An MCP server for Netwrix Access Analyzer, designed to integrate with Claude Desktop. Currently supports Active Directory and File System solutions.
- SQL Server integration with automatic connection on startup
- Dynamic database schema exploration
- SQL query execution
- Netwrix Access Analyzer File System tools
This MCP server requires the following dependencies:
- Python 3.12 or higher
- MCP SDK
- pyodbc 4.0.39 or higher (for SQL Server connectivity)
- python-dotenv 1.0.0 or higher (for environment variable management)
- ODBC Driver 17 for SQL Server or later (must be installed on your system)
This MCP Server requires Netwrix Access Analyzer (NAA) File System or Active Directory scans to be completed.
| Solution | Tool Name | Description |
|---|---|---|
| Active Directory | Get-ADEffectiveMembership | Discovers effective group membership in AD with filters. |
| Active Directory | Get-ADExceptions | Retrieves AD exceptions with optional filters. |
| Active Directory | Get-ADPermissions | Retrieves AD permissions from the permissions view with filters. |
| Active Directory | Get-DomainControllers | Lists domain controllers. |
| Active Directory | Get-CertificateVulnerabilities | Lists certificate vulnerabilities. |
| Active Directory | Get-ADCARights | Lists AD CA rights. |
| Active Directory | Get-ADSecurityAssessment | Retrieves AD security assessment results. |
| Active Directory | Get-ADUsers | Retrieves AD user details with filters. |
| Active Directory | Get-ADGroups | Retrieves AD group details with filters. |
| Active Directory | Get-ADComputers | Retrieves AD computer details with filters. |
| Database | Connect-Database | Connects to a specified MSSQL database. |
| Database | Show-ConnectionStatus | Shows the current DB connection status. |
| Database | Show-TableSchema | Shows the schema for a given table. |
| File System | Discover-SensitiveData | Discovers where sensitive data exists (DLP matches). |
| File System | Get-OpenShares | Finds open shares accessible to broad groups. |
| File System | Get-TrusteeAccess | Finds resources where a trustee has access. |
| File System | Get-TrusteePermissionSource | Finds the source of access for a trustee/resource. |
| File System | Get-ResourceAccess | Gets effective access for a resource path. |
| File System | Get-UnusedAccess | Finds users with unused access to a share. |
| File System | Get-RunningJobs | Lists running Netwrix Access Auditor jobs. |
| File System | Get-ShadowAccess | Retrieves details about shadow access. |
-
Install Claude Desktop
- Download and install Claude Desktop from the official website: https://claude.ai/download
- Follow the installation prompts for your operating system (macOS, Windows, or Linux).
-
Clone this repository
git clone https://github.com/netwrix/mcp-server-naa.git cd mcp-server-naa -
Connect Claude Desktop to this Server
- Add the following
uvconfiguration to your Claude Desktop MCP Configuration:
"NAA_AD": { "command": "/path/to/uv", "args": [ "run", "--with", "pyodbc", "fastmcp", "run", "/path/to/mcp-server-naa/run.py" ], "env": { "DB_SERVER": "HOST OR IP", "DB_NAME": "DATABASENAME", "DB_USER": "USERNAME", "DB_PASSWORD": "PASSWORD", "DB_USE_WINDOWS_AUTH": "FALSE|TRUE" } } - Add the following
If you encounter connection issues:
- Verify your SQL Server is running and accessible from your network
- Check your credentials in the .env file
- Ensure the ODBC driver is correctly installed
- Check the logs for detailed error messages
If Claude Desktop can't find the uv command:
- Use the full path to uv in your configuration (use which uv or where uv to find it)
- Make sure you've restarted Claude Desktop after configuration changes
- Check the Claude logs for any error messages related to the MCP server
If you need help using this MCP server or understanding your results, just visit the Netwrix Community - we’re here to help!