![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 74%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
28,659 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi, I'd be happy to help you out with your question. Sorry for the inconvenience caused. When it comes to auditing Group Policy changes, it's important to have a tool that can efficiently track and report on who made the change, what was changed, and when it was changed. While the built-in auditing capabilities of Active Directory can help in this regard, reviewing Security Event logs for Event ID 5136 can be time-consuming and may not provide the level of detail you need. Firstly, you can enable auditing for Group Policy changes in Active Directory. Once auditing is enabled, you can use the built-in Windows Event Viewer to view and filter Security Event logs for relevant events, such as Event ID 5136, which indicates a change to a Group Policy object. By filtering these logs, you can quickly identify who made the change and when it was made. Additionally, you can use PowerShell scripts to generate detailed reports on Group Policy changes. Microsoft provides several pre-built scripts for this purpose, which you can find and download from the PowerShell Gallery Overall, while using Microsoft's built-in tools and resources may require more effort than using a third-party tool, it can still provide an effective and budget-friendly solution for auditing Group Policy changes in an Active Directory environment. Fortunately, there are several third-party tools available that can help you efficiently audit and monitor GPO modifications, adds, and changes. Some popular options include ManageEngine ADAudit Plus, Netwrix Auditor, Quest Change Auditor for Active Directory, and SolarWinds Access Rights Manager. These tools provide real-time auditing and reporting of Active Directory changes, including GPO changes, and can also generate alerts to notify you of any suspicious activity. In evaluating these tools, it's important to consider your specific needs and budget. However, by using one of these tools, you can save time and effort by quickly reviewing detailed reports and alerts on GPO modifications, adds, and changes, rather than manually reviewing Security Event logs. If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.