Group Policy
Netwrix 1Secure relies on native logs for collecting audit data. Therefore, successful change and access auditing requires a certain configuration of native audit settings in the audited environment and on the computer where Netwrix Cloud Agent resides. Configuring your IT infrastructure may also include enabling certain built-in Windows services. Proper audit configuration is required to ensure audit data integrity; otherwise, change reports can contain warnings, errors, or incomplete audit data.
Group Policy Activity Overview
Group Policy Activity tracks and reports Active Directory Group Policy (GPO) changes—including password, account, audit, and security settings policies—with built-in reports and configurable alerts.
The Group Policy Activity feature monitors:
- Group Policy Object (GPO) creation, modification, and deletion
- Password policy changes
- Account policy changes
- Audit policy settings changes
- Security settings policy updates
Configuration Methods
You can configure your IT Infrastructure for monitoring in one of the following ways:
-
Automatically by adding connector Group Policy Activity in Active Directory data source — This method is recommended for evaluation purposes in test environments. If any conflicts are detected with your current audit settings, automatic audit configuration doesn't run. For a full list of audit settings required for Netwrix 1Secure to collect comprehensive audit data and instructions on how to configure them, refer to Configure IT Infrastructure for Auditing and Monitoring.
If you select to automatically configure audit in the target environment, 1Secure checks your current audit settings on each data collection and adjusts them if necessary.
-
Manually – Adjust native audit settings manually to ensure comprehensive and reliable audit data collection. You can enable 1Secure to continually enforce the relevant audit policies or configure them manually:
-
Configure Basic Domain Audit Policies or Configure Advanced Audit Policies — Configure either local or advanced audit policies to track changes to accounts and groups and to identify workstations where changes were made.
-