locked
Asset Intelligence - User Logon Information : More specifics needed RRS feed

  • Question

  • All -
         Question around the  SCCM 2007 "AI User Logon Information" feature. What level of detail is available?
    My scenario would involve the following :
    1. x number of WinXP machines in a computer lab. All joined to an Active Directory.
    2. Student users, with Active Directory accounts logon to these machines over the course of a semester.
    3. Need to be able to collect at least the following information, on a per machine basis  :
        1.   Workstation object name.
        2.  User accounts that have been used to logon to this machine.
        3. Must be able to collect information / logs over 4 month period (i.e. need historical reporting).

    An additional level of detail that I'd like to be able to see would be per user length of session - basically how long were they logged onto the machine?

    Apologies if these are over simplistic questions - I'm a novice wrt SCCM and this is a "pre-implementation" type question.

    Thanks Much!
    Chris

    Tuesday, June 16, 2009 8:57 PM

Answers

  • Well, console user reports are not able to do precisely that.  The routine that runs on the client (from what I can tell in log files) pretty much counts specific things, like username, last login time, and calculates a total time, and number of sessions for I think the last 180 days?  maybe it was last 90 days(?)  Anyway, the exact start/stop time and length of each individual session I don't think is reported.

    1.  Workstation name:  Yes.  Default report.  Or you'd make a custom report and join in the v_r_system view to get the computer's netbios_name
    2.  User accounts that have been used to logon to this machine:  Yes.  Default report.  fyi, you might be interested in a hardware inventory extension to sms_def.mof/configuration.mof to pull in every profile, regardless of last use time.  maybe not.
    3.  4 month period/logs:  that's the questionable part.  You'll get summary information, but the console user / usage data is not meant for auditing.   Also I don't remember if it's 90 or 180 days of data it parses through locally on the box.  I'm sure that's in the docs somewhere though. If you have some kind of government auditing requirement behind why you need this data, you may need to look at alternative auditing tools (more $$, server space, expertise).  [Personally, though, normally when I see these kinds of requests for audit data, it's not usually a government requirement, it's some manager who wants as much nit-picky detail as possible, and then once you explain how client-intensive gathering that data is, now much server space might be needed, they usually find that summary data is good enough.  :-)  ]

    Regarding the "how long were they logged in": from memory (I might be wrong), that's there as cumulative time.  i.e., if I was logged in 8hrs a day for 5 days, it'll show 40 hrs, and 5 logins.  I might (from the reports) presume that it was exactly 8hrs per day for 5 days, but what I'll see is   5 logins.  40 hrs.  It could have been 2 days, 15 hrs each day, and then 3 days of other variable time, to add up to 40hrs.

    Slightly OT:  Before Console Usage data gathering was made available in Asset Intelligence, for those of us on SMS 2003 SP2 or earlier, the solution was http://www.systemcentertools.com 's "Secure Login Audit Tool", or SLAT.  You *might* be able to customize that to be a little closer to the results you want.  SLAT still works fine in ConfigMgr 07.  and it's free.
    Standardize. Simplify. Automate.
    Tuesday, June 16, 2009 10:24 PM