This is a little involved so bear with me. We have a high security server that has Tripwire install to track changes. We got this notice on a server.
At 6 AM every single computer GP was set to a new value of None
Example:
SystemProfilePrivilege old value = BUILTIN\Administrators
new value = none

This was repeating with every value it appears. Exactly one hour later the report comes back with a few settings restored.
Example:
SecurityPrivilege old value = BUILTIN\Administrators
new value = BUILTIN\Administrators, NT AUTHORITY\SYSTEM

Nothing nefarious happened so it does not appear to be a hack attempt. Is there something in Group Policy processing that could trigger a event like this?
The server was not rebooted in this time frame.
It seems for lack of a better work like a hiccup in Group policy not like a GPupdate but more like a wipe to some default value and reset.

Any ideas?

Thanks