Enable Workstation Logon Audit Policy in Order to Collect Top Console User Details

By Garth Jones
Last month I was asked how to get top console user details into a report. My first answer was to tell them to enable the Asset Intelligence (AI) class. However this was already done, so I asked if the auditing policy was enabled. It wasn’t.
If you want to capture the top console user details into System Center 2012 Configuration Manager (CM12) or CM07, which is particularly useful for reporting, you need to enable the logon auditing policy.
Here are steps to enable it within your domain.
Enable Workstation Logon Audit Policy-Group Policy Management
Open Group Policy Management.
Enable Workstation Logon Audit Policy-Create a GPO
Right-click on the domain, in my case it is gartek.tst, then click Create a GPO in this domain, and Link it here
Enable Workstation Logon Audit Policy-Enter GPO Name
Enter CM12 Console Logon Audit and click OK.
Enable Workstation Logon Audit Policy-Edit
Right click CM12 Console Logon Audit and click Edit…
Enable Workstation Logon Audit Policy-Audit Logon Events
Expand Computer Configuration | Policies | Windows Settings | Security Settings and Audit Policy. In the results pane, double-click Audit logon events.
Enable Workstation Logon Audit Policy-Properties
Select Define these policy settings and ensure that the Success check box is selected. Next click OK. Finally, close Group Policy Management Editor.
Enable Workstation Logon Audit Policy-Enforced
Right click CM12 Console Logon Audit and click Enforced.
Now assuming that you have enabled the SMS_SystemConsoleUsage and SMS_SystemConsoleUser, top console user details will be available in CM12 / CM07 for use by the application model, collections and where I use it the most, reporting.
Enable Workstation Logon Audit Policy-Edit Inventory Classes

Leave a Comment