Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Monitor Changes to Group Policy Settings

Posted on 2009-06-30
5
Medium Priority
?
675 Views
Last Modified: 2012-05-07
Right now I have a Windows 2000 AD domain. How can I find out WHO / which network account made a change to a default domain policy? How can I be notifyed WHEN ANY of our GP get modified????
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24748889
Out of the box you will be able to find out who made a change. It won't tell you what was changed
Audit directory service access is enabled by default in the default domain controllers policy (you can check yours and make sure that is still on)
Then Auditing is turned on for the policies container within AD.
So look for event 566 in your logs. (check PDC emulator first)

So here is the rub with that; so as you can see you are just auditing when a change to a GPO happens. It does not tell you what was changed in the GPO. For that, you will need a 3rd party product.  
Good blog on the subject here:
http://blogs.msdn.com/ericfitz/archive/2005/08/04/447951.aspx
 
Thanks
Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24749019
Quick follow up - screen shot of what the event looks like.
 
Thanks
 
Mike
 
 

groupPolicy-Audit-Event.jpg
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24753513
Here the problem someone made a change to our default domain policy and it didn't have auditing enabled... Is there anyway for me to track who changed a GP last with out audting enabled???
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 24754899
Unfortunately no way that I know of if auditing is turned off or not enabled.  The closes thing is to see the modified date/time and that may narrow it down to those that were working that day.
Thanks
Mike
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24754993
IS there anyway to track were a user account logged in from?
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question