Solved

Monitor Changes to Group Policy Settings

Posted on 2009-06-30
5
655 Views
Last Modified: 2012-05-07
Right now I have a Windows 2000 AD domain. How can I find out WHO / which network account made a change to a default domain policy? How can I be notifyed WHEN ANY of our GP get modified????
0
Comment
Question by:compdigit44
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Out of the box you will be able to find out who made a change. It won't tell you what was changed
Audit directory service access is enabled by default in the default domain controllers policy (you can check yours and make sure that is still on)
Then Auditing is turned on for the policies container within AD.
So look for event 566 in your logs. (check PDC emulator first)

So here is the rub with that; so as you can see you are just auditing when a change to a GPO happens. It does not tell you what was changed in the GPO. For that, you will need a 3rd party product.  
Good blog on the subject here:
http://blogs.msdn.com/ericfitz/archive/2005/08/04/447951.aspx
 
Thanks
Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Quick follow up - screen shot of what the event looks like.
 
Thanks
 
Mike
 
 

groupPolicy-Audit-Event.jpg
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
Here the problem someone made a change to our default domain policy and it didn't have auditing enabled... Is there anyway for me to track who changed a GP last with out audting enabled???
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
Unfortunately no way that I know of if auditing is turned off or not enabled.  The closes thing is to see the modified date/time and that may narrow it down to those that were working that day.
Thanks
Mike
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
IS there anyway to track were a user account logged in from?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The saying goes a bad carpenter blames his tools. In the Directory Services world a bad system administrator, well, even with the best tools they’re probably not going to become an all star.  However for the system admin who is willing to spend a li…
Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now