Alert for registry changes

(imported topic written by vgbond91)

how can we generate alrets for any registry changes in some particular servers .

(imported comment written by BenKus)

Hi vgbond,

You can create a Fixlet to make sure specific registry keys/values are in place and if a deviation is detected, the Fixlet will become relevant. If you want, you can then create a report and an alert based off of this Fixlet.

Ben

(imported comment written by jessewk)

Another option would be to use one of many 3rd party tools for monitoring changes to the registry. Essentially you’d write an action to run the tool and take an initial snapshot, and then another action to periodically run the tool to detect any changes vs. the snap shot, writing the output to a text file. Then you could set up a property that monitors the text file and create a web report that tracks the property. Last, you would create a scheduled report in web reports that would email you anytime the property report changes.

-Jesse

(imported comment written by vgbond91)

Thanks Ben/Jesse

i am afraid they may not apt of 3rd party software, can you kindly elobrate on Fixlet method

thanks and regards

Vgbond

(imported comment written by BenKus)

Hi vgbond,

I will use a simple example:

Imagine that you wanted to make sure that a specific string value in the BigFix registry key was set to “1” because if it was set to 0, it would be a problem. To check for this situation, I can make a Fixlet that would let me identify computers that had the registry value not set to “1”.

To do this:

  1. In the BES Console, go to Tools > New Custom Fixlet.

  2. Using the relevance tab, add:

(exists value “test” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix” of registry) AND (value “test” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix” of registry != “1”)

  1. Add a description and click OK.

Now any computers that had this registry value not set to “1” would be applicable for this Fixlet… and if I wanted to, I could add an ability to reset the value to “1” in a simple action.

Does that answer your question,

Ben

(imported comment written by vgbond91)

I am afraid that will only look for specific value changes , I am looking for any kind of registry change happening in the system not any specific value change, can we achieve this using BigFix alone.

(imported comment written by jessewk)

To monitor the entire registry you will want to use a 3rd party tool that is designed specifically to track registry changes as I outlined above.

(imported comment written by Vibhash91)

Will it be possible to create a single Fixlet for monitoring the change in registry at higher level (HKLM/Software/)i.e for complete hierarchy in HKLM/Software/? Whenever there is change in HKLM/Software/* registry parameter then the corresponding fixlet will become relevant. If yes then let me know how to create a fixlet for the same.