Checking changes with Microsoft's sysdiff

Introduction

Sysdiff is a nifty utility provided by Microsoft to take snapshots of a host so you can see what changes were made to it after installing an application for instance, whether they involve installing/changing files, or changes in the Registry.

Usage

1. Customize the required sysdiff.inf to tell sysdiff to ignore certains directories for instance
2. To create a pre-change snapshot of the host, run sysdiff /snap before.txt
3. Perform changes on the host
4. Create an after-change snapshot using sysdiff /diff before.txt after.txt
5. View the changes using sysdiff /dump after.txt dump.txt

/snap

/diff

/inf

/apply

Sysdiff will stop dead in its track if any file is open (error 32). Considering that a bunch of apps add stuff under eg. \WINDOWS\, it's pretty useless to use sysdiff if you have to ignore this most important directory...

Resources

• This utility is part of NT's Resource Kit CD, but can be found on the web, eg. here.
• Advanced Sysdiff
• General Sysdiff Troubleshooting Tips