Group Policy Auditing with Netwrix Auditor

Report and alert on Group Policy changes and generate state-in-time reports

Group Policy auditing is a key procedure for all organizations whose reliance on Group Policy infrastructure is critical. Relatively small changes to security policies, desktop configurations, software deployment, and other settings can severely impact enterprise security, compliance, and performance.

Built-in Group Policy management tools don't have any auditing and change reporting capabilities and you just can't track who, what, and when data for critical modifications. For example, native Windows auditing only tells you that a Group Policy changed. There is no indication of the setting that changed and you are only provided with cryptic GUIDs for cross-referencing.

"Before" and "after" details for GPO link and priority changes aren't provided at all in Windows 2003 and before; Windows 2008 provides this data but it isn't easy to use it (download Summary: Limitations of Native Active Directory Auditing Tools to learn more). The uncontrolled and unaudited change process imposes major security and compliance risks for an IT infrastructure run by multiple IT professionals.

Powered by AuditAssurance™ technology, Netwrix Auditor makes Group Policy change auditing tasks very easy and straightforward. This product sends daily reports detailing every single change made to Group Policy configuration. The reports list newly created and deleted GPOs, GPO link changes, changes made to audit policy, password policy, software deployment, user desktops, and all other settings. The data includes Who, What, and When information for all changes with previous and current values for all modified settings.

This feature is available in the Netwrix Auditor solutions for:

Features and Benefits:

The product records all Group Policy modifications and archives them to enable historical reporting. You can build a summary of changes made to Group Policy during any period to analyze any policy violations that took place in the past. For example, you can see who turned off invalid logon auditing in your domain security policy, who added new software to deploy on client computers, who changed desktop firewall and lockdown settings, and many other examples.

Download Free Trial One-to-One Demo Request Quote