Link to home
Start Free TrialLog in
Avatar of adoughe
adougheFlag for United States of America

asked on

How to Fully Audit Changes Made by Software Installation

We have encountered issues with deleted DLLs after installing the latest version of third-party software on several of our servers.  Their tech support has been of no help so far and we are seeking a way to fully document any changes any future installation makes to a server. Does anyone know of a free utility that we can install on a target server that will fully document files installed, deleted, etc after the third-party software is installed?
ASKER CERTIFIED SOLUTION
Avatar of CSI-Windows_com
CSI-Windows_com
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Neil Preeper
Neil Preeper
Flag of Canada image
windows has one built into it. when you right click on the folder, goto security, advance then click on the auditing tab. from there add a user or group. ( to make it easy select the everyone group)

you will need to make changes to the local security policy and enable auditing. once done, any changes to files that were deleted  or change will show up in the local security log in the event viewer of the server. All you have to do is do a search of a file the was deleted and it will show you who did it.


heres a link on how to do it in an AD environment.

http://www.scriptlogic.com/smbit/article/group-policy-auditing-myths-&-facts
Avatar of adoughe
adoughe
Flag of United States of America image

ASKER

I was already aware of built-in auditing but scrolling through thousands of event logs to review changes would be too time-consuming. I will accept CSI_windows_com's answer. Thanks to you both for your replies!