Wow you are being awfully generous David, that is going to cost you a fortune! Thanks though!
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Thursday, July 08, 2004 1:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Question on Auditing GPO Changes Free enterprise licenses to all members of this list? ;> > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Gil > Kirkpatrick > Sent: Thursday, July 08, 2004 11:32 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Question on Auditing GPO Changes > > <shameless product plug> > NetPro's Change Auditor for AD also tracks GPO changes, along with > _all_ other aspects of AD configuration, and provides who, what, when, > where, and why something was changed, as well as before and after > values for each changed configuration items. See > http://www.netpro.com/products/changeauditor/index.cfm. > </shameless product plug> > > -gil > > Gil Kirkpatrick > CTO, NetPro > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rachui, Scott > Sent: Wednesday, July 07, 2004 11:24 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Question on Auditing GPO Changes > > Full Armor's GPO Repository would be a good choice. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Darren > Mar-Elia > Sent: Wednesday, July 07, 2004 12:33 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Question on Auditing GPO Changes > > > David- > It depends upon what you are really interested in seeing. > There is no good way, out-of-the-box, to audit what change was > actually made to a particular GPO setting in either Win2K or Win2k3. > If you just want to see that "somebody" made "some" change to a GPO, > then you can use DS auditing to look for changes to the Group Policy > Container (GPC) object representing a given GPO, which is what you've > already discovered. If you set up file auditing on the SYSVOL part of > the GPO (the GPT), then you will only get that a particular file in a > particular GPO was changed--you won't get any more detail than that. > That can give you some inkling as to what policy area was changed, > since each policy area stores its settings in different folders in the > GPT. > > The alternative is to go to some 3rd party solution--there are several > vendors now that offer more detailed change tracking of GPO. > > Darren > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Adner > Sent: Wednesday, July 07, 2004 10:17 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Question on Auditing GPO Changes > > What's the best way to audit for GPO changes? I enabled "Audit > directory service access", which causes an audit event to occur, but > it also does the same for other kinds of DS changes, which make it a > bit more cumbersome. > This is for Windows 2000, btw. Is it easier to do with W2K3? > > I thought perhaps auditing for the actual file level changes, but I'm > not sure if that's a much cleaner solution... > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
