How to move Long-Term Archive to a new location

Setup and Configuration
Copy Article URL Copied

NOTE: If you already tried to move any of the Netwrix Auditor Storage locations (Long-Term Archive and/or Short-Term Archive) manually or upgraded from Netwrix Auditor 8.0, contact Netwrix Technical support for special instructions.

If you have a clean install of Netwrix Auditor 9.0 or newer, follow the steps below:

  1. Navigate to all your Monitoring Plans –> Edit –> Edit Data Source, and disable the Monitor this data source and collect activity data option.
  2. Stop product services. Navigate to Start –> Run and type “services.msc”; locate and stop the following services:
  • Netwrix Auditor Archive Service
  • Netwrix Auditor User Activity Audit Service
  • Netwrix Auditor for Windows Server Audit Service
  • Netwrix Auditor for File Servers Audit Service
  • Netwrix Auditor Data Collection Service
  1. Open Windows Task Manager, switch to the Processes tab and wait until the following processes have completed:
Data Source Process
Active Directory
  • All processes with the prefix “Netwrix.ADA”
Group Policy
  • ADCR.exe
  • Netwrix.ADA.StorageAudit
Windows Server
  • Netwrix.WSA.DcsShim
Event Log Manager
  • EventManager.exe
Note: If you have Netwrix Auditor Event Log Manager enabled, you must also disable its scheduled task. Navigate to Start –> All Programs –> Task Scheduler –> task Scheduler Library and locate the task with description “Starts Netwrix Auditor data collection on Event Log for <your monitoring plan name>“. Disable the task.
  1. Navigate to the current Long-Term Archive location. Check the path: navigate to Settings –> Long-Term Archive. (By default, Netwrix Auditor stores data at “C:\ProgramData\Netwrix Auditor\Data”.)
  2. Copy audit data to a new Long-Term Archive location.
Note: It is not recommended to store your Long-Term Archive on a system disk or remote location.
  1. In Netwrix Auditor, navigate to Settings -> Long-Term Archive and specify the new path to a local or shared folder to write your audit data.
  2. Start the services and tasks you have stopped.
  3. Re-enable each data source disabled at the step 1.
Go Up