Windows Server services auditing

%3CLINGO-SUB%20id%3D%22lingo-sub-998312%22%20slang%3D%22en-US%22%3EWindows%20Server%20services%20auditing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-998312%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20was%20wondering%20if%20it's%20possible%20to%20audit%20domain%20joined%20hosts%20for%20changes%20in%20services%20status%2C%20like%20when%20a%20service%20has%20stopped%20or%20if%20startup%20type%20has%20changed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-998312%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EManagement%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-998383%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Server%20services%20auditing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-998383%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3EYou'll%20find%20many%20here%20you%20can%20modify%20to%20suit%20your%20needs.%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2Fscriptcenter%2FMonitor-Report-5d1998d4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%20color%3D%22%23002000%22%3Ehttps%3A%2F%2Fgallery.technet.microsoft.com%2Fscriptcenter%2FMonitor-Report-5d1998d4%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3Eor%20request%20a%20script%20to%20be%20written%20here.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%3CA%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%230044cc%3B%20cursor%3A%20pointer%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20text-decoration%3A%20none%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2Fscriptcenter%2Fsite%2Frequests%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgallery.technet.microsoft.com%2Fscriptcenter%2Fsite%2Frequests%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3Eor%20ask%20for%20help%20writing%20a%20script%20over%20here.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%3CA%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%230044cc%3B%20cursor%3A%20pointer%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20text-decoration%3A%20none%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%20href%3D%22https%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fscriptcenter%2Fen-US%2Fhome%3Fforum%3DITCG%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fscriptcenter%2Fen-US%2Fhome%3Fforum%3DITCG%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fwindows%2Fen-US%2Fhome%3Fforum%3Dwinserverpowershell%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%20color%3D%22%23002000%22%3Ehttps%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fwindows%2Fen-US%2Fhome%3Fforum%3Dwinserverpowershell%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%20color%3D%22%23002000%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%20color%3D%22%23002000%22%3E%26nbsp%3Bor%20also%20take%20a%20look%20at%20SCOM%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsystem-center%2Fscom%2Fwelcome%3Fview%3Dsc-om-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%20color%3D%22%23002000%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsystem-center%2Fscom%2Fwelcome%3Fview%3Dsc-om-2019%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20color%3A%20%232a2a2a%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%20inherit%3B%20list-style-type%3A%20none%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20vertical-align%3A%20baseline%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20padding%3A%200px%3B%20margin%3A%200px%200px%201em%200px%3B%20border%3A%20medium%20none%20currentColor%3B%22%3E%3CSPAN%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20font-family%3A%20inherit%3B%20font-size%3A%20inherit%3B%20font-size-adjust%3A%20none%3B%20font-stretch%3A%20inherit%3B%20font-style%3A%20inherit%3B%20font-variant%3A%20inherit%3B%20font-weight%3A%20inherit%3B%20line-height%3A%20inherit%3B%20vertical-align%3A%20baseline%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%20border%3A%200px%20none%20currentColor%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-999276%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Server%20services%20auditing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-999276%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51719%22%20target%3D%22_blank%22%3E%40Dave%20Patrick%3C%2FA%3E%26nbsp%3BHi%20maybe%20I%20wasn't%20specific%2C%20what%20I%20meant%20was%20that%20we%20want%20to%20audit%20the%20service%20state%20using%20windows%20event%20log.%3C%2FP%3E%3CP%3EFor%20an%20example%20if%20host%20A%20had%20his%20service%20state%20changed%20from%20running%20to%20stopped%20then%20it%20will%20generate%20an%20event%20id%207035%2F7036%20on%20the%26nbsp%3Bwindows%20event%20log%20on%20the%20Windows%20Server.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1000511%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Server%20services%20auditing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1000511%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F425157%22%20target%3D%22_blank%22%3E%40itai248%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3E%3CP%3E%26nbsp%3Bwe%20want%20to%20audit%20the%20service%20state%20using%20windows%20event%20log.%3C%2FP%3E%0A%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%0A%3CP%3EYou%20can%20follow%20along%20here%20to%20build%20a%20custom%20event%20log%20filter.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAsk-the-Directory-Services-Team%2FAdvanced-XML-filtering-in-the-Windows-Event-Viewer%2Fba-p%2F399761%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAsk-the-Directory-Services-Team%2FAdvanced-XML-filtering-in-the-Windows-Event-Viewer%2Fba-p%2F399761%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

I was wondering if it's possible to audit domain joined hosts for changes in services status, like when a service has stopped or if startup type has changed.

 

Thanks,

 

 

3 Replies
Highlighted
Highlighted

@Dave Patrick Hi maybe I wasn't specific, what I meant was that we want to audit the service state using windows event log.

For an example if host A had his service state changed from running to stopped then it will generate an event id 7035/7036 on the windows event log on the Windows Server.

Highlighted

 


@itai248 wrote:

 we want to audit the service state using windows event log.


You can follow along here to build a custom event log filter.

https://techcommunity.microsoft.com/t5/Ask-the-Directory-Services-Team/Advanced-XML-filtering-in-the...