Windows Service Auditor: audit and track services on Windows
Windows Service Auditor is a free portable program for Microsoft Windows devices to track and audit services on the machine it is run on.
The application offers assistance to system administrators who need to figure out why services started, stopped, or were updated or deleted on Windows devices. It can also be used to check system events, e.g. to analyze other events associated with specific services on the system; this makes it a good tool to check for errors in the logs without having to use the Windows Event Viewer or other event log tools.
The list of services is loaded when you run the program. Services are listed in alphabetical order and information such as the name and description, current status (running, stopped) are provided.
A service's events are displayed in the lower half of the interface when you select a service. It may take a second to load the events.
Events are listed with information that includes type, time, source, ID, user, and description. There is no option to sort the data differently, e.g. by user.
Double-click on an event to display the information in a popup window; you may copy the data to the Clipboard with a click on the copy link in the interface.
To make better use of the program, it is necessary to enable advanced security audit policies on the device. Check Services > Enable Auditing in Windows Service Auditor. If the policies are not enabled yet on the device, you get an informational screen that explains what needs to be done.
Windows administrators may check out Microsoft's Docs website for additional information on advanced security audit policies (including how to enable them).
Windows will capture additional information when the policies are enabled; this includes usernames for more events, operations that caused the event, and the duration.
Users can start and stop services using Windows Service Auditor. Other options include exporting data to CSV files, and to launch system tools such as the Event Viewer, Services Manager, or Task Manager from within the application.
Closing Words
Windows Service Auditor is a specialized program for Windows. It may be of interest to system administrators who need to analyze certain services on the system for errors or issues (caused by users or otherwise), but may also be useful to home users who need to analyze the behavior of services, e.g. why it is there or stopping.
Now You: How do you manage services on Windows?
Hi Martin,
Thank you for the article. Two important items to include in every software review article:
1. On which versions of the target OS (or OS’s) it is compatible.
2. Whether it is open-source or closed-source.
Thanks!
Good points, also these days – whether the program tries to call home with your private data, and does it install PUPs.
Crashes on Microsoft Windows [Version 6.3.9600]?
Re: Crashes on Microsoft Windows [Version 6.3.9600] (Win 8.1)
Event Log:
Faulting application name: WindowsServiceAuditor_v1.5.exe, version: 1.6.0.38, time stamp: 0x5eac6ea9
Faulting module name: WindowsServiceAuditor_v1.5.exe, version: 1.6.0.38, time stamp: 0x5eac6ea9
Exception code: 0xc0000005
Fault offset: 0x000000000011b454
Faulting process id: 0x1210
Faulting application start time: 0x01d6214ffbce3c34
Faulting application path: L:\Aab_subset\WindowsServiceAuditor_v1.5.exe
Faulting module path: L:\Aab_subset\WindowsServiceAuditor_v1.5.exe
Report Id: 398dda4e-8d43-11ea-8652-5cf370948f93
Faulting package full name:
Faulting package-relative application ID:
Hi, sorry to hear of the problem on Windows 8.1!
We tried to reproduce the problem on our Windows 8.1 test machine but there were no crashes:
https://www.coretechnologies.com/products/WindowsServiceAuditor/wsa-1.6-on-windows-8.1-pro.png
If you are still experiencing trouble, please get in touch with us (at https://www.coretechnologies.com/support/) and we’ll get you up and running ASAP.
And maybe the ability to enlarge the screenshot so we can see it.
Would love to know how much RAM and how much disk space the Windows Service Auditor occupies when running on Windows 10
CPU can spike for a few seconds when the application is reading records from the Event Log.
RAM consumption is usually in the 10-25 MB range.
Windows Service Auditor 1.6 is out yesterday.