An Interesting question came up at work this week. That was
How do you Audit the fact that someone has modified a Group Policy ?
Well the general concensus was the following;
Check out the following excellent blog article
Windows Security Logging and Other Esoterica : Monitoring Group Policy Changes with Windows Auditing
Useful and excellent article on exactly what settings to Audit .
But also 3rd party tools have a part to play here, such as Quest and Netpro.
Yes, this article is quite useful, but as you said there is a place for 3rd party tools. I think it’s much easier. Not sure about the utilities you mentioned above. Personaly I prefer active administrator (I hope you've heard about it - it's from scriptlogic). It has powerful <a href="http://www.scriptlogic.com/active-directory-group-policy-auditing.asp">group policy auditing</a> features and it handles just any tasks that can appear in active directory administration practices.