5 Ways not Monitoring Group Policy Changes can Lead to Disaster

Russell Smith by   08.18.2017   Data Security

5 Ways Not Monitoring Group Policy Changes Can Lead to Disas...

Audit changes to Group Policy to stay secure and provide continuity of IT services.

Group Policy is a critical component of Windows Server Active Directory (AD). It can be used to manage the user and system configuration of servers and end-user devices, including registry settings, user environment setup, security, and software configuration. As a powerful tool that can help organizations standardize system configurations across their environment, it also comes with risk. And if misused or poorly managed, Group Policy can cause serious issues and even complete service outages.

Here are five reasons why you should carefully monitor changes to Group Policy Objects (GPOs).

1. Service outage

In a worst-case scenario, untested changes to Group Policy applied to domain controllers (DCs) or servers could cause a catastrophic outage that prevents users accessing critical services. A simple change to a security setting in Group Policy could prevent users accessing servers. So, it’s important that changes to GPOs are tested and that you have a rollback plan if changes result in unexpected behavior.

2. Changes to user environment

Group Policy can be used to configure many aspects of the user environment, such as access to mapped network drives, printers, folder redirection, Offline Files, shortcuts, and much more. Modifications to GPOs could change or remove any of these configurations, resulting in denial of access to resources.

3. Software changes and removal

You can manage software through its entire lifecycle using Group Policy, which means that software can be installed, changed, and removed. Accidental changes to GPOs might lead to software features being removed, or entire programs being uninstalled from users’ computers. This can also occur if AD objects fall out-of-scope of the GPO containing the software configuration settings.

4. Windows updates not being applied

Windows Server Update Services (WSUS) settings are managed using Group Policy, determining how updates to Windows and other Microsoft Software are delivered. And starting in Windows 10, Windows Update for Business is also configured using Group Policy. So, any changes to these settings could result in devices not receiving updates or changes to the schedule on which updates should be applied.

5. Security settings weakened

One of the most important uses of Group Policy is to apply security settings, like Microsoft’s security baseline settings, which you can find in the Security Compliance Toolkit. These settings are key in ensuring that your environment stays secure, so you wouldn’t want them to be removed or changed without oversight.

Audit Changes to Group Policy

Unsanctioned or accidental changes to GPOs can materialize with or without approval. And while prevention is always better than cure, auditing changes to GPOs is a good idea. Changes to Windows configuration can also happen if an AD object’s OU or group membership is modified. There might also be other factors, such as changes in hardware or software configuration, because WMI filters can also determine a GPO’s scope.

LepideAuditor for Group Policy auditing detects changes to GPOs, capturing before and after values, who made the changes, and additionally OU or group membership changes to AD objects. Collecting this important audit data can prevent outages caused by Group Policy configuration and help remediate unwanted changes in your environment.


Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All Trademarks Acknowledged.