Hello All,
Is there any way to monitor GPO policy changes in SAM?
Thanks,
Alan
It depends on how deep you need the monitoring to go. SAM does have Windows event monitor components that you can configure to watch for the specific events that are triggered when a GPO change occurs or you could use the script monitor components to run some PowerShell scripts and return numeric values of your choice to indicate some specific status or state in GPO you are looking for. However those options really only tell you that something changed. If you are looking for something to give you a before and after or a diff on the GPO that was changed, SAM is probably not the right tool for that.
That's correct , i have implemented the event ID based monitoring but it's not showing the name what policy was changed and what was the changes made in the policy. However it's giving me the CN ID which we can manually check on DC server which policy that CN belongs to and start troubleshooting.
If it helps any, and saves you a few extra steps, you can probably write this as a PowerShell script to look for the event log, then query AD to find the policy name. Policies are stored in AD under System \ Policies \ {GUID}. If you open AD Users & Computers, and go to View > Advanced then you can look at them. There is an attribute on the object that has the Display Name, which is the name of the GPO. You can use either ADSI or Get-ADObject to retrieve the information. Something like:
[adsi]$obj = "LDAP://CN={GUIDHERE},CN=Policies,CN=System,DC=Your,DC=DOMAIN"$obj.displayName
Or
$obj = Get-ADObject "CN={GUIDHERE},CN=Policies,CN=System,DC=Your,DC=DOMAIN" -properties DisplayName$obj.displayName
