Link to home
Start Free TrialLog in
Avatar of compdigit44
compdigit44

asked on

Monitor Changes to Group Policy Settings

Right now I have a Windows 2000 AD domain. How can I find out WHO / which network account made a change to a default domain policy? How can I be notifyed WHEN ANY of our GP get modified????
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Out of the box you will be able to find out who made a change. It won't tell you what was changed
Audit directory service access is enabled by default in the default domain controllers policy (you can check yours and make sure that is still on)
Then Auditing is turned on for the policies container within AD.
So look for event 566 in your logs. (check PDC emulator first)

So here is the rub with that; so as you can see you are just auditing when a change to a GPO happens. It does not tell you what was changed in the GPO. For that, you will need a 3rd party product.  
Good blog on the subject here:
http://blogs.msdn.com/ericfitz/archive/2005/08/04/447951.aspx
 
Thanks
Mike
Quick follow up - screen shot of what the event looks like.
 
Thanks
 
Mike
 
 

groupPolicy-Audit-Event.jpg
Avatar of compdigit44
compdigit44

ASKER

Here the problem someone made a change to our default domain policy and it didn't have auditing enabled... Is there anyway for me to track who changed a GP last with out audting enabled???
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
IS there anyway to track were a user account logged in from?