Environment
Resolution
NetIQ Group Policy Guardian 1.6
fact
NetIQ Group Policy Guardian 2.0
symptom
Group Policy Guardian report is not showing the event which displays the values of the previous version and the value now.
cause
The can be due to NetIQ Group Policy Guardian (GPG) missing a change event.
fix
One step in the process of the NetIQ Group Policy Guardian (GPG) report is that it compares the previous version of a Group Policy with the version now. If at anytime there is a problem with a Domain Controller, or GPG was stopped and did not capture a change event, GPG may not report the event that shows the setting change. The easiest means to illustrate this is with an example. Below are three changes to the same Group Policy Object (GPO) and setting.
- Version 1: Password Policy is set on Default Domain Policy to 8 days. (Group Policy Guardian captures the event)
- Version 2: Password Policy is set on Default Domain Policy to 10 days. (Group Policy was stopped during this change so this is not captured in the database)
- Version 3: Password Policy is set on Default Domain Policy to 8 days. (Group Policy Guardian captures this event.)
In this scenario, since the Version 2 GPO was not captured by GPG, when GPG goes to compare the version of the GPO, it compares Version 1 and Version 3. Since there is no difference in the settings (both have the value at 8 days), GPG does not produce the event that shows the settings of the group policy because to GPG, there is no change. In this case, GPG will produce two events: one for the Active Directory Version change and one for the Sysvol Version change, but the event to show the settings will not display.
To resolve this issue, re-run a baseline to retrieve all the current values of all GPO settings.