Greyware Automation Products, Inc.
Greyware Automation Products, Inc.   
     Home    Products    Store    Downloads    Customer Service    Site Search    
Log in  or   Create an account now -- FREE!        
Systemchangelog > 2x > Older Version Documentation


THIS PAGE REFERS TO AN OLDER VERSION OF SYSTEM CHANGE LOG.
CLICK HERE FOR INFORMATION ON THE CURRENT VERSION.

Note: Evaluation downloads are provided for the current version of the software only. Please contact techsupport@greyware.com if you need an evaluation copy of version 2.4 for use on NT or Windows 2000. Registered executables of version 2.4 and the Alpha builds are included for download when licenses for the current version are purchased.

Requirements
    Version 2.4: NT 3.51, Windows NT4/2K/XP/2003. Not supported on Win95/98/ME (Win9x). Internet Explorer 3 or higher must be installed (for common controls that come with MSIE). Service Pack 6a recommended for NT4.

Changelog

Setup & Installation
    Installation
    System Change Log runs as a system service. You must be logged on using an account with administrative privileges to install or remove the service. After you download the zip file, unzip the contents to a temporary directory on your machine (or a shared network directory), then double-click setup.exe and click the Install button.

    If System Change Log is already installed, the Install button will not be present. Instead, setup will present an Upgrade button. If older versions of any of the distribution files already exist on your machine, the program will upgrade them automatically when you select Upgrade. In some cases, it may be necessary for you to reboot your machine to complete installation or an upgrade. If so, you will be prompted to restart.

    System Change Log installs to the system directory (usually C:\Windows\system32 or C:\WINNT\system32).

    Removal
    Run setup.exe again, and click the Remove button on the setup dialog. You may also run scl.exe /remove from the system directory. The Remove button will only be enabled if setup determines that the service is already installed.

    Upgrading
    To upgrade to a new version, download and unzip the new version to a temporary directory. Double-click the new setup.exe and click the Upgrade button. The Upgrade button will only be visible if setup determines that an older version of the service is already installed. Otherwise, only the Install and Remove buttons will be shown.

    Command-line Options
    Although not generally needed, you may specify the following command-line options when running setup.exe or scl.exe. You may use a dash or a forward slash before the option. Slashes are shown below for clarity. Options may also be specified by just the first letter.

    • scl.exe /version or setup.exe /version -- displays the program's version and copyright information.
    • setup.exe /install -- forces installation.
    • scl.exe /remove or setup.exe /remove-- forces removal.
    • scl.exe /foreground -- (only if supported) runs the program in the foreground.
    • setup.exe /upgrade -- upgrade to newer version without removing and reinstalling.

    To assist with automated installations, the program also supports the /quiet command-line switch. You may use the /quiet switch in conjunction with /remove, /install, or /upgrade. When the /quiet switch is specified, the program only displays dialog boxes if errors are encountered; otherwise, the program performs the requested function and exits immediately. This feature makes it easy to handle installations or upgrades network-wide with a simple batch file.

    Administrative Options and Remote Installation

    • Remote Install or Removal
      The setup program, setup.exe allows you to specify parameters on the command line for remote installation or removal:

          setup [ -install | -remove | -upgrade ] [ -quiet ] [\\targetmachine]
              

      Examples

      • setup -upgrade \\fred would install the service (upgrading if necessary) onto the machine named \\fred
      • setup -remove \\barney would remove the service from the machine \\barney
      • setup -install -quiet would install the service onto the local machine without any prompts
      • setup -remove -quiet would remove the service from the local machine without any prompts

      Note: For remote installation or removal to work (i.e., specifing a target machine name as in the above two examples using \\fred and \\barney), both the machine you are working on and the target machine must be logged on under an account that has administrative privileges on the target machine.

Notes
    The Control Panel applet (scl.cpl) lets you configure SCL's options:

    SCL Control Panel Applet
    The System Change Log Control Panel Applet

    Monitored Paths

      By default, System Change Log will list all of your hard drives. Subdirectories are always included, so an entry of C:\ means your entire C: drive.

      Important: You should only monitor the drives and paths where you need the information. Monitoring all activities on all drives can slow down your system and fill up your log files. Adjust the entries in this box to match your monitoring requirements.

      Click the Add button to add a specific path or drive to the list of monitored paths. Click the Remove button to remove the highlighted path or drive.

      Click the File Selections button to bring up the Includes and Excludes dialog box:

        SCL Control Panel Applet
        The Includes and Excludes dialog

        Included Files

          Use this function if you want to tell System Change Log to monitor files by the file type (extension) instead of the default of monitoring all files in the monitored path(s).

        Excluded Paths and Files

          List paths or files, one per line, that you want System Change Log to ignore. You may use wildcards (asterisks and question marks) as well as system variables (example, %systemroot% or %windir%).

          Unlike DOS wildcards, you may use more than one wildcard per specification. Click the Help button for syntax examples.

    Tracking Options

      If checked, System Change log will record a log entry for the following events:

      Track File Creations:
      Track File Deletions:
      Track File Changes:
      Track File Renames:
      Track NTFS Streams:
      Track File Security Changes:

      Track User Information:
      Click this button to bring up the User Tracking dialog:

        User Tracking Dialog Box
        The User Tracking screen

        Due to the way Windows handles file activity internally, System Change Log can only report the name of a user account that makes a change if the success reporting function of Windows Files/Folders security auditing is enabled for the monitored path(s).

        The process of enabling local security auditing is slightly different for each operating system version. See these articles from the Microsoft Knowledgebase:

        For example, if you want to know the names of people making changes in a folder named C:\Accounting Data on a Windows XP system, follow the instructions from Microsoft for enabling overall auditing in the Microsoft knowledgebase articles mentioned above. In Windows 2K and XP, you first enable overall Object sucess editing using the Local Security Policy MMC snap-in found in Adminstrative Tools.

        Security Auditing in XP
        Enabling overall auditing in Windows XP

        Then, using Explorer (or My Computer), right-click on the C:\Accounting Data folder to bring up its Properties and enable the specific events you want to audit. Your settings screen would look similar to this (check the boxes for only the types of activity you need):

        Security Auditing in XP
        Setting audit security in Windows XP

        System Change Log only cares about success events (successful changes to the files), because it only monitors changes, and an unsuccessful attempt does not result in a change.

        Important note: You should only enable auditing for the folders where you need the audit information, and you should only check the boxes for the kinds of information you really need. Auditing can slow down your system if it is used excessively, and can fill your event viewer logs with hundreds of records per second on a busy machine. There's no point in recording information you will never need.

    Logging Options

    • Write to Event Viewer:
      If checked, System Change Log will direct log entries to the Event Viewer log.
    • Write to Log File:
      If checked, System Change Log will direct log entries to the scl.log file in the %systemroot%\system32 directory (i.e. C:\winnt\system32\scl.log). The default file location can be changed by editing the Registry. See Knowledgebase Article KB2002.329 for details.
    • Max Log Size:
      The maximum desired size of the scl.log file on disk. If this is set to zero, the log file size is limited only by available free space on your disk. Any other number specifies the size, in kilobytes, for the log file. The log file is checked once each hour. If it exceeds the maximum specified size, the log is trimmed by removing entries from the beginning of the file until it is smaller than the maximum specified size.
    • View Log
      Clicking this button will bring up the built-in System Change Log viewer, which lets you view log entries in real time.

SCL Logs
Sample from the System Change Log viewer

My Account  |   Contact Us  |   Privacy Policy  |   Printer-Friendly Version
 
Copyright © 1995-2023 Greyware Automation Products, Inc.  All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.