Group Policy is the backbone of Active Directory infrastructure; it takes into account the security and business requirements of organizations; it also ensures that the right architecture are applied to all objects that are linked to it. A Group Policy object allows configurations to be applied from a central point; they play a major role in reducing administrative burden through policy enforcement on all its linked objects. Changes to a Group Policy object need to be monitored and this is needed in-order to keep any organization safe and secure.
Experts consider GPO changes like,
to be among the top 5 Active Directory changes needed to be monitored in the security log. Group Policy change audit reports from ADAudit Plus do just that. Further, ADAudit Plus questions all changes that happen to a Group Policy object over its lifetime and provide a clear insight on the history of changes to the Group Policy object. Real time change information on audits / modifications to the GPOs are also sent out as email alerts.
Changes to a Group Policy object like - creation, deletion, modification and GPO link changes are recorded in the security log of Domain controllers. This data is extracted by ADAudit Plus and listed as reports on its convenient web interface. The reports show audit information on "Who" did "What" GPO change "When" and from "Where.
ADAudit Plus reports primarily lists all newly created and deleted GPOs. GPO link changes and recently modified GPOs are also shown as separate reports. The details available in the reports can be configured and scheduled to be notified via email.
Listed below are Group Policy object change reports from ADAudit Plus.