Share via


PowerShell script to enable IIS Configuration Auditing

We need to use Event Viewer to enable Configuration Auditing using below steps for IIS 7/7.5:

1) Open Event Viewer, go to Applications and Services log

2) Expand Microsoft, Windows and IIS-Configuration.

3) Select Appropriate Log type based on your requirement like Administrative or Operational and Click on "Enable Log'.

4) By doing this, we can log the changes made to IIS configuration.

5) It wil be difficult to enable auditing by following above steps on multiple servers.

6) To automate it, I wrote below PowerShell script using Windows built-in utility Wevtutil.exe. Since, PowerShell don't have built-in cmdlet to enable/disable IIS-Configuration log.

 # Enabling Configuration Auditing on IIS 7/7.5 using Window's wevtutil.exe

write-host "Enabling Configuration Auditing at Microsoft-IIS-Configuration/Operational"

$si = new-object System.Diagnostics.ProcessStartInfo
$si.fileName = "C:\Windows\System32\wevtutil.exe"
$si.Arguments= ' sl Microsoft-IIS-Configuration/Operational /e:true'
$si.windowStyle = [System.Diagnostics.ProcessWindowStyle]::Hidden

$process = [System.Diagnostics.Process]::Start($si)

write-host "Enabled Configuration Auditing"

In the above script, I am calling Wevtutil.exe with log name as Microsoft-IIS-Configuration/Operational and enable as true.

 For more information on Wevtutil.exe, Refer https://technet.microsoft.com/en-us/library/cc732848(WS.10).aspx