Even seemingly minor Group Policy changes, such as changes to desktop configurations or software deployment, can heavily impact enterprise security, compliance and network performance. This makes a continuous monitoring of all changes made to GPOs a critical component in any security and compliance strategy.
However, Windows security logs cannot ensure complete visibility into GPO changes because they lack critical details such as which specific setting was modified and exactly how it was changed. These gaps significantly complicate both investigations and troubleshooting.
Netwrix Auditor for Active Directory delivers the visibility you need into Group Policy by tracking and reporting on all configuration changes with who, what, when and where details and before and after values. For example, its GPO reports enable you to easily determine who unlinked a GPO from an Active Directory OU, or who applied new account lockout setting to a domain.
Apart from change details, Netwrix Auditor for Active Directory also provides time-specific information about Group Policy configuration. Not only can you can get a full list of all your current GPOs with their settings, but State-in-Time™ GPO reporting enables you to easily compare the current system configuration to snapshots from any point in the past.