If you're using MOM you could use Secure Vantage's Group Policy PCMP Product also to do GPO Auditing :)! http://www.securevantage.com/ProductsPCMP.html. -ryan _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Wednesday, August 16, 2006 10:17 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: GPO Auditing Generally speaking, the GP auditing that is available is pretty weak, but if you have directory access auditing enabled on your DCs, then you will see any changes to the groupPolicyContainer object (the part of the GPO in AD) show up in the security event log on the PDC emulator DC. That will at least tell that a GPO changed and who made the change, but it won't show you what the change was. For that, you would need a 3rd party product like those from NetIQ or NetPro. Darren _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Difarnecio, Gino (Citco) Sent: Wednesday, August 16, 2006 7:19 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] GPO Auditing I would like to keep track of changes to my GPO's. Any suggestions on the best way to accomplish this task? I figure enabling auditing at the PDC in the policy folder will generate an event if I log write attempts. Is there anything else that needs to be done to accomplish this? Thanks