Is anyone using netwrix auditor to monitor end user activity on Non-Persistent VDI machines. We are migrating from stand alone workstations to a mostly VDI infrastructure. I can find no documentation, so looking for folks that have attempted to do this.
1 Like
Hello Ledan,
Thank you for posting to the community, while I was unable to locate documentation regarding utilizing the User Activity data source with Non-Persistent VDI endpoints, I can share a few items that may be of some assistance.
With the User Activity data source, each time a new machine is added Netwrix logs the UniqID for the machine. If another machine spins up with the same UniqID Auditor will stop collecting data as it won’t use the same ID for differing machines.
One issue that you may encounter when auditing ephemeral endpoints with the user activity plan, is that when the old VDI is no longer in use, and a new machine is added, it may have the same UniqID as the old machine we were auditing within the plan. This can cause a ‘duplicate’ error, where Netwrix Auditor will show ‘take action’ until we clear the UniqID. I’ve included a KB Article below which should assist in locating and removing the UniqID value.
Error: User Activity Core Service Has Been Already Launched
I would also recommend confirming you have policies in place to configure the requirements for the User Activity data source.
- Configure Data Collection Settings
If you have any further question, please let me know.
-Thank You
1 Like