Windows Service Auditor is a free portable program for Microsoft Windows devices to track and audit services on the machine it is run on.
The application offers assistance to system administrators who need to figure out why services started, stopped, or were updated or deleted on Windows devices. It can also be used to check system events, e.g. to analyze other events associated with specific services on the system; this makes it a good tool to check for errors in the logs without having to use the Windows Event Viewer or other event log tools.
The list of services is loaded when you run the program. Services are listed in alphabetical order and information such as the name and description, current status (running, stopped) are provided.
A service's events are displayed in the lower half of the interface when you select a service. It may take a second to load the events.
Events are listed with information that includes type, time, source, ID, user, and description. There is no option to sort the data differently, e.g. by user.
Double-click on an event to display the information in a popup window; you may copy the data to the Clipboard with a click on the copy link in the interface.
To make better use of the program, it is necessary to enable advanced security audit policies on the device. Check Services > Enable Auditing in Windows Service Auditor. If the policies are not enabled yet on the device, you get an informational screen that explains what needs to be done.
Windows administrators may check out Microsoft's Docs website for additional information on advanced security audit policies (including how to enable them).
Windows will capture additional information when the policies are enabled; this includes usernames for more events, operations that caused the event, and the duration.
Users can start and stop services using Windows Service Auditor. Other options include exporting data to CSV files, and to launch system tools such as the Event Viewer, Services Manager, or Task Manager from within the application.
Windows Service Auditor is a specialized program for Windows. It may be of interest to system administrators who need to analyze certain services on the system for errors or issues (caused by users or otherwise), but may also be useful to home users who need to analyze the behavior of services, e.g. why it is there or stopping.
Now You: How do you manage services on Windows?
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.