|
Right, the challenge that native auditing presents is that
no details about what GPO setting is changed are logged. You can find out that
something changed on the GPC, but that's about it. As Hunter
mentioned, there are at least three commercial products that I know of that do
provide detailed GPO logging:
NetIQ GP Guardian
Netpro Change Auditor
Quest Change Manager for AD
Darren
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Thursday, March 24, 2005 2:20 PM To: [email protected] Subject: RE: [ActiveDir] Logging changes made to GPOs You can employ a 3rd party tool like the offerings from
NetPro, NetIQ, Quest etc
Natively, if you enable Audit directory service access
you can detect changes to GPOs by finding event ID 565s that have the Object
Type value groupPolicyContainer, the Accesses value Write Property, and a Write
Property that includes versionNumber From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janson, Joe Sent: Thursday, March 24, 2005 8:30 AM To: [email protected] Subject: [ActiveDir] Logging changes made to GPOs Is it possible to log changes made
to Group Policy Objects? |
- Re: [ActiveDir] Logging changes made to GPOs Darren Mar-Elia
