OK. Enough product pitching :-). This list is meant to devoid of that or otherwise "vendor-neutral". To that end, in addition to SecureVantage, I will reiterate that NetIQ, Quest and NetPro all provide detailed AD & GPO change auditing, including some with MOM integration. You can definitely use any garden variety monitoring product to tell you whether a GPO change has occurred, but as I said initially, you typically need 3rd party products to get more detail than that. Darren _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Ryan Brennan Sent: Thursday, August 17, 2006 7:27 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: GPO Auditing Garry, You are 100% correct you can definitely monitor GPO changes with MOM by scraping the Object Access 566 Events in the security logs. This generally tells you that a GPO changed and person that changed it, etc - it does not tell you what changed (settings/attributes) and the impact of that change. The Secure Vantage MP allows you to have detailed Change Auditing and Reporting; including GPO changes (566) and the Impact analysis of GPO attribute changes on each server. It's very powerful and much more than just 566 Auditing; it uses RSOP to do discovery, auditing, and baselining of GPOs and more importantly the RSOP of GPO attributes and lots of Reporting! -ryan _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Meaburn, Garry Sent: Thursday, August 17, 2006 7:24 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: GPO Auditing Hi you can also configure MOM to monitor for GPO changes without using the Secure Vantage's product. I currently use MOM to monitor any GPO or OU changes Regards, Garry Meaburn Odyssey Operations - Active Directory _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Ryan Brennan Sent: 16 August 2006 16:30 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: GPO Auditing If you're using MOM you could use Secure Vantage's Group Policy PCMP Product also to do GPO Auditing :)! http://www.securevantage.com/ProductsPCMP.html. -ryan _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Wednesday, August 16, 2006 10:17 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: GPO Auditing Generally speaking, the GP auditing that is available is pretty weak, but if you have directory access auditing enabled on your DCs, then you will see any changes to the groupPolicyContainer object (the part of the GPO in AD) show up in the security event log on the PDC emulator DC. That will at least tell that a GPO changed and who made the change, but it won't show you what the change was. For that, you would need a 3rd party product like those from NetIQ or NetPro. Darren _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Difarnecio, Gino (Citco) Sent: Wednesday, August 16, 2006 7:19 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] GPO Auditing I would like to keep track of changes to my GPO's. Any suggestions on the best way to accomplish this task? I figure enabling auditing at the PDC in the policy folder will generate an event if I log write attempts. Is there anything else that needs to be done to accomplish this? Thanks