Auditing Software With Chocolatey
Knowing what software is installed on your desktops and servers is crucial in an organization. This is common sense to sysadmins. We like to know information such as installation date, version and who installed it. By default, in Windows, you can get some of this information, but not all of it. It also helps to find packages that need to be upgraded to newer versions.
Chocolatey helps in these areas as it provides insight into the information I referenced. The power of Chocolatey, in my opinion, is in its CLI (command-line interface). In this article, I will show how Chocolatey can provide a great way to audit software installed on Windows machines.
Showing Chocolatey Packages in Programs and Features
Chocolatey manages packages separately from Windows. This is a very important concept to understand for beginners. What packages you install with Chocolatey usually show up in Programs and Features, but not always. What you install outside of Chocolatey does not show up by default. Ideally, you want Windows and Chocolatey software to be identical. In my opinion, once Chocolatey is installed, you should never install software outside of Chocolatey as you will make auditing and upgrading more difficult.
Certain Windows software does not show up in Programs and Features because it is not really “installed” on the system. A great example is PuTTY, a terminal software which only consists of a single executable. You do not have to run an installer for Putty, you can just download it and run it. So how do we get these to show up in Programs and Features? Chocolatey.
By setting this configuration, all Chocolatey packages will show up in Programs and Features:
choco feature enable -n showAllPackagesInProgramsAndFeatures
As you can see, Putty now shows up on my Windows 10 computer:
Viewing Package Audit Information
One command I find myself using often is choco list. Not only does it allow you to view packages installed on your system, but also packages available in repositories. One of the great parameters to use is –audit which provides a lot of great information like install time, user who installed, Active Directory domain and software version.
PS C:\> choco list -lo --audit Chocolatey v0.10.11 Business 7zip 18.5 User:dfrancis-adm Domain:MYCOMP Original User:dfrancis-adm InstallDateUtc:2018-05-03 20:55:12Z 7zip.install 18.5 User:dfrancis-adm Domain:MYCOMP Original User:dfrancis-adm InstallDateUtc:2018-05-03 20:55:12Z adobe-acrobat-xi-pro 11.0.00 User:admin Domain:DOMAIN Original User:hermes InstallDateUtc:2018-04-18 10:59:12Z autohotkey.portable 1.1.28.02 User:dfrancis-adm Domain:MYCOMP Original User:dfrancis-adm InstallDateUtc:2018-04-20 16:22:04Z bind-toolsonly 9.12.1 User:dfrancis-adm Domain:MYCOMP Original User:dfrancis-adm InstallDateUtc:2018-05-18 12:25:40Z