compdigit44
asked on
Monitor Changes to Group Policy Settings
Right now I have a Windows 2000 AD domain. How can I find out WHO / which network account made a change to a default domain policy? How can I be notifyed WHEN ANY of our GP get modified????
ASKER
Here the problem someone made a change to our default domain policy and it didn't have auditing enabled... Is there anyway for me to track who changed a GP last with out audting enabled???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
IS there anyway to track were a user account logged in from?
Audit directory service access is enabled by default in the default domain controllers policy (you can check yours and make sure that is still on)
Then Auditing is turned on for the policies container within AD.
So look for event 566 in your logs. (check PDC emulator first)
So here is the rub with that; so as you can see you are just auditing when a change to a GPO happens. It does not tell you what was changed in the GPO. For that, you will need a 3rd party product.
Good blog on the subject here:
http://blogs.msdn.com/eric
Thanks
Mike