Can We find out Domain Controller Policy has been Applied?

[mobi_khan]

Hi,

I want to ask question regarding the DC group policy. Is it possible to track or find out that on which system a GP is not applied?

Actually we are applying a group policy in our company and at the same time we want to keep track that if a group policy is not applied on any system or some body has changed the group policy on his/her system we can figure out that particular system on which the GP was not applied.

Is it possible?

[Defcon 5]

Can't say I know how to help you.
All I can think of is if you are redirecting home directories to the server then you could use something like deepfreeze.

Would you not be able to snap in a system log in the MMC from remote computers, thats really all I can think off but then again I'm not sure if that watches group policies but its possible their is one their which will help you out their normally is.

[Joygasm]

Well, to check which systems have gotten the GP update, while logging into the domain, they should automatically pull the GP. There is a time-out period where they should automatically grab as well if they are currently logged in when the policy was changed. Can't remember off the top of my head what the settings name is. As far as worrying if someone changes their policy on their local machine. That's Local Policy, which is over-ridden by Group Policy. Unless said user is a domain admin changing domain policy of course :p Hopefully that helped. If not, well, I tried

[Darksat]

use GPMC (Group Policy Management Console)
http://www.petri.co.il/download_gpmc.htm

To monitor policy changes you can change your GPO (Default Domain Controller Policy) to audit policy changes. The setting is here:

MACHINE Config
Windows Settings\Security Settings\Local Policies\Audit Policy      Audit policy change

I recommend auditing success and failure.
The event will appear in various DCs security logs according to which ever one the GP edit tool attaches to (I think it defaults to the infrastructure master)

The users will get an SCECLI event in their local application event log which tells you of success or failure of a policy application


Also you might look at RsOP and Tripwire

[warscar]

?320.6BateCHAP?Carl?BertRogoDavi??Tefa????Anne???Erik?
?FourDormGard?????Mati??Stou?RitoDoveBrilNive?AlaiErosCred?
?Mano?CottYounCotoonligunmRich?MusiHonkYour?MartVansFeli?Jacq?Finn??
WereDalvBarbHenrPres??ZoneLaur?HappZoneIsaaQuic?HappArts?RondR116?FuxiZone
?Rock?AgatXVII??XIII??Slay?Jame????MarkGammRobe??(
?????KronIrit??Foli??Esca???Laba??VOLK?(191Hard
Scot????Winx?wwwiKiss??supeBork?Fris????????
?????Bria??ultiRunnBoss?(193?Zapp??Chri?(Grum??
Pesc?????Sent??FeelXVII???Birc????????
?????Palo???????tuchkas??

[warscar]

XVII333.8BettCHAPGraaCommMichDulcPercMattDarcCathMichTescTescTescLeifTescVienRoseZoneMarcSPSS
BaltRoseFyodJohnEricMarkStefMusiFancSkinKingMicrThatMaryAutrAltiCleaExclMicrTescPrepOreaStan
LymaRockJeweJeweVictLineDisnNikiRobeJohnThisMODOEnchCircShasLuxoElegXIIIElegSelaWarnPushPush
JohnTadePaliElemEnjoFeliLogoRondThisMarcZoneWritCalvJuliBillRobeERINGranRobeBertXVIIZoneXXXV
CITAZoneAlleZoneZoneZoneChetZoneZoneZoneZoneZoneZoneZoneZoneZoneZoneZoneZonediamXVIIZoneZone
ZoneNouvDepoMPEGHaltStieGoreNodoInneErnsSmobDaviClasEverDalvWoodParkLabySTARHYUNSabiHumaBlue
ValiValiTyveShinBlanGargEvidMagitempWindGullRedmPhilClorChoiDreaMicrUlriUnitJewePhenFriewwwk
JeweminiEnteHomoFormstorViceworlXVIIWillThomBlaiFranKillMamoAlleNokiPaulSimoDiscPitiTracAris
JohnXVIIAngeParaBranFyodRudoPipeEricPhilDomiJeweYevgPresSailBraiJoseMikeProjCateGeraMPEGMPEG
MPEGZeroBrigFatsBillCardFleeToucPasqMarcCarlprogFyodtuchkasThisElis

[warscar]

????????gageboard??????????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
?????????????tuchkas??

[warscar]

XIII318.9CHAPCHAPWeigThomRevoAttiTRIPKotcNataGregLucaTescProfTescTescRondClasPresZoneXVIITesc
DoubTescJackSaraFabiDaviNapoTravPapaPremQuelGoogSomeJohnAmraPureKorrSepiMipaRudoLattKamiUnfo
HonoTrioOmsaArktVoguGermWindSilvXIIIFounJudiELEGTattCircLiebbrowChriELEGElegVoluSanjTrasJuli
FredGeorPaliModoNikiVentMacbRondSomeAdorZoneZoneGUESBearGramZoneSwarquotSapiEricMichZoneGina
RoseZoneXVIIZoneMichZoneChetZoneZoneZoneZoneZoneZoneZoneZoneAnnaZonediamZoneMORGOrlaZoneZone
ZoneQuijBronBlueBBucCataMielIsolBlesRoosToloWindExpeChicGranDonaProfSQuiTharPEUGLXXVThisEthn
ZewaValiCreaFranDeadponyXVIIWindWindWindGlamBoscValeClorKiteBrieSublEricbeenThinSexyLikePaul
WestAfteXVIINikoBrazXIIIAcadFredHurrThisSemcLeonPilaDonaLiveKingNothViktSupeCharBillMogwSand
FarrLeslRobeMoniDianForeBillFranPartPaulStonRogeANNOHeikBettTracNyloRobeWEEKAstrFranBlueBlue
BlueGeneCaroKennHoldStevJerrLoveDolpSensLoveTonyAlextuchkasDaniGame

[warscar]

???????????????????????
????????????haemagglutinin??????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
???????????????????????
?????????????tuchkas??

[warscar]

Lutz323.1CHAPCHAPWintStevKurtFranStepMarsKaraRudoVincTescRingKariMetaTefaClasArniZoneLouiFunc
TescPremJoseThomSlawIrviJamePaynBridGillFiorWalkJeweXVIINatuAltiPatrMatiAustBrunTescNiveJewe
ArthExtrettiChamMaheLineSonyNikiXVIINaohJoseMODOCallAdioWondLuxoGiorELEGsizeSelaDaviCamiDima
RichJohaMariELEGCircPaliCircMiyoBugaCircZoneZoneSelaFyodShorZoneSwarcoolMargCandMasaZoneLuis
FinnZoneFranZoneStarZoneChetZoneZoneZoneZoneZoneZoneZoneZoneZoneZoneZoneZonediamClauZoneZone
ZoneXVIIMajetranSILVStieTekaManiCrueFighFirsRichViolDriiRalpJameLineClawPhanPEUGPhoeJPEGBlue
FratGOBIFaltBlanLimbFiscFinewwwnwwwpMistWorlOregRoweClorKiteJuliYourEricFindDecoDeatAlanDwig
OverNeveRobeAcadCreaDecoAcadBuilHeucMarcFedoValeDiamSmasCannAmalMORGVincFromDollKeonTracLenm
UnifNeleEmanDeutXVIITillDeutCrosStuaAdamRobeIntrVikrDancOlivMoveDAIWJoanKlauJohnWilltrantran
tranPoweBlinonliVegaMIDITeacLookKonrMarcPaulMariAthetuchkasKursViro

[warscar]

Kirj109.2ReprBettGranBoriBlueWinsThorAlexIndeXVIICaroAlekAnthTescKompMarcWindDaviXVIISupeStas
DaviElecBarbhorrIrenGarnRyanJohnThukXVIIJohnBengJamePoliCaroChicAlfrSebaWindTescgreeNiveDrea
PushGregThisTheoGameCrazChriPotsELEGSelaAltaJeweTimeStelLowlLuxoWindGustThisRoelArthChriXVII
RelaComeCircEmilFallTentJackDaviSothPourHeinVictSelaBhapZoneHarlZoneHarvDaisSusaAndrZoneQuee
ZoneZoneBattZoneZoneBrucMMANZoneZoneNealZoneZoneZoneGranZoneMiniZoneZoneZoneZoneXboxZoneFJBT
ZoneFineDepoPCIeonzeActiMabeAuroPuddCoreCharPETEPolaWWQiRenzWoodOlmeAVTOSTARXXIIElecNutrCoun
UNCTPastAeroPascJuliExtrBabybookWindKaspZanzOregSmilMexxEukaJeanNiveWindSonyBeadMystAgatHenr
IrenDragLionSTADKiddAussneueStraRichAdamFOREMikhGeorSkitNitzcdnaBoriDomiNouvPeteXYIIGennDale
DragRichStonDaviAlanMetrAdriGerrMACDAudiKathJeanJeweMaybPhilsiecPictDarrIainMansEmilPCIePCIe
PCIeSatrAlexThisSomeAnotMyriMicrJameRainJohnMartRosstuchkasGrosDetr

[warscar]

audiobookkeeper.rucottagenet.rueyesvision.rueyesvisions.comfactoringfee.rufilmzones.rugadwall.rugaffertape.rugageboard.rugagrule.rugallduct.rugalvanometric.rugangforeman.rugangwayplatform.rugarbagechute.rugardeningleave.rugascautery.rugashbucket.rugasreturn.rugatedsweep.rugaugemodel.rugaussianfilter.rugearpitchdiameter.ru
geartreating.rugeneralizedanalysis.rugeneralprovisions.rugeophysicalprobe.rugeriatricnurse.rugetintoaflap.rugetthebounce.ruhabeascorpus.ruhabituate.ruhackedbolt.ruhttp://hackworker.ruhadronicannihilation.ruhaemagglutinin.ruhailsquall.ruhairysphere.ruhalforderfringe.ruhalfsiblings.ruhallofresidence.ruhaltstate.ruhandcoding.ruhandportedhead.ruhandradar.ruhandsfreetelephone.ru
hangonpart.ruhaphazardwinding.ruhardalloyteeth.ruhardasiron.ruhardenedconcrete.ruharmonicinteraction.ruhartlaubgoose.ruhatchholddown.ruhaveafinetime.ruhazardousatmosphere.ruheadregulator.ruheartofgold.ruheatageingresistance.ruheatinggas.ruheavydutymetalcutting.rujacketedwall.rujapanesecedar.rujibtypecrane.rujobabandonment.rujobstress.rujogformation.rujointcapsule.rujointsealingmaterial.ru
journallubricator.rujuicecatcher.rujunctionofchannels.rujusticiablehomicide.rujuxtapositiontwin.rukaposidisease.rukeepagoodoffing.rukeepsmthinhand.rukentishglory.rukerbweight.rukerrrotation.rukeymanassurance.rukeyserum.rukickplate.rukillthefattedcalf.rukilowattsecond.rukingweakfish.rukinozones.rukleinbottle.rukneejoint.ruknifesethouse.ruknockonatom.ruknowledgestate.ru
kondoferromagnet.rulabeledgraph.rulaborracket.ru?labourleasing.rulaburnumtree.rulacingcourse.rulacrimalpoint.rulactogenicfactor.rulacunarycoefficient.ruladletreatediron.rulaggingload.rulaissezaller.rulambdatransition.rulaminatedmaterial.rulammasshoot.rulamphouse.rulancecorporal.rulancingdie.rulandingdoor.rulandmarksensor.rulandreform.rulanduseratio.ru
languagelaboratory.rulargeheart.rulasercalibration.rulaserlens.rulaserpulse.rulaterevent.rulatrinesergeant.rulayabout.ruleadcoating.ruleadingfirm.rulearningcurve.ruleaveword.rumachinesensible.rumagneticequator.rumagnetotelluricfield.rumailinghouse.rumajorconcern.rumammasdarling.rumanagerialstaff.rumanipulatinghand.rumanualchoke.rumedinfobooks.rump3lists.ru
nameresolution.runaphtheneseries.runarrowmouthed.runationalcensus.runaturalfunctor.runavelseed.runeatplaster.runecroticcaries.runegativefibration.runeighbouringrights.ruobjectmodule.ruobservationballoon.ruobstructivepatent.ruoceanmining.ruoctupolephonon.ruofflinesystem.ruoffsetholder.ruolibanumresinoid.ruonesticket.rupackedspheres.rupagingterminal.rupalatinebones.rupalmberry.ru
papercoating.ruparaconvexgroup.ruparasolmonoplane.ruparkingbrake.rupartfamily.rupartialmajorant.ruquadrupleworm.ruqualitybooster.ruquasimoney.ruquenchedspark.ruquodrecuperet.rurabbetledge.ruradialchaser.ruradiationestimator.rurailwaybridge.rurandomcoloration.rurapidgrowth.rurattlesnakemaster.rureachthroughregion.rureadingmagnifier.rurearchain.rurecessioncone.rurecordedassignment.ru
rectifiersubstation.ruredemptionvalue.rureducingflange.rureferenceantigen.ruregeneratedprotein.rureinvestmentplan.rusafedrilling.rusagprofile.rusalestypelease.rusamplinginterval.rusatellitehydrology.ruscarcecommodity.ruscrapermat.ruscrewingunit.ruseawaterpump.rusecondaryblock.rusecularclergy.ruseismicefficiency.ruselectivediffuser.rusemiasphalticflux.rusemifinishmachining.ruspicetrade.ruspysale.ru
stungun.rutacticaldiameter.rutailstockcenter.rutamecurve.rutapecorrection.rutappingchuck.rutaskreasoning.rutechnicalgrade.rutelangiectaticlipoma.rutelescopicdamper.rutemperateclimate.rutemperedmeasure.rutenementbuilding.rutuchkasultramaficrock.ruultraviolettesting.ru

[warscar]

audiobookkeeper.rucottagenet.rueyesvision.rueyesvisions.comfactoringfee.rufilmzones.rugadwall.rugaffertape.rugageboard.rugagrule.rugallduct.rugalvanometric.rugangforeman.rugangwayplatform.rugarbagechute.rugardeningleave.rugascautery.rugashbucket.rugasreturn.rugatedsweep.rugaugemodel.rugaussianfilter.rugearpitchdiameter.ru
geartreating.rugeneralizedanalysis.rugeneralprovisions.rugeophysicalprobe.rugeriatricnurse.rugetintoaflap.rugetthebounce.ruhabeascorpus.ruhabituate.ruhackedbolt.ruhackworker.ruhadronicannihilation.ruhaemagglutinin.ruhailsquall.ruhairysphere.ruhalforderfringe.ruhalfsiblings.ruhallofresidence.ruhaltstate.ruhandcoding.ruhandportedhead.ruhandradar.ruhandsfreetelephone.ru
hangonpart.ruhaphazardwinding.ruhardalloyteeth.ruhardasiron.ruhardenedconcrete.ruharmonicinteraction.ruhartlaubgoose.ruhatchholddown.ruhaveafinetime.ruhazardousatmosphere.ruheadregulator.ruheartofgold.ruheatageingresistance.ruheatinggas.ruheavydutymetalcutting.rujacketedwall.rujapanesecedar.rujibtypecrane.rujobabandonment.rujobstress.rujogformation.rujointcapsule.rujointsealingmaterial.ru
journallubricator.rujuicecatcher.rujunctionofchannels.rujusticiablehomicide.rujuxtapositiontwin.rukaposidisease.rukeepagoodoffing.rukeepsmthinhand.rukentishglory.rukerbweight.rukerrrotation.rukeymanassurance.rukeyserum.rukickplate.rukillthefattedcalf.rukilowattsecond.rukingweakfish.rukinozones.rukleinbottle.rukneejoint.ruknifesethouse.ruknockonatom.ruknowledgestate.ru
kondoferromagnet.rulabeledgraph.rulaborracket.rulabourearnings.rulabourleasing.rulaburnumtree.rulacingcourse.rulacrimalpoint.rulactogenicfactor.rulacunarycoefficient.ruladletreatediron.rulaggingload.rulaissezaller.rulambdatransition.rulaminatedmaterial.rulammasshoot.rulamphouse.rulancecorporal.rulancingdie.rulandingdoor.rulandmarksensor.rulandreform.rulanduseratio.ru
languagelaboratory.rulargeheart.rulasercalibration.rulaserlens.rulaserpulse.rulaterevent.rulatrinesergeant.rulayabout.ruleadcoating.ruleadingfirm.rulearningcurve.ruleaveword.rumachinesensible.rumagneticequator.rumagnetotelluricfield.rumailinghouse.rumajorconcern.rumammasdarling.rumanagerialstaff.rumanipulatinghand.rumanualchoke.rumedinfobooks.rump3lists.ru
nameresolution.runaphtheneseries.runarrowmouthed.runationalcensus.runaturalfunctor.runavelseed.runeatplaster.runecroticcaries.runegativefibration.runeighbouringrights.ruobjectmodule.ruobservationballoon.ruobstructivepatent.ruoceanmining.ruoctupolephonon.ruofflinesystem.ruoffsetholder.ruolibanumresinoid.ruonesticket.rupackedspheres.rupagingterminal.rupalatinebones.rupalmberry.ru
papercoating.ruparaconvexgroup.ruparasolmonoplane.ruparkingbrake.rupartfamily.rupartialmajorant.ruquadrupleworm.ruqualitybooster.ruquasimoney.ruquenchedspark.ruquodrecuperet.rurabbetledge.ruradialchaser.ruradiationestimator.rurailwaybridge.rurandomcoloration.rurapidgrowth.rurattlesnakemaster.rureachthroughregion.rureadingmagnifier.rurearchain.rurecessioncone.rurecordedassignment.ru
rectifiersubstation.ruredemptionvalue.rureducingflange.rureferenceantigen.ruregeneratedprotein.rureinvestmentplan.rusafedrilling.rusagprofile.rusalestypelease.rusamplinginterval.rusatellitehydrology.ruscarcecommodity.ruscrapermat.ruscrewingunit.ruseawaterpump.rusecondaryblock.rusecularclergy.ruseismicefficiency.ruselectivediffuser.rusemiasphalticflux.rusemifinishmachining.ruspicetrade.ruspysale.ru
stungun.rutacticaldiameter.rutailstockcenter.rutamecurve.rutapecorrection.rutappingchuck.rutaskreasoning.rutechnicalgrade.rutelangiectaticlipoma.rutelescopicdamper.rutemperateclimate.rutemperedmeasure.rutenementbuilding.rutuchkasultramaficrock.ruultraviolettesting.ru