Leverage IT Consulting
asked on
Track IP/Gateway/DNS changes on Windows Server 2008
Is there a way to track changes made to a Static IP, DNS, or gateway settings on Windows Server 2008? Ideally I would like to see before and after changes.
I'm confused. If they are static, why would they change?
Normally, the only location to find events like changes to DNS is in the system logs on your server or DNS server. Alternately, you could subscribe to a monitoring service like MxToolbox.com which will record changes and alert you by email of the change events.
Those are the only ways to view this type of event unless you install a package that records that info. I haven't seen a app like that.
Hope this info helps!
Those are the only ways to view this type of event unless you install a package that records that info. I haven't seen a app like that.
Hope this info helps!
ASKER
Let me clarify. I am talking about the NIC settings on Windows Server 2008. The DNS settings on the server reverted back to old settings somehow on multiple servers. We either suspect a script or an admin did it. Overall we are trying to narrow down the time window of when this may have happened.
You might see something in event logs, but not likely now. Next step is to enable verbose logging and auditing for the future
ASKER
Chris,
What settings are needed to enable this verbose logging for the future?
What settings are needed to enable this verbose logging for the future?
Well I was mistaken...there is not specifically an audit for changing NIC settings...but you can audit logon and logoffs and so you could see whose on a system at a given time.
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Event-IDs-Windows-Server-2008-Vista-Revealed.html
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Event-IDs-Windows-Server-2008-Vista-Revealed.html
You can subscribe to a service like this that keeps history of your dns and allows you to view changes and when they were made:
http://mxtoolbox.com/productinfo/dnszoneprotect2.aspx?page=pp-mf&upgrade=pp-mf&gevent=68ba1471-a104-427a-a9cb-51b1424b014d
Hope this helps!
http://mxtoolbox.com/productinfo/dnszoneprotect2.aspx?page=pp-mf&upgrade=pp-mf&gevent=68ba1471-a104-427a-a9cb-51b1424b014d
Hope this helps!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Accepted my comment because full blown solutions hadn't been outlined so I researched and solved on my own