diff --git a/docs/kb/auditor/configuration-and-setup/active-directory-auditing/active-directory-exchange-and-group-policy-changes-reported-as-made-by-system.md b/docs/kb/auditor/configuration-and-setup/active-directory-auditing/active-directory-exchange-and-group-policy-changes-reported-as-made-by-system.md
index 31f7775195..dd000a292b 100644
--- a/docs/kb/auditor/configuration-and-setup/active-directory-auditing/active-directory-exchange-and-group-policy-changes-reported-as-made-by-system.md
+++ b/docs/kb/auditor/configuration-and-setup/active-directory-auditing/active-directory-exchange-and-group-policy-changes-reported-as-made-by-system.md
@@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9SmCAK
This article contains references to the most popular Active Directory, Exchange, and Group Policy changes which may be reported as made by **System** by Netwrix Auditor:
- [Alert Reported Change Made by System](/docs/kb/auditor/reports-alerts-and-notifications/report-generation/alert-reported-change-made-by-system.md).
-- [System Changed Object Path after Account Name Change](/docs/kb/auditor/system-changed-object-path-after-account-name-change.md).
+- [System Changed Object Path after Account Name Change](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/system-changed-object-path-after-account-name-change.md).
- [System Changed Client Operating System](/docs/kb/auditor/system-changed-client-operating-system.md).
- [System Changed Directory Objects for Foreign Security Principals](/docs/kb/auditor/system-changed-directory-objects-for-foreign-security-principals.md).
- [Workstation Field Reported as Unknown](/docs/kb/auditor/workstation-field-reported-as-unknown.md)
@@ -34,3 +34,5 @@ This article contains references to the most popular Active Directory, Exchange,
+
+
diff --git a/docs/kb/auditor/configuration-and-setup/active-directory-auditing/active-directory-object-restore.md b/docs/kb/auditor/configuration-and-setup/active-directory-auditing/active-directory-object-restore.md
index b3e29addf5..e6a76526aa 100644
--- a/docs/kb/auditor/configuration-and-setup/active-directory-auditing/active-directory-object-restore.md
+++ b/docs/kb/auditor/configuration-and-setup/active-directory-auditing/active-directory-object-restore.md
@@ -38,7 +38,7 @@ The Netwrix Active Directory Object Restore tool recovers removed Active Directo
The account used for recovery and restore is the same account used for data collection in your Netwrix Auditor Active Directory monitoring plan.
-
+
> **NOTE:** This tool should **NOT** be used to revert the changes caused by raising the forest functional level. For additional information, refer to the following article: Object Restore for Active Directory.
@@ -47,3 +47,4 @@ The account used for recovery and restore is the same account used for data coll
- Object Restore for Active Directory
+
diff --git a/docs/kb/auditor/configuration-and-setup/active-directory-auditing/reducing-the-used-active-directory-and-entra-id-license-counts.md b/docs/kb/auditor/configuration-and-setup/active-directory-auditing/reducing-the-used-active-directory-and-entra-id-license-counts.md
index cd745315e1..afa4128b33 100644
--- a/docs/kb/auditor/configuration-and-setup/active-directory-auditing/reducing-the-used-active-directory-and-entra-id-license-counts.md
+++ b/docs/kb/auditor/configuration-and-setup/active-directory-auditing/reducing-the-used-active-directory-and-entra-id-license-counts.md
@@ -58,11 +58,11 @@ Refer to the following steps to exclude OUs and user objects from the monitoring
2. Select the relevant AD monitoring plan and click **Edit**.
3. Select the data source and click **Edit data source**.
-
+
4. In the left pane, select the **Objects** tab. Select the **Exclude these objects** checkbox, then click **Add** to exclude objects from the monitoring scope. After adding the objects, click **Save & Close**.
-
+
Refer to the following examples to learn about how the exclusion rules work for **Objects**. The same logic applies to the inclusion rules:
@@ -101,3 +101,4 @@ To exclude specific Entra ID users from the license count, populate the `omitUPN
- [Microsoft Entra ID Monitoring Scope](https://docs.netwrix.com/docs/auditor/10_8)
+
diff --git a/docs/kb/auditor/configuration-and-setup/file-server-auditing/cannot-establish-a-connection-to-a-windows-file-server-compression-service.md b/docs/kb/auditor/configuration-and-setup/file-server-auditing/cannot-establish-a-connection-to-a-windows-file-server-compression-service.md
index 13285059da..7946d2fbd3 100644
--- a/docs/kb/auditor/configuration-and-setup/file-server-auditing/cannot-establish-a-connection-to-a-windows-file-server-compression-service.md
+++ b/docs/kb/auditor/configuration-and-setup/file-server-auditing/cannot-establish-a-connection-to-a-windows-file-server-compression-service.md
@@ -52,3 +52,4 @@ After that, the **Netwrix Auditor Application Deployment Service** appears on th
+
diff --git a/docs/kb/auditor/configuration-and-setup/file-server-auditing/child-item-with-this-name-already-exists-in-file-server-monitoring-plan.md b/docs/kb/auditor/configuration-and-setup/file-server-auditing/child-item-with-this-name-already-exists-in-file-server-monitoring-plan.md
index eea481d1fb..306435d3a3 100644
--- a/docs/kb/auditor/configuration-and-setup/file-server-auditing/child-item-with-this-name-already-exists-in-file-server-monitoring-plan.md
+++ b/docs/kb/auditor/configuration-and-setup/file-server-auditing/child-item-with-this-name-already-exists-in-file-server-monitoring-plan.md
@@ -47,3 +47,4 @@ The licensing data was corrupted.
+
diff --git a/docs/kb/auditor/configuration-and-setup/file-server-auditing/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md b/docs/kb/auditor/configuration-and-setup/file-server-auditing/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md
index 7a16075c30..c3291d48c1 100644
--- a/docs/kb/auditor/configuration-and-setup/file-server-auditing/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md
+++ b/docs/kb/auditor/configuration-and-setup/file-server-auditing/error-netwrix-auditor-for-file-servers-audit-service-terminated-unexpectedly.md
@@ -63,3 +63,4 @@ If you are currently on a 10.5 version and build other than 10950, perform the p
+
diff --git a/docs/kb/auditor/configuration-and-setup/file-server-auditing/symbolic-link-cannot-be-followed-error-in-file-server-monitoring-plan.md b/docs/kb/auditor/configuration-and-setup/file-server-auditing/symbolic-link-cannot-be-followed-error-in-file-server-monitoring-plan.md
index ec065227ce..ec3542d66d 100644
--- a/docs/kb/auditor/configuration-and-setup/file-server-auditing/symbolic-link-cannot-be-followed-error-in-file-server-monitoring-plan.md
+++ b/docs/kb/auditor/configuration-and-setup/file-server-auditing/symbolic-link-cannot-be-followed-error-in-file-server-monitoring-plan.md
@@ -52,7 +52,7 @@ Enable all symbolic link types.
Once executed, you'll see the settings for symbolic links (enabled or disabled).
- 
+ 
2. To enable a symlink type, run the following command:
@@ -65,3 +65,4 @@ Enable all symbolic link types.
Learn more about fsutil syntax in the Microsoft documentation: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior (fsutil behavior ⸱ Microsoft)
+
diff --git a/docs/kb/auditor/configuration-and-setup/file-server-auditing/volume-shadow-copy-service-support-in-netwrix-auditor-for-file-servers.md b/docs/kb/auditor/configuration-and-setup/file-server-auditing/volume-shadow-copy-service-support-in-netwrix-auditor-for-file-servers.md
index 77d2f418c4..f79418218a 100644
--- a/docs/kb/auditor/configuration-and-setup/file-server-auditing/volume-shadow-copy-service-support-in-netwrix-auditor-for-file-servers.md
+++ b/docs/kb/auditor/configuration-and-setup/file-server-auditing/volume-shadow-copy-service-support-in-netwrix-auditor-for-file-servers.md
@@ -32,10 +32,11 @@ The **Volume Shadow Copy Service** (hereafter **VSS**) can be enabled via **Netw
1. Navigate to **Managed Objects -> your_File_Servers_Managed_Object_name -> File Servers.**
2. Click **Configure** next to **Advanced Settings** and select the **Enable file versioning and rollback capabilities (based on Volume Shadow Copy).**
-
+
## Where Shadow Copy data is stored
The **Shadow Copy** data is stored on the audited file server. **VSS** is a built-in **Windows** service, and when you enable the VSS support, **Netwrix Auditor** just triggers creation of a snapshot. If you have not configured **VSS**, you may want to turn it off (especially if you do not have enough space on that server). To know precisely where the **Shadow Copy** data is stored, refer to the **Shadow Copy** information on the drive volume.
+
diff --git a/docs/kb/auditor/configuration-and-setup/file-server-auditing/what-is-sessionid-in-netwrix-auditor-for-file-servers.md b/docs/kb/auditor/configuration-and-setup/file-server-auditing/what-is-sessionid-in-netwrix-auditor-for-file-servers.md
index 91c2591d98..e08fbae17e 100644
--- a/docs/kb/auditor/configuration-and-setup/file-server-auditing/what-is-sessionid-in-netwrix-auditor-for-file-servers.md
+++ b/docs/kb/auditor/configuration-and-setup/file-server-auditing/what-is-sessionid-in-netwrix-auditor-for-file-servers.md
@@ -33,7 +33,7 @@ This attribute is based on the user’s logon ID within the current session. Bei
Session IDs are used to identify changes made by users with unique logon ID's. Session IDs are a combination of both the logon ID itself and the current session associated with this logon ID, to help identifying who made the change. Thus, session ID can be changed due to the fact that Netwrix would count that as a separate activity record too.
-
+
In addition, Netwrix Auditor generates the following attribute besides Session ID, associated with the object and reserved for internal use:
@@ -46,3 +46,4 @@ Since the product associates Session IDs with the current session of the user, t
- [How Does Merging Logon Activity Events Work?](/docs/kb/auditor/how-does-merging-logon-activity-events-work.md)
+
diff --git a/docs/kb/auditor/configuration-and-setup/general-configuration/ale-service-is-unable-to-start-during-installation.md b/docs/kb/auditor/configuration-and-setup/general-configuration/ale-service-is-unable-to-start-during-installation.md
index 49a966848e..b70fabb54f 100644
--- a/docs/kb/auditor/configuration-and-setup/general-configuration/ale-service-is-unable-to-start-during-installation.md
+++ b/docs/kb/auditor/configuration-and-setup/general-configuration/ale-service-is-unable-to-start-during-installation.md
@@ -23,7 +23,7 @@ knowledge_article_id: kA00g000000H9YCCA0
During installation of NetWrix Account Lockout Examiner on **Windows 2003**, a "Service 'NetWrix Account Lockout Examiner' (ALService) failed to start" message is received that the service cannot be started due to insufficient permissions. The account in use is a domain admin.
-
+
## Cause
@@ -41,3 +41,4 @@ Also:
3. Try entering another local admin or domain admin account during the installation.
+
diff --git a/docs/kb/auditor/configuration-and-setup/general-configuration/compression-service-does-not-appear-under-installed-programs-but-still-exists-in-the-services-overvi.md b/docs/kb/auditor/configuration-and-setup/general-configuration/compression-service-does-not-appear-under-installed-programs-but-still-exists-in-the-services-overvi.md
index 84ee4e278e..b08b70cb4e 100644
--- a/docs/kb/auditor/configuration-and-setup/general-configuration/compression-service-does-not-appear-under-installed-programs-but-still-exists-in-the-services-overvi.md
+++ b/docs/kb/auditor/configuration-and-setup/general-configuration/compression-service-does-not-appear-under-installed-programs-but-still-exists-in-the-services-overvi.md
@@ -38,7 +38,7 @@ You can manually delete the Service and its components. For that:
1. Open the **Services** snap-in and open properties of the problematic service.
2. Copy the full name of the service and the path to executable, for example, to a **Notepad** document.
- 
+ 
3. Run the command prompt as administrator and run the following command:
```bat
@@ -49,3 +49,4 @@ You can manually delete the Service and its components. For that:
4. After that, navigate to the file path you copied earlier and delete all the files.
+
diff --git a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-monitoring-of-local-accounts.md b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-monitoring-of-local-accounts.md
index 3ec0b84d06..b0837352c9 100644
--- a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-monitoring-of-local-accounts.md
+++ b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-monitoring-of-local-accounts.md
@@ -29,8 +29,9 @@ Netwrix Account Lockout Examiner can be set to monitor local machine event logs
5. In the next dialog box, select the **Domain Controller** radio button and enter the the name of workstation local events of which you want to monitor
6. Press the **OK** button. Press the **OK** button again.
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbY&feoid=00N700000032Pj2&refid=0EM700000004wxl)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbY&feoid=00N700000032Pj2&refid=0EM700000004wxl)
**Note:** Make sure that the account used to run the Account Lockout Examiner service has administrative access to the machine you are adding.
+
diff --git a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-netwrix-auditor-in-failover-mode.md b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-netwrix-auditor-in-failover-mode.md
index eb2c3a4e45..e14e21ad7f 100644
--- a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-netwrix-auditor-in-failover-mode.md
+++ b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-configure-netwrix-auditor-in-failover-mode.md
@@ -64,3 +64,4 @@ For alternative backup and failover options, refer to the steps below.
+
diff --git a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-install-access-reviews.md b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-install-access-reviews.md
index 54c17e8d53..51ed6f12b4 100644
--- a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-install-access-reviews.md
+++ b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-install-access-reviews.md
@@ -35,6 +35,7 @@ In case you're planning the on-premise deployment, click **On-premises Deploymen
For the VM deployment, proceed with the **Virtual Appliance** option and select the suitable package. Netwrix Auditor Access Reviews will come preinstalled for the VM of your choice.
-
+
+
diff --git a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-properly-remove-auditor-components-prior-to-further-clear-installation.md b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-properly-remove-auditor-components-prior-to-further-clear-installation.md
index c9a030eb4f..237c2db2f0 100644
--- a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-properly-remove-auditor-components-prior-to-further-clear-installation.md
+++ b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-properly-remove-auditor-components-prior-to-further-clear-installation.md
@@ -57,3 +57,4 @@ In most cases, yes it does. However, for the proper uninstallation of all compre
+
diff --git a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-repair-netwrix-auditor-installation.md b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-repair-netwrix-auditor-installation.md
index 0c9c30345c..c25d41647a 100644
--- a/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-repair-netwrix-auditor-installation.md
+++ b/docs/kb/auditor/configuration-and-setup/general-configuration/how-to-repair-netwrix-auditor-installation.md
@@ -37,7 +37,7 @@ How to repair a Netwrix Auditor installation in our environment?
2. Proceed to your **My Products** page to download the executable for the corresponding version. Refer to the following link: [Netwrix — My Products](https://www.netwrix.com/my_products.html).
3. Run the downloaded executable. Once the files are extracted, a setup screen will be prompted.
- 
+ 
4. Select **Install** under **Install Netwrix Auditor**.
5. Click **Next**, and select **Repair**.
@@ -50,3 +50,4 @@ How to repair a Netwrix Auditor installation in our environment?
- [How to Find Out My Netwrix Auditor Version](/docs/kb/auditor/how-to-find-out-my-netwrix-auditor-version.md)
+
diff --git a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/configure-microsoft-365-data-sources-to-use-proxy-server-settings.md b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/configure-microsoft-365-data-sources-to-use-proxy-server-settings.md
index 5d6c82a8b4..8eef8b00e5 100644
--- a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/configure-microsoft-365-data-sources-to-use-proxy-server-settings.md
+++ b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/configure-microsoft-365-data-sources-to-use-proxy-server-settings.md
@@ -41,7 +41,7 @@ Exchange Online relies on PowerShell gathering proxy settings from the network a
netsh winhttp show proxy
```
- 
+ 
2. If the system prompts **Direct settings**, configure the network adapter to use the correct proxy settings:
@@ -51,7 +51,7 @@ Exchange Online relies on PowerShell gathering proxy settings from the network a
Replace the proxy server settings in the line with your actual settings.
- 
+ 
### Microsoft Entra ID (formerly Azure AD)
@@ -84,11 +84,11 @@ After editing:
Before editing image:
-
+
After editing image:
-
+
Replace `***.***.***.***:port` with your actual proxy settings.
@@ -112,3 +112,4 @@ Replace `proxyaddress="***.***.***.***:port"` with your actual proxy settings.
To use proxy server settings for the Teams audit, set up both Microsoft Entra ID and SharePoint Online settings.
+
diff --git a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/connection-to-microsoft-365-tenant-in-netwrix-auditor-completes-with-error-validating-your-account-s.md b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/connection-to-microsoft-365-tenant-in-netwrix-auditor-completes-with-error-validating-your-account-s.md
index 59b217fdaf..666c26d23a 100644
--- a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/connection-to-microsoft-365-tenant-in-netwrix-auditor-completes-with-error-validating-your-account-s.md
+++ b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/connection-to-microsoft-365-tenant-in-netwrix-auditor-completes-with-error-validating-your-account-s.md
@@ -45,8 +45,9 @@ Make sure you provided the same parameters in a Netwrix Auditor monitoring plan
1. **Tenant name** in Netwrix should equal the `Directory (tenant) ID` in Microsoft Office 365 Admin center.
2. **Modern authentication application ID** should equal `Application (client) ID` in Microsoft Office 365 Admin center.
-
+
For additional information on configuring Office 365 tenant, refer to the following article: Microsoft 365. Select the data source you want to audit and review the corresponding section.
+
diff --git a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/disable-multi-factor-authentication-for-microsoft-365-service-accounts.md b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/disable-multi-factor-authentication-for-microsoft-365-service-accounts.md
index 60a66c2f3e..189aa5bbc3 100644
--- a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/disable-multi-factor-authentication-for-microsoft-365-service-accounts.md
+++ b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/disable-multi-factor-authentication-for-microsoft-365-service-accounts.md
@@ -46,7 +46,7 @@ To disable MFA for your data-collecting account in any Microsoft 365 source, use
3. Select the service user to be used in the **Select excluded users and groups** window, and click **Select**.
4. To complete the setup, click **Save** in the bottom left corner.
- 
+ 
- To exclude an app from the MFA policy:
1. Click the highlighted text under the **Target sources** section.
@@ -54,7 +54,7 @@ To disable MFA for your data-collecting account in any Microsoft 365 source, use
3. Select the app to be used in the **Select excluded cloud apps** window, and click **Select**.
4. To complete the setup, click **Save** in the bottom left corner.
- 
+ 
Refer to the following articles for additional information on data-collecting account setup for your Microsoft 365 sources:
@@ -74,3 +74,4 @@ Refer to the following articles for additional information on data-collecting ac
- Microsoft 365 — Permissions for Teams Auditing ⸱ v10.6 https://docs.netwrix.com/docs/auditor/10_8
+
diff --git a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md
index ba208c8ddb..a5b39f20fd 100644
--- a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md
+++ b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md
@@ -44,7 +44,7 @@ To determine the actual number of licenses you need to purchase from Netwrix, do
3. Enter your Office 365 account credentials when prompted and click **OK**.
4. When the script completes, you will see the number of mailbox accounts for which you need to purchase licenses:
-
+
## For MFA-enabled account
@@ -62,3 +62,4 @@ $userMailboxes.count
Original KB Article 2082
+
diff --git a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/permission_manifests_for_auditing_office_365_and_microsoft_entra_id_(auditor_v10.0_and_older).md b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/permission_manifests_for_auditing_office_365_and_microsoft_entra_id_(auditor_v10.0_and_older).md
index 2716fae958..be7d489663 100644
--- a/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/permission_manifests_for_auditing_office_365_and_microsoft_entra_id_(auditor_v10.0_and_older).md
+++ b/docs/kb/auditor/configuration-and-setup/microsoft-365-integration/permission_manifests_for_auditing_office_365_and_microsoft_entra_id_(auditor_v10.0_and_older).md
@@ -32,7 +32,7 @@ This article contains permission manifests for Microsoft 365 and Microsoft Entra
3. Select the app you would like to configure.
4. In the left pane of the new **Overview** window, select the **Manifest** tab. You can either edit the manifest in the web-based manifest editor, or select **Download** to edit the manifest locally to **Upload** it to reapply it to your application.
- 
+ 
5. After opening the manifest file, replace the contents of **requiredResourceAccess** with the data provided below.
6. Once changes are introduced, save the manifest and grant administrator permissions in the **API Permissions** tab.
@@ -41,15 +41,15 @@ You can use the following screenshots for permissions reference:
- **SharePoint Online**
- 
+ 
- **Exchange Online**
- 
+ 
- **Microsoft Entra ID**
- 
+ 
### Manifest for SharePoint Online
@@ -195,3 +195,4 @@ You can use the following screenshots for permissions reference:
- [Microsoft 365 — Permissions for Teams Auditing ⸱ v10.6](https://docs.netwrix.com/docs/auditor/10_8/configuration/microsoft365/teams/permissions)
- [Microsoft Entra Admin Center ⸱ Microsoft 🡥](https://entra.microsoft.com)
+
diff --git a/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/cannot-find-the-application-error-in-sharepoint-online-and-ms-teams-monitoring-plan.md b/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/cannot-find-the-application-error-in-sharepoint-online-and-ms-teams-monitoring-plan.md
index e4bffc70e0..fb407b8e83 100644
--- a/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/cannot-find-the-application-error-in-sharepoint-online-and-ms-teams-monitoring-plan.md
+++ b/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/cannot-find-the-application-error-in-sharepoint-online-and-ms-teams-monitoring-plan.md
@@ -50,7 +50,7 @@ Cannot find the application.
- Review the Application ID provided. You can find the Application ID of your app in the **Overview** page once you select the app in the **App registrations** section. Refer to the following Netwrix Auditor article for additional information on the initial Azure app setup: Netwrix Auditor — Permissions for SharePoint Online Auditing − Creating and registering a new app in Microsoft Entra ID ⸱ v10.6. For additional information on creating an app for Teams auditing, refer to the following Netwrix Auditor article: Netwrix Auditor — Permissions for Teams Auditing − Create and Register a New App in Microsoft Entra ID ⸱ v10.6.
-
+
- Review the app API permissions granted. You can either specify API permissions manually or use a manifest. Refer to the following Netwrix Auditor article for additional information on granting permissions: Netwrix Auditor — Permissions for SharePoint Online Auditing − Granting required permissions ⸱ v10.6. For additional information on permissions for Teams auditing, refer to the following Netwrix Auditor article: Netwrix Auditor — Permissions for Teams Auditing − Grant Required Permissions ⸱ v10.6.
@@ -65,3 +65,4 @@ Cannot find the application.
- Netwrix Auditor — Permissions for Teams Auditing − Grant Required Permissions ⸱ v10.6
+
diff --git a/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-application-deployment-for-ndc.md b/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-application-deployment-for-ndc.md
index da77a870ee..2e947edfab 100644
--- a/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-application-deployment-for-ndc.md
+++ b/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-application-deployment-for-ndc.md
@@ -31,20 +31,21 @@ To enable the app you will need to add the app to the **App Catalog** then deplo
1. Navigate to the **App Catalog** → **Site Contents** and ensure you are using the classic experience.
2. Click **Add an app** and select `conceptClassifierApp`.
-
+
3. Click **Trust It** to accept the app permissions and allow the app to be installed into the App Catalog.
- 
+ 
4. Once the app has been added to the App Catalog, configure the deployment by hovering over the app then clicking on the ellipsis in the top right corner of the app and clicking **Deployment**.
- 
+ 
5. Select how to deploy the app to a combination of specific Sire Collections, by pats, and by a template. Click **OK**.
**Note:** The default order of the page is to show the newest app first, so you should see the app as one of the first options (if you do not you can search for “conceptClassifierApp”):
6. The app will then be scheduled for deployment to the chosen Site Collections. This can take a few minutes and on completion, `conceptClassifierApp` will appear in the Site Contents of these Site Collections.
-
+
7. To complete the setup, navigate to the **Site Collection** → **Site Contents** and select `conceptClassifierApp`. This will complete the installation of the app on the Site Collection and allow you to configure the writing of classifications (if licensed).
+
diff --git a/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-application-installation-for-netwrix-data-classification.md b/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-application-installation-for-netwrix-data-classification.md
index df8a2e6785..086c1e3a14 100644
--- a/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-application-installation-for-netwrix-data-classification.md
+++ b/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-application-installation-for-netwrix-data-classification.md
@@ -32,22 +32,22 @@ The `conceptClassifierAppInstaller.exe` can be used to install or upgrade the `c
Extract the files and run `conceptClassifierAppInstaller.exe`.
-
+
1. Click *next* after reading the wizard introduction and recommendations.
Read and confirm that you accept the EULA and click *next*.
-
+
Specify connection details for your organization's app catalog (you may have more than one of these if you are working across multiple web applications; if so, you will need to run the installer once per app catalog).
-
+
Enter the location of the conceptSearching server (which must be installed onto a secure server with a secure (HTTPS) endpoint): in the case of SharePoint Online, the certificate used must be externally verifiable (from a trusted source).
Select the **Use SharePoint Online Login** checkbox if you want to use the new authentication method.
-
+
Please also note, the HTTPS binding in IIS should have the host header specified — in the case of the above example the host header would be `secure.conceptsearching.com`. To do this please follow these steps:
@@ -124,3 +124,4 @@ Please complete the necessary fields. If you are an Office 365 customer you will
[Follow this article](https://kb.netwrix.com/5505)
+
diff --git a/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/troubleshoot_sharepoint_serveron-premise_errors.md b/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/troubleshoot_sharepoint_serveron-premise_errors.md
index cec7929210..ab19ac7f8c 100644
--- a/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/troubleshoot_sharepoint_serveron-premise_errors.md
+++ b/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/troubleshoot_sharepoint_serveron-premise_errors.md
@@ -22,7 +22,7 @@ This is a reference list of articles on troubleshooting errors in SharePoint Ser
### Related Articles
- [SharePoint Core Service Deployment Failed](/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/sharepoint-core-service-deployment-failed.md)
-- [Timeout Expired Error on SharePoint Core Service D](/docs/kb/auditor/timeout-expired-error-on-sharepoint-core-service-deployment.md)
+- [Timeout Expired Error on SharePoint Core Service D](/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/timeout-expired-error-on-sharepoint-core-service-deployment.md)
- [Event ID 1204 in Health Log](/docs/kb/auditor/event-id-1204-in-health-log.md)
- [Event ID 1205 in Health Log](/docs/kb/auditor/event-id-1205-in-health-log.md)
- [Error: Event ID 1206 in Health Log](/docs/kb/auditor/error-event-id-1206-in-health-log.md)
@@ -59,3 +59,5 @@ This is a reference list of articles on troubleshooting errors in SharePoint Ser
- [Event ID 1289 in Health Log](/docs/kb/auditor/event-id-1289-in-health-log.md)
+
+
diff --git a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/cannot-generate-sspi-context-error-in-sql-server-monitoring-plan.md b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/cannot-generate-sspi-context-error-in-sql-server-monitoring-plan.md
index 7cfffcc8ed..fa1e9c4a54 100644
--- a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/cannot-generate-sspi-context-error-in-sql-server-monitoring-plan.md
+++ b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/cannot-generate-sspi-context-error-in-sql-server-monitoring-plan.md
@@ -102,7 +102,7 @@ Allow the operating systems to select the protocol for incoming and outgoing com
### Cause #4 – SQL and Netwrix Auditor Servers Time Difference
-Synchronize the time on both SQL and Netwrix Auditor servers to eliminate clock skew. For more information, see Clock Skew Is Too Great: [Clock Skew Is Too Great](/docs/kb/auditor/clock-skew-is-too-great.md)
+Synchronize the time on both SQL and Netwrix Auditor servers to eliminate clock skew. For more information, see Clock Skew Is Too Great: [Clock Skew Is Too Great](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/clock-skew-is-too-great.md)
## Related Articles
@@ -110,7 +110,9 @@ Synchronize the time on both SQL and Netwrix Auditor servers to eliminate clock
- Cannot Generate SSPI Context – Fix the Error with Kerberos Configuration Manager · Microsoft: https://learn.microsoft.com/en-US/troubleshoot/sql/database-engine/connect/cannot-generate-sspi-context-error#fix-the-error-with-kerberos-configuration-manager-recommended
- Register Service Principal Name for Kerberos Connections – Automatic SPN Registration · Microsoft: https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-ver16#Auto
- [Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm](/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm.md)
-- [Clock Skew Is Too Great](/docs/kb/auditor/clock-skew-is-too-great.md)
+- [Clock Skew Is Too Great](/docs/kb/auditor/features-and-operations/glossaries-and-faqs/clock-skew-is-too-great.md)
+
+
diff --git a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/connection-string-is-not-valid-in-sql-server-monitoring-plan.md b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/connection-string-is-not-valid-in-sql-server-monitoring-plan.md
index 23df2f6462..da2c08c52b 100644
--- a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/connection-string-is-not-valid-in-sql-server-monitoring-plan.md
+++ b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/connection-string-is-not-valid-in-sql-server-monitoring-plan.md
@@ -53,12 +53,13 @@ Review the affected item in your SQL Server monitoring plan:
4. Review the instance name specified:
- For a default SQL instance name (`MSSQLSERVER`), only specify the server FQDN or NetBIOS name. See the example for a reference.
- 
+ 
- For a named SQL instance, specify `FQDN\Instance_name`.
- 
+ 
5. Once the changes are introduced, click **Save & Close**.
+
diff --git a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/could-not-find-stored-procedure-getallproperties.md b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/could-not-find-stored-procedure-getallproperties.md
index 96462e554f..6fd95aebd0 100644
--- a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/could-not-find-stored-procedure-getallproperties.md
+++ b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/could-not-find-stored-procedure-getallproperties.md
@@ -52,3 +52,4 @@ The ReportServer database is corrupted and has to be rebuilt.
+
diff --git a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/error-check-your-sql-server-settings-in-audit-database-settings.md b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/error-check-your-sql-server-settings-in-audit-database-settings.md
index 06a86e7053..3958cd0841 100644
--- a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/error-check-your-sql-server-settings-in-audit-database-settings.md
+++ b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/error-check-your-sql-server-settings-in-audit-database-settings.md
@@ -68,3 +68,4 @@ Refer to the list of possible causes for the error:
+
diff --git a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-do-i-migrate-the-reporting-database-to-another-ms-sql-server-instance-lower-version.md b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-do-i-migrate-the-reporting-database-to-another-ms-sql-server-instance-lower-version.md
index ac24b3eafc..859277e0c9 100644
--- a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-do-i-migrate-the-reporting-database-to-another-ms-sql-server-instance-lower-version.md
+++ b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-do-i-migrate-the-reporting-database-to-another-ms-sql-server-instance-lower-version.md
@@ -34,48 +34,49 @@ There are a few options to downgrade the database from a higher version of SQL S
1.1 In Object Explorer connect to the SQL server, right-click the database, expand **Tasks** and choose **Generate Scripts**.
-
+
1.2 This launches the **Generate and Publish Scripts** wizard. Click **Next** to skip the Introduction screen and proceed to the Choose Objects page.
-
+
1.3 On the Choose Objects page, choose **Script entire database and all database objects**, and then click **Next** to proceed to the **Set Scripting Options** page.
-
+
1.4 On the **Set Scripting Options** page, specify the location where you want to save the script file, and then click the **Advanced** button.
-
+
1.5 In the **Advanced Scripting Options** dialog box, set `Script Triggers`, `Indexes` and `Primary Key` options to `True`, set `Script for Server Version` to ``<version of the destination SQL server instance>``, and set `Types of data to script` to `Schema and Data`. This last option is key because this is what generates the data per table.
-
+
1.6 Once done, click **OK** to close the **Advanced Scripting Options** dialog box and return to the **Set Scripting Options** page. In the **Set Scripting Options** page, click **Next** to continue to the Summary page.
1.7 After reviewing your selections on the Summary page, click **Next** to generate scripts.
-
+
1.8 Once scripts are generated successfully, choose the **Finish** button to close the **Generate and Publish Scripts** wizard.
-
+
2. Connect to the destination SQL Server instance, and then run the SQL scripts that were generated, to create the database schema and copy its data.
2.1 In Object Explorer connect to the destination SQL Server instance and then in SQL Server Management Studio open the SQL Server script you saved in Step 1.
-
+
-
+
-
+
2.2 Modify the script to specify the correct location for the database data and log files. Once done, run the script to create the database on the destination SQL Server instance.
-
+
2.3 Upon successful execution, refresh the Database folder in Object Explorer.
-
+
+
diff --git a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md
index 76eb0e7889..0c4b28144a 100644
--- a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md
+++ b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/how-to-migrate-netwrix-auditor-databases-to-another-sql-server-instance.md
@@ -56,10 +56,10 @@ Yes, you are able to migrate audit databases to another Microsoft SQL Server ins
8. In the main Netwrix Auditor menu, select **Settings** > **Audit Database** tab, and specify the new SQL Server and Reporting Service settings.
> **NOTE:** If you receive the following pop-up message, click **Yes** to proceed with modifying the Audit Database settings:
-> 
+> 
9. Click **Yes** when the following message appears:
- 
+ 
10. In the main Netwrix Auditor menu, select **Settings** > **Investigations** tab. Click **Modify** to specify the new SQL Server settings.
11. Run a search with the filter **When | Equals | Last 7 days**. If you see the relevant data, the databases were migrated successfully and the new SQL Server is being used.
12. **Optional:** Start the old SQL Server instance if it is used for any other tasks.
@@ -70,3 +70,4 @@ Yes, you are able to migrate audit databases to another Microsoft SQL Server ins
- [SQL Server Reporting Services](https://docs.netwrix.com/docs/auditor/10_8/requirements/overview)
- [How to Prepare the Netwrix Server for a SQL Upgrade](/docs/kb/auditor/how-to-prepare-the-netwrix-server-for-a-sql-upgrade.md)
- [Deploying the Report Server Database](/docs/kb/auditor/deploying-the-report-server-database.md)
+
diff --git a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md
index 3ce7a40e95..5fbd84b182 100644
--- a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md
+++ b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/specify-custom-sql-server-port-for-netwrix-auditor-audit-database.md
@@ -35,4 +35,5 @@ How to specify a custom port for Netwrix Auditor to communicate with the SQL Ser
SERVER-SQL\TEST-SQL,14337
```
-
+
+
diff --git a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/sql-server-express-database-size-reached-10gb.md b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/sql-server-express-database-size-reached-10gb.md
index 0a95b11eb2..c417a505ff 100644
--- a/docs/kb/auditor/configuration-and-setup/sql-server-auditing/sql-server-express-database-size-reached-10gb.md
+++ b/docs/kb/auditor/configuration-and-setup/sql-server-auditing/sql-server-express-database-size-reached-10gb.md
@@ -68,10 +68,11 @@ While it is highly recommended to implement either a SQL Server Standard or Ente
- Split items in multiple monitoring plans to decrease the amount of data written to a single database.
-- Decrease the database retention period. Refer to the following article for additional information: [How to Reduce Audit Database Size for Netwrix Auditor](/docs/kb/auditor/how-to-reduce-audit-database-size-for-netwrix-auditor.md)
+- Decrease the database retention period. Refer to the following article for additional information: [How to Reduce Audit Database Size for Netwrix Auditor](/docs/kb/auditor/system-administration/database-management/how-to-reduce-audit-database-size-for-netwrix-auditor.md)
## Related Articles
- [Investigations](https://docs.netwrix.com/docs/auditor/10_8/admin/settings/investigations)
-- [How to Reduce Audit Database Size for Netwrix Auditor](/docs/kb/auditor/how-to-reduce-audit-database-size-for-netwrix-auditor.md)
+- [How to Reduce Audit Database Size for Netwrix Auditor](/docs/kb/auditor/system-administration/database-management/how-to-reduce-audit-database-size-for-netwrix-auditor.md)
- [Could Not Allocate Space for Object (ObjectName) in Database (DatabaseName)](/docs/kb/auditor/could-not-allocate-space-for-object-objectname-in-database-databasename.md)
+
diff --git a/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/auditing-policies-are-not-being-enabled-on-all-or-several-domain-controllers-in-monitored-domain.md b/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/auditing-policies-are-not-being-enabled-on-all-or-several-domain-controllers-in-monitored-domain.md
index 7c8c2fbfa9..b82adcab99 100644
--- a/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/auditing-policies-are-not-being-enabled-on-all-or-several-domain-controllers-in-monitored-domain.md
+++ b/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/auditing-policies-are-not-being-enabled-on-all-or-several-domain-controllers-in-monitored-domain.md
@@ -38,11 +38,11 @@ The reasons why the auditing policies are not being enabled on domain controller
- Run Resultant Set of Policy (RSoP): `Start > Run` > type `rsop.msc` and press Enter.
- Expand Audit Policy as shown in the picture below and make sure you see the corresponding source GPO (the GPO which you enabled auditing policies in) for auditing policies and ensure there are no warnings or errors. In our case we see that Audit Account Management policy is set to Failure, while for successful auditing we need to have this policy set to Success.
-
+
- To fix this problem open **Group Policy Management Console** (**Start > Administrative Tools > Group Policy Management**), select the **Domain Controllers** node, open the **Group Policy Inheritance** tab and in the right pane review the order the GPOs are being applied to the Domain Controllers OU. In our case the Default Domain Policy is enforced and being applied first which causes a GPO conflict. Manage your GPO inheritance to exclude the necessary policy settings from being overridden. For more details regarding GPO inheritance please refer to the following Microsoft KB article: http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx
-
+
## If GPO distribution is correct but auditing settings still not applied
@@ -52,7 +52,7 @@ If you resolved the inheritance issue and corresponding GPOs are being distribut
2. Open Local Group Policy Editor: `Start > Run` > `secpol.msc`.
3. Expand Audit Policy as shown in the picture below and make sure that the necessary auditing policies are set to Success (for example, Audit Account Management, Audit Directory Service Access) and are equal to the ones you see in Resultant Set of Policy (RSoP).
-
+
- If the Local Group Policy Editor indicates different auditing settings (different from the ones you configured and see in Resultant Set of Policy (RSoP)), this may indicate an issue with GPO applying on that particular domain controller. To troubleshoot this issue please refer to the following Microsoft KB articles:
@@ -61,3 +61,4 @@ If you resolved the inheritance issue and corresponding GPOs are being distribut
- Group Policy Analysis and Troubleshooting Overview: http://technet.microsoft.com/en-us/library/jj134223.aspx
- Fixing Group Policy problems by using log files: http://technet.microsoft.com/en-us/library/cc775423(WS.10).aspx
- SceCli 1202 events are logged every time Computer Group Policy settings are refreshed on a computer that is running Windows Server 2008 R2: http://support.microsoft.com/kb/974639/en-us
+
diff --git a/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/high-cpu-usage-on-domain-controllers.md b/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/high-cpu-usage-on-domain-controllers.md
index bc01d814d0..5302623e65 100644
--- a/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/high-cpu-usage-on-domain-controllers.md
+++ b/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/high-cpu-usage-on-domain-controllers.md
@@ -39,7 +39,7 @@ There are two options to fix the issue:
3. Create a DWORD called `UseWatcher` with value `1`
4. Restart the **Netwrix Account Lockout Examiner service** via **Services.msc**
- 
+ 
2. If the above does not help, disable usage of WMI to communicate with domain controllers. (A .Net-based mechanism will be used for it.)
@@ -50,4 +50,5 @@ There are two options to fix the issue:
3. Change the `UseWMI` value to `0`
4. Restart the **Netwrix Account Lockout Examiner service** via **Services.msc**
- 
+ 
+
diff --git a/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md b/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md
index fa206f8698..fdfe3e1667 100644
--- a/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md
+++ b/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/how-to-exclude-non-operable-domain-controllers-from-monitoring-in-netwrix-auditor.md
@@ -51,8 +51,9 @@ To exclude domain controllers from monitoring, refer to the following steps:
MYDC.MYDOMAIN.LOCAL
```
- 
+ 
3. Save the changes. Inactive User Tracker will exclude this domain controller.
Refer to the following article for additional information: Monitoring Plans — User Activity Monitoring Scope — v10.6.
+
diff --git a/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/workstations-cloned-with-windows-server-auditing-service-pre-installed.md b/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/workstations-cloned-with-windows-server-auditing-service-pre-installed.md
index 5671a9ef6f..ef0f2732e5 100644
--- a/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/workstations-cloned-with-windows-server-auditing-service-pre-installed.md
+++ b/docs/kb/auditor/configuration-and-setup/windows-server-monitoring/workstations-cloned-with-windows-server-auditing-service-pre-installed.md
@@ -46,7 +46,7 @@ To establish the affected servers, refer to the following steps:
Copy the **AgentID** value.
- 
+ 
2. In your Netwrix Auditor host, navigate to the `C:\ProgramData\Netwrix Auditor\ShortTerm\WSA\Agents\` folder. Look for a folder named after **AgentID** (e.g.,52656fc3-d325-424d-9bef-fb68d14bc919). The **RemoteAgentState.xml** file contains a list of affected servers.
@@ -158,3 +158,4 @@ To establish the affected servers, refer to the following steps:
1. Open the folder `C:\Program Files (x86)\Netwrix Auditor\User Activity Video Recording` in the Netwrix server.
2. Copy the **UACoreSvcSetup.msi** file to each cloned server.
3. Install it manually.
+
diff --git a/docs/kb/auditor/event-id-reference/health-log-events/entitlement-reviews-event-id-6527.md b/docs/kb/auditor/event-id-reference/health-log-events/entitlement-reviews-event-id-6527.md
index 39944fff26..1e0e51e661 100644
--- a/docs/kb/auditor/event-id-reference/health-log-events/entitlement-reviews-event-id-6527.md
+++ b/docs/kb/auditor/event-id-reference/health-log-events/entitlement-reviews-event-id-6527.md
@@ -35,7 +35,7 @@ License name: Entitlement reviews.
Your subscription plan for Netwrix Auditor has expired.
```
-
+
## Cause
@@ -53,3 +53,4 @@ Netwrix Auditor Access Reviews is no longer installed.
```
Click **OK** to proceed to the configuration tool.
+
diff --git a/docs/kb/auditor/event-id-reference/health-log-events/event-id-1208-in-health-log.md b/docs/kb/auditor/event-id-reference/health-log-events/event-id-1208-in-health-log.md
index 232be68ad1..b03451ef40 100644
--- a/docs/kb/auditor/event-id-reference/health-log-events/event-id-1208-in-health-log.md
+++ b/docs/kb/auditor/event-id-reference/health-log-events/event-id-1208-in-health-log.md
@@ -34,7 +34,7 @@ Refer to the entries below for possible causes and resolutions based on event de
### `Fatal error during installation`
- Cause: The **Timeout expired** error is prompted after SharePoint Core Service installation has taken over 10 minutes.
- **Resolution:** Refer to the following article for additional information: [Timeout Expired Error on SharePoint Core Service Deployment](/docs/kb/auditor/timeout-expired-error-on-sharepoint-core-service-deployment.md)
+ **Resolution:** Refer to the following article for additional information: [Timeout Expired Error on SharePoint Core Service Deployment](/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/timeout-expired-error-on-sharepoint-core-service-deployment.md)
- Cause: An invalid SharePoint Central Administration URL was specified during monitoring plan creation.
**Resolution:**
@@ -114,7 +114,8 @@ Refer to the entries below for possible causes and resolutions based on event de
## Related articles
-- [Timeout Expired Error on SharePoint Core Service Deployment](/docs/kb/auditor/timeout-expired-error-on-sharepoint-core-service-deployment.md)
+- [Timeout Expired Error on SharePoint Core Service Deployment](/docs/kb/auditor/configuration-and-setup/sharepoint-and-teams-auditing/timeout-expired-error-on-sharepoint-core-service-deployment.md)
- [Permissions for SharePoint Auditing](https://docs.netwrix.com/docs/auditor/10_8/configuration/sharepoint/permissions)
- [SharePoint Ports](https://docs.netwrix.com/docs/auditor/10_8/configuration/sharepoint/ports)
- [Install for SharePoint Core Service](https://docs.netwrix.com/docs/auditor/10_8/install/sharepointcoreservice)
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/account-lockouts-are-displayed-with-delay.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/account-lockouts-are-displayed-with-delay.md
index e74c22e571..9a7d751aa9 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/account-lockouts-are-displayed-with-delay.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/account-lockouts-are-displayed-with-delay.md
@@ -46,7 +46,7 @@ To change to all DCs mode, perform the following steps:
2. Select your domain and click **Edit**.
3. Select **All DCs** radio button and click **OK** to save the changes.
-
+
### Change event processing method
@@ -56,4 +56,5 @@ To change to all DCs mode, perform the following steps:
4. Create a new value called `UseWatcher`, set its type to `DWORD` and value to `1`.
5. Restart NetWrix Account Lockout Examiner Service via `services.msc`.
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/audit-status-shows-logon-auditing-is-disabled.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/audit-status-shows-logon-auditing-is-disabled.md
index f523916cdc..73f4f59879 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/audit-status-shows-logon-auditing-is-disabled.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/audit-status-shows-logon-auditing-is-disabled.md
@@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9YbCAK
Audit status of some Domain controllers in the list shows that some auditing is disabled, for example "Logon Auditing is disabled, some funcionality will be unavailable for this DC. Please turn on auditing of invalid logons in audit policy for this DC"
-
+
---
@@ -49,7 +49,7 @@ To resolve the issue configure audit policies/ advanced audit policies.
- **Audit account logon events: Failure**
- **Audit logon events: Failure**
- 
+ 
5. Update group policy an all monitored DCs (for example run `gpupdate /force`)
@@ -60,7 +60,7 @@ To resolve the issue configure audit policies/ advanced audit policies.
3. Expand the **Computer Configuration** -> **Policies** -> **Windows Settings** -> **Security Settings** -> **Advanced Audit Policy Configuration** node.
4. Configure audit policies according to page 12, Section 4.2: Enabling Audit Policy, of the [Account Lockout Examiner Administrator Guide](https://www.netwrix.com/download/documents/NetWrix_Account_Lockout_Examiner_Administrator_Guide.pdf?_ga=2.126161166.2092059225.1569427026-1766003445.1557946744).
-  
+  
5. Update group policy an all monitored DCs (for example run `gpupdate /force`)
@@ -77,4 +77,5 @@ In order to do this:
3. Change the value of **UseWMI_Audit** to `0`,
4. In the Account Lockout Examiner console go to **File - Settings** and click **OK** to apply registry changes.
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/high-cpu-load-and-memory-usage.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/high-cpu-load-and-memory-usage.md
index 7bfbbcd969..35b49dda3b 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/high-cpu-load-and-memory-usage.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/high-cpu-load-and-memory-usage.md
@@ -37,4 +37,5 @@ In order to reduce CPU load and memory usage, perform the following steps:
If this does not help, set the `LockoutStatusRefreshPeriod` key value to `0`, but in this case the Account Lockout Examiner will not verify accounts status via Active Directory, so account lockouts will not be reported if a corresponding event is not found in the event log.
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/high-cpu-usage-on-remote-desktop-servers.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/high-cpu-usage-on-remote-desktop-servers.md
index a9066fa493..2dcbae5c99 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/high-cpu-usage-on-remote-desktop-servers.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/high-cpu-usage-on-remote-desktop-servers.md
@@ -47,7 +47,7 @@ To change this on the machine where ALE is installed:
3. Change the `UseWMI_Workstations` value to `0`.
4. Restart the Netwrix Account Lockout Examiner service via `Services.msc`.
-
+
### Option 2 — Disable searching for detailed info about invalid logons
@@ -60,4 +60,5 @@ To change this on the machine where ALE is installed:
3. Create a new DWORD called `PF_Enabled` and set its value to `0`.
4. Restart the Netwrix Account Lockout Examiner service via `Services.msc`.
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-do-i-monitor-hidden-file-shares.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-do-i-monitor-hidden-file-shares.md
index 4ee65bb107..ad966c1884 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-do-i-monitor-hidden-file-shares.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-do-i-monitor-hidden-file-shares.md
@@ -26,6 +26,7 @@ If you specified **Computer** as an Item in the Netwrix Auditor Windows File Ser
If you would like to audit all hidden shares on the server, check the corresponding option at the **Scope** tab of your **Computer** item:
-
+
**NOTE:** It is not recommended to specify the system drive (`\server\c$`) as an Item. This will force Netwrix to audit local folders including the system ones that produce a lot of noise and degrade the product performance.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-count-the-number-of-your-network-devices-in-your-configuration.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-count-the-number-of-your-network-devices-in-your-configuration.md
index d53f4ac1fb..95c3df34bc 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-count-the-number-of-your-network-devices-in-your-configuration.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-count-the-number-of-your-network-devices-in-your-configuration.md
@@ -25,6 +25,7 @@ knowledge_article_id: kA00g000000H9SnCAK
The licensing **does not depend** on your Syslog forwarding configuration. In the example below, Netwrix Auditor collects audit data from five devices, one of them (6) also serving as a relay:
-
+
The computer (5) does not send any data, so it does not count for a licensed object. Therefore, for this example configuration, purchase Netwrix Auditor license for five network devices. Original KB Article 2122
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-create-the-full-dump-of-a-process.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-create-the-full-dump-of-a-process.md
index b6e5524bbf..dd958ab142 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-create-the-full-dump-of-a-process.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-create-the-full-dump-of-a-process.md
@@ -31,6 +31,7 @@ Netwrix technical support may ask you to create a dump of a particular process (
5. Specify location to save the dump file.
6. Provide the dump file to the technical support.
-
+
**NOTE:** If you receive Access Denied error during the process, please check the ["Debug Programs" Computer Policy](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/debug-programs). Consider adding the account that you use to the list of allowed users or use an Account which has this permission (e.g. local administrator account)"
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-delete-old-entries-from-the-account-list.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-delete-old-entries-from-the-account-list.md
index 58342fdce6..1fe5183596 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-delete-old-entries-from-the-account-list.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-delete-old-entries-from-the-account-list.md
@@ -31,4 +31,5 @@ The account list is stored in the `alinfo.xml` file and you can manually delete
4. Save the `alinfo.xml` file.
5. Start the Netwrix Auditor service.
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md
index 9376987eaf..ce008f8ae0 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-exclude-users-and-objects-from-monitoring-scope-in-netwrix-auditor-ui.md
@@ -39,13 +39,13 @@ You can exclude specific users and objects from your monitoring scope using the
2. Select the relevant monitoring plan, select the data source and click **Edit**.
3. Select the data source and click **Edit data source**.
- 
+ 
4. In the left pane, select **Users**. Check the **Exclude these users:** checkbox and click **Add** to add users to be excluded from the monitoring plan. Once all the users are added, click **Save & Close** in the bottom left corner.
- 
+ 
5. For objects, select the **Objects** tab in the left pane, check the **Exclude these objects** checkbox and click **Add** to exclude objects from the monitoring scope. Once you've added the objects, click **Save & Close**.
- 
+ 
The following examples explain how the exclusion rules work for **Objects**. Same logic applies to the inclusion rules:
@@ -54,3 +54,4 @@ The following examples explain how the exclusion rules work for **Objects**. Sam
- `dc11.local/OU*` will exclude the OU itself, all objects within it, and also all objects whose path begins with `dc11.local/OU` (like `dc11.local/OU_HQ`).
For additional information on omit lists and excluding data sources, refer to the following article: [How to Use Omit Lists](https://docs.netwrix.com/docs/kb/auditor/how-to-use-omit-lists)
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-find-out-my-netwrix-auditor-version.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-find-out-my-netwrix-auditor-version.md
index 3b4f2618a5..867564c7c4 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-find-out-my-netwrix-auditor-version.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-find-out-my-netwrix-auditor-version.md
@@ -34,4 +34,5 @@ To establish the version and build of your Netwrix Auditor instance, refer to th
2. In the left pane, select **About Netwrix Auditor**.
3. Your current version and build will be available in the right section.
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-identify-whether-auditor-server-can-receive-data-from-meraki-api.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-identify-whether-auditor-server-can-receive-data-from-meraki-api.md
index c6e102682f..affc191ad0 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-identify-whether-auditor-server-can-receive-data-from-meraki-api.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-identify-whether-auditor-server-can-receive-data-from-meraki-api.md
@@ -53,6 +53,7 @@ curl https://api.meraki.com/api/v1 > 1.html
This is an example of a response when the product cannot access the Meraki API:
-
+
In this case, check the ports required to audit the Meraki dashboard source and your internal firewall. Learn more about required ports and protocols in this article: Data Source Configuration — Network Devices — Network Devices Ports — v10.6 https://docs.netwrix.com/docs/auditor/10_8).
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-manually-remove-compression-services-from-audited-servers.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-manually-remove-compression-services-from-audited-servers.md
index aa0c0ffbe4..d843af8e99 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-manually-remove-compression-services-from-audited-servers.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-manually-remove-compression-services-from-audited-servers.md
@@ -93,8 +93,9 @@ Do make sure to replace `*PATH TO FILESHARE*` with a relevant path.
If you'd like to remove Compression Service from a single server, replace `@"*PATH TO FILESHARE*\serverlist.txt"` with `\Servername`. Refer to the following screenshot for the output reference:
-
+
The script calls upon the functions in the msi to upgrade the Compression Service to the version of .msi installer and then to remove said Compression Service, since it only can execute remove command on a Compression Service of the same version.
> NOTE: If the script reads only the first symbol of the serverlist.txt file, you will need to use Notepad++ or any similar tool to change the file encoding to ANSI.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-monitor-print-service-activity.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-monitor-print-service-activity.md
index 11ec43c3d1..636b9f434e 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-monitor-print-service-activity.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-monitor-print-service-activity.md
@@ -31,22 +31,22 @@ You can enable the print event logging by following the steps below:
1. Enable logging for the print service of the print server — open **Event Viewer** > **Applications and Services Logs** > **Microsoft** > **Windows** > **PrintService**.
2. Right-click the **Operational** item to select **Properties**.
- 
+ 
3. Check the **Enable logging** checkbox — print service events will now be logged. Click **OK** to save changes.
- 
+ 
Create an inclusive filter in Netwrix Auditor Event Log Manager:
1. Create a new monitoring plan by clicking **Add** or select the preexisting monitoring plan and click **Edit**.
2. Click the **Configure** button for Audit archiving filters.
- 
+ 
3. Click **Add** for Inclusive Filters.
- 
+ 
4. Fill in the filter name and description with the **Event Log** field to contain the following line:
@@ -56,7 +56,7 @@ Create an inclusive filter in Netwrix Auditor Event Log Manager:
Verify the location for the print server event logs via Event Viewer — the Log Name should correspond with the actual event logs location.
- 
+ 
5. You can specify Event IDs in the **Event Fields** tab to filter the events (e.g. Event ID 307 for **Printing a document**). Additionally you can filter the events via **Insertion Strings**, refer to the index numbers specified in event details (e.g. Param1 stands for Index 1 with "Job #" value).
@@ -65,7 +65,7 @@ Download the **Printed Documents RDL.zip** archive provided below and extract th
1. Open the Reports Server URL in your browser and navigate to the folder you'd like to upload the report to (e.g. **Home** > **Netwrix Auditor** > **Netwrix Auditor for Event Log** > **Change Reports**).
2. Click **Upload** to upload the report to the folder.
- 
+ 
Configure the report to use the `Netwrix_Auditor_EventLog` database:
@@ -79,14 +79,15 @@ Configure the report to use the `Netwrix_Auditor_EventLog` database:
NOTE: `SQLINSTANCE` should be replaced with the name of your SQL Server instance.
- 
+ 
4. Input your credentials, test the connection and save the changes.
- 
+ 
5. The report is now available via the web interface of your Report Server. It will not appear under Reports in the Netwrix Auditor console.
- 
+ 
Printed Documents RDL: https://www.netwrix.com/download/Printed-Documents-RDL.zip
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md
index 4daf596d93..abbafd7dd0 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-move-long-term-archive-to-a-new-location.md
@@ -37,7 +37,7 @@ For a clean installation of Netwrix Auditor 8.5 or newer, follow these steps:
- Navigate to **Start** > **All Programs** > **Task Scheduler** > **Task Scheduler Library** and locate the tasks named Netwrix Auditor with descriptions mentioning the Netwrix Password Reset, Inactive User Tracker, or Event Log Manager applications.
- Select these tasks (if any) and click **Disable** in the right pane.
- 
+ 
2. Copy all files from the old Long-Term-Archive folder into the new Long-Term-Archive folder except for the `ActivityRecords` folder.
@@ -51,3 +51,4 @@ For a clean installation of Netwrix Auditor 8.5 or newer, follow these steps:
5. Start the other services and tasks you previously disabled.
6. Copy the rest of the files from the old `ActivityRecords` folder to the new one. If you are prompted to overwrite any files, skip those files instead.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-restrict-access-to-the-help-desk-portal-and-the-administrative-console.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-restrict-access-to-the-help-desk-portal-and-the-administrative-console.md
index e067fa0ba6..b0ab6a39c8 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-restrict-access-to-the-help-desk-portal-and-the-administrative-console.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-restrict-access-to-the-help-desk-portal-and-the-administrative-console.md
@@ -39,4 +39,5 @@ By default, the **Administrator** role includes users belonging to the local `Ad
2. Click the **Modify** button next to the group that you want to edit.
3. In the dialog that opens, click **Add** to add a member to the selected security role, or select a user and click **Remove** to exclude them.
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAd1&feoid=00N700000032Pj2&refid=0EM700000004wyU)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAd1&feoid=00N700000032Pj2&refid=0EM700000004wyU)
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-send-netwrix-auditor-logs.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-send-netwrix-auditor-logs.md
index 2efb2e89c4..6307e02604 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-send-netwrix-auditor-logs.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-send-netwrix-auditor-logs.md
@@ -71,12 +71,13 @@ Netwrix Technical Support might request a collection of your Netwrix Auditor log
> **NOTE:** Once you have opened the **Open Tickets** page and identified the corresponding ticket (with a matching ticket #), you can attach the logs via one of the following ways:
>
> - Click the **Add attachments** button located under the **Actions** column of the ticket.
-> 
+> 
>
> - Expand the ticket details by clicking the **down carat (▼)** button and click the **plus (+)** button next to **Attachments**.
-> 
+> 
## Related links
- [How to Save and Zip Netwrix Auditor System Health Event Log](/docs/kb/auditor/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md)
- [Netwrix Customer Portal](https://www.netwrix.com/tickets.html#/tickets/open)
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-view-custom-sensitive-file-categories-in-netwrix-auditor.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-view-custom-sensitive-file-categories-in-netwrix-auditor.md
index 2018eb5d34..d1e547f0cd 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-view-custom-sensitive-file-categories-in-netwrix-auditor.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/how-to-view-custom-sensitive-file-categories-in-netwrix-auditor.md
@@ -50,7 +50,8 @@ Refer to the following steps:
> **NOTE:** To delete parent terms, first delete the children terms.
3. Once the built-in terms are cleared, create a new child term under the root taxonomy term. Right-click the root term and click **Add Child Term(s)**. Then, insert the new clues to the child term.
- 
+ 
4. Set up your sources to include target files for the modified taxonomy. Wait for the files to be crawled and classified.
The corresponding Netwrix Auditor report will include the used taxonomy and file owner.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/hyperlinks-in-custom-branding.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/hyperlinks-in-custom-branding.md
index 42c09ea27b..e15e14f425 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/hyperlinks-in-custom-branding.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/hyperlinks-in-custom-branding.md
@@ -37,4 +37,5 @@ This can be done by using html tags.
3. Modify the URL (`https://netwrix.com/`) and caption (`Support link`) as needed
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/images-are-not-shown.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/images-are-not-shown.md
index c36d77e990..4d412531ea 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/images-are-not-shown.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/images-are-not-shown.md
@@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9YHCA0
## Question
Web Portal shows no images just red boxes. Whats the case?
-
+
## Answer
The issue occurs because IIS cannot display images because of configuration.
@@ -41,3 +41,4 @@ To address the issue, enable the **Static content** feature within IIS.
1. Navigate to **Server Manager - Roles - Web server**, find the Role services in the right pane, click **Add role services**.
2. Enable **Static content** under **Common HTTP Features**.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/lockouts-are-not-tracked.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/lockouts-are-not-tracked.md
index c7640dc7df..fb3c9aec1f 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/lockouts-are-not-tracked.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/lockouts-are-not-tracked.md
@@ -36,8 +36,9 @@ First, make sure the Windows security log on your DC is reachable: connect via *
4. Create a new DWORD named `UseWatcher` and set its value to `1`.
5. Restart the Netwrix Account Lockout Examiner service via the Services snap-in.
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcl&feoid=00N700000032Pj2&refid=0EM700000004udF)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcl&feoid=00N700000032Pj2&refid=0EM700000004udF)
If the above doesn't help, try to change the value of the `UseWMI` registry key to `0`.
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcl&feoid=00N700000032Pj2&refid=0EM700000004wzc)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcl&feoid=00N700000032Pj2&refid=0EM700000004wzc)
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/log-overwrites-warnings.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/log-overwrites-warnings.md
index 3c7b924f74..b5e6da41de 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/log-overwrites-warnings.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/log-overwrites-warnings.md
@@ -56,14 +56,14 @@ NOTE: for **Security** and **System** event logs, you can figure out who cleared
IMPORTANT: Before changing `Maximum log size`, make sure that the system drive has enough free space to store the event log of the maximum size. If not, the event log will grow and fill up all free space on the system drive and the system will stop responding.
4. Make sure the **Overwrite events as needed** option is selected and click **Apply**.
-
+
## Procedure 2: Increase `Maximum log size` via Group Policy Object
1. Go to **Start** / **Administrative Tools** / **Group Policy Management**.
2. In the window displayed, go to **Group Policy Management** / **Forest Name** / **Domains** / **Group Policy Objects** / right-click the appropriate policy (or create new) and select **Edit**. **Group Policy Management Editor** starts.
-
+
3. In the left pane, go to **Computer Configuration** / **Policies** / **Windows Settings** / **Security Settings** / **Event Log**. Right-click **Retention method for ``**, choose **Properties**.
4. In the **Security Policy Setting** tab, check the **Define this policy setting** box and select **Do not overwrite events (clear log manually)**. Click OK.
@@ -71,7 +71,7 @@ NOTE: for **Security** and **System** event logs, you can figure out who cleared
6. In the **Security Policy Setting** tab, check the **Define this policy setting** box and set the size to `4194240` Kb as recommended by Microsoft: http://support.microsoft.com/kb/957662
IMPORTANT: The affected machines must have enough free space on their system drives for storing the event log of the maximum size. If not, the event log will grow and fill up all free space on the system drive and the system will stop responding.
-
+
7. Close **Group Policy Object Editor** and link the configured GPO to the required OUs and containers in **Group Policy Management**.
8. OPTIONAL: Upgrade the group policies on the problematic servers by performing the following command:
@@ -85,7 +85,7 @@ NOTE: for **Security** and **System** event logs, you can figure out who cleared
2. When the **Resultant Set of Policy** is processed, expand **Computer Configuration** / **Windows Setting** / **Security Settings** / **Event Log**.
3. Make sure that the **Retention method for ``** policy setting has the **Not Defined** or **Manually** value set. If not, change this setting using **Group Policy Management Editor** as described in **Procedure 2**.
-
+
4. Perform the following steps:
- Click **Start** / **Run**, type `eventvwr.msc` and press **Enter**. The **Event Viewer** window will be displayed.
@@ -94,7 +94,7 @@ NOTE: for **Security** and **System** event logs, you can figure out who cleared
- Select the **Archive the log when full, do not overwrite events** radio button.
- Click the **Clear Log** button. Click the **Apply** button.
-
+
NOTE: These maximum sizes are recommended by Microsoft: http://support.microsoft.com/kb/957662
IMPORTANT: Before you change `Maximum log size` and enable the **Archive events when full** option, make sure that the system drive has enough free space to store the event log and log's backup files of the maximum size. If not, the event log will grow and fill up all free space on the system drive and the system will stop responding.
@@ -110,4 +110,5 @@ IMPORTANT: Before you change `Maximum log size` and enable the **Archive events
- `ProcessBackupLogs` set to `1`
- `CleanAutoBackupLogs` set to `X` (if you want the archives to be removed when all events in them are older than `X` hours, for example: `24` hours).
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/malformed-control-request.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/malformed-control-request.md
index 609a14c191..18a250c980 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/malformed-control-request.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/malformed-control-request.md
@@ -34,7 +34,7 @@ It should be a reply to lockout notification and shall have the code specified a
For example:
-
+
---
@@ -43,3 +43,4 @@ Make sure that:
2. `UNLOCK:` keyword is specified
3. the quoted e-mail was not changed
4. you reply in UTF-8 encoding.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-configuration-server-service-fails-to-start-too-many-methods-to-fire-events-from.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-configuration-server-service-fails-to-start-too-many-methods-to-fire-events-from.md
index ec14190603..18fd0d236d 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-configuration-server-service-fails-to-start-too-many-methods-to-fire-events-from.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-configuration-server-service-fails-to-start-too-many-methods-to-fire-events-from.md
@@ -32,11 +32,11 @@ Windows could not start the Netwrix Auditor Configuration Server Service service
Error 0x80040209: An interface has too many methods to fire events from.
```
-
+
Other services are running as expected.
-
+
- The following error is prompted in the main Netwrix Auditor screen:
@@ -45,7 +45,7 @@ Connection failed
Access is denied
```
-
+
Upon checking Services running, Netwrix Auditor Configuration Server Service appears to have stopped. When attempting to restart the service, the same error is prompted.
@@ -64,7 +64,7 @@ Refer to the following steps to troubleshoot the issue:
1. Back up the ConfigServer folder located in ` %Working Folder%\AuditCore\ConfigServer`.
2. Delete all files in the original ConfigServer folder except for the StorageBackups folder and the Configuration.xml file.
-
+
3. Restart Netwrix Auditor Configuration Server Service.
4. Make sure the following services are running (including all the monitoring plan-related services):
@@ -77,11 +77,11 @@ In case the aforementioned steps did not help, refer to the following steps to t
1. Back up the ConfigServer folder located in ` %Working Folder%\AuditCore\ConfigServer`.
2. Delete all files in the original ConfigServer folder except for the StorageBackups folder. It is located in ` %Working Folder%\AuditCore\ConfigServer`.
-
+
3. Copy the Configuration.xml file from the latest **BACKUP_%DATE%**\%GUID% folder.
-
+
4. Paste the copied Configuration.xml file to ` %Working Folder%\AuditCore\ConfigServer`.
5. Restart Netwrix Auditor Configuration Server Service.
@@ -92,6 +92,7 @@ In case the aforementioned steps did not help, refer to the following steps to t
> **NOTE:** If these steps did not help, try using the Configuration.xml file from the second to the last **BACKUP_%DATE%**\%GUID% folder. Paste the file to ` %Working Folder%\AuditCore\ConfigServer` and restart Netwrix Auditor services.
-
+
> **NOTE:** If the issue reoccurs after some time, contact [Netwrix Technical Support](https://www.netwrix.com/open_a_ticket.html).
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-licensing-faqs.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-licensing-faqs.md
index 536af1ffee..86918903aa 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-licensing-faqs.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-licensing-faqs.md
@@ -126,7 +126,7 @@ To request more licensing information, please contact licensing@netwrix.com.
You can use the **Licenses** window to review the status of your current licenses, update them, and add new licenses.
On the Netwrix Auditor main screen, click the **Settings** tile and then select **Licenses**. The window will look as shown below.
-
+
Here:
@@ -147,3 +147,4 @@ You may choose to no longer audit a data source, and thus not renew the license
- [How to Count Number of CPU Cores on Your Oracle Database Deployment](https://docs.netwrix.com/docs/kb/auditor/how-to-count-number-of-cpu-cores-on-your-oracle-database-deployment)
- [How to Determine the Count of Enabled Microsoft Entra ID Accounts](https://docs.netwrix.com/docs/kb/auditor/determining-the-number-of-enabled-microsoft-entra-id-accounts#instructions)
- [How to count number of licenses required for auditing a Microsoft Office 365 tenant?](/docs/kb/auditor/how-to-count-number-of-licenses-required-for-auditing-a-microsoft-office-365-tenant.md)
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-stops-working-after-upgrading-host-server-windows.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-stops-working-after-upgrading-host-server-windows.md
index 48604783d7..bbe1e7a499 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-stops-working-after-upgrading-host-server-windows.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-stops-working-after-upgrading-host-server-windows.md
@@ -29,7 +29,7 @@ knowledge_article_id: kA04u000000PoKECA0
- Netwrix Auditor stops working after the Windows version on the Netwrix host server was upgraded.
- Monitoring plans are disabled.
- License status for a product states **Unavailable**.
- 
+ 
## Cause
@@ -42,10 +42,11 @@ Windows Setup suite overwrites license-related settings of Netwrix Auditor durin
Re-apply your license:
1. In the main Netwrix Auditor screen, go to **Settings** > **Licenses** and click **Update**.
- 
+ 
2. Navigate to your `.lic` file and select the file.
3. Click **Open**.
### For Netwrix Auditor Free Community Edition
Reinstall your Netwrix Auditor instance. For additional information on the Auditor uninstallation process, refer to the following article: https://docs.netwrix.com/docs/auditor/10_8
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/no-monitoring-plans-found-in-netwrix-auditor.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/no-monitoring-plans-found-in-netwrix-auditor.md
index f35dcbe2e5..4d6cedd79c 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/no-monitoring-plans-found-in-netwrix-auditor.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/no-monitoring-plans-found-in-netwrix-auditor.md
@@ -30,7 +30,7 @@ When attempting to view a report, the **Monitoring Plan** dropdown list reads as
NO MONITORING PLANS FOUND
```
-
+
## Causes
@@ -100,3 +100,4 @@ NO MONITORING PLANS FOUND
## Related articles
- [Monitoring Plans](https://docs.netwrix.com/docs/auditor/10_8/admin/monitoringplans/overview)
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/object-type-and-what-changed-columns-are-empty.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/object-type-and-what-changed-columns-are-empty.md
index f7c79b354f..701f920150 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/object-type-and-what-changed-columns-are-empty.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/object-type-and-what-changed-columns-are-empty.md
@@ -22,7 +22,7 @@ knowledge_article_id: kA00g000000H9ZpCAK
# Object type" and "What Changed" columns are empty
-
+
---
@@ -31,3 +31,4 @@ This is a typical report from a target server with a disabled/unavailable Remote
---
Check if Remote Registry service is running on the target server and is accessible from Netwrix host machine.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/reading-log-status.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/reading-log-status.md
index 00f77f8f03..ad83bf9b74 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/reading-log-status.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/reading-log-status.md
@@ -26,7 +26,7 @@ knowledge_article_id: kA00g000000H9TZCA0
In NetWrix Account Lockout Examiner Console, a domain controller has a yellow exclamation mark in front of the **DC Name** column of the **Monitored Domain Controllers** grid. Connection status is shown **Reading log**. Lockout events from this domain controller cannot be read by the program as well.
-
+
---
@@ -43,4 +43,5 @@ To fix the issue, do the following:
3. In the right pane, double-click `readLog`, specify `0` in the Value data field and click **OK**.
4. In NetWrix Account Lockout Examiner Console main menu bar, navigate to **File - Settings** and click **OK** to apply registry changes.
-
+
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/rif-document-is-not-compatible-with-this-code-version.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/rif-document-is-not-compatible-with-this-code-version.md
index a6789f53c4..d0527020a0 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/rif-document-is-not-compatible-with-this-code-version.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/rif-document-is-not-compatible-with-this-code-version.md
@@ -23,7 +23,7 @@ knowledge_article_id: kA00g000000H9Z2CAK
You receive the following pop-up related to Reporting:
-
+
---
@@ -34,3 +34,4 @@ SQL Server Reporting Services is not up to date.
This is a known issue in SQL Server 2012 Reporting Services. The fix was first introduced in CU2 for SQL Server 2012 SP1. You can get the CU2 for SQL Server 2012 SP1 or a later update from the following blog:
http://blogs.msdn.com/b/sqlreleaseservices/
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/set-up-direct-send-for-netwrix-auditor-and-netwrix-data-classification.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/set-up-direct-send-for-netwrix-auditor-and-netwrix-data-classification.md
index c25ad717be..e5126d77e8 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/set-up-direct-send-for-netwrix-auditor-and-netwrix-data-classification.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/set-up-direct-send-for-netwrix-auditor-and-netwrix-data-classification.md
@@ -44,7 +44,7 @@ In the main Netwrix Auditor menu, click **Settings**. In the left pane, select t
- Specify any email address for one of your Microsoft 365 or Office 365 accepted domains in the **Sender address** field. This email does not need to have a mailbox.
- The use of SSL/TLS is optional.
-
+
> **NOTE:** When sending messages from a static IP, add the IP to your SPF record in your domain registrar's DNS settings to avoid having messages flagged as spam:
>
@@ -61,8 +61,9 @@ In the main Netwrix Data Classification screen, click **Settings**. In the left
- Specify any email address for one of your Microsoft 365 or Office 365 accepted domains in the **Sender address** field. This email does not need to have a mailbox.
- The use of SSL is optional.
-
+
> **NOTE:** Direct send does not support SMTP AUTH. You can enter any SMTP credentials to proceed.
Learn more on direct send in [Send Email Using Microsoft 365 or Office 365 ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/Exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365?redirectSourcePath=%252fen-gb%252farticle%252fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-365-69f58e99-c550-4274-ad18-c805d654b4c4#option-2-send-mail-directly-from-your-printer-or-application-to-microsoft-365-or-office-365-direct-send).
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-domain-param-parameter-is-missing-a-value.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-domain-param-parameter-is-missing-a-value.md
index 8d0b4a9cd5..d7ec503023 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-domain-param-parameter-is-missing-a-value.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-domain-param-parameter-is-missing-a-value.md
@@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9bECAS
You are getting the following warning during AD snapshot report generation:
-
+
---
@@ -36,3 +36,4 @@ It can happen if the snapshot reporting feature is disabled and/or no AD snapsho
In order to fix this issue please open the Netwrix Auditor and make sure that snapshot reporting feature is enabled under **Active Directory | Reports | Snapshot Reports (State-in-Time Reports)** tab.
Otherwise, on the same page you can import the snapshot you want to report on to the database. In order to do this, transfer the snapshot from the **"All available snapshots"** to the **"SNapshots available for reporting"** column and then click the **"Apply"** button.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-name-of-the-process-that-caused-an-account-lockout-does-not-appear-in-examination-results.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-name-of-the-process-that-caused-an-account-lockout-does-not-appear-in-examination-results.md
index 6a46acc5ea..1359c9992a 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-name-of-the-process-that-caused-an-account-lockout-does-not-appear-in-examination-results.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-name-of-the-process-that-caused-an-account-lockout-does-not-appear-in-examination-results.md
@@ -27,7 +27,7 @@ Netwrix Account Lockout Examiner relies on the Windows audit system.
The name of the process is logged in the invalid logon event (`4625` in Windows Vista/2008/7/2008R2, events `529-539` in older versions).
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcv&feoid=00N700000032Pj2&refid=0EM700000004wzN)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAcv&feoid=00N700000032Pj2&refid=0EM700000004wzN)
**Account Lockout Examiner** will not show the name of the process if either there is no corresponding invalid logon event or the name of the process is not tracked by Windows Audit.
@@ -38,3 +38,4 @@ This can occur due to several reasons, for example:
3. Events logged due to entering invalid credentials in an RDP client window normally do not contain the name of the process that caused this event.
There are a lot of other situations when the name of a process can be not logged. The easiest way to make sure that **Account Lockout Examiner** reflects all information correctly is to manually check the invalid logon event in the Security log.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-order-in-which-domains-appear-in-the-managed-domains-list.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-order-in-which-domains-appear-in-the-managed-domains-list.md
index 59c544a3e3..788b900ec1 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-order-in-which-domains-appear-in-the-managed-domains-list.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/the-order-in-which-domains-appear-in-the-managed-domains-list.md
@@ -26,4 +26,5 @@ The list of managed domains shown on the **Self-Service Portal** is sorted alpha
To sort domains, specify the domain name you want at the top in capital letters in the **Domains** section of the **Administrative Portal**.
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsq&feoid=00N700000032Pj2&refid=0EM700000004xUV)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsq&feoid=00N700000032Pj2&refid=0EM700000004xUV)
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/why-a-registry-key-is-missing-in-both-gpmc-and-local.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/why-a-registry-key-is-missing-in-both-gpmc-and-local.md
index 7e07bc06af..643932824d 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/why-a-registry-key-is-missing-in-both-gpmc-and-local.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/why-a-registry-key-is-missing-in-both-gpmc-and-local.md
@@ -39,6 +39,7 @@ Registry audit settings are required for some data sources, for example, for Log
5. On this screen that pops up, add the required permissions.
6. On the next screen, you’ll be prompted to configure the key, then how you want the settings to be applied; or not allow permission to be replaced.
7. Manually add the path to the Registry Key in the **Selected Key** dialog.
- 
+ 
This will apply the key settings to the GPO, and all computers affected by the GPO.
+
diff --git a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/workstation-name-is-not-shown.md b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/workstation-name-is-not-shown.md
index 4c14f4eb4c..2924eff230 100644
--- a/docs/kb/auditor/features-and-operations/glossaries-and-faqs/workstation-name-is-not-shown.md
+++ b/docs/kb/auditor/features-and-operations/glossaries-and-faqs/workstation-name-is-not-shown.md
@@ -30,6 +30,7 @@ Netwrix Account Lockout Examiner shows no data in the **Workstation** field, whi
Because Netwrix Account Lockout Examiner processes Windows security logs, it only gets the data that is present in those logs. This issue means that the Account locked out event (ID `644` for Windows XP/2003, ID `4740` for the later versions of Windows) contains an empty **Caller Machine Name** field. Here is an example of the Account locked out event `644` with the empty **Caller Machine Name** field:
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g0000004KSJ&feoid=00N700000032Pj2&refid=0EM700000004udP)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g0000004KSJ&feoid=00N700000032Pj2&refid=0EM700000004udP)
The field can be empty for events where a local computer account was locked out due to a local policy or as a result of computer synchronization with a mobile device.
+
diff --git a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/account-lockout-examiner-generates-excessive-traffic-in-the-network.md b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/account-lockout-examiner-generates-excessive-traffic-in-the-network.md
index 887e7880e6..167ac98c6e 100644
--- a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/account-lockout-examiner-generates-excessive-traffic-in-the-network.md
+++ b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/account-lockout-examiner-generates-excessive-traffic-in-the-network.md
@@ -45,4 +45,5 @@ There is also an option to disable examination of workstations. In this case nam
3. Create a new DWORD value `PF_Enabled` and set its value to `0`.
4. Restart Netwrix Account Lockout Examiner Service via the **Services** snap-in.
-
+
+
diff --git a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/account-lockout-examiner-works-very-slowly.md b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/account-lockout-examiner-works-very-slowly.md
index 495b60159d..23a8e88def 100644
--- a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/account-lockout-examiner-works-very-slowly.md
+++ b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/account-lockout-examiner-works-very-slowly.md
@@ -35,4 +35,5 @@ To address the slow performance issue, perform the following steps:
**NOTE**: This will remove info about all old lockouts from Account Lockout Examiner. Backup this files if you need them for the further access.
4. Start Netwrix Account Lockout Examiner Service
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbJ&feoid=00N700000032Pj2&refid=0EM700000004wmE)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbJ&feoid=00N700000032Pj2&refid=0EM700000004wmE)
+
diff --git a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-does-netwrix-account-lockout-examiner-work.md b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-does-netwrix-account-lockout-examiner-work.md
index a201ad7139..960ab0d9ca 100644
--- a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-does-netwrix-account-lockout-examiner-work.md
+++ b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-does-netwrix-account-lockout-examiner-work.md
@@ -38,4 +38,5 @@ To run an examination:
1. Click the **Examine** button at the bottom of the list in the **Summary** tab, or
2. Right-click an account and select **Examine**.
-When you run an examination, it shows a list of invalid logons, specifies the names of the processes that used invalid credentials, and checks the most common reasons for lockouts: mapped drives, scheduled tasks, RDP sessions, and services running under the credentials of the account in question. Examination results look like this: [](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbd&feoid=00N700000032Pj2&refid=0EM700000004wzI)
+When you run an examination, it shows a list of invalid logons, specifies the names of the processes that used invalid credentials, and checks the most common reasons for lockouts: mapped drives, scheduled tasks, RDP sessions, and services running under the credentials of the account in question. Examination results look like this: [](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAbd&feoid=00N700000032Pj2&refid=0EM700000004wzI)
+
diff --git a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-install-and-use-netwrix-account-lockout-examiner.md b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-install-and-use-netwrix-account-lockout-examiner.md
index b8ffb044c4..91db2efdf8 100644
--- a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-install-and-use-netwrix-account-lockout-examiner.md
+++ b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-install-and-use-netwrix-account-lockout-examiner.md
@@ -32,7 +32,7 @@ Once you've downloaded ALE, open the folder. Here you will find the following it
1. Right click the `Netwrix_Account_Lockout_Examiner.exe` and click **Run as Administrator**.
2. A window will appear with a License Agreement and EULA. Please read the contents carefully and then choose to **Accept**.
-
+
## Operating Netwrix Account Lockout Examiner
The next page that appears the the starting page for ALE. Here is a brief description of the options available to you.
@@ -46,3 +46,4 @@ The next page that appears the the starting page for ALE. Here is a brief descri
Once the fields above are satisfied, click the **Examine** button to begin an examination.
For continued use of ALE, save the executable to a location such as the desktop. If at anytime you wish to begin a new examination, simply re-run the executable.
+
diff --git a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-migrate-account-lockout-examiner.md b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-migrate-account-lockout-examiner.md
index 405e94d89e..a41cdf295b 100644
--- a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-migrate-account-lockout-examiner.md
+++ b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-migrate-account-lockout-examiner.md
@@ -43,4 +43,5 @@ To migrate NetWrix Account Lockout Examiner to a different server, perform the f
5. Start the NetWrix Account Lockout Examiner service on the new server.
6. If you are using the NetWrix Account Lockout Examiner Web Help-Desk Portal, install it on the new server.
-
+
+
diff --git a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-modify-the-account-lockout-examiner-service-account.md b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-modify-the-account-lockout-examiner-service-account.md
index 12454e9bad..24e451f469 100644
--- a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-modify-the-account-lockout-examiner-service-account.md
+++ b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/how-to-modify-the-account-lockout-examiner-service-account.md
@@ -31,4 +31,5 @@ The Netwrix Account Lockout Examiner service account you entered during installa
4. Change the account, click **OK**.
5. Restart the **Account Lockout Examiner** service.
-
+
+
diff --git a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/the-account-lockout-examiner-service-account.md b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/the-account-lockout-examiner-service-account.md
index 8dd4e35631..ae9cbeb8cb 100644
--- a/docs/kb/auditor/monitoring-plans/account-lockout-examiner/the-account-lockout-examiner-service-account.md
+++ b/docs/kb/auditor/monitoring-plans/account-lockout-examiner/the-account-lockout-examiner-service-account.md
@@ -35,7 +35,7 @@ On any Domain Controller that has Group Policy Management:
5. Double-click the **Manage auditing and security log** policy
6. Click **Add user or group**, specify the Account Lockout Examiner **service account**, and click **OK**
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqQ)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqQ)
## Step 2. Add the service account to the required security groups
1. Run **Active Directory Users and Computers**
@@ -44,7 +44,7 @@ On any Domain Controller that has Group Policy Management:
4. Go to the **Members** tab and add the user account you want to use for the Account Lockout Examiner service to the list
5. For **Windows 2008 and above** Domain Controllers, add the service account to the **Event Log Readers** group
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqL)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqL)
## Step 3. On every monitored Domain Controller, enable WMI access
1. Run **Computer Management** (Start -> Administrative Tools -> Computer Management)
@@ -55,7 +55,7 @@ On any Domain Controller that has Group Policy Management:
6. Add the user account you want to use for the Account Lockout Examiner service to the list
7. Grant it the **Remote Enable** permission (put a check in the **Allow** checkbox)
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqV)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqV)
## Step 4. Configure DCOM settings
1. Open **Component Services** (Start -> Programs -> Administrative Tools -> Component Services)
@@ -65,7 +65,7 @@ On any Domain Controller that has Group Policy Management:
5. Add the user account you want to use for the Account Lockout Examiner service to the top window
6. Set the **Allow** checkbox for the **Remote Activation** option
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqa)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqa)
**NOTE:** Steps 3 and 4 might require a reboot to apply the new settings.
@@ -75,8 +75,9 @@ On any Domain Controller that has Group Policy Management:
3. Right-click the **Administrators** group and select **Add to group**
4. Click **Add** and specify the service account. Click **OK**
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqf)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000Xdsb&feoid=00N700000032Pj2&refid=0EM700000004wqf)
## Step 6. On all machines that need to be examined by Account Lockout Examiner, grant local administrator rights to the service account
- Grant local administrator rights either manually or by Group Policy.
- Local admin rights are also necessary to find the root process causing invalid logons.
+
diff --git a/docs/kb/auditor/monitoring-plans/event-log-management/how-to-force-netwrix-auditor-to-collect-a-specific-applications-and-services-event-log.md b/docs/kb/auditor/monitoring-plans/event-log-management/how-to-force-netwrix-auditor-to-collect-a-specific-applications-and-services-event-log.md
index 3fffe0f731..48c5dd2f90 100644
--- a/docs/kb/auditor/monitoring-plans/event-log-management/how-to-force-netwrix-auditor-to-collect-a-specific-applications-and-services-event-log.md
+++ b/docs/kb/auditor/monitoring-plans/event-log-management/how-to-force-netwrix-auditor-to-collect-a-specific-applications-and-services-event-log.md
@@ -30,8 +30,9 @@ When creating a new filter for **Event Log Manager**, you can select the log nam
2. Right click on it and select **Log Properties**.
3. On the **Properties** window, copy **Full Name** of the event log.
-
+
4. Paste that name to the **Event Log** field of the filter:
-
+
+
diff --git a/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md b/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md
index 182ec33d59..73e60c49a6 100644
--- a/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md
+++ b/docs/kb/auditor/monitoring-plans/event-log-management/how-to-save-and-zip-netwrix-auditor-system-health-event-log.md
@@ -44,12 +44,12 @@ The exported System Health event log will appear on your Desktop.
1. Open **Event Viewer**.
2. Expand the **Applications and Services Logs** folder.
- 
+ 
3. Right-click the **Netwrix Auditor System Health** log file and select **Save All Events As...**.
4. Name the file and click **Save**.
- 
+ 
5. Select the option to **Display information for these languages**, check the **English (United States)** checkbox, and click **OK**.
6. Once the file is saved, right-click it and zip the file.
@@ -57,3 +57,4 @@ The exported System Health event log will appear on your Desktop.
### Sending Netwrix Auditor logs
Your Technical Support Engineer may request you to attach Netwrix Auditor logs. Refer to the following article for additional information: https://kb.netwrix.com/4645 (How to Send Netwrix Auditor Logs).
+
diff --git a/docs/kb/auditor/monitoring-plans/event-log-management/netwrix-auditor-event-log-manager-shows-smtp-authentication-errors-while-configuring-a-monitoring-pl.md b/docs/kb/auditor/monitoring-plans/event-log-management/netwrix-auditor-event-log-manager-shows-smtp-authentication-errors-while-configuring-a-monitoring-pl.md
index 8efc6ea37e..871947fdb4 100644
--- a/docs/kb/auditor/monitoring-plans/event-log-management/netwrix-auditor-event-log-manager-shows-smtp-authentication-errors-while-configuring-a-monitoring-pl.md
+++ b/docs/kb/auditor/monitoring-plans/event-log-management/netwrix-auditor-event-log-manager-shows-smtp-authentication-errors-while-configuring-a-monitoring-pl.md
@@ -26,7 +26,7 @@ knowledge_article_id: kA04u00000110xFCAQ
## Symptom
1. Netwrix Auditor Event Log Manager does not collect logs and shows the following error while trying to 'verify' if the messages were being sent in the Event Log Manager monitoring plan.
- 
+ 
2. When providing credentials for the Netwrix Auditor Event Log Manager monitoring plan, the following dialog appears:
@@ -59,3 +59,4 @@ Follow the steps below to resolve the issue:
- `HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\DefaultSecureProtocols = (DWORD): 0xAA0`
5. Restart both: Netwrix Auditor and the target server(s).
+
diff --git a/docs/kb/auditor/monitoring-plans/event-log-management/parallel-redo-events-in-sql-server-event-log.md b/docs/kb/auditor/monitoring-plans/event-log-management/parallel-redo-events-in-sql-server-event-log.md
index 97c79144b3..eb72be5c77 100644
--- a/docs/kb/auditor/monitoring-plans/event-log-management/parallel-redo-events-in-sql-server-event-log.md
+++ b/docs/kb/auditor/monitoring-plans/event-log-management/parallel-redo-events-in-sql-server-event-log.md
@@ -60,7 +60,7 @@ Disable the AUTO_CLOSE option for the affected database:
3. Right-click the affected database and select **Properties**.
4. In the left pane, select the **Options** tab, locate the **Auto Close** option under the **Automatic** section, and select the **False** option from the drop-down list.
-
+
5. Click **OK** to save changes.
@@ -68,3 +68,4 @@ Disable the AUTO_CLOSE option for the affected database:
- Set the AUTO_CLOSE Database Option to OFF ⸱ Microsoft 🤝
https://learn.microsoft.com/en-us/sql/relational-databases/policy-based-management/set-the-auto-close-database-option-to-off?view=sql-server-ver16#for-more-information
+
diff --git a/docs/kb/auditor/monitoring-plans/event-log-management/the-event-logs-reports-for-windows-server-does-not-contain-any-data.md b/docs/kb/auditor/monitoring-plans/event-log-management/the-event-logs-reports-for-windows-server-does-not-contain-any-data.md
index 416098f773..e639b76755 100644
--- a/docs/kb/auditor/monitoring-plans/event-log-management/the-event-logs-reports-for-windows-server-does-not-contain-any-data.md
+++ b/docs/kb/auditor/monitoring-plans/event-log-management/the-event-logs-reports-for-windows-server-does-not-contain-any-data.md
@@ -36,6 +36,7 @@ To review your data in these reports, you should configure a monitoring plan for
1. On the computer that hosts Netwrix Auditor Server, run Netwrix Auditor Event Log Manager.
2. Navigate to Audit Archiving filters and configure them as described in Configure Audit Archiving Filters for Event Log.
- 
+ 
3. Perform any test changes, for example, log in to a server for which you want to review data in reports.
4. Wait for 10 - 15 minutes for changes to take effect and run reports.
+
diff --git a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/account-and-password-expiration-mismatch-in-netwrix-auditor-password-expiration-notifier.md b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/account-and-password-expiration-mismatch-in-netwrix-auditor-password-expiration-notifier.md
index ec0637055a..fb138c7f65 100644
--- a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/account-and-password-expiration-mismatch-in-netwrix-auditor-password-expiration-notifier.md
+++ b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/account-and-password-expiration-mismatch-in-netwrix-auditor-password-expiration-notifier.md
@@ -35,7 +35,7 @@ Password Expiration Notifier may include data on expiring accounts, if enabled.
3. Select the **Advanced** tab, and either check or uncheck the **Include data on expiring accounts**.
4. The next report will be affected.
-
+
To verify the account expiration date, refer to the following steps:
@@ -43,8 +43,9 @@ To verify the account expiration date, refer to the following steps:
2. Right-click the user, and select **Properties**.
3. The account expiration date is provided in the **Account** tab > **Account expires**, and the **Attribute Editor** tab > `accountExpires` attribute.
-
+
### Related articles
- [How Long Until My Password Expires? ⸱ Microsoft 🙅](https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/scripting-articles/ms974598(v=msdn.10)?redirectedfrom=MSDN)
+
diff --git a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md
index 6c5660d976..f6815331ad 100644
--- a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md
+++ b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/hide-and-disable-header-and-footer-in-password-expiration-notifier-emails.md
@@ -35,13 +35,13 @@ You'd like to remove the Netwrix header and footer from emails sent to users and
3. Right-click the **Password Expiration Notifier** hive and click **New**.
4. Select **DWORD (32-bit) Value**.
- 
+ 
5. Name the key `HideEmailAdditionalInfo`.
6. Right-click the key and select **Modify**.
7. Set the value data to `1` (Hexadecimal).
- 
+ 
8. The next round of emails will be sent without the header and footer.
@@ -53,3 +53,4 @@ To further customize Netwrix Password Reset emails, refer to the following artic
- [Customize Notifications and Reports in Netwrix Password Reset](/docs/kb/auditor/customize-notifications-and-reports-in-password-expiration-notifier.md)
- [Netwrix Password Reset Email Header and Footer Reset After Upgrade](/docs/kb/auditor/password-expiration-notifier-email-header-and-footer-reset-after-upgrade.md)
+
diff --git a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/illegible-notification-contents-and-characters-in-password-expiration-notifier.md b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/illegible-notification-contents-and-characters-in-password-expiration-notifier.md
index 662a5d626d..6d37d24828 100644
--- a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/illegible-notification-contents-and-characters-in-password-expiration-notifier.md
+++ b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/illegible-notification-contents-and-characters-in-password-expiration-notifier.md
@@ -26,7 +26,7 @@ knowledge_article_id: kA0Qk0000000Q8zKAE
When previewing or viewing notifications sent by Netwrix Auditor Netwrix Password Reset (PEN), the contents are illegible. The text and particular characters do not correspond to the intended language.
-
+
## Cause
@@ -37,3 +37,4 @@ The email client or environment used to preview the notification does not suppor
Review the character encoding settings in your email client or affected environment − make sure the `UTF-8 (Unicode)` encoding is enabled.
> **NOTE:** It is recommended to set up the explicit `UTF-8 (Unicode)` encoding support instead of available automatic detection methods.
+
diff --git a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/migrate-netwrix-password-expiration-notifier-to-a-different-server.md b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/migrate-netwrix-password-expiration-notifier-to-a-different-server.md
index 12a27019fa..30b68a7a38 100644
--- a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/migrate-netwrix-password-expiration-notifier-to-a-different-server.md
+++ b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/migrate-netwrix-password-expiration-notifier-to-a-different-server.md
@@ -35,7 +35,7 @@ In Netwrix Auditor versions 9.0 and newer, Netwrix Password Reset is installed a
2. Copy the following data from the old server to the new server:
- Templates folder from `C:\Program Files (x86)\Netwrix Auditor\Password Expiration Alerting\Templates`.
- Screenshot all four tabs of the Netwrix Password Reset interface for configuration details.
- 
+ 
3. Reconfigure Netwrix Password Reset according to the screenshots you captured.
4. Apply your Netwrix Auditor License to the new instance of Netwrix Auditor.
@@ -43,4 +43,5 @@ In Netwrix Auditor versions 9.0 and newer, Netwrix Password Reset is installed a
Message templates customized via the Netwrix Password Reset UI should be transferred manually — make sure to copy the contents of the **Actions** tab reports highlighted in the screenshot.
-
+
+
diff --git a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/password-expiration-notifier-stopped-showing-results.md b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/password-expiration-notifier-stopped-showing-results.md
index 032bfc1167..a1510846d5 100644
--- a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/password-expiration-notifier-stopped-showing-results.md
+++ b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/password-expiration-notifier-stopped-showing-results.md
@@ -30,4 +30,5 @@ A possible cause is blank lines accidentally added at the beginning, in the midd
2. Remove any blank lines at the beginning, middle, or end of the file.
3. Save the file.
-
+
+
diff --git a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/support-for-fine-grained-password-policies-in-netwrix-password-expiration-notifier.md b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/support-for-fine-grained-password-policies-in-netwrix-password-expiration-notifier.md
index 3ecb923c5b..da3c30a167 100644
--- a/docs/kb/auditor/monitoring-plans/password-expiration-notifier/support-for-fine-grained-password-policies-in-netwrix-password-expiration-notifier.md
+++ b/docs/kb/auditor/monitoring-plans/password-expiration-notifier/support-for-fine-grained-password-policies-in-netwrix-password-expiration-notifier.md
@@ -33,5 +33,6 @@ Yes, PEN supports Fine-Grained Password Policies. To configure PEN to work only
2. Select or create a **Monitoring Plan** that will apply Fine-Grained Password Policies.
3. Click the **Advanced Tab**.
4. At the bottom of the Advanced Options window, select the **Only report on users with Fine-Grained Password Policies** applied box.
- 
+ 
5. Click **Save**.
+
diff --git a/docs/kb/auditor/monitoring-plans/user-activity-monitoring/error-user-activity-core-service-has-been-already-launched.md b/docs/kb/auditor/monitoring-plans/user-activity-monitoring/error-user-activity-core-service-has-been-already-launched.md
index d4e085bbfe..fbf066b6c5 100644
--- a/docs/kb/auditor/monitoring-plans/user-activity-monitoring/error-user-activity-core-service-has-been-already-launched.md
+++ b/docs/kb/auditor/monitoring-plans/user-activity-monitoring/error-user-activity-core-service-has-been-already-launched.md
@@ -38,7 +38,7 @@ The computer is included in this or another monitoring plan
- The list of monitored computers in your User Activity monitoring plan states the **Duplicate** status for one or multiple servers.
-
+
- No monitoring data is available for the **Duplicate** servers.
@@ -70,7 +70,7 @@ Stop-Service -Name "NwUserActivitySvc"
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Netwrix\User Activity Video Reporter Agent
```
- 
+ 
Locate the `UniqID` value. Copy the value data and refer to it in the future steps—right-click the key and select **Modify...**. Once you copy the value, delete the `UniqID` value.
@@ -100,3 +100,4 @@ Start-Service -Name "NwUserActivitySvc"
- Uninstall Netwrix Auditor — Delete Netwrix Auditor User Activity Core Service · v10.7
https://docs.netwrix.com/docs/auditor/10_8
+
diff --git a/docs/kb/auditor/monitoring-plans/user-activity-monitoring/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md b/docs/kb/auditor/monitoring-plans/user-activity-monitoring/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md
index 0328f982a7..4b7acb0a8e 100644
--- a/docs/kb/auditor/monitoring-plans/user-activity-monitoring/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md
+++ b/docs/kb/auditor/monitoring-plans/user-activity-monitoring/how-to-migrate-netwrix-inactive-users-tracker-to-other-servers.md
@@ -30,7 +30,8 @@ On Netwrix Auditor Versions 9.0 and Newer, Inactive Users Tracker is installed a
2. Copy the following files to the same location on the new server:
- Contents of `C:\ProgramData\Netwrix Auditor\Inactive Users Tracker`
- Screenshot all four tabs of the Inactive Users Tracker interface for configuration
- 
+ 
3. Paste the contents of original `C:\ProgramData\Netwrix Auditor\Inactive Users Tracker` folder to the `C:\ProgramData\Netwrix Auditor\Inactive Users Tracker` folder on the new server
4. Reconfigure Inactive Users Tracker using the screenshots you captured
5. Apply your Netwrix Auditor License to the new instance of Netwrix Auditor.
+
diff --git a/docs/kb/auditor/monitoring-plans/user-activity-monitoring/some-accounts-were-not-moved-or-deleted-in-inactive-user-tracker-report.md b/docs/kb/auditor/monitoring-plans/user-activity-monitoring/some-accounts-were-not-moved-or-deleted-in-inactive-user-tracker-report.md
index c1e2e51260..e270625847 100644
--- a/docs/kb/auditor/monitoring-plans/user-activity-monitoring/some-accounts-were-not-moved-or-deleted-in-inactive-user-tracker-report.md
+++ b/docs/kb/auditor/monitoring-plans/user-activity-monitoring/some-accounts-were-not-moved-or-deleted-in-inactive-user-tracker-report.md
@@ -34,10 +34,11 @@ If you still encounter reports showing the `Cannot delete the account` status fo
- This error might appear if the targeted computer account is not an end object but a container for other objects. IUT won't be able to remove those accounts unless the **Delete account with all its subnodes** checkbox is checked.
- 
+ 
> **IMPORTANT:** This will lead to the deletion of the entire container considered as inactive by IUT.
- The data collection account used by IUT does not have sufficient rights and permissions. Refer to the following article for additional information on roles, rights, and permissions required for Inactive User Tracker data collection account: Monitoring Plans — Data Collecting Account.
- The account has the **Protect object from accidental deletion** checkbox checked in **Properties** > **Object**. This is a Windows Active Directory feature to prevent the deletion and moving of flagged objects without admin intervention. IUT cannot override this feature; you must manually edit the flag.
+
diff --git a/docs/kb/auditor/monitoring-plans/user-activity-monitoring/unable-to-launch-netwrix-auditor-user-activity-core-service.md b/docs/kb/auditor/monitoring-plans/user-activity-monitoring/unable-to-launch-netwrix-auditor-user-activity-core-service.md
index 20858bdd1b..e61c844176 100644
--- a/docs/kb/auditor/monitoring-plans/user-activity-monitoring/unable-to-launch-netwrix-auditor-user-activity-core-service.md
+++ b/docs/kb/auditor/monitoring-plans/user-activity-monitoring/unable-to-launch-netwrix-auditor-user-activity-core-service.md
@@ -62,7 +62,7 @@ where `yourservername` is the name of your SMTP server in the FQDN format and `9
3. Follow the installation prompts up to the **Specify User Activity Video Reporter server and TCP port** step.
4. On this step, provide your SMTP server name in the FQDN format in the **Host server** field and provide the port number **9004**.
-
+
5. Complete the installation.
@@ -72,3 +72,4 @@ where `yourservername` is the name of your SMTP server in the FQDN format and `9
- Configuration — User Activity — User Activity Ports — v10.6
- [Manually Update User Activity Core Service](/docs/kb/auditor/manually-update-user-activity-core-service.md)
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/alerts-and-rules/setting-up-account-lockout-alert.md b/docs/kb/auditor/reports-alerts-and-notifications/alerts-and-rules/setting-up-account-lockout-alert.md
index 47aaf81020..d84bbd7234 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/alerts-and-rules/setting-up-account-lockout-alert.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/alerts-and-rules/setting-up-account-lockout-alert.md
@@ -28,18 +28,19 @@ This article explains how to set up an account lockout alert in Netwrix Auditor
## Steps
1. Select **New Real-Time Alert** by clicking on **Real-Time Alert** and then right-clicking on **Real-Time Alert**
- 
+ 
2. Name the alert, then click **Next**. Click **Add** to add the alert filters needed.
- 
+ 
3. Here, if you would like to see lockouts for a specific OU, select the highlighted box. This can also be left as `*` for a wildcard to monitor all user account lockouts.
- 
+ 
4. Select the existing attribute filter that is added by default and select **Edit**.
- 
+ 
5. Place in the following attribute filters to see all account lockouts.
- 
+ 
6. Hit **OK** and follow the rest of the prompts for filling in the specified e-mail address the alert will go to.
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/alerts-and-rules/unable-to-create-real-time-alerts.md b/docs/kb/auditor/reports-alerts-and-notifications/alerts-and-rules/unable-to-create-real-time-alerts.md
index 018a3f0eb5..b84c98ba1f 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/alerts-and-rules/unable-to-create-real-time-alerts.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/alerts-and-rules/unable-to-create-real-time-alerts.md
@@ -26,9 +26,9 @@ knowledge_article_id: kA00g000000H9btCAC
The first time you create a real-time alert, you see the following errors:
-
+
-
+
Also in the event viewer System log you can find events like this:
@@ -59,3 +59,4 @@ To do this, follow these steps:
5. Double-click `MaxPacketSize`, type `1` in the **Value data** box, click to select the **Decimal** option, and then click **OK**.
6. Quit Registry Editor.
7. Restart your computer.
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/email-notifications/how-to-customize-email-notification-template.md b/docs/kb/auditor/reports-alerts-and-notifications/email-notifications/how-to-customize-email-notification-template.md
index 504589f277..10d9bbe129 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/email-notifications/how-to-customize-email-notification-template.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/email-notifications/how-to-customize-email-notification-template.md
@@ -52,4 +52,5 @@ You can modify the template in the following ways:
- ` %Link%` - shows the link to the web portal.
## Example
-[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAdA&feoid=00N700000032Pj2&refid=0EM700000004wyA)
+[](https://netwrix.secure.force.com/kb/servlet/rtaImage?eid=ka40g000000kAdA&feoid=00N700000032Pj2&refid=0EM700000004wyA)
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/email-notifications/notifications-are-not-sent-to-distribution-groups.md b/docs/kb/auditor/reports-alerts-and-notifications/email-notifications/notifications-are-not-sent-to-distribution-groups.md
index 9d89489252..c496b12d61 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/email-notifications/notifications-are-not-sent-to-distribution-groups.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/email-notifications/notifications-are-not-sent-to-distribution-groups.md
@@ -39,7 +39,7 @@ There are two solutions:
1. Configure SMTP authentication in the settings of the **Netwrix Auditor** management console
- 
+ 
2. Disable the "require authentication" option in distribution group options as follows
@@ -47,16 +47,16 @@ There are two solutions:
2. Navigate to **MS Exchange - Recipient configuration - Distribution groups**
3. Select the required distribution group and open its **Properties**
- 
+ 
4. Go to **Mail Flow Setting** tab
5. Select **Message Delivery Restrictions** from the list and open its **Properties**
- 
+ 
6. Uncheck **Require that all senders are authenticated** and click **OK**
- 
+ 
Alternatively, you can run the following command via Exchange Management Shell:
@@ -65,3 +65,4 @@ There are two solutions:
```
where ` %group% ` is like `dynamic.group@example.com`
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/ad-hoc-and-email-reports-shows-different-results-in-one-way-trust-forests-environment.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/ad-hoc-and-email-reports-shows-different-results-in-one-way-trust-forests-environment.md
index 76c8fa1ebd..1296e906de 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/ad-hoc-and-email-reports-shows-different-results-in-one-way-trust-forests-environment.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/ad-hoc-and-email-reports-shows-different-results-in-one-way-trust-forests-environment.md
@@ -46,7 +46,7 @@ To check if the Data Processing Account has enough permissions please perform th
If you do not see the `CN=Password Settings Container` under the `CN=System` node or cannot read the properties this indicates Data Processing Account does have read rights (see the screenshot below: the account does not have rights to access the Password Settings Container).
-
+
## To provide read permissions to the Data Processing Account
1. Run ADSI Edit as a domain Administrator.
@@ -56,4 +56,5 @@ If you do not see the `CN=Password Settings Container` under the `CN=System` nod
Once the read permission for the Data Processing Account is set, verify the access by opening the `CN=Password Settings Container` properties with the Data Processing Account. This time you should be able to see `CN=Password Settings Container` under the `CN=System` node and read its properties (see the screenshot below).
-
+
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/can-any-additional-attribites-be-displayed-in-the-modification-reports.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/can-any-additional-attribites-be-displayed-in-the-modification-reports.md
index 7d12e12dcc..9688c4155a 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/can-any-additional-attribites-be-displayed-in-the-modification-reports.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/can-any-additional-attribites-be-displayed-in-the-modification-reports.md
@@ -49,6 +49,7 @@ objectType:Attribute:
```
Examples:
-
+
**NOTE:** Each attribute should be put in a separate line. The pound key at the beginning of a line means exclusion of the line.
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/certificate-related-and-unauthorized-errors-occur-when-trying-to-review-netwrix-auditor-reports.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/certificate-related-and-unauthorized-errors-occur-when-trying-to-review-netwrix-auditor-reports.md
index 54892f299a..d6aa54c602 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/certificate-related-and-unauthorized-errors-occur-when-trying-to-review-netwrix-auditor-reports.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/certificate-related-and-unauthorized-errors-occur-when-trying-to-review-netwrix-auditor-reports.md
@@ -31,7 +31,7 @@ An error occurred while enrolling for a certificate, the certificate request cou
```
2. Symptom 2. Unauthorized error while accessing a report.
- 
+ 
## Causes
@@ -52,4 +52,5 @@ Here are possible options to resolve the issue:
- Check that the account used for data collection is on the same domain as the Netwrix Auditor Server or another domain.
- Check if those domains are trusted. If not, add the Netwrix Site to the trusted list.
-
+
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/error-generating-a-report-in-ssrs-http-error-401-unauthorized.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/error-generating-a-report-in-ssrs-http-error-401-unauthorized.md
index 69ce0c085d..50772c99fb 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/error-generating-a-report-in-ssrs-http-error-401-unauthorized.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/error-generating-a-report-in-ssrs-http-error-401-unauthorized.md
@@ -57,12 +57,12 @@ HTTP Error 401 - Unauthorized. Provide another credentials or change security se
2. In the left pane, click **Local server**.
3. Click **On** to the right of **IE Enhanced Security Configuration**.
- 
+ 
4. In the configuration window, switch both **Administrators** and **Users** categories to **Off**.
5. Click **OK** to save changes.
- 
+ 
- Review your SSRS account permissions. For additional information, refer to: SQL Server Reporting Services: Configure SSRS Account · v10.6 — https://docs.netwrix.com/docs/auditor/10_8/requirements/overview
@@ -121,3 +121,4 @@ HTTP Error 401 - Unauthorized. Provide another credentials or change security se
## Related articles
- Netwrix Auditor Settings − Investigations · v10.6 — https://docs.netwrix.com/docs/auditor/10_8
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/exporting-information-on-account-lockout-events.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/exporting-information-on-account-lockout-events.md
index 2b39bbf720..6f2c5862bc 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/exporting-information-on-account-lockout-events.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/exporting-information-on-account-lockout-events.md
@@ -29,8 +29,9 @@ Can I export information on account lockout events for audit purposes?
The Netwrix Account Lockout Examiner console does not have an export feature. However, all lockout information is stored in the `allinfo.xml` file located in the product installation directory. It can be easily parsed by a third-party tool or script to get the required information. However account names are not stored in the `allinfo.xml`; all accounts are referred to as SIDs.
-
+
Netwrix also has another product called Netwrix Event Log Manager for this purpose. This product is able to collect event log entries from multiple computers across the network and centrally store all events in a central location in a compressed format.
For more information, refer to the following link: https://www.netwrix.com/event_log_archiving_consolidation_freeware.html
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/fixing-reports-displaying-letters-instead-of-command-text-in-ssrs.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/fixing-reports-displaying-letters-instead-of-command-text-in-ssrs.md
index cf8f9e4193..93bb341dec 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/fixing-reports-displaying-letters-instead-of-command-text-in-ssrs.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/fixing-reports-displaying-letters-instead-of-command-text-in-ssrs.md
@@ -26,7 +26,7 @@ knowledge_article_id: kA04u000000Tt80CAC
## Scenario
Upon opening reports, the command buttons have been replaced by text symbols and it looks similar to this:
-
+
## Solution
The issue is with Internet Explorer's handling of permissions. To fix the issue you need to add the reporting server to the **Trusted Sites** and disable the **Protected Mode** for Admins on the Netwrix Server.
@@ -49,3 +49,4 @@ This operation can be done using Group Policy. You need to locate the Group Poli
5. Select `DISABLED` from the PROTECTED MODE selection box.
If this solution didn't help, please contact Netwrix Technical Support.
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-filter-out-certain-users-from-reports.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-filter-out-certain-users-from-reports.md
index 2849b755a9..90e7646703 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-filter-out-certain-users-from-reports.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-filter-out-certain-users-from-reports.md
@@ -38,8 +38,9 @@ How do I filter out certain users from mailbox access reports?
## Image
-
+
## Note
**NOTE.** The `userstoexclude.txt` file contains a list of users who must be excluded from reports if they perform non-owner access to mailboxes. But the audit data for these users will still be stored in the snapshots, so if a user is removed from this list, the information on the user actions can be viewed with the **Report Viewer**.
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-prepare-for-printing-ssrs-based-reports.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-prepare-for-printing-ssrs-based-reports.md
index f0c117ac18..469e0bb629 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-prepare-for-printing-ssrs-based-reports.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-prepare-for-printing-ssrs-based-reports.md
@@ -36,10 +36,11 @@ Take the following steps:
- **Script ActiveX controls marked safe for scripting**
- **Download signed ActiveX controls**
-
+
6. Click **OK**.
7. Open any SSRS-based report using Internet Explorer and click **Print**.
8. Internet Explorer will prompt for installation of the additional components it needs for printing. Click **Yes**. The ActiveX Control automatically downloads and installs.
Then you will be able to print the reports from Internet Explorer and Netwrix Auditor UI.
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-use-wildcards-in-netwrix-auditor-reports.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-use-wildcards-in-netwrix-auditor-reports.md
index 936e5b6f7e..6ffc4c9137 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-use-wildcards-in-netwrix-auditor-reports.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/how-to-use-wildcards-in-netwrix-auditor-reports.md
@@ -72,4 +72,5 @@ Netwrix Auditor reports are based on SQL Server Reporting Services — the same
- `AOE`
- Not `ABE`, `ACE`, `AAE`, `ADE`.
-
+
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/impossible-to-export-a-report.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/impossible-to-export-a-report.md
index e3461b30c9..86baa26f79 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/impossible-to-export-a-report.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/impossible-to-export-a-report.md
@@ -49,9 +49,10 @@ Refer to the following options to save the report:
1. In Netwrix Auditor, navigate to the **Reports** menu and run a report.
2. Click the **Print** icon, select the appropriate format, and click **Print**.
- 
+ 
3. Proceed with the further steps to save the report.
## Related Articles
- https://docs.netwrix.com/docs/auditor/10_8/requirements/overview
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/logon-failed-for-unattended-execution-account-running-netwrix-auditor-reports.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/logon-failed-for-unattended-execution-account-running-netwrix-auditor-reports.md
index ac3cc0faeb..44b8dc2fab 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/logon-failed-for-unattended-execution-account-running-netwrix-auditor-reports.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/logon-failed-for-unattended-execution-account-running-netwrix-auditor-reports.md
@@ -64,6 +64,7 @@ If no credentials are visible in Report Server Configuration Manager, follow the
2. Open the `rsreportserver.config` file in a text editor, and locate the `` node.
- 
+ 
3. Delete the credentials specified in ``, ``, and `` fields.
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/the-email-address-column-in-the-enrollment-report.md b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/the-email-address-column-in-the-enrollment-report.md
index 32babb6c7b..2b52e29331 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/report-generation/the-email-address-column-in-the-enrollment-report.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/report-generation/the-email-address-column-in-the-enrollment-report.md
@@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9U3CAK
When you run the Enrollment report, the Email Address column fields are blank for all user accounts. What should this column show and what can you do to make this work?
-
+
---
@@ -33,10 +33,11 @@ The **Email Address** column returns the email address used for **Additional aut
An email with a unique link to the password reset page is sent to this address after the user answers secret questions. The user then should follow the link to complete password reset. The Email Address field contains data for the enrolled users only, because this email is specified during the enrollment procedure if the Authentication policy feature is enabled.
-
+
To enable this feature:
1. On the **Administrative portal - Settings - Authentication Policy** tab, select the **Additional authentication using the user email** check box.
-
+
+
diff --git a/docs/kb/auditor/reports-alerts-and-notifications/subscriptions-and-distribution/unable-to-update-netwrix-auditor-due-to-contract-or-subscription-expiration.md b/docs/kb/auditor/reports-alerts-and-notifications/subscriptions-and-distribution/unable-to-update-netwrix-auditor-due-to-contract-or-subscription-expiration.md
index e22efa0333..4865ae8e78 100644
--- a/docs/kb/auditor/reports-alerts-and-notifications/subscriptions-and-distribution/unable-to-update-netwrix-auditor-due-to-contract-or-subscription-expiration.md
+++ b/docs/kb/auditor/reports-alerts-and-notifications/subscriptions-and-distribution/unable-to-update-netwrix-auditor-due-to-contract-or-subscription-expiration.md
@@ -33,7 +33,7 @@ To be able to download and install the new version, renew your maintenance contr
Your subscription plan for Netwrix Auditor has expired
```
-
+
## Cause
@@ -53,3 +53,4 @@ If you would like to upgrade to the latest product version from a version that i
- Installation — Upgrade to the Latest Version ⸱ v10.6
- [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/upgrade-increments-for-netwrix-auditor.md)
+
diff --git a/docs/kb/auditor/system-administration/database-management/database-contains-tables-not-compatible-with-the-product.md b/docs/kb/auditor/system-administration/database-management/database-contains-tables-not-compatible-with-the-product.md
index 197ce7974d..f0d40cb9f8 100644
--- a/docs/kb/auditor/system-administration/database-management/database-contains-tables-not-compatible-with-the-product.md
+++ b/docs/kb/auditor/system-administration/database-management/database-contains-tables-not-compatible-with-the-product.md
@@ -42,10 +42,11 @@ Using SQL Management Studio give the Data Processing Account `DB_Owner` rights t
1) Log into the instance which contains the product database using SQL Management Studio with a **sysadmin account**.
2) Expand **Security** and then **Logins**.
- 
+ 
3) **Right click** the **Data Processing Account** and go to **Properties** (add the account if it doesn't exist).
- 
+ 
4) Under **Server Roles** you can give **sysadmin** to this account OR alternatively you can go to **User Mapping** and select each Netwrix database individually and add **DB_Owner** permissions.
- 
+ 
+
diff --git a/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md b/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md
index 973451b115..75362426d4 100644
--- a/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md
+++ b/docs/kb/auditor/system-administration/database-management/deploying-the-report-server-database.md
@@ -68,7 +68,7 @@ Once the database has been successfully deployed, provide the Report Server URL
1. In the main Netwrix Auditor screen, click **Settings**. In the left pane, select the **Audit Database** tab and click **Modify** under the **Audit Database** section.
- 
+ 
2. Input the credentials and click **Next**.
@@ -83,3 +83,4 @@ Netwrix Auditor should now be able to process and generate reports.
- SQL Server State-In-Time Reports · v10.6
https://docs.netwrix.com/docs/auditor/10_8
+
diff --git a/docs/kb/auditor/system-administration/database-management/how-to-reduce-audit-database-size-for-netwrix-auditor.md b/docs/kb/auditor/system-administration/database-management/how-to-reduce-audit-database-size-for-netwrix-auditor.md
index 90d4c67525..588701fe5d 100644
--- a/docs/kb/auditor/system-administration/database-management/how-to-reduce-audit-database-size-for-netwrix-auditor.md
+++ b/docs/kb/auditor/system-administration/database-management/how-to-reduce-audit-database-size-for-netwrix-auditor.md
@@ -38,7 +38,7 @@ You can configure the audit database retention settings by following the next st
2. In the left pane, select the **Audit Database** tab.
3. Click **Modify** under the **Database Retention** section and input the retention period in days.
- 
+ 
- **Tip:** Longer retention periods results in larger audit databases.
@@ -51,7 +51,7 @@ Data that exceeds the new retention period will be removed during the next colle
1. In Windows Services Manager on your Netwrix host, stop both **Netwrix Auditor Archive Service** and **Netwrix Auditor Management Service**.
2. Run your SQL Management Studio instance and navigate to ` %SQL_Server_database_name% > Databases` to select the database you are going to delete.
- 
+ 
3. In the Delete Object window, check both option checkboxes:
1. Delete backup and restore history information for databases.
@@ -66,7 +66,7 @@ The audit database has now been successfully deleted. Refer to the **Rebuilding
2. In the left pane, select the **Audit Database** tab. Review the database name and update it if necessary.
Netwrix Auditor allows you to specify settings for each monitoring plan individually, so you'll have to rebuild the database for each monitoring plan separately.
- 
+ 
3. Refresh or reopen the SQL Management Studio to ensure the audit database was rebuilt.
@@ -76,7 +76,7 @@ The audit database has now been successfully deleted. Refer to the **Rebuilding
2. Run your SQL Management Studio instance and navigate to ` %SQL_Server_database_name% > Databases` to select the database you are going to rename.
3. Right-click the selected database and select **Rename**.
- 
+ 
4. Add **_old** or another word to the end of the database name to differentiate it from other databases.
5. Once the database has been renamed, restart **Netwrix Auditor Archive Service** and **Netwrix Auditor Management Service**.
@@ -89,13 +89,14 @@ The audit database has now been successfully renamed. Refer to the **Rebuilding
> **NOTE:** In order to correctly set the retention period, you have to estimate your audit database growth. If you are using Netwrix Auditor 9.6 or newer, this can be done by monitoring **Health Status** > **Database statistics**.
-
+
1. Run your SQL Management Studio instance and navigate to ` %SQL_Server_database_name% > Databases` to locate the required database.
2. Right-click it and select **Properties**.
- 
+ 
3. Review **Size** and **Space Available** parameters.
> **NOTE:** This should be done over the course of several days to get the best estimate of growth.
+
diff --git a/docs/kb/auditor/system-administration/database-management/not-all-changes-are-included-in-reports-for-database-content-audit.md b/docs/kb/auditor/system-administration/database-management/not-all-changes-are-included-in-reports-for-database-content-audit.md
index 78ae0265ef..5a96e7033f 100644
--- a/docs/kb/auditor/system-administration/database-management/not-all-changes-are-included-in-reports-for-database-content-audit.md
+++ b/docs/kb/auditor/system-administration/database-management/not-all-changes-are-included-in-reports-for-database-content-audit.md
@@ -29,4 +29,5 @@ When you perform bulk inserts, not all modified rows are reported. How do you ch
In the **SQL Server data source settings** there is a value that defines the number of data changes per SQL transaction to be included in a report. By default it is set to `10`.
-
+
+
diff --git a/docs/kb/auditor/system-administration/licensing-and-compliance/essential-netwrix-license-usage-data-and-url-resources.md b/docs/kb/auditor/system-administration/licensing-and-compliance/essential-netwrix-license-usage-data-and-url-resources.md
index 9755a31a51..7449090902 100644
--- a/docs/kb/auditor/system-administration/licensing-and-compliance/essential-netwrix-license-usage-data-and-url-resources.md
+++ b/docs/kb/auditor/system-administration/licensing-and-compliance/essential-netwrix-license-usage-data-and-url-resources.md
@@ -31,7 +31,7 @@ Each data source that Netwrix Auditor audits is associated with a license. For e
> **Note:** License usage data does not include any sensitive information. See the following screenshot for an example of what data Netwrix receives:
-
+
If a Netwrix server in your environment has limited Internet access, whitelist the following URLs so Netwrix can collect license usage data:
@@ -41,3 +41,4 @@ http://updates.netwrix.com/
http://www.netwrix.com/
https://stats.netwrix.com/
```
+
diff --git a/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md b/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md
index 30239cca2d..06daef15c5 100644
--- a/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md
+++ b/docs/kb/auditor/system-administration/licensing-and-compliance/how-to-apply-netwrix-auditor-license.md
@@ -33,10 +33,11 @@ You may have received an email from our licensing team — download the attached
1. In the main Netwrix Auditor screen, go to **Settings** > **Licenses** and click **Update**.
- 
+ 
2. Navigate to your `*.lic` file and select the file.
3. Click **Open**.
The license is now applied to your Netwrix Auditor instance. Verify the information in the **Licenses** section.
+
diff --git a/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md b/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md
index deb9fcd7bb..09e8541620 100644
--- a/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md
+++ b/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-migrate-netwrix-auditor-working-folder-to-a-new-location.md
@@ -51,19 +51,19 @@ The size of your Working Folder may grow significantly (up to 1 TB) depending on
1. Navigate to ` %Netwrix Auditor installation folder%\Audit Intelligence` and launch the `WorkingFolderMigration.exe` utility.
2. Specify the target folder in the **Specify new destination** field.
- 
+ 
> **IMPORTANT:** Network shares are not supported − make sure the new Working Folder destination is a local folder.
3. Click **Migrate**. All temporary data from ` %ProgramData%\Netwrix Auditor\` will be copied to the specified target folder.
4. Wait for the migration process to complete. Your final screen should look like the following screenshot in case the migration process was completed correctly:
- 
+ 
If the migration process was completed successfully, proceed to steps described in **Scenario A**.
In case any error occurs during the migration process, the Working Folder contents will remain in the original location. The final screen might look like the following screenshot:
-
+
In case the migration process was not completed successfully, follow the steps described in **Scenario B**.
@@ -98,3 +98,4 @@ If migration was completed with any errors, refer to the following steps:
- [Netwrix Auditor Operations and Health − Health Status Dashboard](https://docs.netwrix.com/docs/auditor/10_8/admin/healthstatus/dashboard/overview)
- [How to Check the Netwrix Auditor Health Status](/docs/kb/auditor/how-to-check-the-netwrix-auditor-health-status.md)
- [Open a Ticket · Netwrix 🧭](https://www.netwrix.com/tickets.html#/open-a-ticket)
+
diff --git a/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md b/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md
index 9ebc87e02f..91c66d4778 100644
--- a/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md
+++ b/docs/kb/auditor/system-administration/migration-and-upgrade/how-to-upgrade-netwrix-auditor.md
@@ -64,9 +64,10 @@ Upon completion, Netwrix Auditor will launch. To confirm integrity, run the foll
- **Legacy Steps:** On version 8.5 and lower, you will need to launch the Netwrix Auditor Administrator Console and manually upgrade the Audit Databases in SQL.
- Click **Audit Database** and then click **Upgrade**.
- 
+ 
## Related articles
- [Upgrading to the Latest Version](https://docs.netwrix.com/docs/auditor/10_8/install/upgrade)
- [Upgrade Increments for Netwrix Auditor](/docs/kb/auditor/upgrade-increments-for-netwrix-auditor.md)
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-access-roles-page.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-access-roles-page.md
index acd0377eb6..c5390da42c 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-access-roles-page.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-access-roles-page.md
@@ -30,7 +30,7 @@ All pages on Administrative portals work except the Roles.
An error occurred on the server when processing the URL. Please contact the system administrator.
If you are the system administrator please click here to find out more about this error.
-
+
---
@@ -46,5 +46,6 @@ Follow these steps to fix the issue:
2. Locate the web-site that is hosting the `PM` virtual directory.
3. Navigate to the **admin** virtual directory.
4. Open **ASP** settings under the **IIS** section.
- 
+ 
5. Make sure that **Enable Buffering** is set to `True`.
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-access-the-help-desk-portal.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-access-the-help-desk-portal.md
index 10fb95c123..736fbcbcb6 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-access-the-help-desk-portal.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-access-the-help-desk-portal.md
@@ -36,20 +36,21 @@ This error indicates your authentication settings need to be adjusted to comply
c) In the **Properties** dialog, open the **Directory Security** tab, and select **Edit** for **Authentication and Access Control**.
d) In the **Authentication Methods** dialog, select either the **Integrated Windows authentication** box or **Basic authentication** (password is sent in clear text), and clear all other authentication options for Authentication access.
- 
+ 
To ensure the required settings are enabled in **IIS7**, do the following:
a) In the **IIS Manager** left pane, navigate to the **ALE** virtual directory (by default `\ -> Sites -> Default Web Site -> ALE`).
b) In the Manager central pane, double-click the **Authentication** option.
c) In the Authentication list, enable either the **Windows Authentication** option or **Basic Authentication**, and disable all other authentication options.
- 
+ 
3. Your proxy server is disabled or bypassed. To check the proxy settings, do the following:
a) Go to **Control panel -> Internet options**.
b) In the **Internet Properties** dialog, open the **Connections** tab and click the **LAN settings** button.
c) Make sure the **Use a proxy server for your LAN** option is not enabled. Otherwise, make sure the **Bypass proxy server for local addresses** option is enabled too; in this case the Help-Desk portal must be a member of the **Local intranet zone**, or specified as exception.
- 
+ 
4. The account you are using has READ access to the physical directory of the Web-portal (by default `C:Program Files (x86)NetWrixAccount Lockout ExaminerWeb`)
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-complete-login-due-to-an-incorrect-user-name-or-password.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-complete-login-due-to-an-incorrect-user-name-or-password.md
index b214e3ae78..d2d020ef06 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-complete-login-due-to-an-incorrect-user-name-or-password.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-complete-login-due-to-an-incorrect-user-name-or-password.md
@@ -29,4 +29,5 @@ knowledge_article_id: kA00g000000H9bPCAS
Select the **Change** button to enter in the credentials for the Virtual Center or ESX(i) Server:
-
+
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-obtain-credential-information-for-mapped-drive.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-obtain-credential-information-for-mapped-drive.md
index d02871f48b..6dfe51f787 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-obtain-credential-information-for-mapped-drive.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-obtain-credential-information-for-mapped-drive.md
@@ -26,8 +26,9 @@ The following error is returned on account lockout examination:
`Cannot obtain credential information for drive <> mapped by <>`
-
+
---
This error means that there are mapped drives in the system, but Netwrix Account Lockout Examiner for some reason cannot read the information on the credentials used to map drives in the Windows registry of the examined machine. This error usually occurs when the user under whose account a drive is mapped, used their own credentials, or a drive is mapped each time a user logs on with the current crendeitals.
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-retrieve-audit-settings-in-audit-configuration-assistant.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-retrieve-audit-settings-in-audit-configuration-assistant.md
index 28c59fc9d0..c228f7c78a 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-retrieve-audit-settings-in-audit-configuration-assistant.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/cannot-retrieve-audit-settings-in-audit-configuration-assistant.md
@@ -41,7 +41,7 @@ Cannot retrieve admin audit logging settings. Cannot execute the PowerShell comm
The user %user% isn't assigned to any management roles.
```
-
+
## Cause
@@ -50,3 +50,4 @@ The user is not included in any or one of the following groups: Domain Admins, E
## Resolution
Configure the user to be used in the Audit Configuration Assistant utility. For additional information on user permissions required for Audit Configuration Assistant utility, refer to the following article: https://docs.netwrix.com/docs/auditor/10_8/tools/overview
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-0x800706ba-rpc-server-is-unavailable.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-0x800706ba-rpc-server-is-unavailable.md
index df58236fb8..fd45275143 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-0x800706ba-rpc-server-is-unavailable.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-0x800706ba-rpc-server-is-unavailable.md
@@ -73,7 +73,7 @@ Failed to update the agent on the following server: %server%
> **NOTE:** If you see the following error in the Event Viewer while checking **Event Viewer (Local)** connection to another computer, enable inbound rules (COM+ Network Access and all rules in the Remote Event Log Management group) on the target computer. Refer to the following article for additional information: Configuration − Logon Activity Ports: Configure Windows Firewall Inbound Connection Rules ⸱ v10.6.
>
- > 
+ > 
>
> Learn more in: 0x80004027 error when you try to remotely access COM+ object after you upgrade to Windows Server 2016 or later versions ⸱ Microsoft
@@ -105,3 +105,4 @@ Failed to update the agent on the following server: %server%
- [Windows Server Troubleshooting: RPC server is unavailable ⸱ Microsoft](https://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-rpc-server-is-unavailable.aspx)
- Сonnection Issue when TLS 1.2 Is Required
- [Server Hardware Performance Considerations ⸱ Microsoft](https://learn.microsoft.com/en-us/windows-server/administration/performance-tuning/hardware/)
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-403.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-403.md
index 331f3b67cd..42e26e480a 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-403.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-403.md
@@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9TwCAK
When trying to browse to any portal, you get "Error 403 - Access is denied"
-
+
The 403 error can be caused by several reasons. The most common reasons are:
@@ -37,9 +37,9 @@ The 403 error can be caused by several reasons. The most common reasons are:
3. In the central pane double-click **SSL Settings**
4. Check settings, change if necessary
- 
+ 
- 
+ 
2. Default document IIS feature is not enabled.
@@ -50,6 +50,7 @@ The 403 error can be caused by several reasons. The most common reasons are:
3. In the central pane double-click **Default Document**
4. In the right pane click **Enable** (if there is no Enable option there, but **Disable** is, it means that the feature is enabled)
- 
+ 
+
+ 
- 
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-an-unknown-error-occurred-while-processing-the-request-on-the-server.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-an-unknown-error-occurred-while-processing-the-request-on-the-server.md
index d8d81a678e..d9bc179195 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-an-unknown-error-occurred-while-processing-the-request-on-the-server.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-an-unknown-error-occurred-while-processing-the-request-on-the-server.md
@@ -45,4 +45,5 @@ Extend the report timeout on the on the Report Manager URL. For that:
2. Find the problematic report and open it.
3. Click the 3 dots in the Reports Manager for the report itself, then click **Manage**.
4. In the **Advanced** section, modify the report timeout settings.
- 
+ 
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-no-more-threads.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-no-more-threads.md
index 8efd3d2f08..bff44f19b0 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-no-more-threads.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-no-more-threads.md
@@ -31,4 +31,5 @@ To fix the issue, restart the **WMI service** on the **target domain controller*
3. Locate the **Windows Management Instrumentation Service** in the list.
4. Right-click this service and select **Restart** from the popup menu.
-
+
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-request-operation-timeout.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-request-operation-timeout.md
index 113c59bb5f..29d644774e 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-request-operation-timeout.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-request-operation-timeout.md
@@ -26,7 +26,7 @@ knowledge_article_id: kA00g000000H9bxCAC
You receive the "request timeout" error message when you launch the Netwrix Account Lockout Examiner console or some time after.
-
+
---
@@ -45,7 +45,7 @@ In order to resolve the issue perform the following steps on the Account Lockout
f. Set `invLogonCleaningPeriod` to `10 decimal`
g. Restart the NetWrix Account Lockout Examiner service
- 
+ 
2. If the above does not help, disable searching of invalid logons on workstations. This will reduce the service load.
a. Run Registry Editor (`Start - Run - regedit`)
@@ -53,11 +53,12 @@ In order to resolve the issue perform the following steps on the Account Lockout
c. Create a DWORD called `PF_Enabled` with the value of `0`
d. Restart the NetWrix Account Lockout Examiner service
- 
+ 
3. If all of the registry settings did not address the issue set Account Lockout Examiner to monitor the PDC only:
a. In Netwrix Account Lockout Examiner navigate to **File > Settings > Managed Objects**.
b. Select your domain and click **Edit**.
c. Select the **Only PDC emulator** radio button and click **OK** to save the changes.
- 
+ 
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-the-maximum-password-age-is-not-set.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-the-maximum-password-age-is-not-set.md
index 9b2b01219c..20e03d4883 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-the-maximum-password-age-is-not-set.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-the-maximum-password-age-is-not-set.md
@@ -43,4 +43,5 @@ To set the Maximum Password Age policy for the domain:
4. In the right pane define the **Maximum password age** value
5. Update policies, for example run `gpupdate /force`
-
+
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-the-pipe-endpoint-cannot-be-found.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-the-pipe-endpoint-cannot-be-found.md
index 0a0dd27514..9d021b020b 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-the-pipe-endpoint-cannot-be-found.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/error-the-pipe-endpoint-cannot-be-found.md
@@ -24,7 +24,7 @@ knowledge_article_id: kA00g000000H9c4CAC
You get the "pipe endpoint cannot be found" error when you launch the console, or after some time after launching it.
-
+
The issue occurs when the Account Lockout Examiner does not start or crashes.
@@ -35,3 +35,4 @@ To resolve the issue please make sure that the Netwrix Account Lockout Examiner
If the issue persists, please make sure that you are running the latest version of Account Lockout Examiner:
https://www.netwrix.com/account_lockout_examiner.html
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-logon-attempts-after-recent-service-account-password-change.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-logon-attempts-after-recent-service-account-password-change.md
index 9aad491a9e..f4810dd690 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-logon-attempts-after-recent-service-account-password-change.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-logon-attempts-after-recent-service-account-password-change.md
@@ -44,4 +44,5 @@ For Event Log Manager, Inactive User Tracker and Netwrix Password Reset:
Refer to the following screenshots for reference on service accounts credentials to be changed in case you've reset a password in Netwrix Auditor:
-
+
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-to-open-log.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-to-open-log.md
index c2fb6b9752..cecde4cd3f 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-to-open-log.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/failed-to-open-log.md
@@ -45,11 +45,11 @@ There are several possible reasons for this error to appear:
1. Make sure the problematic server is started and is accessible through the network.
2. Make sure the **Server** service is started and set to **Automatic** on the problematic server.
-
+
3. Make sure the **File and Printer Sharing for Microsoft Networks** component is enabled in the Local Area Connection properties.
-
+
4. Disable the **Windows Firewall** service on the problematic server:
@@ -62,4 +62,5 @@ Or configure the Windows Firewall exception:
- Expand nodes as follow: `Computer Configuration / Administrative Templates / Network / Network Connections / Windows Firewall`, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
- Enable the **Allow inbound file and printer sharing exception** exception.
-
+
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/group-policy-error-is-not-in-a-valid-format.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/group-policy-error-is-not-in-a-valid-format.md
index 7d1ddc642c..3c697f5d55 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/group-policy-error-is-not-in-a-valid-format.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/group-policy-error-is-not-in-a-valid-format.md
@@ -27,7 +27,7 @@ You may receive a Group Policy daily summary email with the error: "The file `DC
---
The group policy is corrupted or it is not in a valid format. If you open the Group Policy Management Console (GPMC) > highlight the group policy in Summary and navigate to > **Settings** tab, most likely it will return you an error message.
-
+
---
@@ -36,7 +36,7 @@ The group policy is corrupted or it is not in a valid format. If you open the Gr
First of all you need to find out the affected policy.
In the error message `"DC01.corp..com\sysvol\corp..com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol"` — `31B2F340-016D-11D2-945F-00C04FB984F9` is the GUID of the affected group policy. To find out the GUID of a group policy open GPMC > highlight a group policy and open **Details** tab > **Unique ID** is the GUID of a GPO.
-
+
There are 3 possible solutions:
@@ -50,3 +50,4 @@ There are 3 possible solutions:
If you didn't find a solution please refer to the following Microsoft article regarding this issue - http://support.microsoft.com/kb/814751
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/how-to-figure-out-the-ip-address-used-for-a-failed-logon-attempt.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/how-to-figure-out-the-ip-address-used-for-a-failed-logon-attempt.md
index a2a60f687b..f4c7227ac7 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/how-to-figure-out-the-ip-address-used-for-a-failed-logon-attempt.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/how-to-figure-out-the-ip-address-used-for-a-failed-logon-attempt.md
@@ -33,7 +33,7 @@ However there are 2 ways you can figure out the IP address:
1. Note the **Computer** **name** and the timestamp of the particular failed logon attempt.
- 
+ 
2. Go to **Start / All Programs / Netwrix Auditor / Event Log Manager / Advanced Tools / Viewer**
3. In the **Viewer** tool:
@@ -42,42 +42,42 @@ However there are 2 ways you can figure out the IP address:
- select **Event Log** as **Security**
- specify dates **From** and **To**, use date from the timestamp that you have noticed on step 1
- 
+ 
4. Click the **View** button, and specify the location of the evt-file and click **OK**. The newly saved event log will be opened in **Event Viewer** automatically.
5. To convert the evt-file to evtx format, in the left hand panel, right click the saved log and select **Save All Events As**, specify the location of the evtx-file and click **OK**. Open the saved file via **Event Viewer**.
- 
+ 
6. When the evtx-file is opened, click **Filter Current Log** in the **Actions** pane.
7. In the **Filter Current Log** dialog box, specify `Event ID` as `4625,529-537,539` (failed logon attempts IDs), and then click **Logged** drop-down list and select **Custom range**.
- 
+ 
8. Specify date range around the timestamp that you have noticed on step 1 and click **OK**. Click **OK**
- 
+ 
9. Find the corresponding event in the filtered log and double-click it.
10. The **IP Address** is displayed in the **Network Information** section of the event description.
- 
+ 
## Procedure 2:
1. Note the **Computer name** and the timestamp of the particular failed logon attempt.
- 
+ 
2. In the **Netwrix Auditor Management Console**, go to **Managed Objects / <Your Mananaged Object> / Event Log Manager** node.
3. Enable the "**Write event descriptions into the database**" check box (if it is already selected, continue from **step 6**). Close console.
- 
+ 
4. Go to **Start / All Programs / Netwrix Auditor / Event Log Manager / Advanced Tools / DB Importer**
5. Select your managed object from the drop-down list and specify the date range that includes the date of the event. Click **Import**.
- 
+ 
6. Start **Netwrix Auditor Management Console**, go to **Managed Objects / <Your Mananaged Object> / Event Log Manager / Reports / General Reports / All Events by Computer** report.
7. In the filters:
@@ -86,18 +86,19 @@ However there are 2 ways you can figure out the IP address:
- specify **Event ID** as **%5%**
- specify **Event Log** as **Security**
- !" 
+ !" 
8. Click the **View Report** button.
9. Find the corresponding event in the filtered log and click the blue link in the **Date** field.
- 
+ 
10. The page with **Event Details** will be displayed.
- 
+ 
NOTE:
- The **IP address** is not always available in the description of the **Failed logon attempt** events.
- If you are looking for full description for another event, the described steps are similar except the specified **Event IDs** will be different.
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/kds-removal-tool-for-adv-2023-003-failed-to-load-configuration-file.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/kds-removal-tool-for-adv-2023-003-failed-to-load-configuration-file.md
index c079bba044..35a54827de 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/kds-removal-tool-for-adv-2023-003-failed-to-load-configuration-file.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/kds-removal-tool-for-adv-2023-003-failed-to-load-configuration-file.md
@@ -32,7 +32,7 @@ Failed to load configuration file.
Could not find a part of the path
```
-
+
## Cause
@@ -69,3 +69,4 @@ Change it to a full path (example):
3. Save changes and run the tool again.
In case these steps did not help, contact Netwrix Technical Support: https://www.netwrix.com/open_a_ticket.html.
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/permission-denied-error-code-2146828218.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/permission-denied-error-code-2146828218.md
index 829f255949..2c75ced0c2 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/permission-denied-error-code-2146828218.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/permission-denied-error-code-2146828218.md
@@ -25,7 +25,7 @@ knowledge_article_id: kA00g000000H9cCCAS
When trying to access the Help-Desk portal, a non-admin user gets a "You do not have a Helpdesk operator permissions" message or "Permission denied" error (error code -2146828218)
-
+
---
@@ -44,7 +44,7 @@ To grant a user access to the Help-Desk portal, add this user to the Help Desk O
2. In the **Help-Desk Operators** section, click the **Modify** button.
3. In the dialog that opens, click the **Add** button and specify user(s) that you want to add to this role.
-
+
If the issue persists, check that Authentication options are configured properly in IIS:
@@ -52,4 +52,5 @@ If the issue persists, check that Authentication options are configured properly
5. Select this folder by left-clicking on it and look for the **Authentication** feature under the IIS block in the central pane. Double-click on it.
6. Make sure that `"Anonymous Authentication"` is disabled.
-
+
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/vserver-api-missing-vserver-parameter-error-when-auditing-netapp-cluster.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/vserver-api-missing-vserver-parameter-error-when-auditing-netapp-cluster.md
index c7f36a8699..7000225f0b 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/vserver-api-missing-vserver-parameter-error-when-auditing-netapp-cluster.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/vserver-api-missing-vserver-parameter-error-when-auditing-netapp-cluster.md
@@ -36,7 +36,7 @@ The specified management interface is not the management interface of the CIFS S
2. Find the interface that has **Management Access** enabled and is assigned to the SVM you are trying to audit.
3. Remember its IP address and specify it in the properties of the NetApp item in Netwrix Auditor in the **ONTAPI** node.
-
+
Also make sure the account used to collect to ONTAPI is assigned a custom role on the SVM that has the following capabilities with access query levels:
@@ -49,3 +49,4 @@ Also make sure the account used to collect to ONTAPI is assigned a custom role o
| vserver cifs | readonly |
See [Creating Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enabling AD User Access](https://docs.netwrix.com/docs/auditor/10_8).
+
diff --git a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/wmi-classes-data-provider-failed-to-get-the-information-on-win32-printer-error.md b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/wmi-classes-data-provider-failed-to-get-the-information-on-win32-printer-error.md
index c73a5e1f1d..be48c5de8c 100644
--- a/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/wmi-classes-data-provider-failed-to-get-the-information-on-win32-printer-error.md
+++ b/docs/kb/auditor/troubleshooting-and-errors/data-collection-errors/wmi-classes-data-provider-failed-to-get-the-information-on-win32-printer-error.md
@@ -42,7 +42,7 @@ The Print Spooler service is stopped or disabled on the monitored server.
4. In the **General** tab, review the **Startup type** value − switch it to **Automatic** and click **Start**.
5. Click **Apply**.
-
+
---
@@ -78,3 +78,4 @@ monitoring plan name, server name,*The WMI Classes data provider failed to get i
- https://docs.netwrix.com/docs/auditor/10_8/configuration/windowsserver/overview
- https://docs.netwrix.com/docs/auditor/10_8/configuration/windowsserver/overview
+