[gptalk] Re: Which log to check to track changes made in Group Policy
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Tue, 3 Apr 2007 15:41:13 -0700
Just to echo that, basically the only foolproof method to find out who made
a change to a GPO and exactly what setting was changed is to buy a 3rd party
auditing product. Even products like APGM (nee GPOVault) require that you go
through their interface to capture any change, and don?t catch ?out-of-band?
changes that might get made. The 3rd party auditing products actually
resolve who made the change, what the changed setting was, and what its
before and after values were/are.
However, you can audit that *some* change was made to a given GPO simply by
using native AD access auditing in the security logs of DCs. Most GP changes
default to being made on the PDCe DC so you can reliably monitor its
security log for changes to any groupPolicyContainer objects and that will
generally catch any GP changes. Again, it will only tell you that
*something* changed, not what that changed was.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Thorbjörn Sjövold
Sent: Tuesday, April 03, 2007 2:26 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Which log to check to track changes made in Group
Policy
Group Policy is basically a combination of LDAP and files in the DCs so you
need to enable auditing there then watch the security log on all DCs. But I
would suggest that you check out Microsoft?s new Advanced Group Policy
Manager, AGPM, that makes it possible to pretty much change Group Policy
administration into a proper workflow process where every single step can be
monitored for who did what. I do not believe it is released yet, but should
be pretty soon, so if you need this now, there are third party tools from
both NetPro, Quest and others that monitors changes in AD and thus Group
Policy. Although I actually think you can still download GPOVault from
DesktopStandard?s old web site (AGPM used to be GPOVault before MS acquired
DesktopStandard).
HTH,
Thorbjörn Sjövold
Special Operations Software
www.specopssoft.com <http://www.specopssoft.com/>
thorbjorn.sjovold a t specopssoft.com
Download our free tool for remote Gpupdate with graphical reporting,
http://www.specopssoft.com/products/specopsgpupdate/
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Washington, Booker
Sent: den 3 april 2007 23:14
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Which log to check to track changes made in Group Policy
If I wanted to check when a change was made to a policy within Group Policy,
or to track all of the changes made to group olicy, which log would I check?
- References:
- [gptalk] Re: Internet Explorer Processing Issues - automatic configuration script
- From: Buonora, Craig \(GE, Research, consultant\)
- [gptalk] Re: Internet Explorer Processing Issues - automatic configuration script
- [gptalk] Re: Internet Explorer Processing Issues - automatic configuration script
- From: Buonora, Craig \(GE, Research, consultant\)
- [gptalk] Re: Internet Explorer Processing Issues - automatic configuration script
- [gptalk] Re: Internet Explorer Processing Issues - automatic configuration script
- From: Buonora, Craig \(GE, Research, consultant\)
- [gptalk] Re: Internet Explorer Processing Issues - automatic configuration script
- [gptalk] Re: Internet Explorer Processing Issues - automatic configuration script
- From: Buonora, Craig \(GE, Research, consultant\)
- [gptalk] Re: Internet Explorer Processing Issues - automatic configuration script
- [gptalk] Which log to check to track changes made in Group Policy
- [gptalk] Re: Which log to check to track changes made in Group Policy
Other related posts:
