What You Must Know About IIS Configuration Auditing
This article will discuss about the latest functionality of configuration auditing in tracing alterations made to IIS configuration stores.
What’s Configuration Auditing?
This IIS auditing configuration is identified as the feature which would enable you to check the alterations which are made to IIS configuration stores. It produces event messages. It will show the configuration component that was altered, the user who’ve commenced the alteration, as well as the first and latest value of component.
IIS Configuration – Why it Needs to be Activated over Your Server?
In some instances, the administrator desires to check the alterations made to IIS configuration stores. A typical circumstance is when anyone had incidentally altered a few settings over the server that could influence the website, otherwise there may be a few scripts that run within the background that changed some properties and influence the behavior of the site. Therefore, you desire to find out the alterations made to configuration of IIS, and the procedure as well as the user who’ve initiated that alteration.
How to Activate IIS Configuration Auditing?
IIS auditing configuration is the features that’s available with the 7.5 version of IIS that’s shipped with the Windows Server 2008 R2.
To activate configuration auditing, below are the steps to follow:
? First, Event Viewer must be opened.
? Expand “Application and the Service Logs”
? Expand the “Microsoft”, then expand the “Windows”.
? Expand the “IIS Configuration”, then right click “Operational”, and then select “Enable Log”
There are some essential things that may be helpful in this case. First and foremost is Process ID, it would provide you with PID of process that was altering the entry. With this, you could search for the names of process through looking at task manager.
You could also notice what alterations were made, details with regards to configuration from which the alterations were made, the first value of configuration component, as well as the latest value.
Key Pointers to Keep in Mind
If someone utilizes the appcmd for modifying IIS configuration, you’ll see configuration auditing for the alike, however, the PID will not be an applicable one. That’s due to appcmd procedure is in fact finished, therefore, you will not find it within the processes list of task manager. However, you’ll still view the user details that’ve commenced the alteration.
Manual alterations to configuration store aren’t audited. For instance, if you utilize MWA or appcmd, it’s captured, however, if an individual alters a value, that will not be recorded within audit logs.
Read more details about configure iis and iis performance counters.