NetWrix Group Policy Change Reporter

Auditing of changes in Group Policy objects and settings

Overview

Group Policy auditing is a must have procedure for all organisations relying on Group Policy infrastructure. Relatively small changes to security policies, desktop configurations, software deployment and other settings can severely impact enterprise security, compliance, and performance.

Built-in Group Policy management tools don't have any auditing and change reporting capabilities and you just can't track who, what and when data for critical modifications. For example, native Windows auditing only tells you that a Group Policy changed. There is no indication of the setting that changed and you are only provided with cryptic GUIDs for cross-referencing.

"Before" and "after" details for GPO link and priority changes aren't provided at all in Windows 2003 and before; Windows 2008 provides this data but it isn't easy to use it. The uncontrolled and unaudited change process imposes major security and compliance risks for an IT infrastructure run by multiple IT professionals.

Powered by AuditAssurance™ technology, NetWrix Group Policy Change Reporter makes Group Policy change auditing task very easy and straightforward. This product sends daily reports detailing every single change made to Group Policy configuration. The reports list newly created and deleted GPOs, GPO link changes, changes made to audit policy, password policy, software deployment, user desktops, and all other settings. The data includes Who, What and When information for all changes with previous and current values for all modified settings.

Features and Benefits:

Audit and report on all day-to-day Group Policy management tasks;
Streamline creation of compliance reports for your SOX, GLBA and HIPAA auditors;
Provide bird's eye view of all Group Policy management processes to IT managers;
Automatically backup and recover Group Policy objects;
Integration with System Center Operations Manager via SCOM Management Pack for Group Policy Change Reporter that feeds the audit data to SCOM for customised processing (rules, alerts, etc.).

The product records all Group Policy modifications and archives them to enable historical reporting. You can build summary of changes made to Group Policy during any period, to analyze any policy violations that took place in the past. For example, you can see who turned off invalid logon auditing in your domain security policy, who added new software to deploy on client computers, who changed desktop firewall and lockdown settings, and many other examples.

The product can be installed separately, but also is available as a part of an integrated NetWrix Active Directory Change Reporter that automates auditing of the entire IT infrastructure.