A Tool For Keeping Track Of System Changes

[Noel CarboniAskWoody_MVP]

Have you ever gotten to a point where you discover something about your system and wonder when it happened? Something like, when was a particular update installed? Or when did a particular background task start being run? Or did Microsoft change a scheduled job after an update?

For this I run a batch script I wrote called LogSystemInfo every night. I do this on all my systems (Windows 7, 8.1, 10). It creates a log file named for the current date and time and runs several commands to dump out a bunch of important info:

• A list of running processes.
• A list of running services.
• A list of DLL modules loaded by processes.
• A list of all scheduled tasks.
• A list of the states of all the services.
• A list of installed updates.
• A list of boot configuration options.

Voila, if I want to know when something changed or whether all’s the same as before, I just compare log files from different days (I prefer a really nice tool called Beyond Compare for this). The log files are a few hundred kb so they can just accumulate forever. I’ve been running it in various forms since 2010 and have accumulated 2594 log files so far. 🙂

I thought I would share this script with you, along with several GnuWin32 toolkit programs (gsort, sed, grep) it uses to gather and format info, and finally one of my own executables that formats the date and time (ShowTime). I assure you they’re all clean, safe, and legal to redistribute, but I encourage you to scan them with your AV to be sure. Or just look at the commands I run in the .bat file to see how to get a lot of good info.

http://Noel.ProDigitalSoftware.com/files/LogSystemInfo.zip

Unzip all these files into a single folder from which you want to run the script, start an elevated CMD window, CD into that folder, and run LogSystemInfo.bat. It will create a log file with a name like the following in a Log subfolder of your user area, for example:

C:\Users\NoelC\Log\SystemInfo_2017_03_05_01_50_00.log

If you want to schedule this in the Task Scheduler, set up a job that starts at a time when you know your computer will be on, run it from the folder containing the files, and remember to set the [ ] Run with Highest Privileges option, as shown here:

Please let me know if you have any problems. I think I’ve included everything it needs to run.

-Noel

Attachments:

You must be logged in to view attached files.

8 users thanked author for this post.

alQamar,

HiFlyer,

abbodi86,

AlexEiffel,

GoneToPlaid,

ch100,

Elly,

PhotM

[anonymous]

Thank you for sharing this :).

I tried v2.0 on a Windows 7 x64 computer. I got this output:

No which in (.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\)

ERROR:  Not all the tools needed could be found either in the folder with the script or in the path.  Unable to continue.

The included files were in the same folder as LogSystemInfo.bat.

[Noel CarboniAskWoody_MVP]

Sorry, I missed your message before.

Did you run the script from within the same folder into which everything was extracted (i.e., make that folder the default folder)?

-Noel

[anonymous]

All of your files, including the script file, were in the same folder when I executed the script.

[NightOwlAskWoody Lounger]

Hey Noel

anonymous wrote:

I tried v2.0 on a Windows 7 x64 computer. I got this output:

No which in (.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\)

ERROR: Not all the tools needed could be found either in the folder with the script or in the path. Unable to continue.

The included files were in the same folder as LogSystemInfo.bat.

I tested your *.bat* file with your downloaded programs–got the same error message as reported by Anon above.

Opened an elevated DOS prompt in the directory where the files were unzipped to, ran the .bat file, here’s the output:

Directory of G:\Utilities\Noel Carboni\LogSystemInfo\LogSystemInfo

03/08/2017 07:41 AM <DIR> .
03/08/2017 07:41 AM <DIR> ..
03/06/2017 01:13 AM 7,197 LogSystemInfo.bat
02/13/2009 03:19 AM 96,256 grep.exe
04/20/2005 01:41 PM 96,256 gsort.exe
10/15/2014 03:50 PM 2,307,978 libeay32.dll
02/06/2016 12:38 PM 1,008,128 libiconv2.dll
02/06/2016 12:38 PM 103,424 libintl3.dll
10/15/2014 03:50 PM 485,987 libssl32.dll
02/06/2016 12:38 PM 140,288 pcre3.dll
02/06/2016 12:38 PM 79,360 regex2.dll
12/27/2010 12:10 PM 77,824 sed.exe
10/04/2000 10:13 AM 36,864 SHOWTIME.EXE
03/14/2017 03:49 PM 1,424 ErrorMessageWhenRun.txt
12 File(s) 4,440,986 bytes
2 Dir(s) 33,607,614,464 bytes free

G:\Utilities\Noel Carboni\LogSystemInfo\LogSystemInfo>logsysteminfo.bat

No which in (.;C:\Program Files\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C
:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program F
iles\ATI Technologies\ATI.ACE\Core-Static)

ERROR: Not all the tools needed could be found either in the folder with the sc
ript or in the path. Unable to continue.

G:\Utilities\Noel Carboni\LogSystemInfo\LogSystemInfo>

On my system, Win7 (32 bit):

• C:\Program Files\AMD APP\bin\x86 (this directory does exist on my system)
• C:\Windows\ (this directory does exist on my system)
• C:\Windows\system32 (this directory does exist on my system)
• C:\Windows\System32\Wbem (this directory does exist on my system)
• C:\Windows\System32\WindowsPowerShell\v1.0\ (this directory does not exist on my system)
• C:\Program Files\ATI Technologies\ATI.ACE\Core-Static (this directory does exist on my system)

NightOwl

No question is stupid ... but, possibly the answers are 😉 !

1 user thanked author for this post.

Elly

[Noel CarboniAskWoody_MVP]

Doggone it, I had forgotten to include which.exe in the .zip file. I’m sorry about that!

I’ve just added it to the .zip. Please re-download the file from the link in the original post.

-Noel

1 user thanked author for this post.

Elly

[anonymous]

This one works fine. Thank you :).

This tool covers some areas that are not covered by the other two free programs that I use: Autoruns, and What’s Running.

1 user thanked author for this post.

Noel Carboni

[Noel CarboniAskWoody_MVP]

You’re welcome, and thanks for reporting back. It’s particularly difficult for me to test since I have all of the GnuWin32 tools in my path.

-Noel

1 user thanked author for this post.

Elly

[GoneToPlaidAskWoody Plus]

I just tried it out. Slick! It took all of maybe 15 seconds to run. Could you tweak the batch file to add two switches — one for verbose output and another switch to automatically launch the saved text file?

[Noel CarboniAskWoody_MVP]

Thanks for the feedback.

What additional output would you like to see with a “Verbose” option?

And I’m not quite sure what you mean by “launch the saved text file”?

-Noel

[EllyAskWoody MVP]

Hello Noel,

Thank you for this… its been on my computer since you posted with the .exe added… and gives me reassurance as to changes/stability.

Being non-techy, but more techy than friends or family, and thus the person they turn to… I thought that this would be great on their machines. Not for them, but for me… so I can see changes since that particular computer was last in my hands. They tend not to even remember what they’ve done, and I’m thinking that it would be easier to problem solve if I knew what had changed, rather than trying to guess what a problem might be from.

On my own computer, I keep an on-going, hand typed record of changes I make (updates, programs, apps added or deleted). This lets me make sense of what I see in the logs generated by by LogSystemInfo… and I’ve been learning from it. Between that, and firewall info, I have a whole different view of what my computer is doing.

Question for you is… could I set this up so I don’t have to search for where the log files are being saved to… specifically, how would I designate where the log files are saved at? Is it possible?

Win 7 Home, 64 bit, Group B

[anonymous]

Hi Elly,

Sorry for the delay in responding.

LogSystemInfo puts its logs, named by date, in a Log subdirectory of your USERPROFILE directory. For example, on your system it may be:

C:\Users\Elly\Log

The files are named: SystemInfo + the date and time the script was run + .log

Please let me know if you’re not seeing the files put in the above directory.

The script would have to be changed to put them in a different folder. That’s doable, but (presuming there’s not a problem with the current logic) would just knowing the folder is the one I named above be good enough?

-Noel

[EllyAskWoody MVP]

The files are absolutely there, not missing, and on my own computer this isn’t a problem for me…

I was just hoping, since all the computers I help friends and family with are all different, with a variety of user names, to standardize what I do by creating one folder where I have everything I need in one place. It would be for my convenience, and not really necessary for anything else. Well, I’ve reached a time where routine and finding things in the same place are important, and I’m trying to implement that regarding computing…

Example: friends show up, with three laptops… for an updating social event (not something anyone techy would be doing)… We are socially chatting, and not entirely focused on computers… Rather than have to rethink where to find this or that, I wanted to create one desktop folder on each computer where I can open it and have the info and other stuff available, while we pass the various laptops back and forth…

Problems encountered in trying to teach others so they aren’t dependent on me:
– the window gets closed before the laptop comes back to me, but I still need it for the next step.
– my shaky fingers close things and I have to find and open them again, sometimes repeatedly.
– I have to remember/look for the user of each computer in order to remember the path… and I can look straight at someone I’ve known since birth and not remember their name in that instant… and that isn’t to say that their name corresponds to the actual user name…
– they don’t use Everything Search, and don’t want to… and I try not to install things they don’t want, but Windows Search isn’t as clear cut in finding the user/log folder, so I have to remember the actual path and navigate to it…
– and I’m socializing, too, and focusing on task can be difficult…

I can get through all of that… but it just takes extra time and energy. I just thought it would be nice to open the desktop folder, in the same place in each computer, and find the same things (ex- folder for logs), and work from there. Maybe its wishful thinking on my part… but to know what to do to point it once, and then finding it there every time would save hassle on my part.

I’d like to find them in Elly Helps (an administrative account desktop folder), in a “Log” sub folder… that way I don’t have to think about what user this is… just the task I’m trying to complete… ?

Win 7 Home, 64 bit, Group B

[PKCanoDa Boss]

You could make a shortcut to each of the folders on the desktop, You can name shortcuts whatever you want, so you could name them “Johns Log” and “Janes Log” for example.

Right click, send to desktop as shortcut.

1 user thanked author for this post.

Elly

[EllyAskWoody MVP]

And that would be a do once fix… yes!

Thank you!

Didn’t even think of making a shortcut!!!

Happy now… 🙂

Win 7 Home, 64 bit, Group B

[Paul TAskWoody MVP]

RG has a PowerShell version he has kindly shared, but it doesn’t quite do logs the same way.
https://forums.windowssecrets.com/showthread.php/179727-Introducing-CMsLocalPCInfo?p=1081841&viewfull=1#post1081841

cheers, Paul

1 user thanked author for this post.

Elly

[EllyAskWoody MVP]

Its been really nice to have links to the Windows Secret resources… thank you @PaulT.

Already using/familiar with Noel’s, so going to continue with it… 🙂

Win 7 Home, 64 bit, Group B

[Author]

Posts