Last updated on August 2nd, 2022 at 10:54 am
Last month I was asked how to get top console user details into a report. My first answer was to tell them to enable the Asset Intelligence (AI) class. However this was already done, so I asked if the auditing policy was enabled. It wasn’t.
If you want to capture the top console user details into System Center Configuration Manager Current Branch (SCCM or CMCB) or System Center 2012 Configuration Manager (CM12) or CM07, which is particularly useful for reporting, you need to enable the logon auditing policy.
Create GPO for Top Console User Details
Here are steps to enable it within your domain.
Open Group Policy Management.
Right-click on the domain, in my case it is gartek.tst, then click Create a GPO in this domain, and Link it here…
Enter CM12 Console Logon Audit and click OK.
Expand Computer Configuration | Policies | Windows Settings | Security Settings and Audit Policy. In the results pane, double-click Audit logon events.
Select Define these policy settings and ensure that the Success check box is selected. Next click OK. Finally, close Group Policy Management Editor.
Right click CM12 Console Logon Audit and click Enforced.
Now assuming that you have enabled the SMS_SystemConsoleUsage and SMS_SystemConsoleUser, top console user details will be available in SCCM / CM12 / CM07 for use by the application model, collections and where I use it the most, reporting.
Note it will take update to 14 days before you start to see results. (e.g. twice your Hardware inventory cycle.) And longer if you change the default for what make up a Top Console User.