As System Center Advisor is in Preview there are a lot of changes. One such change is new Intelligence Pack – Change Tracking.
The name explains it clearly – it track changes. On the main tile you will see the number of Software and Windows Services happening every day. Currently Change Tracking Intelligence Pack has those two features: tracking software changes and tracking Windows Services changes. In the Advisor User Voice site there are more suggestion for features for this Intelligence Pack and I am sure that the Advisor team will add more with time. Let’s click on the tile and dive deeper:
We have the familiar interface of graphics and statistics in Advisor. If we look at the Software Changes I can quickly see that I have three software changes. Let’s click on every one of them and see the results:
Of course the result is depicted from a query. I’ve found that this management pack is being modified all the time so I guess the way the MP is built.
Let’s moved to the next one:
You can see that the software Microsoft Azure Site Recovery Provider (x64) has been modified on my vmm server. You may ask what modified means? As I was playing with that software I’ve removed and installed the software again. So instead of having two separate events for this Advisor is giving one single event. If you ask me that is the right way as if you have two events you may miss one of them for example and think that the software was completely removed. I guess if there is a bigger interval between the removal and the installation than we will have separate events may be.
And the third result:
Here you can see that I’ve installed a management pack in my SCOM server.
For getting Services changes I will go directly with a query:
Type=ConfigurationChange ConfigChangeType:WindowsServices SvcName!=AeLookupSvc SvcName!=BITS SvcName!=wuauserv SvcName!=WinHttpAutoProxySvc SvcName!=wmiApSrv SvcName!=TrustedInstaller SvcName!=sppsvc SvcName!=RemoteRegistry SvcName!=CcmExec SvcName!=ccmsetup SvcName!=msiserver SvcName!=WPDBusEnum SvcName!=AppXSvc SvcName!=defragsvc SvcName!=ddpsvc SvcName!=smphost SvcName!=WerSvc SvcName!=ScDeviceEnum SvcName!=WdiSystemHost
With such query for example I want to see all services changes but excluding certain services in the result:
With similar query you can search for example on service changes on specific server/s or service changes for specific service/s.
I hope this gives you some view of this new Intelligence pack. I really like this Intelligence Pack it is my second favorite after Log Management.
One thing that I saw was missing that on Software changes you cannot see the user who made the change but I guess that can be added later easy.