Solved

Monitor Changes to Group Policy Settings

Posted on 2009-06-30
5
671 Views
Last Modified: 2012-05-07
Right now I have a Windows 2000 AD domain. How can I find out WHO / which network account made a change to a default domain policy? How can I be notifyed WHEN ANY of our GP get modified????
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24748889
Out of the box you will be able to find out who made a change. It won't tell you what was changed
Audit directory service access is enabled by default in the default domain controllers policy (you can check yours and make sure that is still on)
Then Auditing is turned on for the policies container within AD.
So look for event 566 in your logs. (check PDC emulator first)

So here is the rub with that; so as you can see you are just auditing when a change to a GPO happens. It does not tell you what was changed in the GPO. For that, you will need a 3rd party product.  
Good blog on the subject here:
http://blogs.msdn.com/ericfitz/archive/2005/08/04/447951.aspx
 
Thanks
Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24749019
Quick follow up - screen shot of what the event looks like.
 
Thanks
 
Mike
 
 

groupPolicy-Audit-Event.jpg
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24753513
Here the problem someone made a change to our default domain policy and it didn't have auditing enabled... Is there anyway for me to track who changed a GP last with out audting enabled???
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24754899
Unfortunately no way that I know of if auditing is turned off or not enabled.  The closes thing is to see the modified date/time and that may narrow it down to those that were working that day.
Thanks
Mike
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24754993
IS there anyway to track were a user account logged in from?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question