how_to_perform_a_backup_restore.md @@ -50,4 +50,4 @@ By following these steps, you can successfully perform a backup and restore for ## Related Links - [System Backup V2](https://docs.netwrix.com/docs/endpointprotector/5_9_4_2/admin/systemmaintenance/backup) -- [Create a System Backup V2](/docs/kb/endpointprotector/enforced-encryption-and-easylock/create_a_system_backup_v2.md) \ No newline at end of file +- [Create a System Backup V2](/docs/kb/endpointprotector/create_a_system_backup_v2) \ No newline at end of file diff --git a/docs/kb/endpointprotector/installing-the-agent-with-proxy-settings-on-macos.md b/docs/kb/endpointprotector/installing-the-agent-with-proxy-settings-on-macos.md index e4389413e0..08ba663574 100644 --- a/docs/kb/endpointprotector/installing-the-agent-with-proxy-settings-on-macos.md +++ b/docs/kb/endpointprotector/installing-the-agent-with-proxy-settings-on-macos.md @@ -36,6 +36,6 @@ Follow the steps below to install the EPP agent with proxy settings on macOS: 4. If your proxy requires authentication, enter valid credentials in the appropriate fields. 5. You can enter a proxy IP address, DNS name, or fully qualified domain name (FQDN) in the proxy IP field. -![ ](images/ka0Qk000000Dein_0EMQk00000CV0zJ.png) +![ ](./images/ka0Qk000000Dein_0EMQk00000CV0zJ.png) 6. After installation is complete, wait a few minutes for processing. Then, verify that the computer appears in the **Device Control** > **Computers** section of the **Netwrix Endpoint Protector Web Console**. diff --git a/docs/kb/endpointprotector/troubleshoot_two-factor_authentication_issues.md b/docs/kb/endpointprotector/troubleshoot_two-factor_authentication_issues.md index db575d5331..b3432a8006 100644 --- a/docs/kb/endpointprotector/troubleshoot_two-factor_authentication_issues.md +++ b/docs/kb/endpointprotector/troubleshoot_two-factor_authentication_issues.md @@ -26,11 +26,11 @@ To troubleshoot issues with 2FA, try one or more of the following steps: 1. Ensure that the **Endpoint Protector** server date/time matches exactly with the date/time on the phone used to scan the QR code. This can be checked by following these steps: 1. In the **Endpoint Protector** console, go to **Appliance** > **Server Maintenance** and click **Synchronize time**. 2. Check the date and time on the phone. -2. Disable Two-Factor Authentication (2FA) in **Endpoint Protector**, then re-enable it. For detailed steps on enabling or disabling 2FA, see [Enable Two-Factor Authentication for System Admins with Google Authenticator App](/docs/kb/endpointprotector/administration-security-and-monitoring/enable_two-factor_authentication_for_system_admins_with_google_authenticator_app.md). +2. Disable Two-Factor Authentication (2FA) in **Endpoint Protector**, then re-enable it. For detailed steps on enabling or disabling 2FA, see [Enable Two-Factor Authentication for System Admins with Google Authenticator App](/docs/kb/endpointprotector/enable_two-factor_authentication_for_system_admins_with_google_authenticator_app). 3. Instead of scanning the QR code, manually enter the code in the **Google Authenticator** app. ## Related Links -- [Enable Two-Factor Authentication for System Admins with Google Authenticator App](/docs/kb/endpointprotector/administration-security-and-monitoring/enable_two-factor_authentication_for_system_admins_with_google_authenticator_app.md) -- [Managing System Administrators and Administrator Groups](/docs/kb/endpointprotector/administration-security-and-monitoring/managing-system-administrators-and-administrator-groups.md) +- [Enable Two-Factor Authentication for System Admins with Google Authenticator App](/docs/kb/endpointprotector/enable_two-factor_authentication_for_system_admins_with_google_authenticator_app) +- [Managing System Administrators and Administrator Groups](/docs/kb/endpointprotector/managing-system-administrators-and-administrator-groups) - [Two-Factor Authentication](https://docs.netwrix.com/docs/endpointprotector/admin/systemconfiguration/adminandaccess#two-factor-authentication) diff --git a/docs/kb/endpointprotector/understanding-the-rights-hierarchy-for-devices.md b/docs/kb/endpointprotector/understanding-the-rights-hierarchy-for-devices.md index 20bad5687b..93d48d4ae8 100644 --- a/docs/kb/endpointprotector/understanding-the-rights-hierarchy-for-devices.md +++ b/docs/kb/endpointprotector/understanding-the-rights-hierarchy-for-devices.md @@ -38,6 +38,6 @@ The rights hierarchy for devices, from lowest to highest, is as follows: ## Instructions 1. To set precedence between **Computer Rights** and **User Rights**, go to **System Configuration > System Settings** and select the desired option. - ![System Settings page showing precedence configuration for Computer or User Rights](images/ka0Qk000000DzNR_0EMQk00000BmNLl.png) + ![System Settings page showing precedence configuration for Computer or User Rights](./images/ka0Qk000000DzNR_0EMQk00000BmNLl.png) 2. **Custom Classes** have the highest priority and override all other rights. Use Custom Classes to globally set rights for a device or class of devices identified by VID, PID, and Serial Number. diff --git a/docs/kb/endpointprotector/user_remediation_reporting.md b/docs/kb/endpointprotector/user_remediation_reporting.md index 7f3918d636..eb6b6ab8a8 100644 --- a/docs/kb/endpointprotector/user_remediation_reporting.md +++ b/docs/kb/endpointprotector/user_remediation_reporting.md @@ -30,5 +30,5 @@ This article explains how to locate and review logs of end user responses to **U ## Related Links -- [How to Configure User Remediation for Device Contr](/docs/kb/endpointprotector/device-control-and-access-management/how-to-configure-user-remediation-for-device-control.md) -- [Enabling User Remediation in Content Aware Protection Policies](/docs/kb/endpointprotector/content-aware-protection-and-dpi/enabling-user-remediation-in-content-aware-protection-policies.md) \ No newline at end of file +- [How to Configure User Remediation for Device Contr](/docs/kb/endpointprotector/how-to-configure-user-remediation-for-device-control) +- [Enabling User Remediation in Content Aware Protection Policies](/docs/kb/endpointprotector/enabling-user-remediation-in-content-aware-protection-policies) \ No newline at end of file diff --git a/docs/kb/general/dmz-installation-portals-never-load.md b/docs/kb/general/dmz-installation-portals-never-load.md index dc08bc3533..2ed0fc8598 100644 --- a/docs/kb/general/dmz-installation-portals-never-load.md +++ b/docs/kb/general/dmz-installation-portals-never-load.md @@ -26,7 +26,7 @@ knowledge_article_id: kA00g000000H9afCAC I installed Password Manager portals on a server in a DMZ and configured as per Administrator's guide, but I cannot get to any portal. All 3 of them keep loading and do not show anything. -![User-added](images/servlet_image_6d5dba18caac.png) +![User-added](./images/servlet_image_6d5dba18caac.png) --- diff --git a/docs/kb/general/netwrix-auditor-health-log-error-event-id-6103-suggests-contacting-netwrix-technical-support.md b/docs/kb/general/netwrix-auditor-health-log-error-event-id-6103-suggests-contacting-netwrix-technical-support.md index 297e8beca9..9f2924adfd 100644 --- a/docs/kb/general/netwrix-auditor-health-log-error-event-id-6103-suggests-contacting-netwrix-technical-support.md +++ b/docs/kb/general/netwrix-auditor-health-log-error-event-id-6103-suggests-contacting-netwrix-technical-support.md @@ -46,8 +46,8 @@ An antivirus or EDR/XDR solution in your environment affects the operation of yo ## Resolution -Add antivirus exclusions to both your Netwrix Auditor monitoring plan and to targets by referring to the following article: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md). +Add antivirus exclusions to both your Netwrix Auditor monitoring plan and to targets by referring to the following article: [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor). ## Related Articles -- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/system-administration/security-hardening/antivirus-exclusions-for-netwrix-auditor.md) +- [Antivirus Exclusions for Netwrix Auditor](/docs/kb/auditor/antivirus-exclusions-for-netwrix-auditor) diff --git a/docs/kb/general/password-requirements-link.md b/docs/kb/general/password-requirements-link.md index d69dc87e82..01e50bd30a 100644 --- a/docs/kb/general/password-requirements-link.md +++ b/docs/kb/general/password-requirements-link.md @@ -22,12 +22,12 @@ knowledge_article_id: kA00g000000H9dWCAS There is an option to specify **Password requirements URL** in the **Branding** settings on the **Administrative portal**. -![User-added](images/servlet_image_6d5dba18caac.png) +![User-added](./images/servlet_image_6d5dba18caac.png) When you specify a link in this field, it will not appear on the **Self-Service portal** itself. The **Password requirements URL** is shown on an error screen that occurs if a specified password does not meet the password policy. -![User-added](images/servlet_image_6d5dba18caac.png) +![User-added](./images/servlet_image_6d5dba18caac.png) Please [contact Netwrix support](https://www.netwrix.com/support_ticket.html) if you want to change this behavior. diff --git a/docs/kb/general/report-download-permissions-denied.md b/docs/kb/general/report-download-permissions-denied.md index 96f929b549..d08e0269bb 100644 --- a/docs/kb/general/report-download-permissions-denied.md +++ b/docs/kb/general/report-download-permissions-denied.md @@ -24,7 +24,7 @@ knowledge_article_id: kA00g000000H9aWCAS You receive `Error: Permissions denied` or `Can't create the file: Permission denied` when trying to download any report from the Helpdesk portal -![User-added](images/servlet_image_6d5dba18caac.png) +![User-added](./images/servlet_image_6d5dba18caac.png) --- @@ -44,4 +44,4 @@ To grant permission: 3. **Add** the account and enable **Write** Allow checkbox 4. Click **Ok**, then **Ok** again -![User-added](images/servlet_image_6d5dba18caac.png) +![User-added](./images/servlet_image_6d5dba18caac.png) diff --git a/docs/kb/general/this-portal-is-temporarily-unavailable-please-contact-your-it-help-desk.md b/docs/kb/general/this-portal-is-temporarily-unavailable-please-contact-your-it-help-desk.md index 17d222b161..4fae758682 100644 --- a/docs/kb/general/this-portal-is-temporarily-unavailable-please-contact-your-it-help-desk.md +++ b/docs/kb/general/this-portal-is-temporarily-unavailable-please-contact-your-it-help-desk.md @@ -28,7 +28,7 @@ knowledge_article_id: kA00g000000H9ZECA0 Self-Service portal of Password Manager shows the following message: **`This portal is temporarily unavailable, please contact your IT help desk.`** -![User-added](images/servlet_image_6d5dba18caac.png) +![User-added](./images/servlet_image_6d5dba18caac.png) --- @@ -39,7 +39,7 @@ Password Manager allows you to select options that are available on the Self-Ser If all options are disabled, then the portal shows the **"This portal is temporarily unavailable, please contact your IT help desk."** message. This configuration is done on the **Administrative portal**, in **Settings - User options** tab. -![User-added](images/servlet_image_6d5dba18caac.png) +![User-added](./images/servlet_image_6d5dba18caac.png) --- @@ -48,10 +48,10 @@ This configuration is done on the **Administrative portal**, in **Settings - Use To resolve this, enable at least one option for the Self-Service portal. 1. Navigate to the **Administrative portal**, and go to **Settings** - ![User-added](images/servlet_image_6d5dba18caac.png) + ![User-added](./images/servlet_image_6d5dba18caac.png) 2. Then select the **User options** tab and enable options you need - ![User-added](images/servlet_image_6d5dba18caac.png) + ![User-added](./images/servlet_image_6d5dba18caac.png) 3. Click **Apply** diff --git a/docs/kb/general/welcome-to-documentation-and-knowledge-base-help-center.md b/docs/kb/general/welcome-to-documentation-and-knowledge-base-help-center.md index bdc55871bf..9a69921b6c 100644 --- a/docs/kb/general/welcome-to-documentation-and-knowledge-base-help-center.md +++ b/docs/kb/general/welcome-to-documentation-and-knowledge-base-help-center.md @@ -40,7 +40,7 @@ Help us improve contents by providing feedback via the form which is available o > **IMPORTANT:** It is highly recommended to register and login to the Help Center in order to get access to all the content. Check these options in the top-right corner: > -> ![Group 142.png](images/servlet_image_6d5dba18caac.png) +> ![Group 142.png](./images/servlet_image_6d5dba18caac.png) 1. Select the Knowledge base filter. To do this, use one of the following options: - Open a [search page with the selected **Knowledge Base** filter](/docs/kb/ or diff --git a/docs/kb/passwordreset/cannot-login-the-helpdesk-and-admin-portal.md b/docs/kb/passwordreset/cannot-login-the-helpdesk-and-admin-portal.md index 678da9f23a..fe297060cd 100644 --- a/docs/kb/passwordreset/cannot-login-the-helpdesk-and-admin-portal.md +++ b/docs/kb/passwordreset/cannot-login-the-helpdesk-and-admin-portal.md @@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9aeCAC When trying to access the Admin or Helpdesk portal, in both cases you receive an IIS login prompt that you are unable to get past. -![User-added](images/ka04u00000116eiAAA_1.png) +![User-added](./images/ka04u00000116eiAAA_1.png) You have verified that username and password are correct. @@ -53,7 +53,7 @@ To resolve the issue please verify the following: 3. In the **Properties** dialog, open the **Directory Security** tab, and select **Edit** for **Authentication and Access Control**. 4. In the **Authentication Methods** dialog, select either the **Integrated Windows authentication** box or **Basic authentication** (password is sent in clear text), and clear all other authentication options for Authentication access. -![User-added](images/ka04u00000116eiAAA_2.png) +![User-added](./images/ka04u00000116eiAAA_2.png) To ensure the required settings are enabled in **IIS7**, do the following: @@ -63,7 +63,7 @@ b) In the Manager central pane, double-click the **Authentication** option. c) In the Authentication list, enable either the **Windows Authentication** option or **Basic Authentication**, and disable all other authentication options. -![User-added](images/ka04u00000116eiAAA_3.png) +![User-added](./images/ka04u00000116eiAAA_3.png) 3. The account you are using has READ access to the physical directory of the Web-portal (by default `C:Program Files (x86)Netwrix Password Manager`). @@ -72,4 +72,4 @@ c) In the Authentication list, enable either the **Windows Authentication** opti 2. In the **Internet Properties** dialog, open the **Connections** tab and click the **LAN settings** button. 3. Make sure the **Use a proxy server for your LAN** option is not enabled. Otherwise, make sure the **Bypass proxy server for local addresses** option is enabled too; in this case the Help-Desk portal must be a member of the **Local intranet zone**, or specified as an exception. -![User-added](images/ka04u00000116eiAAA_4.png) +![User-added](./images/ka04u00000116eiAAA_4.png) diff --git a/docs/kb/privilegesecure/active-directory-ad-users-groups-or-computers-not-available-to-add-to-sbpam.md b/docs/kb/privilegesecure/active-directory-ad-users-groups-or-computers-not-available-to-add-to-sbpam.md index 6100619aa4..c2cc0acd64 100644 --- a/docs/kb/privilegesecure/active-directory-ad-users-groups-or-computers-not-available-to-add-to-sbpam.md +++ b/docs/kb/privilegesecure/active-directory-ad-users-groups-or-computers-not-available-to-add-to-sbpam.md @@ -38,6 +38,6 @@ Recently created Active Directory (AD) users, groups, or computers may not be im 4. Confirm the **Last Synchronized** date and time. - If it is not recent, click **Synchronize Now** to immediately run a domain sync. -![A domain resource as displayed in Netwrix Privilege Secure's web application.](images/ka04u000000HdF1_00N0g000004CA0p_0EM4u000004biML.png) +![A domain resource as displayed in Netwrix Privilege Secure's web application.](./images/ka04u000000HdF1_00N0g000004CA0p_0EM4u000004biML.png) Upon successful domain sync, the **Last Synchronized** field for the domain will update. All users, groups, and computers in the domain will now be available to be onboarded to Netwrix Privilege Secure. diff --git a/docs/kb/privilegesecure/add-active-directory-federation-services-ad-fs-as-an-authentication-connector-openid-connect.md b/docs/kb/privilegesecure/add-active-directory-federation-services-ad-fs-as-an-authentication-connector-openid-connect.md index 3f87a364d7..a3a18a8ebe 100644 --- a/docs/kb/privilegesecure/add-active-directory-federation-services-ad-fs-as-an-authentication-connector-openid-connect.md +++ b/docs/kb/privilegesecure/add-active-directory-federation-services-ad-fs-as-an-authentication-connector-openid-connect.md @@ -35,31 +35,31 @@ This article outlines the process of adding Active Directory Federation Services 1. Launch **AD FS Management** on the AD FS server: - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUfU.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUfU.png) 2. Right-click on **Application Groups** and select **Add Application Group…** - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUfd.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUfd.png) 3. Select **Native application accessing a web API** and enter "SbPAM (OIDC)" as the **Name**, then click **Next**. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUfn.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUfn.png) 4. Copy the **Client Identifier** value; you will need that when configuring Netwrix Privilege Secure. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUfi.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUfi.png) 5. For the **Redirect URI**, use the Netwrix Privilege Secure server's URL followed by `/callback`. For example: `https://:6500/callback`. Click **Add**, then **Next**. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUfs.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUfs.png) 6. For the **Identifier** of the Web API, use the Netwrix Privilege Secure server's URL. Click **Add**, then click **Next**. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUfx.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUfx.png) 7. For **Apply Access Control Policy**, leave all defaults and then click **Next**. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUg2.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUg2.png) 8. For **Configure Application Permissions**, enable the following and then click **Next**: @@ -67,17 +67,17 @@ This article outlines the process of adding Active Directory Federation Services - `openid` - `profile` - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgC.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgC.png) 9. Review the Summary, then click **Finish**. 10. Double-click on the newly created Application Group, then double-click on the Web API application, then navigate to the **Issuance Transform Rules** tab. Click **Add Rule...** - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgH.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgH.png) 11. From the dropdown, select **Send Claims Using a Custom Rule** and click **Next**. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgM.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgM.png) 12. Name the rule "Send attributes", and add the following custom rule: @@ -86,7 +86,7 @@ This article outlines the process of adding Active Directory Federation Services => issue(claim = x); ``` - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgR.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgR.png) Click **Finish**, **Apply**, **OK**, then **OK** again. You can now close **AD FS**. @@ -109,7 +109,7 @@ Once the *Steps for AD FS* have been completed, take the following steps in Netw 2. Give the new connector a name, description (optional), and a Connector Type of "OpenID Connect". - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgW.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgW.png) 3. Click on **Configuration Wizard**. @@ -120,7 +120,7 @@ Once the *Steps for AD FS* have been completed, take the following steps in Netw - **Callback Address:** `https://:6500/callback` - **CORS:** `https://:6500` - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgb.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgb.png) 5. Click **Test Connection**. If brought to a log-in page, click **Back** in your web browser and then **Next** in the Netwrix Privilege Secure wizard. If the page refreshes and brings you back to the Netwrix Privilege Secure wizard, you should also click **Next** to proceed. @@ -128,14 +128,14 @@ Once the *Steps for AD FS* have been completed, take the following steps in Netw 7. Click **Get User Data**. Locate a mapping you would like to use when users sign in to Netwrix Privilege Secure using AD FS, such as an email address or UPN. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgq.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgq.png) Click on the mapping, click **Select**, select the matching Active Directory mapping from the displayed dropdown, then click **Finish**. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgg.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgg.png) 8. The last step is to navigate to specific users in Netwrix Privilege Secure's **Users & Groups** menu, and assign the AD FS OIDC authenticator. - ![User-added image](images/ka04u000000HcZn_0EM4u000004bUgl.png) + ![User-added image](./images/ka04u000000HcZn_0EM4u000004bUgl.png) When using the OIDC log-in option, the user will be redirected to log in to AD FS. Upon successful authentication, the user will be redirected to the Netwrix Privilege Secure UI as their now logged-in user. diff --git a/docs/kb/privilegesecure/add-active-directory-federation-services-ad-fs-as-an-authentication-connector-saml.md b/docs/kb/privilegesecure/add-active-directory-federation-services-ad-fs-as-an-authentication-connector-saml.md index 1b9eaf3abd..6761f3b809 100644 --- a/docs/kb/privilegesecure/add-active-directory-federation-services-ad-fs-as-an-authentication-connector-saml.md +++ b/docs/kb/privilegesecure/add-active-directory-federation-services-ad-fs-as-an-authentication-connector-saml.md @@ -30,40 +30,40 @@ This article outlines the process of adding Active Directory Federation Services ### Steps for Active Directory Federation Services (AD FS) 1. Launch **AD FS Management** on the AD FS server: - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUhA.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUhA.png) 2. Right-click on **Application Groups** and select **Add Application Group…** - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUhK.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUhK.png) 3. Select **Native application accessing a web API** and enter "SbPAM (SAML)" as the **Name**, then click **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUhP.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUhP.png) 4. Copy the **Client Identifier** value; you will need that when configuring Netwrix Privilege Secure. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUhU.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUhU.png) 5. For the **Redirect URI**, use the following URI with the hostname of the SbPAM server customized to match your environment. For example: `https://:6500/samlSigninCallback`. Click **Add**, then **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUhZ.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUhZ.png) 6. For the **Identifier** of the Web API, enter `sbpamsaml.stealthbits.com`, click **Add**, then click **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUiD.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUiD.png) 7. For **Apply Access Control Policy**, leave all defaults and then click **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUiI.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUiI.png) 8. For **Configure Application Permissions**, enable the following and then click **Next**: - `allatclaims` - `email` - `openid` - `profile` - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUi8.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUi8.png) 9. Click **Next** on the remaining pages until the wizard completes. 10. In the left sidebar of **AD FS**, click on the **Relying Party Trusts** folder. In the right sidebar, click **Add Relying Party Trust...** - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUho.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUho.png) 11. Select **Claims aware** and click **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUhy.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUhy.png) 12. For **Select Data Source**, select **Enter data about the relying party manually** and click **Next**. @@ -72,26 +72,26 @@ This article outlines the process of adding Active Directory Federation Services 14. For **Configure Certificate**, leave the default values and click **Next**. 15. For **Configure URL**, check **Enable support for the SAML 2.0 WebSSO protocol** and enter your AD FS server's FQDN followed by `/adfs/ls`. For example: `https://adfs-server.domain.com/adfs/ls`. Click **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUiN.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUiN.png) 16. For **Configure Identifiers**, use the value `sbpamsaml.stealthbits.com`, click **Add**, then click **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUiS.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUiS.png) 17. Leave **Choose Access Control Policy** as default values and click **Next**, then click **Next** through the remaining pages to finish the wizard. 18. When the wizard closes, a window for **Issuance Transform Rules** will automatically open. Click **Add Rule...**. 19. Select **Send LDAP Attributes as Claims**, and click **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUiX.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUiX.png) 20. Name the rule "Send attributes", select "Active Directory" as the **Attribute store**, map the following **LDAP Attributes** to **Outgoing Claim Types**, click **Finish**, then click **Apply** and **OK**: - `SAM-Account-Name` → `Name` - `User-Principal-Name` → `UPN` - `E-Mail-Addresses` → `E-Mail Address` - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUic.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUic.png) 21. Double-click on the **Relying Party Trust** created in the previous steps (named "SbPAM (SAML)"), and navigate to the **Endpoints** tab. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUih.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUih.png) Add the following endpoints (click **Add SAML...**): @@ -99,14 +99,14 @@ This article outlines the process of adding Active Directory Federation Services Binding: POST Index: 0 Trusted URL: `https://:6500/samlSigninCallback` - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUim.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUim.png) - Endpoint type: SAML Logout Binding: POST Index: 0 Trusted URL: `https://.domain.com/adfs/ls/?wa=wsignout1.0&wreply=https://:6500` Response URL: `https://:6500/login` - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUir.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUir.png) Click **OK**, **Apply**, then **OK**. @@ -119,7 +119,7 @@ Once the *Steps for AD FS* have been completed, take the following steps in Netw 1. As a Netwrix Privilege Secure admin, navigate in Netwrix Privilege Secure to **Configuration > Authentication**, and click the green **"+"** button to add a new Authentication Connector. 2. Give the new connector a name, description (optional), and a Connector Type of "SAML". - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUiw.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUiw.png) 3. Click on **Configuration Wizard**. @@ -127,29 +127,29 @@ Once the *Steps for AD FS* have been completed, take the following steps in Netw - Signin URI: `https://.domain.com/adfs/ls` - Callback Address: `https://:6500/samlSigninCallback` - CORS: `https://:6500` - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUj1.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUj1.png) Click **Test Connection**. If brought to a log-in page, click **Back** in your web browser and then **Next** in the Netwrix Privilege Secure wizard. If the page refreshes and brings you back to the Netwrix Privilege Secure wizard, click **Next** to proceed. 5. Select "Unspecified" for the **Name ID Policy**, and add a certificate if required. Then, click **Login** and sign in to AD FS using Active Directory credentials. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUj6.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUj6.png) When redirected back to this page after signing in to AD FS, if the message at the bottom reads "Login was successful" then click **Next**. 6. Locate a mapping you would like to use when users sign in to Netwrix Privilege Secure using AD FS, such as an email address or UPN. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUjB.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUjB.png) Click on the mapping, click **Select**, select the matching Active Directory mapping from the displayed dropdown, then click **Next**. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUjG.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUjG.png) 7. For the **Signout URI** and **Signout Callback URI**, use the following values: - Signout URI: `https://.domain.com/adfs/ls/?wa=wsignout1.0&wreply=` - Signout Callback URI: `https://:6500` - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUjL.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUjL.png) Click **Test Log Out**, then **Finish** to complete the wizard. AD FS has now been added to Netwrix Privilege Secure (via SAML) as an Authentication Connector. 8. The last step is to navigate to specific users in Netwrix Privilege Secure's **Users & Groups** menu, and assign the AD FS SAML authenticator. - ![User-added image](images/ka04u000000wwIE_0EM4u000004bUjQ.png) + ![User-added image](./images/ka04u000000wwIE_0EM4u000004bUjQ.png) When using the SAML log-in option, the user will be redirected to sign in to AD FS. Upon successful authentication, the user will be redirected to the Netwrix Privilege Secure UI as their now signed-in user. diff --git a/docs/kb/privilegesecure/add-cache-settings-for-javascript-files-to-improve-nps-page-load-performance.md b/docs/kb/privilegesecure/add-cache-settings-for-javascript-files-to-improve-nps-page-load-performance.md index 66dea6b084..fb9567777b 100644 --- a/docs/kb/privilegesecure/add-cache-settings-for-javascript-files-to-improve-nps-page-load-performance.md +++ b/docs/kb/privilegesecure/add-cache-settings-for-javascript-files-to-improve-nps-page-load-performance.md @@ -69,10 +69,10 @@ To address this issue, you can create an IIS configuration setting that will upd 8. Open your NPS web page and look at the `Network` tab in the developer tools Window. 9. See the page download: - ![001.png](images/ka0Qk0000000zjR_0EM4u000008M2O1.png) + ![001.png](./images/ka0Qk0000000zjR_0EM4u000008M2O1.png) 10. Reload the page, see it is loaded from the cache: - ![002.png](images/ka0Qk0000000zjR_0EM4u000008M2O6.png) + ![002.png](./images/ka0Qk0000000zjR_0EM4u000008M2O6.png) 11. Copy the updated `web.config` to `C:\Program Files\Stealthbits\PAM\Web\web.config.rewrite`, you will need this for future upgrades. diff --git a/docs/kb/privilegesecure/add-microsoft-entra-id-as-an-authentication-connector-openid-connect.md b/docs/kb/privilegesecure/add-microsoft-entra-id-as-an-authentication-connector-openid-connect.md index 54712cc934..bdc19d9e1a 100644 --- a/docs/kb/privilegesecure/add-microsoft-entra-id-as-an-authentication-connector-openid-connect.md +++ b/docs/kb/privilegesecure/add-microsoft-entra-id-as-an-authentication-connector-openid-connect.md @@ -42,7 +42,7 @@ Perform the following steps in Microsoft Entra ID as an administrator to prepare https://your-sbpam-server-hostname:6500/callback ``` - ![App registration page with Redirect URI field highlighted](images/ka0Qk000000DtGP_0EM4u000004bUjf.png) + ![App registration page with Redirect URI field highlighted](./images/ka0Qk000000DtGP_0EM4u000004bUjf.png) 4. Click **Register**. After registration completes, you will be redirected to the new app's **Overview** page. 5. In the left sidebar, click **Authentication**. Scroll down and enter the same **Callback Address** from Step 3 in the **Front-channel logout URL** field. @@ -50,7 +50,7 @@ Perform the following steps in Microsoft Entra ID as an administrator to prepare - **Access tokens (used for implicit flows)** - **ID tokens (used for implicit and hybrid flows)** - ![Authentication settings with token options enabled](images/ka0Qk000000DtGP_0EM4u000004bUjk.png) + ![Authentication settings with token options enabled](./images/ka0Qk000000DtGP_0EM4u000004bUjk.png) 6. Click **Save** at the top of the page, then return to the app's **Overview** page. 7. Click **Endpoints** near the top of the page. Copy the **OpenID Connect metadata document** URL and open it in a new browser tab. @@ -71,19 +71,19 @@ After completing the **Steps for Microsoft Entra ID**, perform the following ste 1. As a Netwrix Privilege Secure administrator, navigate to **Configuration > Authentication** and click the green **+** button to add a new Authentication Connector. 2. Enter a name and (optionally) a description for the new connector. Set the **Connector Type** to **OpenID Connect**. - ![Authentication Connector creation dialog with OpenID Connect selected](images/ka0Qk000000DtGP_0EM4u000004bUjp.png) + ![Authentication Connector creation dialog with OpenID Connect selected](./images/ka0Qk000000DtGP_0EM4u000004bUjp.png) 3. Click **Configuration Wizard**. 4. On the wizard's **Configure Client** page, enter the **Issuer** and **Client ID** (from the **Steps for Microsoft Entra ID**) in the respective fields. - ![Configure Client page with Issuer and Client ID fields](images/ka0Qk000000DtGP_0EM4u000004bUju.png) + ![Configure Client page with Issuer and Client ID fields](./images/ka0Qk000000DtGP_0EM4u000004bUju.png) 5. Click **Test Connection**. On the Microsoft Entra ID sign-in page that loads, **do not sign in**. Once you have verified that the sign-in page loaded properly, click the back button in your browser to return to Netwrix Privilege Secure. The connection test is successful if Microsoft Entra ID did not display an error. 6. Click **Next** to advance in the Authentication Connector Configuration Wizard. You will now be on the **Test Login** page. 7. Click **Login** and sign in as any Microsoft Entra ID user (this does not need to be an administrator). You will be prompted to accept the app's requested permissions. Check **Consent on behalf of your organization** and click **Accept**. - ![Microsoft Entra ID permissions consent dialog](images/ka0Qk000000DtGP_0EM4u000004bUjz.png) + ![Microsoft Entra ID permissions consent dialog](./images/ka0Qk000000DtGP_0EM4u000004bUjz.png) 8. Click **Next** in the wizard. You will now be on the **Configure Id Mapping** page. 9. Click **Get User Data**. @@ -95,21 +95,21 @@ After completing the **Steps for Microsoft Entra ID**, perform the following ste > **IMPORTANT:** Make sure to use a field that has an `ID TOKEN` source, rather than `ACCESS TOKEN`. - ![User data mapping table with ID Token source highlighted](images/ka0Qk000000DtGP_0EM4u000004bUk9.png) + ![User data mapping table with ID Token source highlighted](./images/ka0Qk000000DtGP_0EM4u000004bUk9.png) Once the desired field has been found, click on it and then click **Select**. 10. You will now be back in the Authentication Connector Configuration Wizard, on the **Configure Id Mapping** page. Make sure the **Login Format** dropdown matches the ID Token field selected from Microsoft Entra ID in the previous step. For example, if you chose **Email** for the field in the previous step, then this dropdown should also be **Email Address**. - ![Login Format dropdown with Email Address selected](images/ka0Qk000000DtGP_0EM4u000004bUkE.png) + ![Login Format dropdown with Email Address selected](./images/ka0Qk000000DtGP_0EM4u000004bUkE.png) 11. Click **Finish** on the summary modal, and then **Save** for the authentication connector. 12. You can now assign this authentication connector to a user via the **Authentication Connector** tab for a user accessed in Netwrix Privilege Secure's **Users & Groups** page. - ![Authentication Connector assignment in Users & Groups page](images/ka0Qk000000DtGP_0EM4u000004bUkJ.png) + ![Authentication Connector assignment in Users & Groups page](./images/ka0Qk000000DtGP_0EM4u000004bUkJ.png) Users with this authentication connector assignment can now use this authentication connector option on the Netwrix Privilege Secure log-in screen. - ![Netwrix Privilege Secure login screen with OpenID Connect option](images/ka0Qk000000DtGP_0EM4u000004bUkO.png) + ![Netwrix Privilege Secure login screen with OpenID Connect option](./images/ka0Qk000000DtGP_0EM4u000004bUkO.png) When using the OpenID Connect log-in option, the user will be redirected to sign in to Microsoft Entra ID. Upon successful authentication, the user will be redirected to the Netwrix Privilege Secure UI as their signed-in user. diff --git a/docs/kb/privilegesecure/add-microsoft-entra-id-as-an-authentication-connector-saml.md b/docs/kb/privilegesecure/add-microsoft-entra-id-as-an-authentication-connector-saml.md index 31d4840517..2039723522 100644 --- a/docs/kb/privilegesecure/add-microsoft-entra-id-as-an-authentication-connector-saml.md +++ b/docs/kb/privilegesecure/add-microsoft-entra-id-as-an-authentication-connector-saml.md @@ -38,13 +38,13 @@ This article outlines the process of adding Microsoft Entra ID (formerly Azure A Give the app any name, and set the radio button to **Integrate any other application you don't find in the gallery (Non-gallery)**. Click **Create**. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUkT.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUkT.png) 4. You’ll be redirected to the new app’s **Overview** page. In the left sidebar, select **Single sign-on**, then select **SAML**. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUkY.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUkY.png) 5. For Step 1 in this wizard (**Basic SAML Configuration**), click **Edit**. @@ -56,17 +56,17 @@ This article outlines the process of adding Microsoft Entra ID (formerly Azure A https://:6500/samlSigninCallback ``` - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUh1.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUh1.png) Click **Save** after making changes, and then close the editor for **Basic SAML Configuration**. 6. Scroll down to section 3, and download the **Certificate (Base64)**. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUkd.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUkd.png) 7. Scroll down to section 4, and copy the **Login URL** for later use. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUki.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUki.png) 8. In the left sidebar, click on **Users and Groups**. Add a Microsoft Entra ID user to this page (**Add user/group** button near the top). @@ -87,12 +87,12 @@ This article outlines the process of adding Microsoft Entra ID (formerly Azure A 1. As a Netwrix Privilege Secure admin, navigate in Netwrix Privilege Secure to **Configuration > Authentication**, and click the green **"+"** button to add a new Authentication Connector. 2. Give the new connector a name, description (optional), and a Connector Type of "SAML". - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUkn.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUkn.png) 3. Click on **Configuration Wizard**. 4. On the **Configure Client** page of that wizard, use the **Login URL** in the **Signin URI** field (the **Login URL** was obtained in the Steps for Microsoft Entra ID). All fields should now be filled in. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUks.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUks.png) 5. Click **Test Connection**. @@ -112,7 +112,7 @@ This article outlines the process of adding Microsoft Entra ID (formerly Azure A In simple terms, there needs to be a property for each user in on-prem Active Directory and Microsoft Entra ID that matches. Often, this is an email address. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUkx.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUkx.png) Once the desired field has been found, click on it and then click **Select** (you may need to scroll down in the modal to see this button). @@ -120,7 +120,7 @@ This article outlines the process of adding Microsoft Entra ID (formerly Azure A For example, if you chose **Email** for the field in the previous step then this dropdown should also be **Email Address**. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUl2.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUl2.png) 11. Click **Next**. On the next page, enter the following for the **Signout URI**: @@ -130,14 +130,14 @@ This article outlines the process of adding Microsoft Entra ID (formerly Azure A Click **Test Log Out** to sign out of the SAML provider. If the log out was performed correctly, click **Finish** then **Okay**, otherwise confirm the settings and try again. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUl7.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUl7.png) 12. You can now assign this authentication connector to a user via the **Authentication Connector** tab for a user accessed in Netwrix Privilege Secure's **Users & Groups** page. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUlC.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUlC.png) Users with this authentication connector assignment can now use this authentication connector option on the Netwrix Privilege Secure log-in screen. - ![User-added image](images/ka0Qk0000003IQD_0EM4u000004bUlH.png) + ![User-added image](./images/ka0Qk0000003IQD_0EM4u000004bUlH.png) When using the SAML log-in option, the user will be redirected to sign in to Microsoft Entra ID. Upon successful authentication, the user will be redirected to the Netwrix Privilege Secure UI as their now signed-in user. diff --git a/docs/kb/privilegesecure/add-vmware-vcenter-website-to-browser-extension.md b/docs/kb/privilegesecure/add-vmware-vcenter-website-to-browser-extension.md index 4b5c52ab41..a5d6e6e4a2 100644 --- a/docs/kb/privilegesecure/add-vmware-vcenter-website-to-browser-extension.md +++ b/docs/kb/privilegesecure/add-vmware-vcenter-website-to-browser-extension.md @@ -33,14 +33,14 @@ This article outlines the process of adding a VMware vCenter web application (we 1. **Create a VMware vCenter website Activity** (be sure to enter the URL normally used to log-in to vCenter, and any Active Directory (AD) group that would give the account permission to log-in). Note that this example is for an **Activity Token**, however **Managed Account** and **Requester** workflows are also supported. - ![User-added image](images/ka04u000000HcZr_0EM4u000004bUlM.png) + ![User-added image](./images/ka04u000000HcZr_0EM4u000004bUlM.png) 2. **Create a Website Resource**. Enter the URL for vCenter, and also (if possible) choose a resource that is in the same AD domain as the vSphere host. This is to ensure that when an account is created and group permissions are granted to it, it will happen on a Domain Controller (DC) close to where vSphere would normally authenticate to. This prevents needing to wait for permissions to replicate when logging-in to vSphere. - ![User-added image](images/ka04u000000HcZr_0EM4u000004bUlR.png) + ![User-added image](./images/ka04u000000HcZr_0EM4u000004bUlR.png) 3. **Create an Access Policy** that links a user to the vSphere Activity and the Website Resource. - ![User-added image](images/ka04u000000HcZr_0EM4u000004bUlW.png) + ![User-added image](./images/ka04u000000HcZr_0EM4u000004bUlW.png) 4. There should now be a vSphere activity in the Netwrix Privilege Secure Browser Extension, with the ability to select it to create a session (click once) and then launch vSphere (click again). diff --git a/docs/kb/privilegesecure/apply-a-new-license.md b/docs/kb/privilegesecure/apply-a-new-license.md index 02beb13caf..7e408a7ce1 100644 --- a/docs/kb/privilegesecure/apply-a-new-license.md +++ b/docs/kb/privilegesecure/apply-a-new-license.md @@ -36,13 +36,13 @@ Netwrix Privilege Secure Access Management comes with a 30-day trial license. On 2. In the upper-right of the page, click your account name, and then click **About Netwrix Privilege Secure Access Management**. - ![The user settings dropdown menu in Netwrix Privilege Secure Access Management.](images/ka0Qk000000DgJB_0EM4u000004biJb.png) + ![The user settings dropdown menu in Netwrix Privilege Secure Access Management.](./images/ka0Qk000000DgJB_0EM4u000004biJb.png) The **About Netwrix Privilege Secure Access Management** page will be displayed, including an **Import License** button that you can use to update the product's license. **_IMPORTANT:_** _If a new license key file is needed, please contact your Netwrix or Netwrix Account Manager._ - ![The About page in Netwrix Privilege Secure Access Management's web application interface.](images/ka0Qk000000DgJB_0EM4u000004biJg.png) + ![The About page in Netwrix Privilege Secure Access Management's web application interface.](./images/ka0Qk000000DgJB_0EM4u000004biJg.png) 3. Click **Import License**. A Windows file dialog will open. Navigate to the location of the new license key file, select it, and click **Open**. The license will be imported, and the displayed license information will be updated. diff --git a/docs/kb/privilegesecure/configuring-a-custom-radius-authentication-connector.md b/docs/kb/privilegesecure/configuring-a-custom-radius-authentication-connector.md index 70e4ebbfc3..772663e317 100644 --- a/docs/kb/privilegesecure/configuring-a-custom-radius-authentication-connector.md +++ b/docs/kb/privilegesecure/configuring-a-custom-radius-authentication-connector.md @@ -33,9 +33,9 @@ Ensure that you have a RADIUS server installed and configured in your environmen ## Instructions 1. In Netwrix Privilege Secure (NPS), navigate to **Configuration > Authentication**. Select the **green plus sign** to create a new Authentication Connector. 2. Provide a name for the Connector and select the **MFA** Connector Type. - ![rtaImage.jpg](images/ka0Qk000000B1aH_0EMQk000008j38P.png) + ![rtaImage.jpg](./images/ka0Qk000000B1aH_0EMQk000008j38P.png) 3. Click **Save**, and then configure the connector with the appropriate values for your RADIUS server. - ![rtaImage 2.jpg](images/ka0Qk000000B1aH_0EMQk000008j3Bd.png) + ![rtaImage 2.jpg](./images/ka0Qk000000B1aH_0EMQk000008j3Bd.png) 4. Open the **appsettings.json** file. On a default installation, it will be located in the following path: ``` diff --git a/docs/kb/privilegesecure/configuring-the-netwrix-privilege-secure-rds-web-app-launcher.md b/docs/kb/privilegesecure/configuring-the-netwrix-privilege-secure-rds-web-app-launcher.md index 941cd7ac17..8111439a1e 100644 --- a/docs/kb/privilegesecure/configuring-the-netwrix-privilege-secure-rds-web-app-launcher.md +++ b/docs/kb/privilegesecure/configuring-the-netwrix-privilege-secure-rds-web-app-launcher.md @@ -33,7 +33,7 @@ The Web App Launcher can be downloaded from [this link](https://dl.netwrix.com/a On the RDS server, extract the files to a directory of your choosing. For the examples in this article, `C:\webapp-launcher\` will be used. -![image.png](images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tL01.png) +![image.png](./images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tL01.png) ## Configuration @@ -48,7 +48,7 @@ There are configurable runtime settings that you can apply to the Web App Launch In order to configure these settings, open `appsettings.json` in your Web App Launcher directory. The `ChromeOptions` section contains the above settings. Change the values as required, and save the file. -![image.png](images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tH7k.png) +![image.png](./images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tH7k.png) Note that these settings affect all websites launched from this Web App Launcher. If it is necessary to have multiple sets of settings, create another Web App Launcher directory with a different `appsettings.json` configuration, and use the appropriate one in NPS. @@ -59,12 +59,12 @@ In order to use the Web App Launcher, an Application User must be created in NPS Any backslashes (\\) in the app secret must be escaped with a preceding backslash (\\\\) ::: -![image.png](images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tPOb.png) +![image.png](./images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tPOb.png) ### Web App Launcher Directories Ensure that the indicated paths correspond to the chosen Web App Launcher directory. -![image.png](images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tlXC.png) +![image.png](./images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tlXC.png) ## Launch Options and Examples @@ -83,7 +83,7 @@ Example: launch-website.exe https://website.com jsmith Password123 ``` -![image.png](images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tMXD.png) +![image.png](./images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tMXD.png) Note that the login account in this example connects to the RDS session running the web app launcher as a remote app. The web app launcher will launch the website under the context of the user and password supplied as command line arguments. @@ -102,7 +102,7 @@ Example: launch-website.exe https://website.com %token% %sessionid% ``` -![image.png](images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tOSX.png) +![image.png](./images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tOSX.png) Note that the login account in this example both connects to the RDS session running the web app launcher as a remote app, and is used as the credential to be passed to the website. @@ -126,6 +126,6 @@ Example: launch-website.exe https://website.com lab\jsmith ``` -![image.png](images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tLo2.png) +![image.png](./images/ka0Qk0000001EP7_00N0g000004CA0p_0EMQk000001tLo2.png) Note that the login account in this example connects to the RDS session running the web app launcher as a remote app. The web app launcher will launch the website under the context of the username provided on the command line. The web app launcher will call the API to get the managed password of the user, and will enter it into the password field of the website. diff --git a/docs/kb/privilegesecure/creating-a-custom-platform-for-ssh-activity-sessions.md b/docs/kb/privilegesecure/creating-a-custom-platform-for-ssh-activity-sessions.md index 1349d0fe1c..8941a00891 100644 --- a/docs/kb/privilegesecure/creating-a-custom-platform-for-ssh-activity-sessions.md +++ b/docs/kb/privilegesecure/creating-a-custom-platform-for-ssh-activity-sessions.md @@ -31,19 +31,19 @@ Platforms in SbPAM can be customized to meet specific SSH Activity Session workf 1. As an SbPAM admin user, navigate to the **Policy > Platforms** page. Locate the Linux Platform, duplicate it, and name it as desired. In this case, we will name the new Platform "Palo Alto". - ![User-added image](images/ka04u000000HcaJ_0EM4u000004cJVQ.png) + ![User-added image](./images/ka04u000000HcaJ_0EM4u000004cJVQ.png) 2. Navigate to the **Configuration > Service Accounts** page and add a domain-level account as the Palo Alto service account. - ![User-added image](images/ka04u000000HcaJ_0EM4u000004cJVz.png) + ![User-added image](./images/ka04u000000HcaJ_0EM4u000004cJVz.png) 3. Navigate to the **Resources** page and manually add the Palo Alto resource by IP or DNS name (using the Service Account created above). In this step, it's expected for the Host Scan to fail. Simply close the Host Scan window and proceed to the next step. - ![User-added image](images/ka04u000000HcaJ_0EM4u000004cJWE.png) + ![User-added image](./images/ka04u000000HcaJ_0EM4u000004cJWE.png) 4. Navigate to the **Activities** page and create a new Activity. For **Login Account**, "Activity Token", "Managed Account", or "Requester" can be used. For the Login Account Template, remove the domain element (ex. ` %targetdomain%`) or use ` %domain%` instead of ` %targetdomain%`. - ![User-added image](images/ka04u000000HcaJ_0EM4u000004cJWJ.png) + ![User-added image](./images/ka04u000000HcaJ_0EM4u000004cJWJ.png) 5. Navigate to the **Access Policy** page, create a new resource-based Access Policy that includes SbPAM users, the new Activity created above, and the new Resource manually added above. diff --git a/docs/kb/privilegesecure/enable-session-extension-countdown-tab-display-for-sbpam-ssh-sessions-in-mobaxterm.md b/docs/kb/privilegesecure/enable-session-extension-countdown-tab-display-for-sbpam-ssh-sessions-in-mobaxterm.md index 4922a0d886..6a7498d482 100644 --- a/docs/kb/privilegesecure/enable-session-extension-countdown-tab-display-for-sbpam-ssh-sessions-in-mobaxterm.md +++ b/docs/kb/privilegesecure/enable-session-extension-countdown-tab-display-for-sbpam-ssh-sessions-in-mobaxterm.md @@ -37,8 +37,8 @@ As shown in the screenshot below, the SSH session’s **"Lock terminal title"** 3. Navigate to **Bookmark Settings**. 4. Disable the **"Lock terminal title"** setting. -![User-added image](images/ka04u000000HcZt_0EM4u000004bUnw.png) +![User-added image](./images/ka04u000000HcZt_0EM4u000004bUnw.png) If configured correctly, the session tab displays session expiration countdown messages per the settings in the Netwrix Privilege Secure Connection Profile assigned to the Access Profile granting the user the right to use the SSH Activity. -![User-added image](images/ka04u000000HcZt_0EM4u000004bUo1.png) +![User-added image](./images/ka04u000000HcZt_0EM4u000004bUo1.png) diff --git a/docs/kb/privilegesecure/exporting-the-activity-log-as-a-csv.md b/docs/kb/privilegesecure/exporting-the-activity-log-as-a-csv.md index 7251af2f77..8b2308d2a1 100644 --- a/docs/kb/privilegesecure/exporting-the-activity-log-as-a-csv.md +++ b/docs/kb/privilegesecure/exporting-the-activity-log-as-a-csv.md @@ -31,7 +31,7 @@ Exporting the "Activity Log" report is a common auditing and compliance use case 1. On your Netwrix Privilege Secure server, ensure that PowerShell 7.1 is installed. It can be obtained from the official PowerShell github repository: https://github.com/PowerShell/PowerShell/releases/tag/v7.1.7. _Note: This specific version of PowerShell is a necessary prerequisite to running the SbPAM API. Do not install PowerShell 7.2+._ 2. Locate the "Extras" folder, which was packaged alongside your Netwrix Privilege Secure installer. Run the `SbPAMPowerShellModules` installer. - ![User-added image](images/ka04u000000HdD5_0EM4u000005yZ7y.png) + ![User-added image](./images/ka04u000000HdD5_0EM4u000005yZ7y.png) 3. In your preferred text editor, paste the following PowerShell script. Save it as `ActivityReport.ps1`. @@ -124,7 +124,7 @@ Write-Host "Export complete found $($Data.Length) records" ``` 5. You will be prompted for a Netwrix Privilege Secure administrator username and password, your Netwrix Privilege Secure URL, and an MFA code (if applicable). - ![User-added image](images/ka04u000000HdD5_0EM4u000005yZ83.png) + ![User-added image](./images/ka04u000000HdD5_0EM4u000005yZ83.png) 6. Your activity data will then be output to a file called `out.csv`. - ![User-added image](images/ka04u000000HdD5_0EM4u000005yZ88.png) + ![User-added image](./images/ka04u000000HdD5_0EM4u000005yZ88.png) diff --git a/docs/kb/privilegesecure/how-to-configure-a-multi-server-nps-environment-with-a-shared-database-server.md b/docs/kb/privilegesecure/how-to-configure-a-multi-server-nps-environment-with-a-shared-database-server.md index fa05fc7fe8..0f1c26ff29 100644 --- a/docs/kb/privilegesecure/how-to-configure-a-multi-server-nps-environment-with-a-shared-database-server.md +++ b/docs/kb/privilegesecure/how-to-configure-a-multi-server-nps-environment-with-a-shared-database-server.md @@ -29,7 +29,7 @@ knowledge_article_id: kA04u0000000JyXCAU This article will guide the user through the process of setting up a deployment with multiple Netwrix Privilege Secure servers communicating with a single Postgres server. Instructions are included for configuring TLS for all network traffic to the Postgres server. Optional migration steps are included for users who wish to use a Postgres database from an existing Netwrix Privilege Secure deployment. This diagram illustrates the desired network architecture. -![nps_diagram.png](images/ka0Qk0000009L21_0EMQk000006FKxR.png) +![nps_diagram.png](./images/ka0Qk0000009L21_0EMQk000006FKxR.png) ## Instructions diff --git a/docs/kb/privilegesecure/how-to-configure-local-administrator-password-solution-laps-integration.md b/docs/kb/privilegesecure/how-to-configure-local-administrator-password-solution-laps-integration.md index 28b3fd3408..051eb4f26d 100644 --- a/docs/kb/privilegesecure/how-to-configure-local-administrator-password-solution-laps-integration.md +++ b/docs/kb/privilegesecure/how-to-configure-local-administrator-password-solution-laps-integration.md @@ -66,7 +66,7 @@ This article outlines how to integrate Netwrix Privilege Secure activities with - Select the service account that has read and reset permissions for the LAPS OU(s) from the **ServiceAccount** dropdown. - Add the domain name (for example, `lab.local`) in **DomainName** and click **Save**. - ![Screenshot demonstrating LAPS connector configuration in SbPAM's web application interface.](images/ka04u000000Hca2_0EM4u000004bnRk.png) + ![Screenshot demonstrating LAPS connector configuration in SbPAM's web application interface.](./images/ka04u000000Hca2_0EM4u000004bnRk.png) 4. Create an activity that uses the LAPS connector - Navigate to **Activities** to create an activity that provides the built-in Administrator access to a Windows resource managed by LAPS. @@ -75,7 +75,7 @@ This article outlines how to integrate Netwrix Privilege Secure activities with - Set **Platform** to **Windows**. - Ensure the **Login Account Template** matches the expected built-in admin account name (in most cases this is the default value `Administrator`). - ![Screenshot demonstrating an SbPAM activity definition that's configured to use a LAPS connector.](images/ka04u000000Hca2_0EM4u000004bnS4.png) + ![Screenshot demonstrating an SbPAM activity definition that's configured to use a LAPS connector.](./images/ka04u000000Hca2_0EM4u000004bnS4.png) - Add any other desired actions to the activity. diff --git a/docs/kb/privilegesecure/how-to-configure-windows-remote-assistance-integration.md b/docs/kb/privilegesecure/how-to-configure-windows-remote-assistance-integration.md index 9614f3af2c..b6a963713e 100644 --- a/docs/kb/privilegesecure/how-to-configure-windows-remote-assistance-integration.md +++ b/docs/kb/privilegesecure/how-to-configure-windows-remote-assistance-integration.md @@ -48,11 +48,11 @@ Enable **Configure Offer Remote Assistance** policy. Policies > Administrative Templates > System > Remote Assistance > Configure Offer Remote Assistance ``` -![User-added image](images/ka04u000000HcZw_0EM4u000004bWI7.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWI7.png) Enable the policy and assign a domain group to control access. -![User-added image](images/ka04u000000HcZw_0EM4u000004bWIC.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWIC.png) ### Activity Setup @@ -60,30 +60,30 @@ Create an Interactive App Launch Activity making note of the highlighted areas b **NOTE:** The Domain groups for Group Policy and RDS server local admin will have been created in the previous steps. -![User-added image](images/ka04u000000HcZw_0EM4u000004bWIH.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWIH.png) ### Use Case Via Netwrix Privilege Secure UI or DirectConnect, the helpdesk admin selects the Remote Assistance Activity and chooses the resource to which remote assistance is to be provided. -![User-added image](images/ka04u000000HcZw_0EM4u000004bWIM.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWIM.png) When the Activity has been provisioned, the session is launched, and the target users’ desktop displays a message asking permission for the helpdesk admin to connect. -![User-added image](images/ka04u000000HcZw_0EM4u000004bWIR.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWIR.png) The helpdesk admin can now view the target users’ desktop and can establish a chat session. -![User-added image](images/ka04u000000HcZw_0EM4u000004bWIW.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWIW.png) If the helpdesk admin needs to take control of the remote system, they select **Request Control** and the end user is prompted for permission. -![User-added image](images/ka04u000000HcZw_0EM4u000004bWIb.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWIb.png) Once shared, control can be terminated at any time by the helpdesk admin or the end user. -![User-added image](images/ka04u000000HcZw_0EM4u000004bWIg.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWIg.png) The live session may be viewed via the Netwrix Privilege Secure administrator dashboard or reviewed later as a recording at any time. -![User-added image](images/ka04u000000HcZw_0EM4u000004bWIl.png) +![User-added image](./images/ka04u000000HcZw_0EM4u000004bWIl.png) diff --git a/docs/kb/privilegesecure/how-to-import-a-custom-action-step-for-single-object-replication.md b/docs/kb/privilegesecure/how-to-import-a-custom-action-step-for-single-object-replication.md index a78b9eab16..1ce42538c3 100644 --- a/docs/kb/privilegesecure/how-to-import-a-custom-action-step-for-single-object-replication.md +++ b/docs/kb/privilegesecure/how-to-import-a-custom-action-step-for-single-object-replication.md @@ -35,14 +35,14 @@ It can be necessary in certain Active Directory environments to force replicatio https://www.netwrix.com/download/SingleObjReplication.Addon.zip 2. Extract the archive, which contains a README file, an ActionTemplates directory, and an `Install-Addon.ps1` script file. Right-click `Install-Addon.ps1` and select **Run with PowerShell**. - ![Untitled.png](images/ka04u000000HdDb_0EM4u000005f3zs.png) + ![Untitled.png](./images/ka04u000000HdDb_0EM4u000005f3zs.png) 3. When prompted, select "Y" to proceed. - ![Untitled2.png](images/ka04u000000HdDb_0EM4u000005f3zZ.png) + ![Untitled2.png](./images/ka04u000000HdDb_0EM4u000005f3zZ.png) 4. The PowerShell window should quickly execute the script and close. 5. Log in to the Netwrix Privilege Secure console. (If Netwrix Privilege Secure was already open, be sure to refresh the console.) 6. In Netwrix Privilege Secure, navigate to **Activities**, select an Activity, and click the green plus sign in either the **Pre-Session** or **Post-Session**. Note that the **Run AD Replication for User** activity step is now available. - ![Untitled3.png](images/ka04u000000HdDb_0EM4u000005f40R.png) + ![Untitled3.png](./images/ka04u000000HdDb_0EM4u000005f40R.png) diff --git a/docs/kb/privilegesecure/how-to-integrate-activities-with-remote-desktop-services-rds.md b/docs/kb/privilegesecure/how-to-integrate-activities-with-remote-desktop-services-rds.md index 2d4b06f9ff..ee0c191bb3 100644 --- a/docs/kb/privilegesecure/how-to-integrate-activities-with-remote-desktop-services-rds.md +++ b/docs/kb/privilegesecure/how-to-integrate-activities-with-remote-desktop-services-rds.md @@ -38,78 +38,78 @@ Remote Desktop Services will run without a license for a period determined by Mi 1. On the Remote Desktop Services / Terminal Services (RemoteApp) server launch **Server Manager**, click on the **Manager** tab and select **Add Roles and Features**. 2. Follow the wizard, select **Remote Desktop Services installation**, and click **Next**. -![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](images/ka0Qk0000005qSb_0EM4u000004bkob.png) +![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](./images/ka0Qk0000005qSb_0EM4u000004bkob.png) 3. Select either **Standard Deployment** (as in this guide) or **Quick Start** if you intend to install all RDS role services on the same server. Click **Next**. -![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](images/ka0Qk0000005qSb_0EM4u000004bkog.png) +![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](./images/ka0Qk0000005qSb_0EM4u000004bkog.png) 4. Select **Session-based desktop deployment**, and click **Next**. -![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](images/ka0Qk0000005qSb_0EM4u000004bkol.png) +![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](./images/ka0Qk0000005qSb_0EM4u000004bkol.png) 5. Follow the wizard without making any changes until you get to the **RD Connection Broker** tab. Specify the server intended for the RD Connection Broker server and click **Next**. -![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](images/ka0Qk0000005qSb_0EM4u000004bkov.png) +![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](./images/ka0Qk0000005qSb_0EM4u000004bkov.png) 6. Specify the server intended for the **RD Web Access server** and click **Next**. -![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](images/ka0Qk0000005qSb_0EM4u000004bkp0.png) +![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](./images/ka0Qk0000005qSb_0EM4u000004bkp0.png) 7. Specify the server intended for the **RD Session Host server(s)** and click **Next**. -![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](images/ka0Qk0000005qSb_0EM4u000004bkp5.png) +![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](./images/ka0Qk0000005qSb_0EM4u000004bkp5.png) 8. Review RDS role server selection, check the **Restart the destination server automatically if required** box, and click **Deploy**. -![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](images/ka0Qk0000005qSb_0EM4u000004bkpF.png) +![Screenshot of Windows Server Add Roles and Features Wizard, demonstrating a Remote Desktop Services installation.](./images/ka0Qk0000005qSb_0EM4u000004bkpF.png) The RD role services installation begins, and about halfway through the server will automatically reboot. Once the server has rebooted, log in with the same account used when the installation was first started, open **Server Manager**, and the installation dialogue window will resume. 9. After completion of RDS role services installation, launch **Server Manager**, navigate to the RDS overview window, and click on **3 Create session collections**. -![Screenshot of Windows Server Manager's Remote Desktop Services overview user interface.](images/ka0Qk0000005qSb_0EM4u000004bkyW.png) +![Screenshot of Windows Server Manager's Remote Desktop Services overview user interface.](./images/ka0Qk0000005qSb_0EM4u000004bkyW.png) 10. Follow the wizard until you get to the **Collection Name** tab. Enter a name, such as "NPS Applications", and click **Next**. -![Screenshot of Windows Remote Desktop Service's Create Collection wizard.](images/ka0Qk0000005qSb_0EM4u000004bkyb.png) +![Screenshot of Windows Remote Desktop Service's Create Collection wizard.](./images/ka0Qk0000005qSb_0EM4u000004bkyb.png) 11. Specify the RD Session Host server (the server you specified earlier during installation of the RD Session Host role) and click **Next**. 12. Add the user groups who will access RemoteApps in the session collection. Click **Next**. -![Screenshot of Windows Remote Desktop Service's Create Collection wizard.](images/ka0Qk0000005qSb_0EM4u000004bkyl.png) +![Screenshot of Windows Remote Desktop Service's Create Collection wizard.](./images/ka0Qk0000005qSb_0EM4u000004bkyl.png) 13. Optionally specify and enable user profile disks (not used in the test environment for this guide). Review the defined session collection parameters and click **Create**. Once the session collection is created, close the **Create Collection** wizard. 14. In **Server Manager** navigate to the **Remote Desktop Services Overview** and note the new session collection created under the RD Session Host icon. -![Screenshot of Windows Remote Desktop Services Overview in Server Manager, demonstrating an added RD Session Host.](images/ka0Qk0000005qSb_0EM4u000004bkyq.png) +![Screenshot of Windows Remote Desktop Services Overview in Server Manager, demonstrating an added RD Session Host.](./images/ka0Qk0000005qSb_0EM4u000004bkyq.png) 15. Publish RemoteApps by navigating to the **Collections** tab of **Server Manager** and selecting **Publish RemoteApp Programs** from the **Task** menu. -![Screenshot demonstrating Publish RemoteApp Programs in a Windows Remote Desktop Services Session Collection.](images/ka0Qk0000005qSb_0EM4u000004bkz0.png) +![Screenshot demonstrating Publish RemoteApp Programs in a Windows Remote Desktop Services Session Collection.](./images/ka0Qk0000005qSb_0EM4u000004bkz0.png) 16. If the required application is listed, select it. For applications such as ADUC (Active Directory Users and Computers) you will need to specify the executable name and path. Click **Add**. -![Screenshot of the Publish RemoteApp Program wizard for Windows Remote Desktop Services, demonstrating how to add a RemoteApp to the list of programs.](images/ka0Qk0000005qSb_0EM4u000004bkz5.png) +![Screenshot of the Publish RemoteApp Program wizard for Windows Remote Desktop Services, demonstrating how to add a RemoteApp to the list of programs.](./images/ka0Qk0000005qSb_0EM4u000004bkz5.png) 17. For ADUC, add **MMC (\\c$\Windows\System32\mmc.exe)**. -![Screenshot of Windows Explorer, being used to add mmc.exe as a RemoteApp Program for Windows Remote Desktop Services.](images/ka0Qk0000005qSb_0EM4u000004bkzF.png) +![Screenshot of Windows Explorer, being used to add mmc.exe as a RemoteApp Program for Windows Remote Desktop Services.](./images/ka0Qk0000005qSb_0EM4u000004bkzF.png) 18. After adding all desired programs, click **Next**, click **Publish**, and then click **Close**. 19. Rename the RemoteApp and specify a parameter to launch ADUC. For additional security, you can assign groups of users to RemoteApps. For example, assign the ADUC RemoteApp to an AD group called `RAUsers_ADUC`. 20. Right-click the **RemoteApp** and select **Edit Properties**. -![Screenshot of editing the Properties of a published RemoteApp in Windows Remote Desktop Services.](images/ka0Qk0000005qSb_0EM4u000004bkzZ.png) +![Screenshot of editing the Properties of a published RemoteApp in Windows Remote Desktop Services.](./images/ka0Qk0000005qSb_0EM4u000004bkzZ.png) 21. Edit the RemoteApp name and set it to "ADUC", then click the **Parameters** tab in the left sidebar. -![Screenshot of editing the name of a published RemoteApp in Windows Remote Desktop Services.](images/ka0Qk0000005qSb_0EM4u000004bkzj.png) +![Screenshot of editing the name of a published RemoteApp in Windows Remote Desktop Services.](./images/ka0Qk0000005qSb_0EM4u000004bkzj.png) 22. On the **Parameters** tab, select the **Always use the following command-line parameters** radio button. For the path use: `dsa.msc` 23. Click the **User Assignment** tab in the left sidebar. Select the user access control group for the RemoteApp. In this case, specify that users must be a member of the `RAUsers_ADUC` group to run the ADUC RemoteApp. -![Screenshot of defining which Active Directory group(s) can access a published RemoteApp in Windows Remote Desktop Services.](images/ka0Qk0000005qSb_0EM4u000004bl0D.png) +![Screenshot of defining which Active Directory group(s) can access a published RemoteApp in Windows Remote Desktop Services.](./images/ka0Qk0000005qSb_0EM4u000004bl0D.png) 24. Click **OK**. Configuration of ADUC as a RemoteApp that can be accessed via a Netwrix Privilege Secure activity is now complete. Next, perform the necessary setup in a Netwrix Privilege Secure activity. @@ -120,14 +120,14 @@ For example: ***IMPORTANT:*** Double check that the Application to Launch field exactly matches the application and parameter you published with the RemoteApp. Note that for the application value you should always use implicit drive/folder names, i.e., use `C:\Windows\` and NOT relative identifiers such as `%SYSTEMROOT%`. -![User-added image](images/ka0Qk0000005qSb_0EM4u000004ch3A.png) +![User-added image](./images/ka0Qk0000005qSb_0EM4u000004ch3A.png) 26. For this example, add the Login Account to the `RAUsers_ADUC` domain group specified for the RemoteApp by adding an **Add User to Domain Group** action to the activity's pre-session. -![Screenshot of adding a Add User to Domain Group action step for Active Directory group RAUsers_ADUC to a Netwrix Privilege Secure activity's pre-session.](images/ka0Qk0000005qSb_0EM4u000004bl0h.png) +![Screenshot of adding a Add User to Domain Group action step for Active Directory group RAUsers_ADUC to a Netwrix Privilege Secure activity's pre-session.](./images/ka0Qk0000005qSb_0EM4u000004bl0h.png) 27. For temporary privilege elevation, you may also want to add a step to add the Login Account to `Domain Admins`. 28. Create an access policy in Netwrix Privilege Secure that contains the recently created activity, the users who should have access to use it, and the Remote Desktop Services server resource. You can now provision this activity to any user granted privilege to use it. 29. When you connect to the Remote Desktop Services server, you will only have access to the published RemoteApp (in this case, ADUC). The RDP session does not offer a full desktop environment, since this is an Interactive App Launch for a specified program. -![Screenshot of a Netwrix Privilege Secure Interactive App Launch demonstrating an RDP session that opened the ADUC program on the target Remote Desktop Services server.](images/ka0Qk0000005qSb_0EM4u000004bl1a.png) +![Screenshot of a Netwrix Privilege Secure Interactive App Launch demonstrating an RDP session that opened the ADUC program on the target Remote Desktop Services server.](./images/ka0Qk0000005qSb_0EM4u000004bl1a.png) diff --git a/docs/kb/privilegesecure/index-was-outside-the-bounds-of-array-error.md b/docs/kb/privilegesecure/index-was-outside-the-bounds-of-array-error.md index 9376e95fcb..b1cbcaf8f9 100644 --- a/docs/kb/privilegesecure/index-was-outside-the-bounds-of-array-error.md +++ b/docs/kb/privilegesecure/index-was-outside-the-bounds-of-array-error.md @@ -39,7 +39,7 @@ The HA Configuration tool expects a port value at the end of the NPS Rest URL. I > 1. On the main Privilege Secure screen, click the **Configuration** tab. > 2. In the left pane, select **Services**. The page will include the **NPS Rest URL** field. To learn more about the **Services** page in Netwrix Privilege Secure, refer to the following article: System Settings Pages − Services Page · v4.0. > -> ![Services page screenshot](images/ka0Qk0000002ijJ_0EMQk000003vpYj.png) +> ![Services page screenshot](./images/ka0Qk0000002ijJ_0EMQk000003vpYj.png) ## Resolution diff --git a/docs/kb/privilegesecure/invalid-multi-factor-authentication-code-error.md b/docs/kb/privilegesecure/invalid-multi-factor-authentication-code-error.md index 43ba9bf576..34c25c029d 100644 --- a/docs/kb/privilegesecure/invalid-multi-factor-authentication-code-error.md +++ b/docs/kb/privilegesecure/invalid-multi-factor-authentication-code-error.md @@ -44,4 +44,4 @@ Review the system time in both NPS server and clients in your environment. ## Reference -![Capture.png](images/ka04u000000wvuC_0EM4u000008pS5A.png) +![Capture.png](./images/ka04u000000wvuC_0EM4u000008pS5A.png) diff --git a/docs/kb/privilegesecure/logs-location.md b/docs/kb/privilegesecure/logs-location.md index de62924225..0b48e5384d 100644 --- a/docs/kb/privilegesecure/logs-location.md +++ b/docs/kb/privilegesecure/logs-location.md @@ -38,7 +38,7 @@ echo %PROGRAMDATA% Netwrix Privilege Secure logs can also be viewed, and downloaded, via the Netwrix Privilege Secure web interface by navigating to **Audit & Reporting > Log Files**. -![Image of Netwrix Privilege Secure web application's log files page, listing log files and displaying contents.](images/ka04u000000HdEt_0EM4u000004bh8h.png) +![Image of Netwrix Privilege Secure web application's log files page, listing log files and displaying contents.](./images/ka04u000000HdEt_0EM4u000004bh8h.png) ## Log Descriptions diff --git a/docs/kb/privilegesecure/managing-non-domain-joined-windows-computers-with-privilege-secure.md b/docs/kb/privilegesecure/managing-non-domain-joined-windows-computers-with-privilege-secure.md index d87c50eb61..479c3a05a6 100644 --- a/docs/kb/privilegesecure/managing-non-domain-joined-windows-computers-with-privilege-secure.md +++ b/docs/kb/privilegesecure/managing-non-domain-joined-windows-computers-with-privilege-secure.md @@ -50,7 +50,7 @@ Make sure that you have the following: 7. Vault Connecter (``) 4. Click **Save** -![User-added image](images/ka04u000000ww6m_0EM4u0000052ZhJ.png) +![User-added image](./images/ka04u000000ww6m_0EM4u0000052ZhJ.png) ### Adding the Computer to Netwrix Privilege Secure @@ -65,7 +65,7 @@ Make sure that you have the following: This will start the scanning step, you can close the dialog or wait for the scan to complete. If there are failures during the scan you can review the logs by navigating to the resource page. -![User-added image](images/ka04u000000ww6m_0EM4u0000052ZhE.png) +![User-added image](./images/ka04u000000ww6m_0EM4u0000052ZhE.png) ### Troubleshooting a Failed Scan @@ -77,7 +77,7 @@ If the scan fails, you can troubleshoot it by viewing the scan logs on the **Res 3. Click on the **History** tab 4. Select the last scan event and click **View Logs** -![User-added image](images/ka04u000000ww6m_0EM4u0000052Zh9.png) +![User-added image](./images/ka04u000000ww6m_0EM4u0000052Zh9.png) ### Additional Troubleshooting: "Access Denied"" @@ -89,4 +89,4 @@ After going through this process, you can use this computer's resource in Activi To configure a local Activity Token/Managed Account activity, when creating the activity remove the “%targetdomain%\” portion of the default Login Account Format. Make sure to use the **Windows** Platform as well. -![User-added image](images/ka04u000000ww6m_0EM4u0000052Zh4.png) +![User-added image](./images/ka04u000000ww6m_0EM4u0000052Zh4.png) diff --git a/docs/kb/privilegesecure/netwrix-privilege-secure-performing-an-in-place-postgres-upgrade.md b/docs/kb/privilegesecure/netwrix-privilege-secure-performing-an-in-place-postgres-upgrade.md index d8061ecfc8..4ad4d19530 100644 --- a/docs/kb/privilegesecure/netwrix-privilege-secure-performing-an-in-place-postgres-upgrade.md +++ b/docs/kb/privilegesecure/netwrix-privilege-secure-performing-an-in-place-postgres-upgrade.md @@ -47,11 +47,11 @@ cd 'C:\Program Files\Stealthbits\Postgres12\bin\' 5. On the **Select Components** page, select only **PostgreSQL Server** and **Command Line Tools** to install/upgrade: -![Postgres Select Components](images/ka0Qk000000CGIj_0EM4u000005feFD.png) +![Postgres Select Components](./images/ka0Qk000000CGIj_0EM4u000005feFD.png) 6. Proceed through the prompts until you see the **Pre-Installation Summary** window and confirm that it matches your server's settings: -![Postgres Pre-Installation Summary](images/ka0Qk000000CGIj_0EM4u000005feFN.png) +![Postgres Pre-Installation Summary](./images/ka0Qk000000CGIj_0EM4u000005feFN.png) 7. Once satisfied with the **Pre-Installation Summary** window, click **Next** two more times to proceed with the installation. diff --git a/docs/kb/privilegesecure/onboarding-mac-devices-for-vnc-via-rds-remote-desktop-services.md b/docs/kb/privilegesecure/onboarding-mac-devices-for-vnc-via-rds-remote-desktop-services.md index 5aa3376cfc..55f19b52ed 100644 --- a/docs/kb/privilegesecure/onboarding-mac-devices-for-vnc-via-rds-remote-desktop-services.md +++ b/docs/kb/privilegesecure/onboarding-mac-devices-for-vnc-via-rds-remote-desktop-services.md @@ -42,44 +42,44 @@ Ensure that VNC access to the target host works. [This documentation](https://su 1. In Netwrix Privilege Secure, navigate to **Policy > Platforms**. 2. Select the **Windows** platform, and click the **Copy** icon. - ![001.png](images/ka0Qk0000006Ukz_0EMQk000002d1vx.png) + ![001.png](./images/ka0Qk0000006Ukz_0EMQk000002d1vx.png) 3. Change the name of the new platform to **macOS**. Ensure that the schedules are all set to ``. Then click **Save**. - ![002.png](images/ka0Qk0000006Ukz_0EMQk000002czm7.png) + ![002.png](./images/ka0Qk0000006Ukz_0EMQk000002czm7.png) ### Creating Service Accounts 1. On the **Configuration > Service Accounts** page, click the **+** icon and create a **macOS** service account. Note that the username and password do not matter - the macOS devices cannot be scanned, but a service account must be supplied to onboard the macOS resources. - ![003.png](images/ka0Qk0000006Ukz_0EMQk000002d2NN.png) + ![003.png](./images/ka0Qk0000006Ukz_0EMQk000002d2NN.png) ### Onboarding macOS Resources 1. Navigate to **Resources**. Click the **Add** button, and click **New Server**. On the **Add Resources** page, click the **Import from CSV** radio button, and click the **Download CSV Template** button. This will download a CSV template, which you can then populate with macOS resources, as in this example - - ![004.png](images/ka0Qk0000006Ukz_0EMQk000002d2iL.png) + ![004.png](./images/ka0Qk0000006Ukz_0EMQk000002d2iL.png) 2. Note that it is crucial that the **Platform** exactly matches the Platform configured earlier, and that the **Credential** exactly matches the Service Account name configured earlier. The **Operating System** value is for informational purposes only, and will not be matched to any other values. 3. Return to the **Add Resources** page in step 1 of this section. Click the **Import CSV** button and upload the CSV file that was just configured. The resources will be displayed on the Add Resources page. - ![005.png](images/ka0Qk0000006Ukz_0EMQk000002d3BN.png) + ![005.png](./images/ka0Qk0000006Ukz_0EMQk000002d3BN.png) 4. Select the desired resources (the **Select All** checkbox may be used) and click **Add**. 5. The dialogue will show that a scan is **Pending** on all of the resources - this scan will end in an **Error**. This is expected as macOS cannot be scanned by NPS, and this error will only occur during initial onboarding. - ![006.png](images/ka0Qk0000006Ukz_0EMQk000002clZS.png) + ![006.png](./images/ka0Qk0000006Ukz_0EMQk000002clZS.png) 6. Navigate to the **Resources** page and observe that the onboarded macOS resources are present. - ![007.png](images/ka0Qk0000006Ukz_0EMQk000002d3mT.png) + ![007.png](./images/ka0Qk0000006Ukz_0EMQk000002d3mT.png) ### Registering the nps_realvnc RemoteApp 1. Copy the `nps_realvnc.zip` file to the desktop of the RDS host where the RemoteApp will be published. Copy the contents to a folder where they can be accessed, for example `C:\npslaunchers`. - ![Picture8.png](images/ka0Qk0000006Ukz_0EMQk000002d4aT.png) + ![Picture8.png](./images/ka0Qk0000006Ukz_0EMQk000002d4aT.png) 2. Edit the `appsettings.json` file and specify the address(es) of your NPS App Server(s). - ![Picture9.png](images/ka0Qk0000006Ukz_0EMQk000002d4yf.png) + ![Picture9.png](./images/ka0Qk0000006Ukz_0EMQk000002d4yf.png) 3. Open **Server Manager** on the RDS host where the RemoteApp will be published and select the **Publish RemoteApp Programs** option as indicated. - ![Picture10.png](images/ka0Qk0000006Ukz_0EMQk000002d494.png) + ![Picture10.png](./images/ka0Qk0000006Ukz_0EMQk000002d494.png) 4. Select the indicated option to **Add a RemoteApp program**. - ![Picture11.png](images/ka0Qk0000006Ukz_0EMQk000002d53V.png) + ![Picture11.png](./images/ka0Qk0000006Ukz_0EMQk000002d53V.png) 5. Navigate to the location where the `nps_realvnc` launcher was installed, and publish the RemoteApp. - ![Picture12.png](images/ka0Qk0000006Ukz_0EMQk000002d5BZ.png) + ![Picture12.png](./images/ka0Qk0000006Ukz_0EMQk000002d5BZ.png) 6. In Server Manager, right-click the published RemoteApp and select **Edit Properties**. - ![Picture13.png](images/ka0Qk0000006Ukz_0EMQk000002d5GP.png) + ![Picture13.png](./images/ka0Qk0000006Ukz_0EMQk000002d5GP.png) 7. Select **Parameters** and choose **Allow any command-line parameters**. The RemoteApp will be published. - ![Picture14.png](images/ka0Qk0000006Ukz_0EMQk000002d39m.png) + ![Picture14.png](./images/ka0Qk0000006Ukz_0EMQk000002d39m.png) ### Creating an Activity for VNC Access @@ -94,16 +94,16 @@ C:\npslaunchers\nps_realvnc.exe %token% %sessionid% ``` 3. If the above steps have been followed, your activity configuration should resemble the following: - ![Picture15.png](images/ka0Qk0000006Ukz_0EMQk000002d6M9.png) + ![Picture15.png](./images/ka0Qk0000006Ukz_0EMQk000002d6M9.png) ### Running the Activity 1. Once your Activity is created and added to an access policy containing your onboarded macOS resources, you can provision a session as normal. - ![Picture16.png](images/ka0Qk0000006Ukz_0EMQk000002d6UD.png) - ![Picture17.png](images/ka0Qk0000006Ukz_0EMQk000002d6Vp.png) + ![Picture16.png](./images/ka0Qk0000006Ukz_0EMQk000002d6UD.png) + ![Picture17.png](./images/ka0Qk0000006Ukz_0EMQk000002d6Vp.png) 2. Depending on whether you have installed VNC Connect on the MAC device, you may get a warning similar to the following: - ![Picture18.png](images/ka0Qk0000006Ukz_0EMQk000002d0NF.png) + ![Picture18.png](./images/ka0Qk0000006Ukz_0EMQk000002d0NF.png) 3. Enter your credentials when prompted. - ![Picture20.png](images/ka0Qk0000006Ukz_0EMQk000002d6As.png) + ![Picture20.png](./images/ka0Qk0000006Ukz_0EMQk000002d6As.png) 4. A VNC connection will now be established to the resource, and the session will be recorded by the NPS proxy service. - ![Picture21.png](images/ka0Qk0000006Ukz_0EMQk000002d6ij.png) + ![Picture21.png](./images/ka0Qk0000006Ukz_0EMQk000002d6ij.png) diff --git a/docs/kb/privilegesecure/onboarding-network-devices-using-tacacs-access-control.md b/docs/kb/privilegesecure/onboarding-network-devices-using-tacacs-access-control.md index e39f009e33..2942c96f81 100644 --- a/docs/kb/privilegesecure/onboarding-network-devices-using-tacacs-access-control.md +++ b/docs/kb/privilegesecure/onboarding-network-devices-using-tacacs-access-control.md @@ -30,34 +30,34 @@ This article provides instructions on how to onboard TACACS-enabled network devi ### Creating a Platform 1. Navigate to the **Policy > Platforms** page. Select the **Linux** platform, and click on the **Copy** icon. - ![image.png](images/ka0Qk00000013dN_0EMQk000001xuyT.png) + ![image.png](./images/ka0Qk00000013dN_0EMQk000001xuyT.png) 2. Rename the `Linux Copy` platform that was just created. The name should reflect the device you intend to onboard, in this case `Fortinet`. Set the **Password Complexity Policy** to `Default` and all change policies to ``. ### Creating a Service Account 1. Navigate to the **Configuration > Service Accounts** page. Click the **+** icon and create a new Service Account whose name corresponds to the device you intend to onboard (again, `Fortinet` in this example). - ![image.png](images/ka0Qk00000013dN_0EMQk000001xvGD.png) + ![image.png](./images/ka0Qk00000013dN_0EMQk000001xvGD.png) Note that this service account will not be used to scan the target device since it is not a supported Platform, so any username/password can be provided. ### Onboarding the Network Devices 1. Create a CSV file with the following columns: `DNS Host Name`, `Operating System`, `IP Address`, `Platform`, `Credential`. 2. Populate the CSV file with information for all devices that will be onboarded. Note: Ensure that the `Platform` exactly matches the custom Platform you have configured in Netwrix Privilege Secure (NPS). Ensure that the `Credential` exactly matches the service account you have configured in Netwrix Privilege Secure (NPS). - ![image.png](images/ka0Qk00000013dN_0EMQk000001xvXx.png) + ![image.png](./images/ka0Qk00000013dN_0EMQk000001xvXx.png) 3. Navigate to the **Resources** page. Click the **+Add** button, and select **New Server**. On the **Add Resources** page, select **Import from CSV**, and select the CSV file you have created. Note that there is a 50-resource batch size limit for CSV import. - ![image.png](images/ka0Qk00000013dN_0EMQk000001xmPq.png) + ![image.png](./images/ka0Qk00000013dN_0EMQk000001xmPq.png) 4. Your resources should be displayed. Click **Add**. - ![image.png](images/ka0Qk00000013dN_0EMQk000001xr4Z.png) + ![image.png](./images/ka0Qk00000013dN_0EMQk000001xr4Z.png) 5. The resources will be added and a host scan will be attempted for each one. This host scan will fail - this is expected for unsupported platforms during initial onboarding. - ![image.png](images/ka0Qk00000013dN_0EMQk000001xtUY.png) + ![image.png](./images/ka0Qk00000013dN_0EMQk000001xtUY.png) Your resources should now be visible on the **Resources** page. ### Notes for Creating an Activity When creating an Activity that uses domain credentials, it is important not to use the `%targetdomain%` variable in the **Login Account Template**. Rather, use the name of the domain, as indicated. -![image.png](images/ka0Qk00000013dN_0EMQk000001xula.png) +![image.png](./images/ka0Qk00000013dN_0EMQk000001xula.png) Note that group membership add/remove operations will be needed if access control groups are used for the target devices. Once the activity is configured, it can be added to an access policy in the usual manner, and used to run an activity. -![image.png](images/ka0Qk00000013dN_0EMQk000001xx6j.png) -![image.png](images/ka0Qk00000013dN_0EMQk000001xx9x.png) +![image.png](./images/ka0Qk00000013dN_0EMQk000001xx6j.png) +![image.png](./images/ka0Qk00000013dN_0EMQk000001xx9x.png) diff --git a/docs/kb/privilegesecure/renewing-the-jwt-signing-certificate.md b/docs/kb/privilegesecure/renewing-the-jwt-signing-certificate.md index a4b8e78373..56dc441dff 100644 --- a/docs/kb/privilegesecure/renewing-the-jwt-signing-certificate.md +++ b/docs/kb/privilegesecure/renewing-the-jwt-signing-certificate.md @@ -70,6 +70,6 @@ Start-Service w3svc 8. Log in to the Privilege Secure web application as an Admin, and re-register services by clicking the logged-in user's name in the upper-right, clicking **Settings**, and then clicking **Register Services**. -![The SbPAM web application interface's user settings menu dropdown.](images/ka04u000000wvts_0EM4u000004bjDZ.png) +![The SbPAM web application interface's user settings menu dropdown.](./images/ka04u000000wvts_0EM4u000004bjDZ.png) -![The SbPAM web application interface's settings page, displaying the Register Services button.](images/ka04u000000wvts_0EM4u000004bjDe.png) +![The SbPAM web application interface's settings page, displaying the Register Services button.](./images/ka04u000000wvts_0EM4u000004bjDe.png) diff --git a/docs/kb/privilegesecure/rescheduling-iis-app-pool-recycling.md b/docs/kb/privilegesecure/rescheduling-iis-app-pool-recycling.md index 4807cb91f3..880e2b0f9b 100644 --- a/docs/kb/privilegesecure/rescheduling-iis-app-pool-recycling.md +++ b/docs/kb/privilegesecure/rescheduling-iis-app-pool-recycling.md @@ -29,9 +29,9 @@ Periodic app pool recycling is a necessary IIS process, and as such the Netwrix ## Instructions 1. On the server hosting Netwrix Privilege Secure, launch IIS Manager (`inetmgr.exe`). 2. In the left-hand menu, select **Application Pools**, and in the main window, select **SbPAMAppPool** - ![image.png](images/ka0Qk0000000zl3_0EM4u000008Lyes.png) + ![image.png](./images/ka0Qk0000000zl3_0EM4u000008Lyes.png) 3. On the right-hand menu, select **Recycling** to open the Recycling settings. - ![image.png](images/ka0Qk0000000zl3_0EM4u000008LyfH.png) + ![image.png](./images/ka0Qk0000000zl3_0EM4u000008LyfH.png) 4. You can change the default value of `1740 minutes (29 hours)` to **Specific time(s)** in order to recycle the application pool either less frequently, and/or to recycle the application pool during off-peak hours. Click **Next**. 5. Click **Finish** to save your new app pool recycling schedule. - ![image.png](images/ka0Qk0000000zl3_0EM4u000008LyfW.png) + ![image.png](./images/ka0Qk0000000zl3_0EM4u000008LyfW.png) diff --git a/docs/kb/privilegesecure/resolving-errconnect-security-nego-connect-failed-for-windows-rdp-sessions.md b/docs/kb/privilegesecure/resolving-errconnect-security-nego-connect-failed-for-windows-rdp-sessions.md index 9816a4ff0f..22e7b76be9 100644 --- a/docs/kb/privilegesecure/resolving-errconnect-security-nego-connect-failed-for-windows-rdp-sessions.md +++ b/docs/kb/privilegesecure/resolving-errconnect-security-nego-connect-failed-for-windows-rdp-sessions.md @@ -33,7 +33,7 @@ Failed to connect to target server The connection failed at negotiating security settings ``` -![User-added image](images/ka04u000000HcZu_0EM4u000004bUoG.png) +![User-added image](./images/ka04u000000HcZu_0EM4u000004bUoG.png) ## Instructions @@ -47,7 +47,7 @@ Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\W If the output for **SecurityLayer** is `0`, then this condition has been met. -![User-added image](images/ka04u000000HcZu_0EM4u000004bUoL.png) +![User-added image](./images/ka04u000000HcZu_0EM4u000004bUoL.png) 2. **Network Level Authentication (NLA)** has been disabled for RDP. @@ -61,7 +61,7 @@ In the menu that opens, navigate to the Remote tab. The control **Allow connecti If this control is disabled, then this condition has been met. -![User-added image](images/ka04u000000HcZu_0EM4u000004bUoQ.png) +![User-added image](./images/ka04u000000HcZu_0EM4u000004bUoQ.png) There are two ways to resolve the error, depending on the desired security settings for your environment: @@ -73,7 +73,7 @@ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\W 2. Enable **Network Level Authentication (NLA)** while leaving RDP's **SecurityLayer** value at `0`: -![User-added image](images/ka04u000000HcZu_0EM4u000004bUoV.png) +![User-added image](./images/ka04u000000HcZu_0EM4u000004bUoV.png) IMPORTANT: For optimal security, it's recommended to have RDP's **SecurityLayer** value set to `2` while enabling **Network Level Authentication (NLA)**. diff --git a/docs/kb/privilegesecure/resolving-failed-actions-on-a-windows-resource-due-to-error-the-ws-management-service-cannot-process.md b/docs/kb/privilegesecure/resolving-failed-actions-on-a-windows-resource-due-to-error-the-ws-management-service-cannot-process.md index 0c73fc98e3..dedb89ab79 100644 --- a/docs/kb/privilegesecure/resolving-failed-actions-on-a-windows-resource-due-to-error-the-ws-management-service-cannot-process.md +++ b/docs/kb/privilegesecure/resolving-failed-actions-on-a-windows-resource-due-to-error-the-ws-management-service-cannot-process.md @@ -34,11 +34,11 @@ If remote shell access is disabled on a Windows resource, Netwrix Privilege Secu Unable to connect using PowerShell remoting to with user \: Connecting to remote server failed with the following error message : The WS-Management service cannot process the request. The service is configured to not accept any remote shell requests. ``` -![User-added image](images/ka04u000000HcZv_0EM4u000004bUoa.png) +![User-added image](./images/ka04u000000HcZv_0EM4u000004bUoa.png) This is caused by a Group Policy, configured at the local or domain level, that disables remote shell access on the resources the GPO targets: -![User-added image](images/ka04u000000HcZv_0EM4u000004bUof.png) +![User-added image](./images/ka04u000000HcZv_0EM4u000004bUof.png) ## Instructions @@ -48,7 +48,7 @@ You can verify this GPO in the Group Policy Editor on the target resource (or in Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Allow Remote Shell Access ``` -![User-added image](images/ka04u000000HcZv_0EM4u000004bUok.png) +![User-added image](./images/ka04u000000HcZv_0EM4u000004bUok.png) You can also verify the setting in PowerShell, but the GPO must first have been **Enabled** or **Disabled** so the correct registry key exists: @@ -59,6 +59,6 @@ Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\ - If the value is set to **0**, then remote shell access is **Disabled**. - If the value is set to **1**, then remote shell access is **Enabled**. -![User-added image](images/ka04u000000HcZv_0EM4u000004bUop.png) +![User-added image](./images/ka04u000000HcZv_0EM4u000004bUop.png) To resolve the error, set this GPO to either **Enabled** or **Not Configured**. In a domain environment, you should make this change via a domain-configured GPO rather than manually modifying the registry key on the target resource. diff --git a/docs/kb/privilegesecure/resolving-invalid-connection-string-for-directconnect-in-mremoteng.md b/docs/kb/privilegesecure/resolving-invalid-connection-string-for-directconnect-in-mremoteng.md index 1d8bb869f5..ec08d22416 100644 --- a/docs/kb/privilegesecure/resolving-invalid-connection-string-for-directconnect-in-mremoteng.md +++ b/docs/kb/privilegesecure/resolving-invalid-connection-string-for-directconnect-in-mremoteng.md @@ -25,12 +25,12 @@ knowledge_article_id: kA04u0000000HdXCAU ## Summary In a specific scenario, valid Netwrix Privilege Secure `DirectConnect` strings used in mRemoteNG will result in an invalid connection string error, stating the connection string is empty. -![Screenshot of Netwrix Privilege Secure DirectConnect error, stating the connection string is invalid (empty).](images/ka04u000000Hca3_0EM4u000004bv9Z.png) +![Screenshot of Netwrix Privilege Secure DirectConnect error, stating the connection string is invalid (empty).](./images/ka04u000000Hca3_0EM4u000004bv9Z.png) ## Instructions This error is caused by having credentials saved for the Netwrix Privilege Secure server (for example, the Netwrix Privilege Secure Proxy Server) in the Windows built-in RDP client, **Remote Desktop Connection**, on the same host that is running mRemoteNG. -![Screenshot of a credential saved in Remote Desktop Connection, the built-in Windows RDP client, for the Netwrix Privilege Secure Proxy Server.](images/ka04u000000Hca3_0EM4u000004bv9t.png) +![Screenshot of a credential saved in Remote Desktop Connection, the built-in Windows RDP client, for the Netwrix Privilege Secure Proxy Server.](./images/ka04u000000Hca3_0EM4u000004bv9t.png) To resolve the issue, you have two options: diff --git a/docs/kb/privilegesecure/slack-integration-send-approvals-to-slack.md b/docs/kb/privilegesecure/slack-integration-send-approvals-to-slack.md index d6c68b6881..dc52d54636 100644 --- a/docs/kb/privilegesecure/slack-integration-send-approvals-to-slack.md +++ b/docs/kb/privilegesecure/slack-integration-send-approvals-to-slack.md @@ -27,7 +27,7 @@ This article describes the process for setting up an Approval workflow in which ## Instructions 1. In Slack, inspect the channel you wish to message. The **Integrations** pane will have a **Send emails to this channel** setting. Copy the email address. 2. In Netwrix Privilege Secure, navigate to the Users and Groups page. Click the **Add** button and create a new **Local user**. **Note: this user will not need to log in to Netwrix Privilege Secure.** - ![image.png](images/ka0Qk0000000zeb_0EMQk000001oz7l.png) + ![image.png](./images/ka0Qk0000000zeb_0EMQk000001oz7l.png) 3. Set the local user's email address to the Slack channel's email address from step 1: - ![image.png](images/ka0Qk0000000zeb_0EMQk000001ozUL.png) + ![image.png](./images/ka0Qk0000000zeb_0EMQk000001ozUL.png) 4. You may now add this local account as an additional approver in any approval workflow. It will not be used for approvals, but its email address value will allow the configured Slack channel to receive approval messages. diff --git a/docs/kb/privilegesecure/slack-integration-send-slack-message.md b/docs/kb/privilegesecure/slack-integration-send-slack-message.md index 1f1d646151..a198c16245 100644 --- a/docs/kb/privilegesecure/slack-integration-send-slack-message.md +++ b/docs/kb/privilegesecure/slack-integration-send-slack-message.md @@ -59,9 +59,9 @@ settings: 1. Download the Send-SlackMessage.zip archive to the SbPAM server: https://dl.netwrix.com/additional/Send-SlackMessage.Addon.zip 2. Extract the archive, which contains a README file, an ActionTemplates directory, and an `Install-Addon.ps1` script file. Right-click `Install-Addon.ps1` and select **Run with PowerShell**. 3. When prompted, select `Y` to proceed. -![image.png](images/ka0Qk0000001ELt_0EMQk000001pkUr.png) +![image.png](./images/ka0Qk0000001ELt_0EMQk000001pkUr.png) 4. The PowerShell window should quickly execute the script and close. 5. Log in to the SbPAM console. (If SbPAM was already open, be sure to refresh the console.) 6. In SbPAM, navigate to **Activities**, select an **Activity**, and click the green plus sign in either the **Pre-Session** or **Post-Session**. Note that the **Send Message to Slack** activity step is now available. 7. Provide the URL from step 6 of Preparing Your Slack App when configuring the action step. -![image.png](images/ka0Qk0000001ELt_0EMQk000001ovYn.png) +![image.png](./images/ka0Qk0000001ELt_0EMQk000001ovYn.png) diff --git a/docs/kb/privilegesecure/speeding-up-crl-checks-on-sbpam-servers-without-internet-connectivity.md b/docs/kb/privilegesecure/speeding-up-crl-checks-on-sbpam-servers-without-internet-connectivity.md index ca096940b6..ce53540212 100644 --- a/docs/kb/privilegesecure/speeding-up-crl-checks-on-sbpam-servers-without-internet-connectivity.md +++ b/docs/kb/privilegesecure/speeding-up-crl-checks-on-sbpam-servers-without-internet-connectivity.md @@ -38,9 +38,9 @@ This timeout setting is governed by a Group Policy. The following steps allow yo 1. Open Group Policy Editor: `gpedit.msc` 2. Navigate to `Computer Configuration > Windows Settings > Security Settings > Public Key Policies` - ![User-added image](images/ka04u000000HdFp_0EM4u0000052lrQ.png) + ![User-added image](./images/ka04u000000HdFp_0EM4u0000052lrQ.png) 3. Double-click on **Certificate Path Validation Settings** and go to the **Network Retrieval** tab. - ![User-added image](images/ka04u000000HdFp_0EM4u0000052lrf.png) + ![User-added image](./images/ka04u000000HdFp_0EM4u0000052lrf.png) 4. Check the **Define these policy settings** box, and reduce both **Default retrieval timeout settings** to `1`. - ![User-added image](images/ka04u000000HdFp_0EM4u0000052lrk.png) + ![User-added image](./images/ka04u000000HdFp_0EM4u0000052lrk.png) 5. Click **Apply** to save the configuration. diff --git a/docs/kb/privilegesecure/task-automation-write-to-file-on-target-resource.md b/docs/kb/privilegesecure/task-automation-write-to-file-on-target-resource.md index 92182dd78f..3637c27c1b 100644 --- a/docs/kb/privilegesecure/task-automation-write-to-file-on-target-resource.md +++ b/docs/kb/privilegesecure/task-automation-write-to-file-on-target-resource.md @@ -27,7 +27,7 @@ This article provides an example of a Task Automation script that can be used to ## Summary 1. In Netwrix Privilege Secure, navigate to the **Activities** page and create an Activity with the **Task Automation** Activity Type. The activity should be configured to provide sufficient privilege to remotely execute scripts on the target resource, and the **Login Account**, **Requester Login Format**, and **Pre- and Post-Session** action steps should reflect this. - ![image.png](images/ka0Qk0000003etl_0EMQk000004iG8P.png) + ![image.png](./images/ka0Qk0000003etl_0EMQk000004iG8P.png) 2. In the **Session** of the Activity, click the **+** button and add a **Run Custom Powershell Script** action step. diff --git a/docs/kb/privilegesecure/troubleshooting-a-user-id-mismatch-error-during-login.md b/docs/kb/privilegesecure/troubleshooting-a-user-id-mismatch-error-during-login.md index d3a7a3033c..b095404cf2 100644 --- a/docs/kb/privilegesecure/troubleshooting-a-user-id-mismatch-error-during-login.md +++ b/docs/kb/privilegesecure/troubleshooting-a-user-id-mismatch-error-during-login.md @@ -26,7 +26,7 @@ knowledge_article_id: kA04u000000LLjtCAG When logging into the Netwrix Privilege Secure console, you may receive a "User Id Mismatch" response that prevents login. This is caused when there is a mismatch between a Netwrix Privilege Secure user stored in a cookie, and the user attempting login. Generally this is caused when multiple sessions are being launched from the same browser using different users. -![image.png](images/ka04u000000HdEG_0EM4u000005gCr9.png) +![image.png](./images/ka04u000000HdEG_0EM4u000005gCr9.png) ## Instructions diff --git a/docs/kb/privilegesecure/using-the-database-configuration-tool-to-change-the-postgres-db-password.md b/docs/kb/privilegesecure/using-the-database-configuration-tool-to-change-the-postgres-db-password.md index d14d2dc27e..63421a56bd 100644 --- a/docs/kb/privilegesecure/using-the-database-configuration-tool-to-change-the-postgres-db-password.md +++ b/docs/kb/privilegesecure/using-the-database-configuration-tool-to-change-the-postgres-db-password.md @@ -31,25 +31,25 @@ While it is essential that remote access to the Netwrix Privilege Secure (NPS) s ## Instructions 1. On the Netwrix Privilege Secure (NPS) server, navigate to the "Extras" folder in the NPS installer download directory. The Database Configuration tool installer (`DbCfg.msi`) is included in this directory. Launch the installer, and select **Next**. - ![image.png](images/ka04u00000117Sx_0EM4u000008LxNl.png) + ![image.png](./images/ka04u00000117Sx_0EM4u000008LxNl.png) 2. Review and accept the EULA. Select **Next**. - ![image.png](images/ka04u00000117Sx_0EM4u000008LxOZ.png) + ![image.png](./images/ka04u00000117Sx_0EM4u000008LxOZ.png) 3. Choose an installation path. The default installation path is `C:\Program Files\Stealthbits\PAM\`. Select **Next**. - ![image.png](images/ka04u00000117Sx_0EM4u000008LxOj.png) + ![image.png](./images/ka04u00000117Sx_0EM4u000008LxOj.png) 4. Select **Install**, and confirm any UAC prompt that occurs. - ![image.png](images/ka04u00000117Sx_0EM4u000008LxOo.png) + ![image.png](./images/ka04u00000117Sx_0EM4u000008LxOo.png) 5. The installation will complete shortly. - ![image.png](images/ka04u00000117Sx_0EM4u000008LxOt.png) + ![image.png](./images/ka04u00000117Sx_0EM4u000008LxOt.png) 6. Navigate to the installation directory and launch `DbCfg.exe` from your chosen installation directory. - ![image.png](images/ka04u00000117Sx_0EM4u000008LxOy.png) + ![image.png](./images/ka04u00000117Sx_0EM4u000008LxOy.png) 7. You can click **Test** to confirm your connection to the Postgres DB. - ![image.png](images/ka04u00000117Sx_0EM4u000008LxP3.png) + ![image.png](./images/ka04u00000117Sx_0EM4u000008LxP3.png) 8. Set a new password in the Password field and hit **Save** to change the Postgres password. If your Test connection from step 7 was successful, you should receive a "Configuration saved successfully" response, which indicates a successful password change. This change will propagate to any NPS service that needs to use the database password. - ![image.png](images/ka04u00000117Sx_0EM4u000008LxP8.png) + ![image.png](./images/ka04u00000117Sx_0EM4u000008LxP8.png) diff --git a/docs/kb/threatmanager/agent-blocked-from-hooking-into-lsass.md b/docs/kb/threatmanager/agent-blocked-from-hooking-into-lsass.md index bf2b705fd3..81c080dce0 100644 --- a/docs/kb/threatmanager/agent-blocked-from-hooking-into-lsass.md +++ b/docs/kb/threatmanager/agent-blocked-from-hooking-into-lsass.md @@ -45,7 +45,7 @@ To resolve this issue, follow the steps provided in the first resolution. If the 1. To verify this setting, review the **AD Agent** column in the interface: - ![AD](images/servlet_image_6a2f3ac990a0.png)

+ ![AD](./images/servlet_image_6a2f3ac990a0.png)

2. Enable or disable this setting using the **Agent Update Settings** option. Navigate to: https://docs.netwrix.com/docs/threatprevention/7_5 (Set Options Window). 3. Access the settings via the following path: **Netwrix Threat Manager v7.3 > Administration > Policy Center > Agents Interface > Agents Interface Right-Click Menu > Update Agent Settings**. For details, see: https://docs.netwrix.com/docs/threatprevention/7_5 (Update Agent Settings). diff --git a/docs/kb/threatmanager/dashboard-stalls-at-initial-loading-screen-in-microsoft-edge.md b/docs/kb/threatmanager/dashboard-stalls-at-initial-loading-screen-in-microsoft-edge.md index f075750c7d..6b53d38158 100644 --- a/docs/kb/threatmanager/dashboard-stalls-at-initial-loading-screen-in-microsoft-edge.md +++ b/docs/kb/threatmanager/dashboard-stalls-at-initial-loading-screen-in-microsoft-edge.md @@ -22,9 +22,9 @@ knowledge_article_id: kA0Qk0000001xvhKAA - The Netwrix Threat Manager Dashboard in Microsoft Edge stalls at the loading screen and does not proceed to the login screen. - The following error is present in the Developer Tools **Console** panel. To access the panel, navigate to **Settings (...) > More tools > Developer tools** (or press `CTRL + SHIFT + I`) > **Console** tab: -![Screenshot 1](images/ka0Qk000000E7Cv_0EMQk00000C80X1.png) +![Screenshot 1](./images/ka0Qk000000E7Cv_0EMQk00000C80X1.png) -![Screenshot 2](images/ka0Qk000000E7Cv_0EMQk00000AzSUg.png) +![Screenshot 2](./images/ka0Qk000000E7Cv_0EMQk00000AzSUg.png) ## Cause diff --git a/docs/kb/threatmanager/file-systems-events-not-appearing-in-netwrix-threat-manager-from-the-netwrix-activity-monitor-agent-.md b/docs/kb/threatmanager/file-systems-events-not-appearing-in-netwrix-threat-manager-from-the-netwrix-activity-monitor-agent-.md index 00ca6bb012..daf53db9d7 100644 --- a/docs/kb/threatmanager/file-systems-events-not-appearing-in-netwrix-threat-manager-from-the-netwrix-activity-monitor-agent-.md +++ b/docs/kb/threatmanager/file-systems-events-not-appearing-in-netwrix-threat-manager-from-the-netwrix-activity-monitor-agent-.md @@ -26,24 +26,24 @@ You may see that Netwrix Threat Manager (NTM) is not receiving events from Netwr The incorrect **Syslog** message template of **LEEF** was selected. -![](images/ka0Qk000000CpYD_0EMQk00000BJq9S.png) +![](./images/ka0Qk000000CpYD_0EMQk00000BJq9S.png) ## Resolution To resolve this issue, change the Syslog message template from **LEEF** to **Netwrix Threat Prevention** as per the steps below: 1. Within the NAM console, click **Monitored Hosts** to select the needed host output for the **Syslog** item and Select **Edit**. - ![](images/ka0Qk000000CpYD_0EMQk00000BJoNm.png) + ![](./images/ka0Qk000000CpYD_0EMQk00000BJoNm.png) 2. Confirm the server and port needed for NTM. 3. Click the ellipsis to open the Message Template window, select the **Netwrix Threat Manager (Netwrix Threat Prevention)** Template, and click **OK**. - ![](images/ka0Qk000000CpYD_0EMQk00000BJssn.png) + ![](./images/ka0Qk000000CpYD_0EMQk00000BJssn.png) 4. Click **Test** to verify the template setting and click **OK**. > **NOTE:** This is UDP, so there is no true confirmation that a connection is/was made. -> ![](images/ka0Qk000000CpYD_0EMQk00000BJrGo.png) +> ![](./images/ka0Qk000000CpYD_0EMQk00000BJrGo.png) 5. Return to the NTM Web console and check for new events once posted. diff --git a/docs/kb/threatmanager/how-to-change-threat-manager-s-inactivity-timer.md b/docs/kb/threatmanager/how-to-change-threat-manager-s-inactivity-timer.md index 745f721cfc..96f3d3f173 100644 --- a/docs/kb/threatmanager/how-to-change-threat-manager-s-inactivity-timer.md +++ b/docs/kb/threatmanager/how-to-change-threat-manager-s-inactivity-timer.md @@ -27,4 +27,4 @@ It can be annoying for users when their Netwrix Threat Manager console times out 4. Click into **User Access** then select the **Token Expiration** tab 5. Adjust timer from the drop down -![Graphical user interface, text, application Description automatically generated](images/ka0Qk000000DmBh_0EM4u000004d64Y.png) \ No newline at end of file +![Graphical user interface, text, application Description automatically generated](./images/ka0Qk000000DmBh_0EM4u000004d64Y.png) \ No newline at end of file diff --git a/docs/kb/threatmanager/how-to-customize-event-service-listening-port-s.md b/docs/kb/threatmanager/how-to-customize-event-service-listening-port-s.md index ca4ae577dd..5c1691dc14 100644 --- a/docs/kb/threatmanager/how-to-customize-event-service-listening-port-s.md +++ b/docs/kb/threatmanager/how-to-customize-event-service-listening-port-s.md @@ -38,7 +38,7 @@ Alter the default Netwrix Threat Prevention Event Service listening port(s) via ``` For example, change the FS port to `514` and click **OK**: -![port512.png](images/ka0Qk000000DkZh_0EM4u000008LC2a.png) +![port512.png](./images/ka0Qk000000DkZh_0EM4u000008LC2a.png) 6. In the window below click the **Save Data Changes** icon. 7. Restart the Netwrix Threat Prevention Event Service. \ No newline at end of file diff --git a/docs/kb/threatmanager/netwrix-threat-manager-licensing-error-license-activation-error-2.md b/docs/kb/threatmanager/netwrix-threat-manager-licensing-error-license-activation-error-2.md index 692f44e29e..a5300e68e4 100644 --- a/docs/kb/threatmanager/netwrix-threat-manager-licensing-error-license-activation-error-2.md +++ b/docs/kb/threatmanager/netwrix-threat-manager-licensing-error-license-activation-error-2.md @@ -17,7 +17,7 @@ After navigating to the **Licensing** page when attempting to update the license License activation error 2. ``` -![Licensing error screenshot](images/ka0Qk000000CDMT_0EMQk00000Asaf3.png) +![Licensing error screenshot](./images/ka0Qk000000CDMT_0EMQk00000Asaf3.png) ## Cause diff --git a/docs/kb/threatmanager/test-connection-in-active-directory-sync-integration-fails.md b/docs/kb/threatmanager/test-connection-in-active-directory-sync-integration-fails.md index 001f6f989c..a5f554f26f 100644 --- a/docs/kb/threatmanager/test-connection-in-active-directory-sync-integration-fails.md +++ b/docs/kb/threatmanager/test-connection-in-active-directory-sync-integration-fails.md @@ -64,4 +64,4 @@ Edit the Active Directory Service configuration to implement the HTTPS protocol. Refer to the following example of the `appsettings.json` file: -![appsettings.json example](images/ka0Qk0000005sxR_0EMQk000007sh3x.png) \ No newline at end of file +![appsettings.json example](./images/ka0Qk0000005sxR_0EMQk000007sh3x.png) \ No newline at end of file diff --git a/docs/kb/threatprevention/enabling-debug-logging-on-the-steathintercept-windows-agent.md b/docs/kb/threatprevention/enabling-debug-logging-on-the-steathintercept-windows-agent.md index 0c606b8ea8..7290cc3c4e 100644 --- a/docs/kb/threatprevention/enabling-debug-logging-on-the-steathintercept-windows-agent.md +++ b/docs/kb/threatprevention/enabling-debug-logging-on-the-steathintercept-windows-agent.md @@ -37,7 +37,7 @@ There are two options. 3. Edit the file named `SIWindowsAgent.log.config` in your favorite text editor. 4. Change `WARN` to `DEBUG` in the appropriate portion of that file: - ![LogConfig.png](images/ka0Qk000000DmDJ_0EM4u000004d1hf.png) + ![LogConfig.png](./images/ka0Qk000000DmDJ_0EM4u000004d1hf.png) 5. Save the `.log.config` file and restart the `SIWindowsAgent` service. diff --git a/docs/kb/threatprevention/pwnd-passwords-database-downloader-for-netwrix-threat-prevention.md b/docs/kb/threatprevention/pwnd-passwords-database-downloader-for-netwrix-threat-prevention.md index 51a3f27ecd..121a42b526 100644 --- a/docs/kb/threatprevention/pwnd-passwords-database-downloader-for-netwrix-threat-prevention.md +++ b/docs/kb/threatprevention/pwnd-passwords-database-downloader-for-netwrix-threat-prevention.md @@ -47,7 +47,7 @@ knowledge_article_id: kA04u000000HDkaCAG dotnet tool install --global haveibeenpwned-downloader ``` -![User-added image](images/ka0Qk000000DZHh_0EM4u0000084oo1.png) +![User-added image](./images/ka0Qk000000DZHh_0EM4u0000084oo1.png) ### Step 3. Update an already installed Pwnd Passwords Downloader @@ -58,7 +58,7 @@ dotnet tool install --global haveibeenpwned-downloader dotnet tool update --global haveibeenpwned-downloader ``` -![User-added image](images/ka0Qk000000DZHh_0EM4u0000084oo6.png) +![User-added image](./images/ka0Qk000000DZHh_0EM4u0000084oo6.png) ### Usage of Pwnd Passwords Downloader @@ -71,7 +71,7 @@ To download NTLM hashes: haveibeenpwned-downloader.exe -n pwnedpasswords ``` -![User-added image](images/ka0Qk000000DZHh_0EM4u0000084ooB.png) +![User-added image](./images/ka0Qk000000DZHh_0EM4u0000084ooB.png) ### Step 4. Prepare Pwned DB for SI @@ -81,4 +81,4 @@ haveibeenpwned-downloader.exe -n pwnedpasswords 4. Click **Select File** and choose downloaded txt file. 5. Click the **Update** button. -![User-added image](images/ka0Qk000000DZHh_0EM4u0000084ooG.png) +![User-added image](./images/ka0Qk000000DZHh_0EM4u0000084ooG.png) diff --git a/docs/kb/threatprevention/set-up-eset-hips-rules-to-allow-threat-prevention-si-agent-hook.md b/docs/kb/threatprevention/set-up-eset-hips-rules-to-allow-threat-prevention-si-agent-hook.md index def6c342d2..a7df867365 100644 --- a/docs/kb/threatprevention/set-up-eset-hips-rules-to-allow-threat-prevention-si-agent-hook.md +++ b/docs/kb/threatprevention/set-up-eset-hips-rules-to-allow-threat-prevention-si-agent-hook.md @@ -30,12 +30,12 @@ How to set up ESET HIPS rules to allow Threat Prevention SI Agent hook? 1. In the left pane of your **ESET PROTECT Web Console**, select **Policies**. Select the **Detection Engine** tab > **HIPS**. 2. Under the **Rules** section, click **Edit**. - ![Step 2](images/ka0Qk000000DZET_0EM4u000008M9O8.png) + ![Step 2](./images/ka0Qk000000DZET_0EM4u000008M9O8.png) 3. In the **HIPS Rules** window, click **Add**. 4. Specify the **Rule name**, select **Allow** for the **Action** type, and proceed by clicking **Next**. - ![Steps 3-4](images/ka0Qk000000DZET_0EM4u000008M9OD.png) + ![Steps 3-4](./images/ka0Qk000000DZET_0EM4u000008M9OD.png) 5. Select **Specific applications** in the dropdown list, and click **Add** to add the path to `SIWindowsAgent.exe`. Refer to the following code block for a default path: @@ -45,19 +45,19 @@ How to set up ESET HIPS rules to allow Threat Prevention SI Agent hook? Proceed to the next step by clicking **Next**. - ![Step 5](images/ka0Qk000000DZET_0EM4u000008M9OI.png) + ![Step 5](./images/ka0Qk000000DZET_0EM4u000008M9OI.png) 6. Switch the **All file operations** switch to the on position, and proceed by clicking **Next**. Click **OK** to save changes. - ![Step 6](images/ka0Qk000000DZET_0EM4u000008M9OS.png) + ![Step 6](./images/ka0Qk000000DZET_0EM4u000008M9OS.png) 7. Once the configuration steps are completed, proceed to the **Assign** tab. Assign the new rule to corresponding systems. - ![Step 7](images/ka0Qk000000DZET_0EM4u000008M9OX.png) + ![Step 7](./images/ka0Qk000000DZET_0EM4u000008M9OX.png) 8. The rule should become visible in your ESET host. Refer to the **Advanced Setup** menu > **HIPS** tab > **Basic** section > **Rules** tab. - ![Step 8](images/ka0Qk000000DZET_0EM4u000008M9Oc.png) + ![Step 8](./images/ka0Qk000000DZET_0EM4u000008M9Oc.png) > **NOTE:** Once the rule is applied, SI Agent should be restarted. diff --git a/docs/kb/threatprevention/updating-the-have-i-been-pwnd-ntml-hash-list.md b/docs/kb/threatprevention/updating-the-have-i-been-pwnd-ntml-hash-list.md index a0b3644e9d..432390db54 100644 --- a/docs/kb/threatprevention/updating-the-have-i-been-pwnd-ntml-hash-list.md +++ b/docs/kb/threatprevention/updating-the-have-i-been-pwnd-ntml-hash-list.md @@ -47,7 +47,7 @@ Follow the steps to install the Pwnd Passwords Downloader. dotnet tool install --global haveibeenpwned-downloader ``` -![A screenshot of a computer Description automatically generated with medium confidence](images/ka0Qk000000Dk3S_0EM4u000008L8RW.png) +![A screenshot of a computer Description automatically generated with medium confidence](./images/ka0Qk000000Dk3S_0EM4u000008L8RW.png) 3. Close the command prompt. @@ -61,7 +61,7 @@ Follow the steps to update an installed Pwnd Passwords Downloader. dotnet tool update --global haveibeenpwned-downloader ``` -![A picture containing text, screenshot, font Description automatically generated](images/ka0Qk000000Dk3S_0EM4u000008L8RX.png) +![A picture containing text, screenshot, font Description automatically generated](./images/ka0Qk000000Dk3S_0EM4u000008L8RX.png) ### Download NTML Hashes with the Pwnd Passwords Downloader Follow the steps to download NTLM hashes (for Netwrix Password Policy Enforcer v10.1 and up): @@ -75,7 +75,7 @@ Run: haveibeenpwned-downloader.exe -n pwnedpasswords_ntlm ``` -![A picture containing text, screenshot, font Description automatically generated](images/ka0Qk000000Dk3S_0EM4u000008L8RY.png) +![A picture containing text, screenshot, font Description automatically generated](./images/ka0Qk000000Dk3S_0EM4u000008L8RY.png) This screenshot shows the completed download.