NetWrix Group Policy Change Reporter

NetWrix Auditing Platform Architecture

Group Policy auditing is a key procedure for all organizations whose reliance on Group Policy infrastructure is critical. Relatively small changes to security policies, desktop configurations, software deployment and other settings can severely impact enterprise security, compliance, and performance.

Built-in Group Policy management tools don't have any auditing and change reporting capabilities and you just can't track who, what and when data for critical modifications. For example, native Windows auditing only tells you that a Group Policy changed. There is no indication of the setting that changed and you are only provided with cryptic GUIDs for cross-referencing.

"Before" and "after" details for GPO link and priority changes aren't provided at all in Windows 2003 and before; Windows 2008 provides this data but it isn't easy to use it (download  Summary: Limitations of Native Active Directory Auditing Tools to learn more). The uncontrolled and unaudited change process imposes major security and compliance risks for an IT infrastructure run by multiple IT professionals.

Powered by AuditAssurance™ technology, NetWrix Group Policy Change Reporter makes Group Policy change auditing task very easy and straightforward. This product sends daily reports detailing every single change made to Group Policy configuration. The reports list newly created and deleted GPOs, GPO link changes, changes made to audit policy, password policy, software deployment, user desktops, and all other settings. The data includes Who, What and When information for all changes with previous and current values for all modified settings.

Features and Benefits:

• Audit and report on all day-to-day Group Policy management tasks;
• Streamline creation of compliance reports for your SOX, GLBA and HIPAA auditors - Download report sample;
• Provide bird's eye view of all Group Policy management processes to IT managers;
• Automatically backup and recover Group Policy objects (download instructions);
• Integration with System Center Operations Manager via SCOM Management Pack for Group Policy Change Reporter that feeds the audit data to SCOM for customized processing (rules, alerts, etc.).

The product records all Group Policy modifications and archives them to enable historical reporting. You can build summary of changes made to Group Policy during any period, to analyze any policy violations that took place in the past. For example, you can see who turned off invalid logon auditing in your domain security policy, who added new software to deploy on client computers, who changed desktop firewall and lockdown settings, and many other examples.

The product can be installed separately, but also is available as a part of the unified Change Reporter Suite that automates auditing of the entire IT infrastructure.