How reliable is the "Who is logged on locally" client tool?
- We used to use Altiris Deployment and Notification. In Deployment, you could see who was logged in at that moment.
We are trying to figure out how to do that and we have been using that "Who is logged on locally". We do get information, but what we see is:
"INT\UserName
Error: could not retrieve logon time"
The upper management needs to make sure that we can find this information out. What I found was that I can find user names, but not logon times. I was under the impression that this is only valid during the time that the client checked in.
I'm not sure which client pulls this information though. We have the "Computer Client Agent" set to check-in every 5 minutes, which has been awesome for us.
We basically need a way to see who is currently logged on and the upper management would like to see it done through SCCM. If it's not possible, is there an alternative?
Answers
That right click tool is not native to ConfigMgr. It uses the SysInterals tool http://technet.microsoft.com/en-ca/sysinternals/bb897545.aspx since it queries the PC directly I would say it is very accurate.
http://www.enhansoft.com/- Marked As Answer byEric Zhang - MSFTMSFT, ModeratorMonday, November 09, 2009 4:08 AM
- Proposed As Answer byJohn MarcumMVP, ModeratorFriday, October 30, 2009 12:11 AM
All Replies
That right click tool is not native to ConfigMgr. It uses the SysInterals tool http://technet.microsoft.com/en-ca/sysinternals/bb897545.aspx since it queries the PC directly I would say it is very accurate.
http://www.enhansoft.com/- Marked As Answer byEric Zhang - MSFTMSFT, ModeratorMonday, November 09, 2009 4:08 AM
- Proposed As Answer byJohn MarcumMVP, ModeratorFriday, October 30, 2009 12:11 AM
I'm not sure which client pulls this information though. We have the "Computer Client Agent" set to check-in every 5 minutes, which has been awesome for us.
Boyd,
OT here but.... You really have all your computers checking in every 5 minutes? That's too often. I must have missed that the last time we spoke or I would have mentioned it to you. If it's work for you that's great but I personally would never do that.
John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum- Ya I saw that too polling every 5 mins is not even recommend for test labs. Plus it has nothing to do with logon user data within ConfigMgr.
http://www.enhansoft.com/ We keep the AD Discovery down to once a day.
We were on the phone with a Microsoft Representative and I asked him what we could do to make our advertisements show up in a timely manner on computers that are already checking in. For instance, when we have computers that are checking in and we need a department to receive an advertisement fast.
He went to the "Computer Client Agent" and then said we could set it to what we wanted as long as the network department didn't complain. We set it down to 5 minutes and now, when we make a change to an advertisement, that gets picked up in 5 minutes and machines start to receive the program in it's advertisements.
I'm not sure what each of those clients do and every time I try to research it, I get a project dropped in my lap.
I asked the MS tech if that was too fast and he said that that only counts for advertised programs and all it does is check to see what is different, so when it runs, if nothing is different then nothing changes and it takes almost nothing for our computers to check in to see if it needs a new advertisement.
He said that the longest part is when a computer runs a SW/HW Inventory and that is the most intensive part.
I'm just going along with what he said. The problem now is that we have to find a way to look up who is logged into a computer and before too long, people will be asking us to look up a user and want to know what computer they logged into and I'm not sure how to do that within SCCM.- My opinion...so take it with a grain of salt.
ConfigMgr is not meant to be a real-time "tell me everything about every computer this instant" system. A lot of that is because it's kind and gentle to the network--so that you don't saturate your network links with a constant "who is logged in now?" "How about now?" every few minutes. It's meant to give you information about your environment, so you can work toward (and hopefully achieve) whatever baselines are important to your company, like the right versions of software, and patching compliance. I've never used Altiris, but if it was designed to show you "who is logged in" at the console, interactively... that must mean that it was going out and asking each box (or the box was reporting up that info every few minutes). All I can think of is that your network links must have been smacked with Altiris traffic getting that info back and forth.
To my mind, ConfigMgr isn't meant to give you real-time, up to the minute data of who happens to be logged in. It's not it's job. However, you can make several, pretty-near close to 98% right, guesses of who the main user of a computer is; presuming you leverage the Console User AI class (and the GPO you need in place in order to get useful data).
If you have the Console User data coming up, you can easily run a report of "computers where Bob is the top console user", and then use psloggedon (for example) against that computer (or computers) to confirm Bob is really logged in at this precise minute.
fyi, I agree with everyone else on the frequency of Client Agent. 5 minutes is awfully short. However... it does depend on your environment. There are so many variables in a ConfigMgr hierarchy--how many MPs or Proxy MPs, are you using an NLB with MPs behind it, how powerful are those MPs, and how quickly can they respond, your network, your clients, the number of clients per MP... 5 minutes might not show you any pain whatsoever. However... that's awfully short. I can't think of anyone that would do that short on a constant basis.
Standardize. Simplify. Automate. - As Garth said just use the right click tools if you need to know who's logged in right now. In all the environments that I have worked in we rarel have shared computers so it's not been an issue for me personally.
John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum Just so that we are clear SW inventory is intensive.
Most companies that I work with set HW to Simple schedule 1 a day.
Most companies that I work with set SW to Simple schedule 7 a day.
The default is 60 minutes for policy polling. Most companies I would will drop this to 30 minutes, anything more than that will cause too much traffic on the network or at least they are afraid that it will.
What wrong with use the last logon use data or top console user?
http://www.enhansoft.com/It's mostly because the other techs and such were used to Altiris Deployment. You could click a computer and see who is logged in "right now". I've explained x * n + infinity times that this system is nothing like Altiris and to compare the two is not very valid.
The problem is that I have people every night that complain that when we make changes to a software program, they don't get it and they have to wait. They then ask me, "Do I just stay on the phone with them until it's done? How do I check this?". There are those techs that I can tell them exactly what to do, but they don't do work for themselves. They prefer to have others do it. But on the ones that actually do listen, they watch the log and call the user back. That seems to be fine for me.
The upper management seems to not be happy with how long it takes to send software to a computer, so when I was on the phone with the tech, he said we could turn that one agent piece down.
If I need to turn it down, I can. So far, we have noticed no difference on our network and it's been awesome.It's mostly because the other techs and such were used to Altiris Deployment. You could click a computer and see who is logged in "right now".
I'm not sure why this is still being discussed. We have said you can do the same thing with SCCM using right click tools. I have never used Alteris but if they are telling you who is logged in right now then I assume they are doing the exact same thing as the right click tool which is connecting to WMI on that computer and seeing who is logged in. Discovery has nothing to do with that.
John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
