Hi All,
Customer is asking the question, where files/fodlers changes(permission changed, file or folder added/removed)
that triggered by Powershell script or batch script, can this be capture by Netwrix Auditor ?
regards,
William
Posted 19 July 2018 - 06:32 AM
Hi All,
Customer is asking the question, where files/fodlers changes(permission changed, file or folder added/removed)
that triggered by Powershell script or batch script, can this be capture by Netwrix Auditor ?
regards,
William
Posted 19 July 2018 - 01:42 PM
Hello William,
Any change which results in a different file and attributes will be captured. Details will also be captured for any change which results in windows audit logs being created as a result of auditing being configured.
-Jeff
Posted 20 July 2018 - 06:49 AM
Hi Jeff,
Posted 20 July 2018 - 01:52 PM
William,
To find out who would show up as having made the change please reproduce the scenario and check the windows security event logs. It would likely be the account which was used to run the script unless the script specifies an account to use.
-Jeff
Posted 26 July 2018 - 02:47 AM
Hi Jeff,
Based on my recent testing using batch script & powershell script, when we trigger "mkdir" in command prompt & powershell prompt, Netwirx able to show new folder is added but who=system. Support told me that Microsoft did not generate any security event for "mkdir" action, so Netwrix not able to who make the change.
So not all the command/action happen in command prompt or powershell, can generate event.
regards,
William