Windows Service Auditor: audit and track services on Windows

Martin Brinkmann
May 3, 2020
Windows, Windows 10

Windows Service Auditor is a free portable program for Microsoft Windows devices to track and audit services on the machine it is run on.

The application offers assistance to system administrators who need to figure out why services started, stopped, or were updated or deleted on Windows devices. It can also be used to check system events, e.g. to analyze other events associated with specific services on the system; this makes it a good tool to check for errors in the logs without having to use the Windows Event Viewer or other event log tools.

windows service auditor

The list of services is loaded when you run the program. Services are listed in alphabetical order and information such as the name and description, current status (running, stopped) are provided.

A service's events are displayed in the lower half of the interface when you select a service. It may take a second to load the events.

Events are listed  with information that includes type, time, source, ID, user, and description. There is no option to sort the data differently, e.g. by user.

Double-click on an event to display the information in a popup window; you may copy the data to the Clipboard with a click on the copy link in the interface.

windows event

To make better use of the program, it is necessary to enable advanced security audit policies on the device. Check Services > Enable Auditing in Windows Service Auditor. If the policies are not enabled yet on the device, you get an informational screen that explains what needs to be done.

Windows administrators may check out Microsoft's Docs website for additional information on advanced security audit policies (including how to enable them).

Windows will capture additional information when the policies are enabled; this includes usernames for more events, operations that caused the event, and the duration.

Users can start and stop services using Windows Service Auditor. Other options include exporting data to CSV files, and to launch system tools such as the Event Viewer, Services Manager, or Task Manager from within the application.

Closing Words

Windows Service Auditor is a specialized program for Windows. It may be of interest to system administrators who need to analyze certain services on the system for errors or issues (caused by users or otherwise), but may also be useful to home users who need to analyze the behavior of services, e.g. why it is there or stopping.

Now You: How do you manage services on Windows?

software image
Author Rating
2.5 based on 6 votes
Software Name
Windows Service Auditor
Operating System
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Robert G. said on May 4, 2020 at 1:00 pm

    Windows Service Auditor 1.6 is out yesterday.

  2. Mike Marshall said on May 3, 2020 at 11:35 pm

    Would love to know how much RAM and how much disk space the Windows Service Auditor occupies when running on Windows 10

    1. Core Technologies Consulting said on May 4, 2020 at 6:40 am

      CPU can spike for a few seconds when the application is reading records from the Event Log.

      RAM consumption is usually in the 10-25 MB range.

  3. FarmWrangler said on May 3, 2020 at 7:56 pm

    And maybe the ability to enlarge the screenshot so we can see it.

  4. Anonymous said on May 3, 2020 at 4:38 pm

    Re: Crashes on Microsoft Windows [Version 6.3.9600] (Win 8.1)
    Event Log:

    Faulting application name: WindowsServiceAuditor_v1.5.exe, version:, time stamp: 0x5eac6ea9
    Faulting module name: WindowsServiceAuditor_v1.5.exe, version:, time stamp: 0x5eac6ea9
    Exception code: 0xc0000005
    Fault offset: 0x000000000011b454
    Faulting process id: 0x1210
    Faulting application start time: 0x01d6214ffbce3c34
    Faulting application path: L:\Aab_subset\WindowsServiceAuditor_v1.5.exe
    Faulting module path: L:\Aab_subset\WindowsServiceAuditor_v1.5.exe
    Report Id: 398dda4e-8d43-11ea-8652-5cf370948f93
    Faulting package full name:
    Faulting package-relative application ID:

    1. Core Technologies Consulting said on May 4, 2020 at 6:31 am

      Hi, sorry to hear of the problem on Windows 8.1!

      We tried to reproduce the problem on our Windows 8.1 test machine but there were no crashes:

      If you are still experiencing trouble, please get in touch with us (at and we’ll get you up and running ASAP.

  5. Anonymous said on May 3, 2020 at 3:44 pm

    Crashes on Microsoft Windows [Version 6.3.9600]?

  6. Kincaid said on May 3, 2020 at 12:54 pm

    Hi Martin,

    Thank you for the article. Two important items to include in every software review article:

    1. On which versions of the target OS (or OS’s) it is compatible.

    2. Whether it is open-source or closed-source.


    1. Ian said on May 4, 2020 at 12:31 am

      Good points, also these days – whether the program tries to call home with your private data, and does it install PUPs.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.