adoughe
asked on
How to Fully Audit Changes Made by Software Installation
We have encountered issues with deleted DLLs after installing the latest version of third-party software on several of our servers. Their tech support has been of no help so far and we are seeking a way to fully document any changes any future installation makes to a server. Does anyone know of a free utility that we can install on a target server that will fully document files installed, deleted, etc after the third-party software is installed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was already aware of built-in auditing but scrolling through thousands of event logs to review changes would be too time-consuming. I will accept CSI_windows_com's answer. Thanks to you both for your replies!
you will need to make changes to the local security policy and enable auditing. once done, any changes to files that were deleted or change will show up in the local security log in the event viewer of the server. All you have to do is do a search of a file the was deleted and it will show you who did it.
heres a link on how to do it in an AD environment.
http://www.scriptlogic.com/smbit/article/group-policy-auditing-myths-&-facts