how can i determine when a GPO has been applied to a computer

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

HI,

I'm looking for log that could tell me when a specific GPO has been applied
to a computer, I know that you can determine that a GPO has been apllied to
a computer by looking into the eventvwr for

Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 27/10/2004
Time: 4:58:29 PM
User: N/A
Computer: 043-RAOULDMB
Description:
Security policy in the Group policy objects has been applied successfully.

MY concern is more about when a specifis GPO has been applied and maybe what
settings, was applied to the computer,

On the second hand i would like to know when people make change to a GPO,
where are the object access entries are logged when using the administrative
tools from the workstation. in other words is there any way to find when and
who made changes to a pecific GPO, and where should i look for this type of
information.

Thanks

Ralph
 
Hi Ralph

You can use gpresult to view which policies have been applied to a machine.
If you enable "Audit Policy Change", I think that gives you what you're
after in tracking edits (at least partly).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks you for your answer,

i think i haven't been clear, my goal is to track all the gpo that have been
applied on the computer over time, i'm looking for a log file that can tell
me by date since my worksatation is connected to the domain, when and what
gpo was applied. i have looked on the different log file and find
winlogon.log file that look close to what i'm looking but this only track
when the user logon, and does not keep the data for a long period. hope this
will make it more clear and that there is such type of log in windows.

for the policy change entry, is that entry going to show on the DC security
log or on the local workstation security log.

ralph



Mark Renoden said:
Hi Ralph

You can use gpresult to view which policies have been applied to a machine.
If you enable "Audit Policy Change", I think that gives you what you're
after in tracking edits (at least partly).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Ralph said:
HI,

I'm looking for log that could tell me when a specific GPO has been
applied
to a computer, I know that you can determine that a GPO has been apllied
to
a computer by looking into the eventvwr for

Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 27/10/2004
Time: 4:58:29 PM
User: N/A
Computer: 043-RAOULDMB
Description:
Security policy in the Group policy objects has been applied successfully.

MY concern is more about when a specifis GPO has been applied and maybe
what
settings, was applied to the computer,

On the second hand i would like to know when people make change to a GPO,
where are the object access entries are logged when using the
administrative
tools from the workstation. in other words is there any way to find when
and
who made changes to a pecific GPO, and where should i look for this type
of
information.

Thanks

Ralph
Click to expand...
Click to expand...
 
Hi Ralph

There's nothing turned on by default. User Environment debug logging
probably gives you what you want but it'll consume diskspace as it's quite
verbose when you have it turned to a level that will give you details like
this.

221833 How to enable user environment debug logging in retail builds of
Windows
http://support.microsoft.com/?id=221833

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Ralph said:
Thanks you for your answer,

i think i haven't been clear, my goal is to track all the gpo that have
been
applied on the computer over time, i'm looking for a log file that can
tell
me by date since my worksatation is connected to the domain, when and what
gpo was applied. i have looked on the different log file and find
winlogon.log file that look close to what i'm looking but this only track
when the user logon, and does not keep the data for a long period. hope
this
will make it more clear and that there is such type of log in windows.

for the policy change entry, is that entry going to show on the DC
security
log or on the local workstation security log.

ralph



Mark Renoden said:
Hi Ralph

You can use gpresult to view which policies have been applied to a
machine.
If you enable "Audit Policy Change", I think that gives you what you're
after in tracking edits (at least partly).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Ralph said:
HI,

I'm looking for log that could tell me when a specific GPO has been
applied
to a computer, I know that you can determine that a GPO has been
apllied
to
a computer by looking into the eventvwr for

Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 27/10/2004
Time: 4:58:29 PM
User: N/A
Computer: 043-RAOULDMB
Description:
Security policy in the Group policy objects has been applied
successfully.

MY concern is more about when a specifis GPO has been applied and maybe
what
settings, was applied to the computer,

On the second hand i would like to know when people make change to a
GPO,
where are the object access entries are logged when using the
administrative
tools from the workstation. in other words is there any way to find
when
and
who made changes to a pecific GPO, and where should i look for this
type
of
information.

Thanks

Ralph
Click to expand...
Click to expand...
Click to expand...
 
RSOP.msc should tell you what you want but you need local administrative
privledges on the client computer that you are running it on.

Greg
 
Back
Top