Change detection software

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I'm not sure this exists, and at the moment its purely a mental exercise whilst taking a break in ITIL revision, but is there software available that can detect specific changes anywhere on a computer when you say change a tick box??

While that reads OK in my head, I'm sure it makes no sense, so I'll give an example:

I need to untick/tick the selection on the "Mouse applet > Buttons tab > Turn on ClickLock" (random choice) on a number of computers - whilst I can visit each workstation I want to implement it via a script remotely.

I'm assuming this changes something in the registry, perhaps does something to a file (makes an amendment) - is there a piece of software that will take a snapshot before the change, another after the change and then display the difference - ie, what was actually changed.

If my example can be done as a group policy (and I have no idea whether it can or cannot be done as I haven't dealt with GPs yet!), then use your imagination for another crazy example!

I just thought it may be useful in some circumstances.
Anyone???

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

All the settings are held in the registry somewhere. You can use InCtrl5 to find the exact reg keys easily, then use Administrative Templates to push the settings out in a GPO.

 

Two things spring to mind. For a 'quick & dirty' evaluation, you could try using WinDiff to make comparisons before and after, or, if you need something more robust (and, unfortunately, infinitely more expensive) you could investgiate Tripwire. The latter is used extensivley in environments that require very tight audit controls (financial environments etc)

 

I have tried using Windiff to compare a before and after export of the registry in .reg files. It didn't work. You try and expand the file contents and just get a load on nonsense

 

Have you tried using Process Monitor from the Windows SysInternals Suite?

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

 

Hi fellas - thanks for the tips, now I've passed the exam I can now look at this in more depth (at some time!!)

I haven't used any software yet zcapr17, as I said it was purely a mental exercise - but want to read/play with the SysInternals Suite anyway so will specifically check it out.

 

...not to be confused with Tripwire45, although he's pretty robust himself.