Group Policy Auditing using LepideAuditor Suite – LepideAuditor Suite includes set of tools for auditing Active Directory, Exchange Server, Group Policy, SharePoint, SQL Server and File Server. As you can see it supports auditing all the major windows technologies. In this post we will see group policy auditing using LepideAuditor Suite. Every company has got lot of group policy objects deployed at various levels. It could be at the domain level, OU level or just for set of computers. When you want to track the changes made to the group policy settings, LepideAuditor Suite comes handy.
Where can i download the LepideAuditor Suite ?.
You can download trial version here:- http://www.lepide.com/lepideauditor/download.html
More information about LepideAuditor Suite here:- http://www.lepide.com/lepideauditor/
More info about LepideAuditor Group Policy – https://www.lepide.com/lepideauditor/group-policy.html
Group Policy Auditing using LepideAuditor Suite
The LepideAuditor Suite can be download from here. When you download the suite you get a .zip file. Extract the .zip file to a folder using winzip or wirar. Inside LepideAuditor Suite folder, you will find setup file. Double click the file and on setup screen click Next. Next screen brings up the license agreement, read it and hit Next.
When you launch the tool, you see a welcome screen. You need to choose an User Account to run the windows service of LepideAuditor Suite. On the service properties window, you see two options. Select the first option “This account” to specify an user account that yis mostly a domain account. Click “Browse” to select a user account from Active Directory. Select the second option “Local System Account” to specify an local user account.
In the below screenshot I am choosing the first option and entering a domain user account and password. This account is a member of Domain Admins group in Active Directory. Click OK.
a) Express Configuration – Choose this option to configure the domain with default settings. This option is recommended for most of the users.
b) Advanced Configuration – Choose this option to configure domain settings individually. This option is recommended for expert users.
Select Express Configuration and click Next.
On the Add Domain dialog, add the domain name or IP address of domain controller. Else click on globe icon and the domain name will be populated automatically. Enter the user account that is a member of Administrators, Domain Admins, Group Policy Creator Owners, Enterprise Admins, and Schema Admins group to enable the automatic auditing of schema and domain configuration by the solution.
Auditing Method – You need to choose either adding an agent or go with option without agent. With agent installed, auditin
Group Policy Object Selection – Here you need to select group policy object to enable auditing. You could choose default domain controller policy. If you want to use custom policy, choose it from the list of GPO. In this example I am selecting Use Default Domain Controller Policy. Click OK.
In this step, you need to provide the details of SQL Server and database that will be used to store the audit data. The SQL server could be running on a server locally or it could be remote SQL server. Login to the SQL server and create a DB for storing audit data. Enter the IP address or computer name running SQL server. Enter the credentials that are used to connect to DB and store audit data. In this below example, I am using sa account to connect to DB. If you have another account, enter it. Note that the account should have sysadmin privileges on the DB. Once you enter the above details, click on Test Connection. If the details are correct you will test connection successful message. Click Finish.
Once you have completed all the steps to add the domain through Express, you can click Finish at the end to complete this process. A message to restart the solution will be displayed, restart the computer. Upon restart when you launch LepideAuditor, both Radar and Health Monitoring Tabs will show a new tab for the newly added domain.
Let’s see how the software tracks the changes done to group policy objects. I edited the default domain controller group policy settings and changed some settings. After waiting for few minutes, the audit info showed some events.
Conclusion – LepideAuditor Suite is an excellent auditing tool. It allows the IT teams to keep track of Group Policy changes while on the move with a mobile app. This suite is really helpful for system admins giving them complete information about auditing, server health monitoring, alerting, and backup history with fast restore capabilities.