You can audit access/changes on your GPOs using regular audit policies, but it is not very user friendly. See the following blog for more information: http://blogs.msdn.com/ericfitz/archive/2005/08/04/447951.aspx If you need a more robust solution, I suggest you look at something like DesktopStandard's GPOVault (now owned by Microsoft) or NetIQ's Group Policy Guardian. Regards, //signed// Jamie R Nelson Systems Engineer Ingenium Corporation ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Johnson, Matthew Sent: Thursday, May 31, 2007 10:09 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Who changed a gpo? How can I identify which user account changed a GPO? I was able to see under the details tab when it was last modified, but I need to figure out who changed it. Matthew Johnson CONFIDENTIALITY STATEMENT: This electronic message contains information from Fisher-Titus Medical Center and may be protected health information or other confidential and privileged information under law. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this message is prohibited. If you have received this electronic message in error, please notify the sender immediately by reply e-mail or telephone at 419/668-8101.