Registry watch cannot detect changes [Create, Delete, or Modify] when monitoring: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
Creating registry watch from Windows_Tempalte_Policy to monitor the "CurrentControlSet" does not detect registry changes.
Create registry watch to monitor changes under the tree: \HKEY_LOCAL_MACHINE\System\ControlSet*\*
NOTE: The “CurrentControlSet” is considered a link in the registry rather than a key. It points to one of the ControlSetnnn keys depending on which is being used by the system. The majority of systems may point to ControlSet001, however, it could point to 002, 003, etc. So by using “ControlSet*” instead of “CurrentControlSet”, you get all the possible places CurrentControlSet could be pointing at.
Windows 2008 R2 Server
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.