Forum Discussion
Windows Server services auditing
Hi,
I was wondering if it's possible to audit domain joined hosts for changes in services status, like when a service has stopped or if startup type has changed.
Thanks,
You'll find many here you can modify to suit your needs.
https://gallery.technet.microsoft.com/scriptcenter/Monitor-Report-5d1998d4
or request a script to be written here.
https://gallery.technet.microsoft.com/scriptcenter/site/requests
or ask for help writing a script over here.
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
https://social.technet.microsoft.com/Forums/windows/en-US/home?forum=winserverpowershell
or also take a look at SCOM
https://docs.microsoft.com/en-us/system-center/scom/welcome?view=sc-om-2019
- itai248Copper Contributor
Dave Patrick Hi maybe I wasn't specific, what I meant was that we want to audit the service state using windows event log.
For an example if host A had his service state changed from running to stopped then it will generate an event id 7035/7036 on the windows event log on the Windows Server.
itai248 wrote:
we want to audit the service state using windows event log.
You can follow along here to build a custom event log filter.