Event Details
User Activity->Policy Changes->InTrust Plug-in for Active Directory->Successful changes->EventID 9 - Group Policy Object was successfully modified.
EventID 9 - Group Policy Object was successfully modified.
 Sample: 
Event Type:     Information
Event Source:   ITAD GPO Changes
Event Category: None
Event ID:       9
Date:           10/29/2009
Time:           08:05:24
User:           RESEARCH\CBrown
Computer:       DC1
Description:    
Group Policy Object was successfully modified.
	Client Computer : 10.0.0.1
	GPO Name : Employees
	GPO GUID : {693C5182-0240-4289-9F7F-CF41AFC48C4D}
	Setting Name : Content of "C:\WINDOWS\SYSVOL\DOMAIN\POLICIES\{693C5182-0240-4289-9F7F-CF41AFC48C4D}\GPT.INI"
	Old Value : N/A
	New Value : N/A
	Request ID : {0C8AE262-8B9B-4E81-8729-561C4B2E148A}
===========================
Description template:
===========================
Group Policy Object was successfully modified.
   Client Computer : %7
   GPO Name : %1
   GPO GUID : %2
   Setting Name : %3
   Old Value : %4
   New Value : %5
   Request ID : %6
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: InTrust for AD
Filtering Field Equals to Value
Source ITAD GPO Changes
EventId 9
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime 10.10.2000 19:00:00
Who Account or user name under which the activity occured. User RESEARCH\Alebovsky
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Group Policy Object Modified" Group Policy Object Modified
Where The name of the workstation/server where the activity was logged. Computer DC1
Where From The name of the workstation/server where the activity was initiated from. Client Computer 10.0.0.1
Severity Specify the seriousness of the event. "Medium" Medium
WhoDomain -
WhereDomain -
Policy Name The name of the affected policy. Setting Name Content of "C:\WINDOWS\SYSVOL\DOMAIN\POLICIES\{693C5182-0240-4289-9F7F-CF41AFC48C4D}\GPT.INI"
GPO Name The name of GPO where some policy was changed GPO Name Employees
Value Before The policy value before the change Old Value N/A
Value After The policy value after the change New Value N/A
Result Successful or Failed "Successful" Successful
Comments
You must be logged in to comment