How can I monitor changes to IIS when neither FileSystemWatcher nor IIS-Configuration event log will report on System32 changes?

iis

We have to monitor changes to IIS 8.5 on 2012 R2

The FileSystemWatcher Windows service I wrote works on anything except System32 subdirectories,
 despite System having permissions on the inetsrv\config folder (cannot get Read permission on anything higher), and
 The OOTB IIS-Configuration event log won't report manual changes to inetsrv\config\applicationHost.config 
      (e.g. via Notepad++).

Doesn't make a difference where the FSW Windows service is installed. And IIS takes applicationHost.config changes immediately, without restart.

The business case is that Security said so. Any ideas?


You can Monitor IIS Configuration Changes using SAM via event logs by ensuring that you enable the EVENT LOGS first for IIS Configuration changes:

Enable the IIS configuration change to be written on Event Logs

  1. Go to Start > Event Viewer.

  2. Expand Applications and Services Logs > Microsoft > Windows > IIS-Configuration > Operational > Enable Log.

  3. Close Event Viewer to Finish.

Then you may now IMPORT the attached SAM Templates and create a component monitor alert so you will know which IIS Configuration has been changed.

How to Monitor IIS Configuration change using Event Logs in SAM.

Related

Stop Parallel.ForEachAsync
Panic recover in Go v.s. try catch in other languages
fix to get smooth scrolling in emacs?
SPRINTF in shell scripting?
Using the mitt-library in Vue with Webpack hot-reload causes problems?
Objective-C (cocoa) equivalent to python's endswith/beginswith
What does `:location => ...` and `head :ok` mean in the 'respond_to' format statement?
Why elements defined in a namespace cannot be explicitly declared?
Why are helper methods not working in view specs?
Does Git flow deletes branch on remote server?
How to use/create unique_lock in c++?
Adobe PDF to PPT API