Professional Documents
Culture Documents
Pre-Evaluation Instructions:
Windows Requirements:
Installation Requirements:
For installation of Varonis agent(s), an account with Local Administrator privileges is required
NOTE: A separate account can be used for agent installation.
Verification of server readiness for auditing (See the Configuring Windows File Servers for Auditing section for
details)
Permanent Security Requirements:
Directory Crawling:
o CIFS - User with permissions to view all file system directories and their permissions (Administrator or
Backup Operators and Power Users)
o Varonis Protocol - Varonis FileWalk Agent should be installed
Supported Versions:
Windows 2000, 2003, 2003 R2 or 2008 (x86, x64), 2008 R2 x64, 2012, 2012 R2
Notes:
DatAdvantage cannot monitor Exchange 2003 or Windows 2003 file servers if the IDU or Probe is installed on
Windows 2012 R2.
To enable GPO auditing, a user with domain admin credentials (or enterprise admin, for forests) is required
To collect auditing events, a domain user defined in the Manage auditing and security log policy is required
o Any domain user account can be assigned to this role. Please note, additional steps will be required to
assign the necessary permissions
Supported Versions
Problem Description
If the server exceeds the amount of resources available to the stack, the server will freeze, reboot, or switch to the
offline server (if the server is part of a cluster). According to the Microsoft knowledge base
(http://support.microsoft.com/kb/285089 & http://support.microsoft.com/?scid=kb;en-us;177078), this is caused by
too many products (i.e., virus scanning software) competing for server resources.
Required Actions
1. Mandatory - Any server that is part of a cluster must have the IRP Stack registry setting increased to a minimum of 30.
2. The IRP stack size must be increased to at least 30 on any server with more than three file system filters.
Then Generate RSoP Data using the Logging mode to see the actual configuration of the Domain Controller.
Go to Computer Configuration -> Windows Settings -> Local Policies -> User Rights Assignment, and open the
"Manage auditing and security log" setting. You will see the list of the permitted user/groups.
Please be aware that all the users/groups which are currently defined, must also be defined in the GPO you will set.
(Explanation: For each setting, only the strongest GPO defining that setting is taken into consideration. It will
overwrite, default/other GPOs values for that settings).
For ex: In the below screenshot, we can see that the Administrators and Exchange Servers are defined as permitted.
The GPO defining them (Source GPO column) is the Default Domain Controllers Policy. We will want to make sure
that these users/groups are present in any GPO we create or edit in addition to the Varonis service account.
ii. Dont forget to add all the users/groups that you saw listed in RSOP(Section 1) in addition to the
Varonis service account as in the screenshot below :
c. Verify that other GPOs are not enforced, otherwise your new GPO will not apply.
See below that the Default Doman Controllers Policy is enforced: