Submit a ticketCall us

WebinarWebinar: A checklist for planning your Network Performance Monitor (NPM) upgrade

Are you ready for your next upgrade? To help you plan smoothly, join this webcast to learn more about, SolarWinds® Orion® Installer, SolarWinds Upgrade Advisor, Upgrades Guides, Training Videos, and other resources available. We’ll share key upgrade planning considerations, lessons learned from customers with practical advice from SolarWinds Product Experts. We’ll also give practical tips to identify the estimated time needed and resources, how to prepare the business and IT staff for changes, ways to plan for required system changes, and more.

Register now.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Monitoring Group Policy change events

Monitoring Group Policy change events

Table of contents

 

Updated February 7, 2017

Overview

This article provides steps to locate events for Group Policy Object (GPO) changes in your domain.

Environment

  • All LEM versions
  • Domain controllers sending events to LEM

Steps

If your audit policy is logging these events, you can use below query to find them using nDepth in LEM. However, these events do not contain much information besides which GPO was changed, when it was changed, and who made the change.

 

In nDepth, perform a query with this condition:

ObjectAudit.ObjectType = groupPolicyContainer

 

That will return any create, delete, or edit events for GPOs. If you are looking for a change to a specific policy, you can verify which GPO the event is referring to by comparing the CN in the ObjectName field with the Unique ID in the policy itself in Group Policy Management on your server. See the following images:

 

 

 

 

 

Last modified

Tags

Classifications

Public