Re: tracking registry changes
- From: "Avinash" <Avinash@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 8 Sep 2005 22:28:02 -0700
Hi MacLeonard,
Someone keeps messing with reg settings on the server and I want to figure
out who is doing it. It has no potential damage to the machine but due to
data changes in the registry, in-house programs which read the registry to
configure themselves, break, and it leads to bad things.
So i wanted to know if 2k server maintains a log of registry changes made.
Its is someone from the authorized group of users and we want to find out who
keeps messing it up.
--
avinash
"MacLeonard" wrote:
> Hi Avinash,
>
> You can setup auditing for individual registry keys on a windows 2000
> server, however enabling auditing after the changes have been made
> won't do you any good.
>
> The process consists of:
>
> 1. Enabling "Audit Object Access" in a GPO or the local computer
> policy.
> 2. Setting a SACL on the key(s) you want to audit.
>
> Subject to factors such as system boot, service startup, group policy
> application, software installation, user logon and <insert factors
> here>, you can use logparser to get the last write time of registry
> keys, this will give you an idea of what registry keys have been
> changed, but not who changed them.
>
> Is there a specific issue you are trying to nail down?
>
> MacLeonard
>
>
.
- References:
- tracking registry changes
- From: Avinash Sharma
- Re: tracking registry changes
- From: MacLeonard
- tracking registry changes
- Prev by Date: Re: Dayly backup fails to run after first day
- Next by Date: Re: Using computer management
- Previous by thread: Re: tracking registry changes
- Next by thread: Small Root Partition - What Can I Delete?
- Index(es):
Relevant Pages
|
