Change Tracking should include the user account that completed the change.
I need to be able to see who makes changes.
Thanks for the feedback. we are starting to better understand this scenario and will update the community if it’s picked up in the next cycle.
Lucas Alton commented
If I'm using Change Tracking/File Integrity Monitoring it's because I have critical files/areas of the system that should not be changing. If an undesirable change does occur, I need to ensure that same change does not occur again. To do that I need to know what user account/service account made the change. Without that info I need to spend additional time doing further investigation in other tools. Simply having that info straight from Change Tracking would make that solution worth paying for and implementing in our environment.
Fletcher Kelly commented
I need this function as well, we need to be able to create accountability.
Yes, the user account is a must for us in order for this to be useful and replace other configuration monitoring tools.
this is required for PCI DSS it should be included in all solutions everywhere...
Rob Corley commented