Table of Contents
- Getting Started
- Agent-Based Management
- Common Tasks
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- Account Lockout Monitor Template
- Audit Policy Monitor Template
- Logon As Monitor Template
- Logon Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Process Monitor Template
- RDP Session Monitor Template
- Registry Value Monitor Template
- Service Monitor Template
- SMART Disk Monitor Template
- System Security Monitor Template
- Windows Update Template
- WMI Query Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- SNMP
- SSH Shell
- Syslog
- System Reset
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
Active Directory Group Policy Auditing Software
Group Policy Object (GPO) Auditing
GPO Auditing is the process of scanning Security Event Log entries for Event IDs 5136, 5137, 5138, 5139 and 5141 then either generating a report of changes or triggering real-time alerts.
GPO Auditing Event IDs
| Event ID | Description |
|---|---|
| 5136 | A directory service object was modified. |
| 5137 | A directory service object was created. |
| 5138 | A directory service object was undeleted. |
| 5139 | A directory service object was moved. |
| 5141 | A directory service object was deleted. |
How to Generate a GPO Audit Report
Corner Bowl Server Manager includes 2 built-in Active Directory GPO Audit Reports.
| Report | Description | Location |
|---|---|---|
| Audit Directory Service Changes | A simple auto-generated report that scans for Event IDs: 5136, 5137, 5138, 5139, 5141. | Sample Reports / Event Logs / Advanced Audit Policy / DS Access. |
| Audit Directory Service Changes (Correlation ID) | A report that scans for Event IDs: 5136, 5137, 5138, 5139, 5141 then uses a regular expression to parse out the Correlation ID value. | Sample Reports / Event Logs / Security Reports. |
How to Real-Time Monitor GPO Changes
Corner Bowl Server Manager includes 1 built-in Real-Time Active Directory GPO Changes Template.
| Template | Description | Location |
|---|---|---|
| Real-Time Directory Service Object Changes | Watches for Event IDs: 5136, 5137, 5138, 5139, 5141 then triggers a desktop and email alert. | Sample Templates / Real-Time Monitors |
Important
This template is marked as an Agent Template. To utilize Remote WMI instead, clear Agent Template Enabled checkbox found in the Template's Agent Tab.