Group Policy Auditing using LepideAuditor Suite

Group Policy Auditing using LepideAuditor Suite – LepideAuditor Suite includes set of tools for auditing Active Directory, Exchange Server, Group Policy, SharePoint, SQL Server and File Server. As you can see it supports auditing all the major windows technologies. In this post we will see group policy auditing using LepideAuditor Suite. Every company has got lot of group policy objects deployed at various levels. It could be at the domain level, OU level or just for set of computers. When you want to track the changes made to the group policy settings, LepideAuditor Suite comes handy.

Where can i download the LepideAuditor Suite ?.

You can download trial version here:- http://www.lepide.com/lepideauditor/download.html

More information about LepideAuditor Suite here:- http://www.lepide.com/lepideauditor/

More info about LepideAuditor Group Policy – https://www.lepide.com/lepideauditor/group-policy.html

Group Policy Auditing using LepideAuditor Suite

The LepideAuditor Suite can be download from here. When you download the suite you get a .zip file. Extract the .zip file to a folder using winzip or wirar. Inside LepideAuditor Suite folder, you will find setup file. Double click the file and on setup screen click Next. Next screen brings up the license agreement, read it and hit Next.

Ensure you have atleast 500MB of free space. Choose the destination folder. Click Next.

On the rest of screens click Next and then at the final screen select Yes, restart the computer now. Click Finish. During this reboot the windows service of LepideAuditor Suite is installed.

When you launch the tool, you see a welcome screen. You need to choose an User Account to run the windows service of LepideAuditor Suite. On the service properties window, you see two options. Select the first option “This account” to specify an user account that yis mostly a domain account. Click “Browse” to select a user account from Active Directory. Select the second option “Local System Account” to specify an local user account.

In the below screenshot I am choosing the first option and entering a domain user account and password. This account is a member of Domain Admins group in Active Directory. Click OK.

On the Component Selection dialog box, select the desired component. Click OK.On the Add Domain dialog box, there are 2 configuration methods.

a) Express Configuration – Choose this option to configure the domain with default settings. This option is recommended for most of the users.

b) Advanced Configuration – Choose this option to configure domain settings individually. This option is recommended for expert users.

Select Express Configuration and click Next.

On the Add Domain dialog, add the domain name or IP address of domain controller. Else click on globe icon and the domain name will be populated automatically. Enter the user account that is a member of Administrators, Domain Admins, Group Policy Creator Owners, Enterprise Admins, and Schema Admins group to enable the automatic auditing of schema and domain configuration by the solution.

Auditing Method – You need to choose either adding an agent or go with option without agent. With agent installed, auditin

The software then connects to the domain. If auditing is not enabled at the domain level, the following dialog box appears onscreen. Click Yes, software can make required changes.

Group Policy Object Selection – Here you need to select group policy object to enable auditing. You could choose default domain controller policy. If you want to use custom policy, choose it from the list of GPO. In this example I am selecting Use Default Domain Controller Policy. Click OK.

Advanced Domain Configuration – You need to select the components and the servers to be audited. In this case I am selecting Change Audit Active Directory and Change Audit Group policy. Click Next.

The domain name and IP address are automatically populated here. Ensure the preferred DC shown is correct. Else select the DC from the drop down list. Click Next.

In this step, you need to provide the details of SQL Server and database that will be used to store the audit data. The SQL server could be running on a server locally or it could be remote SQL server. Login to the SQL server and create a DB for storing audit data. Enter the IP address or computer name running SQL server. Enter the credentials that are used to connect to DB and store audit data. In this below example, I am using sa account to connect to DB. If you have another account, enter it. Note that the account should have sysadmin privileges on the DB. Once you enter the above details, click on Test Connection. If the details are correct you will test connection successful message. Click Finish.

Once you have completed all the steps to add the domain through Express, you can click Finish at the end to complete this process. A message to restart the solution will be displayed, restart the computer. Upon restart when you launch LepideAuditor, both Radar and Health Monitoring Tabs will show a new tab for the newly added domain.

Let’s see how the software tracks the changes done to group policy objects. I edited the default domain controller group policy settings and changed some settings. After waiting for few minutes, the audit info showed some events.

If you check the Event Properties, it shows who changed the policy settings. It also shows what GPO settings were changed including the state of GPO.

Conclusion – LepideAuditor Suite is an excellent auditing tool. It allows the IT teams to keep track of Group Policy changes while on the move with a mobile app. This suite is really helpful for system admins giving them complete information about auditing, server health monitoring, alerting, and backup history with fast restore capabilities.