We are currently looking for a method of verifying what changes have been made over a period of time to our IIS 8.5 sites.
We have reviewed the IIS auditing event log which can be useful for tracking down the exact point in time and who made a change. But we were hoping to find something that could be setup to run on a weekly basis which outlined any changes to IIS configuration since the last time comparison.
Does anyone have any suggestions?
Thanks
Neil
IIS comes with a builtin configuration change history, it stores the last x global configuration files. By default the last 10 are in %SystemDrive%\inetpub\history, you can increase the number of changed stored:
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/configHistory" -name "maxHistories" -value 50
or if you don't use PowerShell, old-school:
appcmd.exe set config -section:system.applicationHost/configHistory /maxHistories:"50" /commit
You could copy these config backups to a more permanent location for later examination.
You can use a diff-tool to view the differences or even better check all files into a source-control system like git to have a complete history of the changes in one place.
Doing this gives you all the changes but doesn't tell you who did them. So a potential script could look up the event in the event log (using the change time) and then record the user account in the commit message for the source control system.
