Track all changes to a server? Is this possible?

Posted by:  VirtuallyNotHere (VirtuallyNotHe…
Date: Thu, 18 Jun 2009

I know about the event logs, but is it possible to capture all changes made
to a server, things like app installs/removals, registry changes, local group
policy changes, files added/deleted, basically everything that happens?

I ask as I have a rogue technician and I can't prove things are changing but
I know they are and who it is, but I want to provide details on when, what,
and from where the change was made.

The other problem is the account being used is generic as it is the default
domain admin account (I know but mgmt won't budge on letting all IT use
it....Unbelievable really) I never use it...

What can I do?  I found a product called trippwire but I can't budget 20K on
this..  I want to know when someone logs on to a server and what they do, but
not let them know.  Keyloggers could be an option but they are usually picked
up by AV and I don't want to install something and have to explain it to
others outside the few who know what is happening.