Event Details
User Activity->Policy Changes->InTrust Plug-in for Active Directory->Protected Change Attempts->EventID 21 - Prevention of Group Policy Object creation.
EventID 21 - Prevention of Group Policy Object creation.
 Sample: 
Event Type:     Warning
Event Source:   ITAD GPO Changes
Event Category: None
Event ID:       21
Date:           10/29/2009
Time:           10:23:13
User:           RESEARCH\DKrane
Computer:       DC1
Description:    
ChangeAuditor for Active Directory prevented creation of Group Policy Object.
	Client Computer : 10.0.0.1
	GPO GUID : {A65A553B-EE83-4A49-AFE4-652777512D1F}
	Request ID : {3674D52D-7BCD-42F7-A3F5-45484479E8C8}
===========================
Description template:
===========================
ChangeAuditor for Active Directory prevented creation of Group Policy Object.
   Client Computer : %3
   GPO GUID : %1
   Request ID : %2
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: InTrust for AD
Filtering Field Equals to Value
Source ITAD GPO Changes
EventId 21
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime 10.10.2000 19:00:00
Who Account or user name under which the activity occured. User RESEARCH\Alebovsky
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Attempt to create Group Policy Object" Attempt to create Group Policy Object
Where The name of the workstation/server where the activity was logged. Computer DC1
Where From The name of the workstation/server where the activity was initiated from. Client Computer 10.0.0.1
Severity Specify the seriousness of the event. "Medium" Medium
WhoDomain -
WhereDomain -
Policy Name The name of the affected policy. -
GPO Name The name of GPO where some policy was changed GPO GUID {A65A553B-EE83-4A49-AFE4-652777512D1F}
Value Before The policy value before the change -
Value After The policy value after the change -
Result Successful or Failed "Protected" Protected
Comments
You must be logged in to comment