For the Active Directory admins and security minded folks the Advanced Group Policy Management (AGPM) tool is great for managing change. What SCOM does well is alert but not necessarily does it do all things out of the box even with the Group Policy Management Pack.
Say you want to know when a GPO is:
1) Created
2) Deleted
3) Modified
4) Permissions changed
5) Linked
Here is a great blog post (JimmyF_Aus) wrote to enable auditing for Group Policy change for the AD and SYSVOL. Once this is in place just create an rule to filter on events event 5136 or event 5137 if using Windows Server 2008 or above.
http://blogs.msdn.com/b/canberrapfe/archive/2012/05/02/auditing-group-policy-changes.aspx
No comments:
Show/Hide CommentsPost a Comment