Can anyone tell me a way we can natively audit all group policy changes that are done in Windows Server 2003 AD? Thanks for any information in advance.
Printable View
Can anyone tell me a way we can natively audit all group policy changes that are done in Windows Server 2003 AD? Thanks for any information in advance.
Hello Phani,
Check this article:
http://blogs.msdn.com/ericfitz/archi...04/447951.aspx
There is no full logging builtin. Maybe you can find also some 3rdparty tools,
check Quest and NetPro.
Also have a look on 2008's new Auditing options:
http://technet.microsoft.com/en-us/l.../cc731607.aspx
You can only use the native Active Directory auditing which may flood your security event log. If you're Software Assurance customer, "Advanced Group Policy Management (AGPM)" is something you should look at. It has a built-in version control and a vault for GPs.
Is there a reason you need to natively audit them? I only ask because the native audit logs don’t require the filtering capabilities necessary to audit specific events. If you can use a freeware product, I recommend that you download a tool like netwrix group policy change reporter, which will report on GP changes via E-mail.