Group Policy auditing is a key procedure for all organizations whose reliance on Group Policy infrastructure is critical. Relatively small changes to security policies, desktop configurations, software deployment, and other settings can severely impact enterprise security, compliance, and performance.
Built-in Group Policy management tools don't have any auditing and change reporting capabilities and you just can't track who, what, and when data for critical modifications. For example, native Windows auditing only tells you that a Group Policy changed. There is no indication of the setting that changed and you are only provided with cryptic GUIDs for cross-referencing.
"Before" and "after" details for GPO link and priority changes aren't provided at all in Windows 2003 and before; Windows 2008 provides this data but it isn't easy to use it (download Summary: Limitations of Native Active Directory Auditing Tools to learn more). The uncontrolled and unaudited change process imposes major security and compliance risks for an IT infrastructure run by multiple IT professionals.
Powered by AuditAssurance™ technology, Netwrix Auditor makes Group Policy change auditing tasks very easy and straightforward. This product sends daily reports detailing every single change made to Group Policy configuration. The reports list newly created and deleted GPOs, GPO link changes, changes made to audit policy, password policy, software deployment, user desktops, and all other settings. The data includes Who, What, and When information for all changes with previous and current values for all modified settings.
The product records all Group Policy modifications and archives them to enable historical reporting. You can build a summary of changes made to Group Policy during any period to analyze any policy violations that took place in the past. For example, you can see who turned off invalid logon auditing in your domain security policy, who added new software to deploy on client computers, who changed desktop firewall and lockdown settings, and many other examples.
Detects Who Changed What, When and Where
Detects all Group Policy setting and permission changes in full detail including information about who made changes, when they were made and where (domain controller name).
Reports Previous and Current Values for Every Change
Reports show previous and new settings values for every Group Policy setting from any point in time. For example, when a password length is changed in a GPO, the audit report will show both the previous and new password lengths.
Scheduled Group Policy Audit Reports with Automated Delivery
Report subscription feature allows selection of any report for automated delivery.
The product easily works in existing environments and can scale to deployments of 1 million users or more across more than 1,000 domain controllers due to optional, lightweight, non-intrusive agents, efficient AuditAssurance™ data collection methods, and an innovative storage architecture.
Long-term Historical Reporting
Fast compressed storage of collected audit data enables historical reporting for any period of time (e.g. 2 months or 3 years), as required by your auditors both internal and external.
Group Policy Snapshot Reporting
Group Policy reporting tools present snapshots to provide a clear picture of GPO settings, either current or in the past.
Agentless and Agent-based Data Collection
To achieve maximum efficiency, reliability and flexibility, both an agentless and non-intrusive agent-based data collection methods are included.
Integration with Microsoft System Center Operations Manager
Integration with SCOM provides organizations that use Microsoft System Center with fully automated Group Policy auditing thereby protecting these investments.
Automatic Backup and Recovery of Group Policy Objects
Automatically backs up all Group Policy Objects and provides the ability to recover them to help maintain compliance and maintain security.
This software is not reviewed yet.
Netwrix Active Directory Change Reporter is a free tool that reports the changes made to Active Directory and delivers detailed information on a daily basis. The report includes the 4 "W"s-Who, What, When, and Where-of all changes.
The product gives end users ability to securely manage their passwords and resolve account lockouts in a self-service fashion without involvement of helpdesk personnel. Please visit www.netwrix.com to obtain quote.
Netwrix Auditor is a unified solution for configuration auditing and compliance for your entire IT infrastructure. The product audits and reports who changed what, when, and where in AD, servers, VMware etc. Price for 150 users is $3450.
Netwrix Change Notifier for Exchange is a free tool that audits and reports changes made to Exchange Server configurations, mailboxes, and permissions.
Netwrix Change Notifier for Active Directory is a free tool that tracks the changes made to Active Directory and delivers daily email reports showing all changes made during the last day.