• United States

NetPro digs into the who, what, where, when and why of change

Jul 05, 20043 mins
Enterprise Applications

* NetPro ChangeAuditor for Active Directory

In Network World’s Identity Management newsletter, we frequently talk about the three A’s – Authentication, Authorization and Audit. In the Windows networking world, Windows servers – of the 2000 and 2003 variety – handle authentication very well through Active Directory. Authorization is also fairly well handled through Microsoft’s adaptation of Kerberos (see link below). Auditing, though, isn’t particularly easy or effective.

Arizona’s NetPro saw this need and jumped in to fill it. Evidently major Windows networking shops also realized the need because they started lining up to purchase NetPro’s ChangeAuditor for Active Directory well before it started shipping late last week. See NetPro’s press release for the product for some user comments (

While Windows provides lots and lots of logs, most are simply dumping grounds for activities and require mind-numbing searching and collating if you ever want to piece together a record of what’s happening – especially as it involves your security and identity management.

NetPro’s product provides you with the reporter’s view of the directory:

* Who changed something.

* What was changed.

* When it was changed.

* Where the change occurred.

* Why it happened.

Well, the “why” has to be entered by the person making the change at the time of the change – but the rest is totally automated. Possibly more important for those trying to troubleshoot a problem that may have been triggered by a change in the directory, ChangeAuditor also tracks the “before” and “after” values of objects and attributes that have been modified, making it very easy to revert to a previous value should that be necessary to correct a problem.

There’s a full range of reports, of course, but ChangeAuditor can also deliver real-time alerts for particular events (configurable by the network manager) so that an “oops” can be rectified quickly, before it escalates to a disaster.

Still, it’s not as a disaster recovery tool that ChangeAuditor is most useful, but as a reporting tool that keeps you informed about activities taking place with your directory.

The built-in report templates allow you to view directory changes from a variety of perspectives with a touch of button. For example, you can view all changes at a particular site. You can view changes made during a specific timeframe. Or, you can see the changes performed by a particular administrator. You can even run detailed queries based on user-defined criteria and customize the report templates on the fly. In short, the reports tell you quickly and with as much detail as you want who did what, when and where they did it, both the old and new value, as well as the explanation of why it was done. You simply can’t do all of that with Windows’ logs.

Head over to the ChangeAuditor Web site ( and watch the online demo, or request an evaluation version. I think you’ll like what you see.