A user asked for a way to monitor a registry key or value on a VDA and trigger an action (script) to run if the value changes or is null. Another member suggested using ETW to track registry changes or creating a scheduled task that runs every X seconds to check the key with PowerShell. Real-time monitoring is desired in order to prevent necessary audit trails from being lost.
Read the entire ‘Real-time Monitoring for Registry Changes on ControlUp VDAs’ thread below:
Hi all! Is there a way to monitor a registry key or value on a VDA and trigger an action (script) to run if the value changes or is null? WE use MSMQ for application auditing on our VDA’s and the QMID value frequently nulls out of is deleted entirely and auditing stops. We’d like to be proactive about it so we don’t lose necessary audit trails.
I don’t think out of the box. Probably would require some custom work and creativity
How real time does it have to be?
as near as possible. anything is better than what we have now, where we rely on users to call the help desk when they see the pop up error message.
Im not sure yet if there is anything logged in the event logs. Still researching the deets.
@member thoughts? You probably know what I’m thinking
Well I think you could also use ETW to track registry changes so you could base a script on that. Other way would be a scheduled task that runs ever X seconds and checks that specific key with PowerShell
Event Tracing for Windows
Continue reading and comment on the thread ‘Real-time Monitoring for Registry Changes on ControlUp VDAs’. Not a member? Join Here!
Categories: All Archives, ControlUp Scripts & Triggers