Enable Workstation Logon Audit Policy in Order to Collect Top Console User Details
By Garth Jones
Last month I was asked how to get top console user details into a report. My first answer was to tell them to enable the Asset Intelligence (AI) class. However this was already done, so I asked if the auditing policy was enabled. It wasn’t.
If you want to capture the top console user details into System Center 2012 Configuration Manager (CM12) or CM07, which is particularly useful for reporting, you need to enable the logon auditing policy.
Here are steps to enable it within your domain.
Open Group Policy Management.
Right-click on the domain, in my case it is gartek.tst, then click Create a GPO in this domain, and Link it here…
Enter CM12 Console Logon Audit and click OK.
Right click CM12 Console Logon Audit and click Edit…
Expand Computer Configuration | Policies | Windows Settings | Security Settings and Audit Policy. In the results pane, double-click Audit logon events.
Select Define these policy settings and ensure that the Success check box is selected. Next click OK. Finally, close Group Policy Management Editor.
Right click CM12 Console Logon Audit and click Enforced.
Now assuming that you have enabled the SMS_SystemConsoleUsage and SMS_SystemConsoleUser, top console user details will be available in CM12 / CM07 for use by the application model, collections and where I use it the most, reporting.