How to Change Threat Prevention Credentials
Netwrix Threat Prevention uses credentials to access one or more other resources, depending on configuration and enabled features. This document describes the steps for changing the passwords for each account and how to update Netwrix Threat Prevention.
- Netwrix Threat Prevention uses credentials to connect to the SQL Server for its production and archive databases. See the "SQL Server Credentials" section.
- The Auto Deploy feature requires credentials to deploy agents on domain controllers. See the "Auto Deploy Credentials" section.
- Enabling email notifications requires credentials for the SMTP server. See the "SMTP Server Credentials" section.
- The Netwrix Threat Manager integration requires a Netwrix Threat Manager API key. See the "Threat Manager Credentials" section.
SQL Server Credentials
Events Database
During a Netwrix Threat Prevention Enterprise Manager Upgrade
- Uninstall Netwrix Threat Prevention Enterprise Manager
- Reset the password of the service account in SQL Server if using SQL Server Authentication or Active Directory if using Windows Authentication
- Run the installer for the new version of Netwrix Threat Prevention Enterprise Manager
- When prompted to enter the SQL Connection information, supply the new password
- Continue with the remainder of the installation
On a running instance of Netwrix Threat Prevention
- Stop the
SIEnterpriseManagerservice, and if installedSIReportingServiceandSISchedulerServiceservices - Reset the password of the service account in SQL Server if using SQL Server Authentication or Active Directory if using Windows Authentication
- Open the Netwrix Threat Prevention Database Connection Manager (
SIDBConfigMgr.exelocated in theSIEnterpriseManagerinstallation folder) - Update the SQL Connection Settings section with the updated username and password
- If Windows Authentication is used then check the Windows Authentication checkbox
- Click the Update button to apply the settings
Archive Database
- Open the Netwrix Threat Prevention Database Connection Manager (
SIDBConfigMgr.exelocated in theSIEnterpriseManagerinstallation folder) - Check the box Update Archiving Connection Settings
- Ensure the Archive server name, database and port are filled in correctly
- Reset the password of the service account in SQL Server if using SQL Server Authentication or Active Directory if using Windows Authentication
- Update the SQL Connection Settings section with the updated username and password
- If Windows Authentication is used then check the Windows Authentication checkbox
Auto Deploy Credentials
If you are using the Netwrix Threat Prevention Auto Deploy feature then you'll need to update the credentials in the Netwrix Threat Prevention Console by:
- Open the Netwrix Threat Prevention Console
- Click on the Agents menu option in the Policy Center
- Click on the Configure Auto Deploy button
- Reset the service account's password in Active Directory
- Replace the password with the updated password
- Click Apply to save the settings
SMTP Server Credentials
If you are using SMTP credentials to send authenticated emails from the Netwrix Threat Prevention Server you can replace these by:
- Open the Netwrix Threat Prevention Console
- Open the Alerts options by clicking on Configuration on the top menu bar followed by Alerts
- Click on the Email tab in the Netwrix Threat Prevention System Alerting window
- Click on Configure
- Reset the password for the user account
- Enter the updated password in the Password field
- Click Ok
Threat Manager Credentials
Sometimes it may be required to update the Netwrix Threat Manager App Token. When this is required you can replace this by:
- Generate a new app token in Netwrix Threat Manager, shown here, and copy it to the clipboard
- Open the Netwrix Threat Prevention Console
- Open the Netwrix Threat Manager Configuration by clicking on Configuration in the top menu bar and clicking Threat Manager Configuration
- Paste the Netwrix Threat Manager App Token into the App Token field
- Click Save