Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Event Log Archiving for JSIG and CMMC Compliance
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- System Security Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Windows Management Instrumentation (WMI) Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- Wake On LAN Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- File and Permission Reports
- Summary Reports
- Auto-Configurators
- Filters
- Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
Active Directory Group Policy Auditing Software
Group Policy Object (GPO) Auditing
GPO Auditing is the process of scanning Security Event Log entries for Event IDs 5136, 5137, 5138, 5139 and 5141 then either generating a report of changes or triggering real-time alerts.
GPO Auditing Event IDs
| Event ID | Description |
|---|---|
| 5136 | A directory service object was modified. |
| 5137 | A directory service object was created. |
| 5138 | A directory service object was undeleted. |
| 5139 | A directory service object was moved. |
| 5141 | A directory service object was deleted. |
How to Generate a GPO Audit Report
Corner Bowl Server Manager includes 2 built-in Active Directory GPO Audit Reports.
| Report | Description | Location |
|---|---|---|
| Audit Directory Service Changes | A simple auto-generated report that scans for Event IDs: 5136, 5137, 5138, 5139, 5141. | Sample Reports / Event Logs / Advanced Audit Policy / DS Access. |
| Audit Directory Service Changes (Correlation ID) | A report that scans for Event IDs: 5136, 5137, 5138, 5139, 5141 then uses a regular expression to parse out the Correlation ID value. | Sample Reports / Event Logs / Security Reports. |
How to Real-Time Monitor GPO Changes
Corner Bowl Server Manager includes 1 built-in Real-Time Active Directory GPO Changes Template.
| Template | Description | Location |
|---|---|---|
| Real-Time Directory Service Object Changes | Watches for Event IDs: 5136, 5137, 5138, 5139, 5141 then triggers a desktop and email alert. | Sample Templates / Real-Time Monitors |
Important
This template is marked as an Agent Template. To utilize Remote WMI instead, clear Agent Template Enabled checkbox found in the Template's Agent Tab.