Track IP/Gateway/DNS changes on Windows Server 2008

I'm confused.  If they are static, why would they change?

Normally, the only location to find events like changes to DNS is in the system logs on your server or DNS server. Alternately, you could subscribe to a monitoring service like MxToolbox.com which will record changes and alert you by email of the change events.

Those are the only ways to view this type of event unless you install a package that records that info. I haven't seen a app like that.

Hope this info helps!

Let me clarify. I am talking about the NIC settings on Windows Server 2008. The DNS settings on the server reverted back to old settings somehow on multiple servers. We either suspect a script or an admin did it. Overall we are trying to narrow down the time window of when this may have happened.

You might see something in event logs, but not likely now.  Next step is to enable verbose logging and auditing for the future

Chris,

What settings are needed to enable this verbose logging for the future?

Well I was mistaken...there is not specifically an audit for changing NIC settings...but you can audit logon and logoffs and so you could see whose on a system at a given time.
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Event-IDs-Windows-Server-2008-Vista-Revealed.html

You can subscribe to a service like this that keeps history of your dns and allows you to view changes and when they were made:

http://mxtoolbox.com/productinfo/dnszoneprotect2.aspx?page=pp-mf&upgrade=pp-mf&gevent=68ba1471-a104-427a-a9cb-51b1424b014d

Hope this helps!

Accepted my comment because full blown solutions hadn't been outlined so I researched and solved on my own