Detection of Group Policy Management Violations
There are several products on the market that provide extensive Group Policy management capabilities with approval-based change management workflows and full-featured auditing of who changed what inside GPOs. Examples are: Microsoft® Advanced Group Policy Management - AGPM (included as a part of Microsoft Desktop Optimization Pack - MDOP), Quest® Group Policy Manager, NetIQ® Group Policy Administrator and many others.
For example, MS AGPM enables full-featured change management workflow process for working with GPOs (check out, change, approve, check in) with auditing, and the actual changes are made under the server account of AGPM server on behalf of approved users according to established workflow. But if someone with excessive admin rights makes changes directly in Group Policy Object Editor bypassing AGPM they will go unnoticed (no audit records will be created) and violate the workflow, making your environment non-compliant.
Netwrix Group Policy Change Reporter can complement different Group Policy change management tools, such as Microsoft AGPM, with auditing of what was done bypassing their normal workflow rules. Group Policy management tool by Netwrix detects every single change, no matter what tool or script was used to make changes, and you can filter out all "correct" changes made by the AGPM server account to see what was done by other users bypassing AGPM. To do that, edit Program Files\Netwrix\AD Change Reporter Full Version\omituserlist_gp.txt file and add the AGPM service account name there.
Please select one of the following options to proceed:
"Group Policy change control and auditing is critical for all organizations relying on Group Policy infrastructure. Netwrix made this process very simple and affordable for companies of all sizes, by enabling convenient reporting of Group Policy to document and archive all policy changes."
- Darren Mar-Elia, a Group Policy MVP, CTO and Founder of SDM Software