Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security/Application Events in Inventory and Reports of SMS 2003

Status
Not open for further replies.

S60T

IS-IT--Management
Jan 3, 2007
2
NL
Hai,

I want to collect and report certain security or application events from the eventviewer of a XP SP2 workstation with SMS 2003, have anybody tried this? I know i have to use WMI but can anybody help me?

Tnx for your replies..
 
I've never written anything myself, but I believe there may be some code available on one of the MMS DVDs (I think the 2005 DVD?) It outlined how the Security Logon Audit Tool from was written to read events in the Security EventLog, parse the information gathered, and write it to WMI.

Perhaps if you tell us what events you are trying to gather, someone may have a known solution for you.

Blog:
 
Hai, thanks for your reply. I want to know when a specific users log's on to the computer's in our domain. for example a domain administrator or a local administrator. It would be perfect if it's possible to extract wich applications they used and present this in a report.
 
That might be stretching the capabilities of SMS a bit; but you can accomplish some of what you need on a limited basis. You could implement the Security Logon Audit Tool from That would give you a Summary over time of how many times a user logs into machines, but it would not record 'jsmith logged into pc XYZ at 8:15am', and keep that information forever.

As for applications used, for the most part I never noticed that the Event Log kept track of when an application was launched and closed. Using SMS Software Metering, though, you could create rules of which executables you would like to track. Again, this would be a summary over time, and historical information like 'jsmith launched winword.exe on PC xyz at 8:16am and closed it at 8:17am' would not be kept forever. Software Metering is really designed for helping with license compliance, or to see if maybe you no longer need 1000 licenses of widgets version 1.2, but only 100 licenses.

If I were you, I'd start by enabling Software Metering, and create just 1 or 2 rules of often-used applications, wait at least a week, and then check the Software Metering reports and see if they may be close enough for your purposes.

If not, you might have to do some vendor shopping to find something to fit exactly what you want.

Blog:
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top