Group Policy is basically a combination of LDAP and files in the DCs so you need to enable auditing there then watch the security log on all DCs. But I would suggest that you check out Microsoft's new Advanced Group Policy Manager, AGPM, that makes it possible to pretty much change Group Policy administration into a proper workflow process where every single step can be monitored for who did what. I do not believe it is released yet, but should be pretty soon, so if you need this now, there are third party tools from both NetPro, Quest and others that monitors changes in AD and thus Group Policy. Although I actually think you can still download GPOVault from DesktopStandard's old web site (AGPM used to be GPOVault before MS acquired DesktopStandard). HTH, Thorbjörn Sjövold Special Operations Software www.specopssoft.com <http://www.specopssoft.com/> thorbjorn.sjovold a t specopssoft.com Download our free tool for remote Gpupdate with graphical reporting, http://www.specopssoft.com/products/specopsgpupdate/ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Washington, Booker Sent: den 3 april 2007 23:14 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Which log to check to track changes made in Group Policy If I wanted to check when a change was made to a policy within Group Policy, or to track all of the changes made to group olicy, which log would I check?