Audit group policy changes

Folks, is it possible in 2008 R2 or Windows Server in general to audit the state of a group policy object before and after a change is made to it. Anyone done this in prod/lab?

Help's appreciated!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Essendon

Anyone please?

undomiel

I haven't had a need to do it before but I did some searching around and ran across this tool: Group Policy Change Reporter (Freeware and Commercial)

Essendon

Thanks for the reply undomiel. Can this be done using Windows only?

Claymoore

Essendon wrote: »

Thanks for the reply undomiel. Can this be done using Windows only?

Not that I know of. Advanced Group Policy Management can audit and even roll back changes, but that is part of the MDOP suite.

Essendon

Thank you for the reply and the link Claymoore.

Everyone

This article is for 2003, but works on 2008 as well...
Monitoring Group Policy Changes with Windows Auditing - Windows Security Logging and Other Esoterica - Site Home - MSDN Blogs

Basically you turn on auditing of the GPO folders on your domain controllers. Then whenever someone makes a change, you have an audit trail.

ITguy509

Yes, there are several tools you can download that will tell you any time a change has been made to a GPO. We use NetWrix Group Policy Change Reporter, which I find very easy to use and it’s free, but I also know that Quest Software and ScriptLogic offer GP auditing tools. Worth looking into of you need reporting on (before and after) changes made to GPOs