Group Policy Fake Changes

Email It to Me Print this Page
Symptoms You received Group Policy Change Report showing some changes you do not believe you made.
Cause By default the product uses a domain controller for the data collection which is most available. On some of the domain controllers Group Policy replication may not occur correctly. The product may connect to the domain controller that has a replication issue with regards to Group Policies, hence the outdated information, and gather GPOs which contain outdated policy settings. The outdated information in gathered GPOs will be considered as a change when comparing to the previous snapshot.
Resolution To prevent this from happening we recommend using a single domain controller for collecting Group Policy changes.
In order to check which domain controller is currently used for Group Policy changes collection, see this file:
C:\ProgramData\Netwrix Auditor\AD Change Reporter\Omitlists\\dclist.txt
If there is more than one DC listed in that file, it means that the first DC in the list didn't respond at some point and Netwrix had to pick a new one. This could be the reason for fake changes.
If you know a DC which is highly available and stable, feel free to put its FQDN into that file instead of the current ones.

(*) Netwrix Auditor replaces former Change Reporter products
Was this information helpful?