Group Policy auditing is a key procedure for all organizations whose reliance on Group Policy infrastructure is critical. Relatively small changes to security policies, desktop configurations, software deployment, and other settings can severely impact enterprise security, compliance, and performance.
Built-in Group Policy management tools don't have any auditing and change reporting capabilities and you just can't track who, what, and when data for critical modifications. For example, native Windows auditing only tells you that a Group Policy changed. There is no indication of the setting that changed and you are only provided with cryptic GUIDs for cross-referencing.
"Before" and "after" details for GPO link and priority changes aren't provided at all in Windows 2003 and before; Windows 2008 provides this data but it isn't easy to use it (download Summary: Limitations of Native Active Directory Auditing Tools to learn more). The uncontrolled and unaudited change process imposes major security and compliance risks for an IT infrastructure run by multiple IT professionals.
Powered by AuditAssurance™ technology, Netwrix Auditor makes Group Policy change auditing tasks very easy and straightforward. This product sends daily reports detailing every single change made to Group Policy configuration. The reports list newly created and deleted GPOs, GPO link changes, changes made to audit policy, password policy, software deployment, user desktops, and all other settings. The data includes Who, What, and When information for all changes with previous and current values for all modified settings.
The product records all Group Policy modifications and archives them to enable historical reporting. You can build a summary of changes made to Group Policy during any period to analyze any policy violations that took place in the past. For example, you can see who turned off invalid logon auditing in your domain security policy, who added new software to deploy on client computers, who changed desktop firewall and lockdown settings, and many other examples.
Detects Who Changed What, When and Where
Detects all Group Policy setting and permission changes in full detail including information about who made changes, when they were made and where (domain controller name).
Reports Previous and Current Values for Every Change
Reports show previous and new settings values for every Group Policy setting from any point in time. For example, when a password length is changed in a GPO, the audit report will show both the previous and new password lengths.
Scheduled Group Policy Audit Reports with Automated Delivery
Report subscription feature allows selection of any report for automated delivery.
The product easily works in existing environments and can scale to deployments of 1 million users or more across more than 1,000 domain controllers due to optional, lightweight, non-intrusive agents, efficient AuditAssurance™ data collection methods, and an innovative storage architecture.
Long-term Historical Reporting
Fast compressed storage of collected audit data enables historical reporting for any period of time (e.g. 2 months or 3 years), as required by your auditors both internal and external.
Group Policy Snapshot Reporting
Group Policy reporting tools present snapshots to provide a clear picture of GPO settings, either current or in the past.
Agentless and Agent-based Data Collection
To achieve maximum efficiency, reliability and flexibility, both an agentless and non-intrusive agent-based data collection methods are included.
Integration with Microsoft System Center Operations Manager
Integration with SCOM provides organizations that use Microsoft System Center with fully automated Group Policy auditing thereby protecting these investments.
Automatic Backup and Recovery of Group Policy Objects
Automatically backs up all Group Policy Objects and provides the ability to recover them to help maintain compliance and maintain security.
This software is not reviewed yet.
Netwrix Event Log Archiver is a free tool to automatically consolidate and archive Windows event logs across the network. The tool collects and consolidates event logs from multiple servers and archives them in a central location.
Netwrix Change Notifier for Windows Server is a free auditing tool to monitor server configurations and automatically document changes, including installed software and hardware, local security settings, and registry settings.
Netwrix Change Notifier for Active SQL Server is a free tool to audit and report on administrative changes made to server configurations and databases: users, roles and schema changes.
Netwrix Change Notifier for VMware is a free tool that audits changes to VMware host and virtual machine settings, creation and deletion of virtual machines and sends you audit reports via email.
Netwrix Change Notifier for File Servers is a free tool to audit file server changes. The tool sends daily reports about all file server changes: file and folder changes, shares, and permissions with previous and new values of configuration values.