Change Auditor for Active Directory 7.1.1
I recently implemented Protection on several GPOs. I only allow Domain Admins and Group Policy Creator Owners excluded from Protection.
When I run the query 'All Group policy Events', I have hundreds of entries Failed Group Policy Container Access (Change Auditor Protection) from my PDC.
It states:
What: Access to Group Policy Default Domain Policy was denied by Change Auditor Protection on <Domain>\PDC.
Action: Modify Attribute
I tried adding the PDC computer account to the Exclusion from Protection, but it did not help.
I have 2 questions:
- Why does the PDC computer role try to constantly acces my Protected GPOs?
- Is there a way to correct this?
- What is it trying to modify???
Any help would greatly be appreciated.
If I run a report on all GPOs changes, this fills up the report with nonsense.
Dave