Hi All,
We use a custom property for logically grouping together servers for patching and have a fixlet available for anyone in the team to use which sets this property to the desired value. Every cycle we seem to have issues where this property is getting changed on some servers and as our action history tends to get cleared up pretty quick we are rarely able to determine who made the change or why.
What would be the best/most secure way of logging the details of who is running this fixlet? Only really interested when an existing value is changed rather than when it is initially being set. I did think of using a log file stored on the endpoint, however that could be deleted or manually altered. Essentially looking for date/time stamp, server name, username, existing value, new value.
You could use the actionhistorydb: Actual action start and end time - #9 by leewei
Alteratively you could just change the Fixlet you use to modify this so that the Fixlet tracks changes. In other words, have the Fixlet write its own history.
Lets say the Fixlet currently makes a registry key under
HKLM\Software\MyCompany\MyProperty called Value
You could have the Fixlet also create a key called
HKLM\Software\MyCompany\MyProperty\History and then under that you could make a key named after the action ID and then it could make several values under that key called, Issuer, Date, Value
1 Like
Sorry for the tardy reply. Think I will end up altering the fixlet to track changes via a text file or similar. Isn’t 100% as there is nothing stopping someone from creating their own fixlet to modify this property without the logging.
Nothing would stop an administrator from making the change through an unapproved mechanism.
This is part of the challenge were you trust the client to store this data!
