Group Policy auditing is a key procedure for all organizations whose reliance on Group Policy infrastructure is critical. Relatively small changes to security policies, desktop configurations, software deployment and other settings can severely impact enterprise security, compliance, and performance.
Built-in Group Policy management tools don't have any auditing and change reporting capabilities and you just can't track who, what and when data for critical modifications. For example, native Windows auditing only tells you that a Group Policy changed. There is no indication of the setting that changed and you are only provided with cryptic GUIDs for cross-referencing.
"Before" and "after" details for GPO link and priority changes aren't provided at all in Windows 2003 and before; Windows 2008 provides this data but it isn't easy to use it (download Summary: Limitations of Native Active Directory Auditing Tools to learn more). The uncontrolled and unaudited change process imposes major security and compliance risks for an IT infrastructure run by multiple IT professionals.
Powered by AuditAssurance technology, NetWrix Group Policy Change Reporter makes Group Policy change auditing task very easy and straightforward. This product sends daily reports detailing every single change made to Group Policy configuration. The reports list newly created and deleted GPOs, GPO link changes, changes made to audit policy, password policy, software deployment, user desktops, and all other settings. The data includes Who, What and When information for all changes with previous and current values for all modified settings.
Features and Benefits:
The product records all Group Policy modifications and archives them to enable historical reporting. You can build summary of changes made to Group Policy during any period, to analyze any policy violations that took place in the past. For example, you can see who turned off invalid logon auditing in your domain security policy, who added new software to deploy on client computers, who changed desktop firewall and lockdown settings, and many other examples.
Windows IT Pro Community Choice Award of 2009 : Netwrix Group Policy Change Reporter was nominated and voted as Best Active Directory and Group Policy Product.