[gptalk] Re: GPO Auditing

  • From: "Ryan Brennan" <rbrennan@xxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 16 Aug 2006 10:30:13 -0500

If you're using MOM you could use Secure Vantage's Group Policy PCMP Product
also to do GPO Auditing :)!  http://www.securevantage.com/ProductsPCMP.html.

 

-ryan

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Wednesday, August 16, 2006 10:17 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO Auditing

 

Generally speaking, the GP auditing that is available is pretty weak, but if
you have directory access auditing enabled on your DCs, then you will see
any changes to the groupPolicyContainer object (the part of the GPO in AD)
show up in the security event log on the PDC emulator DC. That will at least
tell that a GPO changed and who made the change, but it won't show you what
the change was. For that, you would need a 3rd party product like those from
NetIQ or NetPro.

 

Darren

 

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Difarnecio, Gino (Citco)
Sent: Wednesday, August 16, 2006 7:19 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO Auditing

I would like to keep track of changes to my GPO's. Any suggestions on the
best way to accomplish this task? I figure enabling auditing at the PDC in
the policy folder will generate an event if I log write attempts. Is there
anything else that needs to be done to accomplish this?

Thanks

Other related posts: