How to get notified of Group Policy Changes by email

Article ID: 512
Category: ADMonitor
Applies to: 5.0 or later
Updated: 2024-05-10

Changes to group policies are detected by ADMonitor and recorded in the EventSentry database. As such, both a report and a job in the web reports need to be setup in order to receive email notifications. The job interval will determine how frequently potential group policy changes are emailed, and can be anywhere from every minute to hourly or daily.

Follow the steps below:

  1. Login to the EventSentry Web Reports and navigate to FEATURES - ADMonitor - Object Changes.
  2. Enter the following text as the query classname:groupPolicyContainer and select the desired time interval (e.g. 30 minutes). The same time interval should be set for the job later as well. (it is okay if there are no results, you can adjust the time interval to test and make sure there is data available in general, but set the interval back to how often you want the job to turn).
  3. In most cases it's recommended to click the "Detailed" tab so that the report contains a list of all changes.
  4. Now, click the "Save as report" button.
  5. Fill in the required fields like Name & Category and click the "Create Job" check box.
  6. Now, configure the job details to your liking and make sure that the following settings are configured:
  7. "Only send > 0" is configured (HTML format is recommended as well)
  8. The frequency matches the time interval configured in Step 2
  9. When you receive the email report, indicating group policy changes, navigate to FEATURES - ADMonitor - Object Changes and click on the "Group Policy Changes" button to see the actual group policy change details.