IIS configuration auditing is a feature that would let you monitor the changes that are done to the IIS configuration store. It generates event messages (similar to those generated by enabling metabase auditing in the previous versions). It would display the configuration element which was changed, the user who initiated the change, and the original and the new value of the element.
If you do it on a single server ones – the UI will be the easiest choice:
- Open Event Viewer (Administrative Tools –> Event Viewer)
- Expand the “Application and Service Logs”
- Expand “Microsoft”, and expand “Windows”
- Expand “IIS-Configuration”, and right click on “Operational”, and choose “Enable Log”
For DevOps – the command line is:
wevtutil sl Microsoft-IIS-Configuration/Operational /e:true
Wevtutil.exe is a Microsoft tool for modifying the EventLog.
Have in mind that manual changes (with notepad for example) in the config files will not be detected and logged.