Event-o-Pedia EventID 63 - Group Policy Template was successfully modified.

	Event Details
	User Activity->Policy Changes->InTrust Plug-in for Active Directory->Successful changes->EventID 63 - Group Policy Template was successfully modified.

EventID 63 - Group Policy Template was successfully modified.

Linked Event:

EventID 63 - Group Policy Template was successfully modified.

Sample:

Event Type:     Information
Event Source:   ITAD GPO Changes
Event Category: None
Event ID:       63
Date:           10/29/2009
Time:           06:48:00
User:           RESEARCH\CBrown
Computer:       DC1
Description:    
Group Policy Template was successfully modified.
	Client Computer : 10.0.0.1
	GPO Name : New Group Policy Object
	GPO GUID : {CABC510B-5D32-4202-A000-36ED89222065}
	Setting Name : Content of "C:\WINDOWS\SYSVOL\DOMAIN\POLICIES\{CABC510B-5D32-4202-A000-36ED89222065}\GPT.INI"
	Old Value : N/A
	New Value : N/A
	File Path : C:\WINDOWS\SYSVOL\DOMAIN\POLICIES\{CABC510B-5D32-4202-A000-36ED89222065}\GPT.INI
	Action : Create
	Request ID : {A4432D3F-8989-45E3-9F0C-8EDAE811093F}
===========================
Description template:
===========================
Group Policy Template was successfully modified.
   Client Computer : %9
   GPO Name : %1
   GPO GUID : %2
   Setting Name : %3
   Old Value : %4
   New Value : %5
   File Path : %6
   Action : %7
   Request ID : %8

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

InTrust for AD

Filtering Field	Equals to Value
Source	ITAD GPO Changes
EventId	63

Field Matching

Field	Description	Stored in	Sample Value
When	At what date and time a user activity originated in the system.	DateTime	1/1/2000
Who	Account or user name under which the activity occured.	User	RESEARCH\Alebovsky
What	The type of activity occurred (e.g. Logon, Password Changed, etc.)	"Group Policy Template Modified"	Group Policy Template Modified
Where	The name of the workstation/server where the activity was logged.	Computer	10.10.10.10
Where From	The name of the workstation/server where the activity was initiated from.	Client Computer	10.0.0.1
Severity	Specify the seriousness of the event.	"Medium"	Medium
WhoDomain		-
WhereDomain		-
Policy Name	The name of the affected policy.	Setting Name	Content of "C:\WINDOWS\SYSVOL\DOMAIN\POLICIES\{CABC510B-5D32-4202-A000-36ED89222065}\GPT.INI"
GPO Name	The name of GPO where some policy was changed	GPO Name	New Group Policy Object
Value Before	The policy value before the change	Old Value	N/A
Value After	The policy value after the change	New Value	N/A
Result	Successful or Failed	"Successful"	Successful