Group Policy Auditing & Attestation (GPAA)

Track GPO Changes and Owners--Rollback Unwanted Changes


Product Introduction

SDM Software's Group Policy Auditing and Attestation (GPAA) product provides real-time change auditing and alerting for all changes related to Group Policy management, including detailed before and after values for GPO settings. GPAA answers the "Who, What, When and Where" of Group Policy auditing. It also provides GPO and AD security group attestation/certification to ensure that you know who owns a given GPO or group throughout it's lifetime.

Product Features

  • Capture, send email alerts and report on, all changes related to Group Policy management
  • Group Policy Change audit events provide the “who, what, when and where” of GPO changes in clear, descriptive events
  • Support for all events related to GPO management
  • Automatic backup of changed GPOs and the ability to rollback GPO changes through a web UI.
  • Ability to provide attestation of critical GPOs and AD Security Groups. This includes the ability to assign owners to GPOs  and groups and workflow that periodically asks them to attest to those GPOs.
  • Role-based management allows you to delegate which AD users and groups can perform which actions within the product

Benefits & Licensing

GPAA provides an easy-to-use, web-based interface for managing, reporting on and ensuring compliance of your Group Policy environment. All GPO changes are reported in an easy-to-read fashion, indicating the setting path that changed, the before and after value , when the change was made, which domain controller was used and who made the change. GPAA’s attestation feature is unique in the industry and lets you finally track ownership of key GPOs to ensure that they are not only still needed, but also that the settings contained within them continue to remain relevant. And in our latest release, we introduced the ability to perform attestation/certification of Active Directory Groups (both security and distribution), along with the ability for users to request deletion of groups that are no longer needed. Finally, the GPO rollback feature provides a stop-gap for you to be able to reverse GPO changes that cause problems in the environment. GPAA is licensed based on the number of Group Policy Objects (GPOs) under management.

Installation Requirements

GPAA supports installation on Microsoft® Windows Server 2008- R2 and Server 2012, Server 2012-R2 or Server 2016. The IIS/ASP.Net web application requires installation on Server 2008-R2, Server 2012-R2 or Server 2016. You must have the .Net Framework 4.0, 4.5 and Microsoft® Group Policy Management Console (GPMC) installed on the systems where you install the product.