Event-o-Pedia EventID 11 - Attempt to modify Group Policy was denied by InTrust Plug-in for Active Directory

	Event Details
	Operating System->Microsoft Windows->Application logs->Quest->Change Auditor->Change Auditor for Active Directory->ITAD GPO Changes->EventID 11 - Attempt to modify Group Policy was denied by InTrust Plug-in for Active Directory

EventID 11 - Attempt to modify Group Policy was denied by InTrust Plug-in for Active Directory

Sample:

Event Type:           Warning
Event Source:        ITAD GPO Changes
Event Category:    None
Event ID:               11
Date:                     11/10/2005
Time:                     10:02:33 PM
User:                      DANON\Administrator
Computer:              W2K3SESP1
Description:
ChangeAuditor for Active Directory prevented modification of Group Policy Object.
                Client Computer :  10.30.44.113
                GPO Name :           222
                GPO GUID :           {28B198C9-B305-412D-AD28-A2327D28284C}
                Setting Name :      Computer Configuration\Windows Settings\Security Settings\Event Log\Retention method for system log
                Old Value :             Not defined
                New Value :           By days
                Request ID :         {BAD082B8-FCF6-4D22-ACA6-481CDAD444D3}
===========================
Description template:
===========================
ChangeAuditor for Active Directory prevented modification of Group Policy Object.
   Client Computer : %7
   GPO Name : %1
   GPO GUID : %2
   Setting Name : %3
   Old Value : %4
   New Value : %5
   Request ID : %6

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

InTrust for AD

Filtering Field	Equals to Value
Source	ITAD GPO Changes
EventId	11

Field Matching

Field	Description	Stored in	Sample Value
DateTime	Date/Time of event origination in GMT format.	DateTime	10.10.2000 19:00:00
Source	Name of an Application or System Service originating the event.	Source	Security
Type	Warning, Information, Error, Success, Failure, etc.	Type	Success
User	Domain\Account name of user/service/computer initiating event.	User	RESEARCH\Alebovsky
Computer	Name of server workstation where event was logged.	Computer	DC1
EventID	Numerical ID of event. Unique within one Event Source.	EventId	576
Description	The entire unparsed event message.	Description	Special privileges assigned to new logon.
Log Name	The name of the event log (e.g. Application, Security, System, etc.)	LogName	Security
Category	A name for a subclass of events within the same Event Source.	Category	AttestationReview
Whom	The object name to which the activity was applied.	InsertionString1
Client Computer	IP address of a computer where change request originated	InsertionString7	10.0.0.1
GPO GUID	GUID of Group Policy Object	InsertionString2	{CABC510B-5D32-4202-A000-36ED89222065}
Request ID	Unique identifier (GUID) that is the same for all setting modifications contained in Group Policy modification request	InsertionString6	{688FC6F0-7145-486B-ADC9-4720BFECB80E}
GPO Name	Display Name of Group Policy object	InsertionString1	222
Setting Name	Full Name of the setting in Group Policy object	InsertionString3	Computer Configuration\Windows Settings\Security Settings\Event Log\Retention method for system log
Old Value	Setting Value before modification request	InsertionString4	Not defined
New Value	Setting Value supplied in modification request	InsertionString5	By days