[gptalk] Re: Which log to check to track changes made in Group Policy

  • From: Thorbjörn Sjövold <thorbjorn.sjovold@xxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 3 Apr 2007 23:26:17 +0200

Group Policy is basically a combination of LDAP and files in the DCs so you 
need to enable auditing there then watch the security log on all DCs. But I 
would suggest that you check out Microsoft's new Advanced Group Policy Manager, 
AGPM, that makes it possible to pretty much change Group Policy administration 
into a proper workflow process where every single step can be monitored for who 
did what. I do not believe it is released yet, but should be pretty soon, so if 
you need this now, there are third party tools from both NetPro, Quest and 
others that monitors changes in AD and thus Group Policy.  Although I actually 
think you can still download GPOVault from DesktopStandard's old web site (AGPM 
used to be GPOVault before MS acquired DesktopStandard).




Thorbjörn Sjövold

Special Operations Software

www.specopssoft.com <http://www.specopssoft.com/> 

thorbjorn.sjovold a t specopssoft.com


Download our free tool for remote Gpupdate with graphical reporting,







From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Washington, Booker
Sent: den 3 april 2007 23:14
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Which log to check to track changes made in Group Policy


If I wanted to check when a change was made to a policy within Group Policy, or 
to track all of the changes made to group olicy, which log would I check?



Other related posts: