Is there a way to find the latest registry entries in Vista?

Hey guys,

I've been searching online to see if Vista keeps a log file that tracks all the latest registry changes.

Anyone have any idea if this is possible?

Cheers,

DOA.

 

No, it doesn't. I think the best you can do is export the registry, make changes, then diff the export with the current registry. You can also use a utility like Process Monitor to watch changes as they happen.

 

That's a shame. Thanks for the heads up anyway.

 

Registry loggers do exist:

http://www.resplendence.com/registrar

There is also a real-time monitor:

Current: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Pre-W2K: http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx

 

Actually, I think you might be able to rig up a script in Powershell that just might do that since the registry is treated as a logical "drive" within Powershell. I know that you can monitor file items for changes under Powershell, so it strikes me that, given the uniform treatment that Powershell was intended to provide to all data-providers (e.g., the registry "drive"), it might be possible to apply that monitoring functionality to a registry item in a similar manner to monitoring for file changes.