Windows Server services auditing

itai248 · ‎Nov 10 2019

Hi,

I was wondering if it's possible to audit domain joined hosts for changes in services status, like when a service has stopped or if startup type has changed.

Thanks,

Dave Patrick · ‎Nov 10 2019

You'll find many here you can modify to suit your needs.

https://gallery.technet.microsoft.com/scriptcenter/Monitor-Report-5d1998d4

or request a script to be written here.

https://gallery.technet.microsoft.com/scriptcenter/site/requests

or ask for help writing a script over here.

https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG

https://social.technet.microsoft.com/Forums/windows/en-US/home?forum=winserverpowershell

or also take a look at SCOM

https://docs.microsoft.com/en-us/system-center/scom/welcome?view=sc-om-2019

itai248 · ‎Nov 11 2019

@Dave Patrick Hi maybe I wasn't specific, what I meant was that we want to audit the service state using windows event log.

For an example if host A had his service state changed from running to stopped then it will generate an event id 7035/7036 on the windows event log on the Windows Server.

Dave Patrick · ‎Nov 11 2019

@itai248 wrote:

we want to audit the service state using windows event log.

You can follow along here to build a custom event log filter.

https://techcommunity.microsoft.com/t5/Ask-the-Directory-Services-Team/Advanced-XML-filtering-in-the...

Windows Server services auditing

Windows Server services auditing

Re: Windows Server services auditing

Re: Windows Server services auditing

Re: Windows Server services auditing

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Windows Server services auditing