The Network Traffic Compression Service is realized by a tiny executable that runs on Domain Controllers, collects and pre-filters data and then sends it to the Netwrix Auditor in a highly compressed format. The Traffic Compression Service can help to increase scalability and optimize traffic. Being a recommended option generally, it is also extremely useful in poorly connected environments (e.g., if you have multiple Domain Controllers distributed among several geographic locations).
The service is non-intrusive and very light weight. It creates a service on the DC and copies a 6KB folder to the machine. The service only runs when the Netwrix Auditor server calls it. In congested systems with a high latency the service can substantially improve data transfer minimizing the impact on bandwidth. Using the service results in about a100x reduction in the amount of data being transferred and has a negligible impact on the targets computer’s performance.
Note: If you do not want any extra services running on the Domain Controllers, you can configure Netwrix Auditor to work without the service (not recommended).
Network traffic compression can be enabled for all DCs in the domain by selecting a corresponding option in the Active Directory data source.
You can customize the service’s scope by using agent.ini file. This allows you to override the default value for the particular DCs you specify.
- Navigate to the Netwrix Auditor installtion directory. For example, C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing
- Open agent.ini.
- Update it using the syntax below:
- dcname – name of a domain controller for which you want to customize the Network Traffic Compression Service usage
- remote – means that the service will NOT be used on this particular domain controller
- agent – means that the service WILL be used to collect data from this particular domain controller, even if it is disabled in the Netwrix Auditor UI
- skip – means that the data will not be collected from this particular domain controller (this option can be used, for example, if the domain controller goes down and should be temporarily excluded from data collection).
- skipsilent – same as skip but should only be used for completely decommissioned DCs
Note: Using ‘skip‘ setting can produce incomplete reports (incorrect values in Who Changed/When Changed fields).