SCOM alert on GPO changes

Anyone ever had the need to track and raise SCOM alerts based on GPO auditing?

Hi,

If you have enabled auditing on changes, you can pick this up using a simple event rule targeted to your domain controllers.

https://rlevchenko.com/2017/03/17/how-easy-is-it-to-track-group-policy-changes-using-the-event-log/

1 Like

We have not had the need to audit GPO changes. We went for Advanced Group policy management instead to have a more foolproof implementation path for our GPO:s.

https://technet.microsoft.com/en-us/library/cc749396(v=ws.10).aspx

The “Ooops!”-factor in GPO-management have gone done drastically after we implemented AGPM.