Failed Group Policy Container Access (Change Auditor Protection)

Change Auditor for Active Directory 7.1.1

I recently implemented Protection on several GPOs. I only allow Domain Admins and Group Policy Creator Owners excluded from Protection.

When I run the query 'All Group policy Events', I have hundreds of entries Failed Group Policy Container Access (Change Auditor Protection) from my PDC.

It states:

What: Access to Group Policy Default Domain Policy was denied by Change Auditor Protection on <Domain>\PDC.

Action: Modify Attribute

I tried adding the PDC computer account to the Exclusion from Protection, but it did not help.

I have 2 questions:

Why does the PDC computer role try to constantly acces my Protected GPOs?
Is there a way to correct this?
What is it trying to modify???

Any help would greatly be appreciated.

If I run a report on all GPOs changes, this fills up the report with nonsense.

Dave

Parents

0 vishal parashar 10 months ago

Hello David,

I am seeing a similar behavior in my environment and we are unable to isolate the issue.

In my case it is a specific GPO a set of client machines generating this alert every time a user logs into the machine.

Were you able to resolve it from your end? What was the fix?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 vishal parashar 10 months ago

Hello David,

I am seeing a similar behavior in my environment and we are unable to isolate the issue.

In my case it is a specific GPO a set of client machines generating this alert every time a user logs into the machine.

Were you able to resolve it from your end? What was the fix?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

No Data