Altaro product updates and new forums

Product Updates

  • Altaro has just released a new version of their virtual machine (VM) backup solution for Hyper-V and VMware environments that now includes WAN-Optimized ReplicationAltaro VM Backup v8WAN-Optimized Replication permits a business to make an ongoing copy of its virtual machines (VMs) to a remote site and to switch to that copy with immediacy should anything go wrong with the live VMs, such as damage due to hurricanes, fires and flooding. Downtime is therefore reduced to no time at all. Some more info here and here.
  • They have now also launched Altaro Office 365 Backup for MSPS! As Microsoft does not back up Office 365 subscriber data, Altaro’s new offering enables MSPs to provide their customers with robust, reliable mailbox backup and recovery services. Altaro Office 365 Backup for MSPs backs up mail items and their attachments, with backups taking place automatically several times per day to Altaro’s secure Microsoft Azure backup location. MSPs can manage and monitor the mailboxes they are handling per customer through a centralized, multi-tenant online management console. More info here and here.

Launch of Altaro Dojo Forums

 

How easy is it to track Group Policy changes using the event log?

Group Policy Objects contain the settings to control almost everything in Active Directory; including Sites, Domains, Organizational Units, Users, Groups, Computers and other objects. In large enterprises, multiple administrators manage objects centrally through the Group Policy Management Console (GPMC) from different computers in the domain. Often, users complain that their system settings have been changed without their knowledge.

Group Policy Auditing with Windows

Occasionally the IT team is responsible for these changes; however, it is possible that someone with the right to make changes in the Group Policy Management Console has altered settings for which there was no authorization. Changes in Group Policy Objects like these, that can often remain unknown to others, can create accountability issues. It is therefore very important to audit these changes to know who did what change, when and from which location

GPO Auditing is possible with Windows 2000 Server; however, it was always a bit noisy and did not provide granular levels of detail. In the latest versions of Windows Server, Microsoft introduced advanced auditing where users can granularly determine what to audit and what not to audit, thus creating a manageable number of logs.

Group Policy is used to perform numerous tasks; including configuring auditing and deciding what users can or cannot access. It is therefore necessary to monitor Group Policy changes. But how? Here, you will see the steps to enable Group Policy auditing in Active Directory.

How to enable auditing of Group Policy Objects

A Group Policy Object is stored in two parts – Group Policy Templates (defines the GPO template) and Group Policy Containers (an object in Active Directory pointing to GPO template). Group Policy Templates are stored in %sysroot%SYSVOL folder. The auditing of SYSVOL folder, Group Policy Container Objects and DS Objects has to be enabled in order to enable the Group Policy Objects.

How to enable auditing of DS objects

Perform the following steps to enable auditing of Directory Service Objects:

  1. Launch Group Policy Management Console (GPMC) from the “Administrative Tools” in the “Start Menu”.
  2. Go to Forest -> Domains -> Domain Controllers.

  3. Right click “Default Domain Controllers Policy”, and click on “Edit” to access “Group Policy Management Editor” (GPMC Editor).

  4. The GPMC Editor window opens up, in the editor window navigate to “Computer Configuration” -> “Policies” -> “Windows Settings” -> “Security Settings” -> “Advanced Audit Policy Configuration” -> “Audit Policies”.

  5. Select “DS Access” in the Audit Policies. The following policies will be displayed in it.

I. Audit Directory Service Access

II. Audit Directory Service Changes

III. Audit Directory Service Replication

IV. Audit Detailed Directory Service Replication

  1. One by one, double-click these policies, and enable their auditing for both “Success and “Failure”.
  • Do the same steps to enable the auditing of “Object Access” -> “Audit File System” in “Advanced Audit Policy Configuration”.

  • Continue reading “How easy is it to track Group Policy changes using the event log?”