[gptalk] Re: GPO Auditing

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 16 Aug 2006 08:17:04 -0700

Generally speaking, the GP auditing that is available is pretty weak, but if
you have directory access auditing enabled on your DCs, then you will see
any changes to the groupPolicyContainer object (the part of the GPO in AD)
show up in the security event log on the PDC emulator DC. That will at least
tell that a GPO changed and who made the change, but it won't show you what
the change was. For that, you would need a 3rd party product like those from
NetIQ or NetPro.


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Difarnecio, Gino (Citco)
Sent: Wednesday, August 16, 2006 7:19 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO Auditing

I would like to keep track of changes to my GPO's. Any suggestions on the
best way to accomplish this task? I figure enabling auditing at the PDC in
the policy folder will generate an event if I log write attempts. Is there
anything else that needs to be done to accomplish this?


Other related posts: