Event ID for modified GPOs

active-directory group-policy windows-event-log
8,727

On Windows Server 2008, it is event ID 5136 (Directory Service Changes). See also event IDs 5137 (create), 5138 (undelete), 5130 (move). Event ID 4662 contains the old-style audit event (see below).

On Windows 2000 Server and Windows Server 2003:

[T]he policy Audit directory service access was the only auditing control available for Active Directory. The events that were generated by this control did not show the old and new values of any modifications. This setting generated audit events in the Security log with the ID number 566. In Windows Server 2008, the audit policy subcategory Directory Service Access still generates the same events, but the event ID number is changed to 4662.

Share:
8,727

Related videos on Youtube

Hinek
Author by

Hinek

Updated on September 17, 2022

Comments

  • Hinek
    Hinek almost 2 years

    I have to know, who (usersid or loginname) changed a specified GPO for a specified OU in the Active Directory. Given our audit settings include this, what would be the right Event ID to look for?

  • Hinek
    Hinek over 14 years
    Unfortunately it's not 2008 ... if I look for Event ID 566 ... the "Object Type" in the message should be {f30e3bc2-9ff0-11d1-b603-0000f80367c1}, right?
  • shufler
    shufler over 14 years
    Object Type will be something like user or computer.
  • 89c3b1b8-b1ae-11e6-b842-48d705
    89c3b1b8-b1ae-11e6-b842-48d705 over 10 years
    Please summarize the article that you linked, quoting any relevant code segments or configuration blocks. Sites can change in the future or fail to load for any number of reasons.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Trouble getting GPO logon script to run using Active Directory Domain Services
Setting disk quotas with Active Directory
Windows 10 Hello on domain-joined computer - Credentials could not be verified
Active Directory Allow User to Install Only
GPO only works on authenticated users
Can I check what policies are being applied to a particular security group in ADUC?
Remove delete permission for active directory group in Microsoft 2008 Server R2
AD DC - Group Policy Event ID 1055
Local group policy not applying (gpresult says its empty, but it's not)
GPO refresh error - Policy Refresh has not completed in the expected time. Exiting