Configuration Change Tracking

When Change Tracking is enabled, Application Control records any activity that occurs in the configuration. The information is stored in the Application Control package (AAMP) configuration file.

Configuration changes that are recorded include adding and removing User Groups, User Privilege Policies and changes to Group Rules.

Configurations generated through the scripting interface are not subject to configuration change tracking.

In this section:

Enable or Disable Configuration Change Tracking

Change tracking is disabled by default for a new configuration. When a configuration is saved, so is the setting which becomes the default position.

From the Manage tab, select Enable Change Tracking and enter your password. You have the option to password protect the feature when you initially click the Enable Change Tracking button. The password is used to prevent unauthorized users from performing task such as enabling and disabling the feature as well as deleting any Configuration Change Tracking history.

Once enabled, details of each change to the configuration are saved in the history and versioning is enabled.

When enabled, to stop recording configuration history, select Disable Change Tracking and enter your password. When Change Tracking is disabled, the history remains but no further changes are recorded.

If you disable Change Tracking and make changes to a configuration, when re-enabled, the configuration history shows that changes have been made whilst change tracking was disabled. It will not show any details of what has changed.

Configuration Change Tracking History

From the Manage ribbon, select Configuration History to display details of all the changes made to a configuration while change tracking is enabled. Whenever a configuration is saved, a new version of the history is created, outlining the changes made since the last save.

The Configuration History shows the following information for each change:

  • Type - The change version and any actions that have been performed, for example, if you have enabled the Change Tracking feature, the Change action type would be logged in the history.
  • Change - An overview of the change, for example Info --> Change Tracking Enabled: Yes. Double-click any entry in the history to access more details about a change.
  • Old Value - Provides a brief description of what the original configuration was before any changes were applied.

Configuration Change Details

Access more detailed information about each change by selecting the entry and clicking the Show Details button or double-clicking any history item from the following areas:

  • Configuration History
  • Review Changes dialog when saving a configuration

The Change field displays a high level overview, for example, "Change Tracking has been enabled". This is the same text that appears in the Configuration History dialog. The Details field provides more detailed information about the change. For example, if a line in a scripted rule is changed, the change history will display information on what the line was and what it has been changed to.

Export Change Tracking History

Configuration History can be exported to a CSV file. You can export the whole history of the configuration since change tracking was enabled or you can choose to export the history up to a certain date or configuration version.

By creating a backup, you can delete all or part of the history to reduce the configuration file size whilst ensuring that you still have access to the change tracking data. The exported history file can be opened in a spreadsheet so the data can be examined and queries run.

  1. From the Manage tab, select Export History.
  2. Select and configure the history you want to delete:
    • All History - Export the entire configuration history.
    • History older than date - Export the configuration history up to the entered date.
    • History up to and including selected version - Export the configuration history up to the specified version number.
  3. Click OK.
  4. Select a location to save the CSV file and click Save.

Delete Change Tracking History

Change history can be deleted when required and the amount of history you delete can be defined by date or version number. You are given the option to export the history prior to deleting.

  1. From the Manage tab, select Delete History. If you specified a password when enabling Configuration Change Tracking, you will be prompted for this password.
  2. Select and configure the history you want to delete:
    • All History - Delete the entire configuration history.
    • History older than date - Delete the configuration history up to the entered date.
    • History up to and including selected version - Delete the configuration history up to the specified version number.
  3. Click OK and select whether you want to Export then Delete or just Delete the history. If you export prior to the delete the selected history is exported to CSV file at a selected location.

Deleting the history does not change or remove version numbers. When the history is deleted, the version numbers stay the same but increment as normal on future saves.

Undo and Redo Changes

If you undo a configuration change using the buttons in the quick access menu, the history of that change is removed. If an undone change is redone, the history is restored.

Save a Configuration

When you save a configuration to disk, the Management Center, Group Policy, SCCM or as the live configuration on an endpoint, an overview of the changes you have made since the last save is displayed.

Each time a configuration is saved, its version number is incrementally increased and displayed at the bottom right of the console - regardless of whether change tracking is enabled or not.

Related topics